So I assume Dark Tangent won't attend his own con? Jeff Moss sits on the Homeland Security Advisory Board and is the CSO of ICANN.[1] If that's not "the man", I don't know what is.
Ironically, there is a security issue with that page. The links for each name go to some sort of CMS edit page for each record. It says access denied, but having the URL scheme for editing pages wouldn't be the most useless thing in the world for the type of person interested in editing such things....you know like the type of people that attend Defcon.
I can understand your position with DHS. But CANN is hardly the man. Would you prefer a world where ICANN is unable to find competent security people because working for ICANN is some how associated with evil?
For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.
When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a "time-out" and not attend DEF CON this year.
This will give everybody time to think about how we got here, and what comes next.
Will this actually affect the feds ability to attend or will they just attend in plain clothes? Or will they be able to attend as feds and just be looked down upon?
I applaud Jeff's (DarkTangent) stance on this. I've been to 7 Defcons now and the Feds have always been treated fairly. Even the media has been treated with respect, so long as they are transparent and honest about being media [1]. Honesty and openness have been betrayed this year with the Snowden leaks, and I'm glad people are finally taking a stand.
I'm curious other security conventions will take the same stance.
[1] One year a reporter disguised herself as an attendee instead of admitting she was a reporter, and was attempting to get hackers on record saying that they've hacked into <this> and <that> important system. She was found out and summarily chased (literally) out the convention.
I'm extremely impressed with DarkTangent, this must have been a difficult move for him to make, especially given that the NSA Director(DernZa) was the keynote speaker at the last defcon. He is probably getting a mountain range of shit right now from the feds.
" Over the past two decades, hackers at Defcon and the feds have been circling each other suspiciously. The nation's top "spook" -- National Security Agency Director Gen. Keith Alexander -- giving a keynote at the hacker confab, shows just how much tensions have mellowed." http://news.cnet.com/8301-1009_3-57481689-83/nsa-director-fi...
I'm skeptical. For the past few years that I've been attending, defcon felt at some times like an instrument for fed recruiting while paying lip service to its original "underground" feel. DT's message almost felt like posturing to underline the latter rather than a sincere statement to curtail the former. I won't pretend that I'm a long time attendee (my first was DC16), so I would love to hear from some more seasoned attendees if my impression is correct.
Edit: the reason for that impression is that there is no declaration of a policy in his message (e.g. "feds are prohibited from soliciting employees at DC21"), rather a soft "time-out". With all due respect to DT, neither we nor the feds are in the third grade. Contrast this with their strict journalist policy and recall how that undercover reporter was outed and kicked out/chased away a few years ago.
You might have felt like that because the original organizer, "Dark Tangent" aka Jeff Moss, turned state's evidence in 2009. He's been on the federal payroll ever since.
Here, he's trying to pose as an anti-fed activist while simultaneously drawing a Department of Homeland Security paycheck.
I went to DC in the 90s and almost everybody you ran into was doing something illegal, like the Shadowcrew guys and a team of motorola hackers I mainly hung out with. Almost every talk gave hommage to whatever current hacker was in prison or on the run, and typically was anti fed, anti surviellance and anti copyright. Totally different now because at the time felt like the whole culture was under seige by overzealous feds and there was constant rumours of feds watching the exits with surveillance like we were the mafia or something
I had written more here, but even after cutting down this post is still to long. Basically the evolution of DC is in large part a response to its own success. 13k attendees (IIRC) is going to change things, and any difference makes it easy to get disenchanted and/or nay-say. I don't think the attitude and execution have gotten worse overall, just different.
the reason for that impression is that there is no declaration of a policy in his message
Defcon knows they can't dictate everything that happens, only influence it. Feds are going to be there one way or another, thats why DT had an "invite the feds" attitude from the beginning. To hear some goons tell it, the "spot the fed" game was created as a social device to reduce animosity between attendees and law enforcement while also reminding everyone that strangers at the convention aren't your friends.
Even with enforcing hard and fast ideas (like the journalism boundary) they start off with a light touch. They gave the reporter many chances to stop snooping about and get a press badge. Before letting us into the convention center on day one red shirts were giving out warnings. That was days before she was publicly called out in one of the panels and marched out of the Riv.
As you say, we're not in third grade. But defcon does know it, and understand they can't keep people out a no-names cash-transaction event based on attendee employer. The most they can hope to do is say "Hey, maybe not so much this year?" Time will tell how it plays out, but the last thing I would call it is an attempt to save face or change the image of the event. I thought it was 100% DT playing a joke at first, and I still think its a joke now, just one with a message.
As hackers we have an ethical obligation to refuse service to tyrants and dictators. Like mercenaries who profiteer off war, we should ostracize those who act against humanity.
We also have an ethical obligation not to abuse the computer systems of those less skilled than us, but that obligation has hardly stopped that kind of stuff.
This is going to be my tenth (?!) year at DEF CON.
The culture of DEF CON, and especially its evolution, is a very interesting one. When I first attended DEF CON, it was a bunch of seemingly scary hackers. Fortunately, it turns out most of them were amazing people.
As the conference grew (and changed venues several times), the culture began to evolve. The barrier to entry--in terms of being "accepted" into the subculture--lowered significantly. DEF CON stopped being a scary place, with goons that would "de-tech" you and throw you in the pool, and more of a mainstream event. For the most part, I'm completely supportive of where DEF CON's going. I'm definitely supportive of air conditioning in the venue, instead of standing outside in the sweltering Las Vegas summertime heat.
That said, though, it's not really a "hacker conference" anymore. Not more than its sister conference, Black Hat, or something like RSA, anyway.
DEF CON used to be about hacking. Not in the HN sense, but in the "illegal entry into networks" definition. Now, it's less about hacking and more about the actual information security industry; this is probably related to the fact that everyone I knew at the first DEF CON I attended (myself included) currently works in the infosec industry.
With growth, exposure, and the inclusion of white hats, DEF CON naturally became a recruiting ground for federal agencies, including law enforcement, the military, intelligence, etc. The 'spot the fed' game that began as a joke (with prizes!) soon seemed silly, since there were so many federal employees/recruiters/agents.
I'm all for DEF CON entering the mainstream. It's a conference and community that I've grown to love, and the lessons I've learned there (not to mention the friends I've made) have helped me immensely--both personally and professionally. That said, though, there's pretty much zero chance that this announcement DT made will have any effect whatsoever on federal agents, recruiters or representatives attending the con. More than anything, it's a huge publicity stunt.
After all, most of the staff and "old school" attendees work for "the man" now. For some, like me, it's just hacking for money; many, though, actually do work for defense and intelligence contractors. Should they be banned because of their affiliation?
Personally, I don't think so.
PS: If you're considering going to DEF CON and you've never been, you should! It's a booze-fueled learning, partying and networking event unlike any other. Plus, you get to hang out in Vegas for a weekend!
>many, though, actually do work for defense and intelligence contractors. Should they be banned because of their affiliation?
Absolutely. The hacker community should not contribute to the knowledge of those who work to undermine privacy and feed the surveillance-industrial complex.
I've got certain friends working for the gov't at three letter agencies that this year have been explicitly told they are not allowed to attend DEF CON either under the banner of the agency or on their own time.
>It's a booze-fueled learning, partying and networking event unlike any other
Is there any way to get use out of it that doesn't include 'booze-fueled and partying'. I have no problem with booze, but I definitely dislike partying. Yes, I'm a wet blanket, but if the partying atmosphere is where the use comes from, I would seriously be uninterested.
I know that actually does limit the networking part too.
I've been attending for generally the same time frame. It seems a bit ironic as it was made known to me that the majority of the organizers are feds now. Are they all staying away too?
In light of recent events, this is not an opportune time for recruiting and so the feds will not be attending the conference in their usual numbers. However, they will of course still be monitoring all communcations at the event, so they will be there in spirit.
In the early years, DefCon founder Jeff Moss used to say "if you're 20 and you're working for The Man, you're a loser,"... "Ten years ago, Moss said 'if you're 30 and you're not working for The Man, you're a loser.' And now he agreed that at 40 he is The Man.'"
DefCon is a joke. Nobody with any skill takes that conference seriously.
This is a complete farce as one of the key speakers last year was Gen Keith Alexander. NSA was fairly open about recruiting directly from DefCon and DefCon leadership had no problem with it. Anyone with even a slight security background could have predicted Prism and other programs just by the AT&T whistleblower from the mid 2000's.
DefCon is just too big, too mainstream for any real technical value. I don't need to fly to Vegas to watch umpteen panel discussions with crazy EFF people.
My understanding is that the overwhelming majority of Federal employees on official duty from FBI, DHS, DOD, NSA, etc.. that attend DEFCON (and related conferences) are actually not agents at all, but rather low ranking analysts whose job at the conferences are to assess the material presented and report back. This is opposed to, say, recruiting CIs or surveilling targets.
This is more about making a statement than anything else. Will the information still reach the feds? Sure.
But the request is deliberately creating a delineation: the government is no longer for the people or part of the people, it exists for it's own sake.
Will the government understand and ramp itself down?
Whatever you thought about Ron Paul, his politics would have prevented all of this. All of the wars. All the foreign aid. And we would live in paradise ;)
>but rather low ranking analysts whose job at the conferences are to assess the material presented and report back
So? I work for a private company. I 'report back' on the cool shit I saw, let people know what was around, what was popular, etc. It's a learning experience. Saying they 'report back' is useless. If you go to a con and don't talk with other people about the stuff you saw there it's almost wasteful.
I think I know what you meant though - they go and see what all the 'underground hackers' are up to.
I was assuming Defcon 21 would be down on fed count this year due to 1) the sequester hurting travel budgets and 2) recent (well, in the past year) high profile wasting of money in Las Vegas by the GSA.
There's also OHM running in parallel, which will draw off some of the European attendees (probably not law enforcement/intel, though). If I got to pick between OHM and PW/BS/BH/DC (all 4 running in Las Vegas that week), I'd probably pick Ohm.
Note the "this year". Defcon is just looking after their branding. If they had concern for privacy they wouldn't have had the NSA directory keynote last year and let him lie to their audience.
It seems quite clear to me that Dark Tangent is attempting to stop something bad from happening at DEF CON. He doesn't want a fight or a brawl breaking out, or implied threats or negative community interaction. His advice isn't so much a 'no feds allowed' sign, but more of an open warning that coming as a Fed might cause undesired tension and circumstances that weren't previously present in such high volumes.
Calling the situation ironic because DT is a fed is unrelated - he may work for the government, but he isn't in a position that has a conflict of interest with a hacker conference (read: he doesn't work for the NSA). If you say "Dark Tangent" to a person in the security community, people recognize him as the creator of a hacker conference; not a government employee.
It's important to remember that DEF CON is not banning the feds, but instead asking them to not participate this year. There's a big difference here. The former is mandatory, unilateral; the other is an invite to pause and reconsider the relationship.
Now I'm curious on how government agencies will respond. They may go anyway -- and have to deal with a very unwelcoming mood, or respect the request and give some space for the sec community to discuss the case more openly.
I, for one, fully support DT's request, and really hope the feds understand that the problem is not who they are or what they represent, but their tactics and methods recently exposed.
They can't expect to be welcomed anywhere, given the obvious abuses that are happening against U.S. Citizens (and everyone else, for the matter), under the excuse of "war on terrorism".
[+] [-] ENOTTY|12 years ago|reply
[1] http://www.dhs.gov/homeland-security-advisory-council-member...
[+] [-] downandout|12 years ago|reply
https://edit.dhs.gov/homeland-security-advisory-council-memb...
[+] [-] dfc|12 years ago|reply
[+] [-] danielsiders|12 years ago|reply
"Feds, we need some time apart. Posted 7.10.13
For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.
When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a "time-out" and not attend DEF CON this year.
This will give everybody time to think about how we got here, and what comes next.
The Dark Tangent"
[+] [-] codyb|12 years ago|reply
[+] [-] typicalrunt|12 years ago|reply
I'm curious other security conventions will take the same stance.
[1] One year a reporter disguised herself as an attendee instead of admitting she was a reporter, and was attempting to get hackers on record saying that they've hacked into <this> and <that> important system. She was found out and summarily chased (literally) out the convention.
[+] [-] EthanHeilman|12 years ago|reply
" Over the past two decades, hackers at Defcon and the feds have been circling each other suspiciously. The nation's top "spook" -- National Security Agency Director Gen. Keith Alexander -- giving a keynote at the hacker confab, shows just how much tensions have mellowed." http://news.cnet.com/8301-1009_3-57481689-83/nsa-director-fi...
Things don't look so mellow anymore.
[+] [-] mirkules|12 years ago|reply
Edit: the reason for that impression is that there is no declaration of a policy in his message (e.g. "feds are prohibited from soliciting employees at DC21"), rather a soft "time-out". With all due respect to DT, neither we nor the feds are in the third grade. Contrast this with their strict journalist policy and recall how that undercover reporter was outed and kicked out/chased away a few years ago.
[+] [-] _delirium|12 years ago|reply
Here, he's trying to pose as an anti-fed activist while simultaneously drawing a Department of Homeland Security paycheck.
[+] [-] dobbsbob|12 years ago|reply
[+] [-] forgottenpass|12 years ago|reply
the reason for that impression is that there is no declaration of a policy in his message
Defcon knows they can't dictate everything that happens, only influence it. Feds are going to be there one way or another, thats why DT had an "invite the feds" attitude from the beginning. To hear some goons tell it, the "spot the fed" game was created as a social device to reduce animosity between attendees and law enforcement while also reminding everyone that strangers at the convention aren't your friends.
Even with enforcing hard and fast ideas (like the journalism boundary) they start off with a light touch. They gave the reporter many chances to stop snooping about and get a press badge. Before letting us into the convention center on day one red shirts were giving out warnings. That was days before she was publicly called out in one of the panels and marched out of the Riv.
As you say, we're not in third grade. But defcon does know it, and understand they can't keep people out a no-names cash-transaction event based on attendee employer. The most they can hope to do is say "Hey, maybe not so much this year?" Time will tell how it plays out, but the last thing I would call it is an attempt to save face or change the image of the event. I thought it was 100% DT playing a joke at first, and I still think its a joke now, just one with a message.
[+] [-] smokeyj|12 years ago|reply
[+] [-] kpommerenke|12 years ago|reply
[+] [-] mpyne|12 years ago|reply
[+] [-] david_shaw|12 years ago|reply
The culture of DEF CON, and especially its evolution, is a very interesting one. When I first attended DEF CON, it was a bunch of seemingly scary hackers. Fortunately, it turns out most of them were amazing people.
As the conference grew (and changed venues several times), the culture began to evolve. The barrier to entry--in terms of being "accepted" into the subculture--lowered significantly. DEF CON stopped being a scary place, with goons that would "de-tech" you and throw you in the pool, and more of a mainstream event. For the most part, I'm completely supportive of where DEF CON's going. I'm definitely supportive of air conditioning in the venue, instead of standing outside in the sweltering Las Vegas summertime heat.
That said, though, it's not really a "hacker conference" anymore. Not more than its sister conference, Black Hat, or something like RSA, anyway.
DEF CON used to be about hacking. Not in the HN sense, but in the "illegal entry into networks" definition. Now, it's less about hacking and more about the actual information security industry; this is probably related to the fact that everyone I knew at the first DEF CON I attended (myself included) currently works in the infosec industry.
With growth, exposure, and the inclusion of white hats, DEF CON naturally became a recruiting ground for federal agencies, including law enforcement, the military, intelligence, etc. The 'spot the fed' game that began as a joke (with prizes!) soon seemed silly, since there were so many federal employees/recruiters/agents.
I'm all for DEF CON entering the mainstream. It's a conference and community that I've grown to love, and the lessons I've learned there (not to mention the friends I've made) have helped me immensely--both personally and professionally. That said, though, there's pretty much zero chance that this announcement DT made will have any effect whatsoever on federal agents, recruiters or representatives attending the con. More than anything, it's a huge publicity stunt.
After all, most of the staff and "old school" attendees work for "the man" now. For some, like me, it's just hacking for money; many, though, actually do work for defense and intelligence contractors. Should they be banned because of their affiliation?
Personally, I don't think so.
PS: If you're considering going to DEF CON and you've never been, you should! It's a booze-fueled learning, partying and networking event unlike any other. Plus, you get to hang out in Vegas for a weekend!
[+] [-] mcantelon|12 years ago|reply
Absolutely. The hacker community should not contribute to the knowledge of those who work to undermine privacy and feed the surveillance-industrial complex.
[+] [-] X-Istence|12 years ago|reply
This was announced before this post by DT though.
[+] [-] mhurron|12 years ago|reply
Is there any way to get use out of it that doesn't include 'booze-fueled and partying'. I have no problem with booze, but I definitely dislike partying. Yes, I'm a wet blanket, but if the partying atmosphere is where the use comes from, I would seriously be uninterested.
I know that actually does limit the networking part too.
[+] [-] merlincorey|12 years ago|reply
[+] [-] mentat|12 years ago|reply
[+] [-] anonymous|12 years ago|reply
In light of recent events, this is not an opportune time for recruiting and so the feds will not be attending the conference in their usual numbers. However, they will of course still be monitoring all communcations at the event, so they will be there in spirit.
[+] [-] _delirium|12 years ago|reply
[+] [-] anonymous|12 years ago|reply
In the early years, DefCon founder Jeff Moss used to say "if you're 20 and you're working for The Man, you're a loser,"... "Ten years ago, Moss said 'if you're 30 and you're not working for The Man, you're a loser.' And now he agreed that at 40 he is The Man.'"
[+] [-] ferdo|12 years ago|reply
-Upton Sinclair
[+] [-] mcot2|12 years ago|reply
This is a complete farce as one of the key speakers last year was Gen Keith Alexander. NSA was fairly open about recruiting directly from DefCon and DefCon leadership had no problem with it. Anyone with even a slight security background could have predicted Prism and other programs just by the AT&T whistleblower from the mid 2000's.
DefCon is just too big, too mainstream for any real technical value. I don't need to fly to Vegas to watch umpteen panel discussions with crazy EFF people.
[+] [-] certific|12 years ago|reply
[+] [-] ianhawes|12 years ago|reply
Source: I asked a Fed.
[+] [-] cheez|12 years ago|reply
But the request is deliberately creating a delineation: the government is no longer for the people or part of the people, it exists for it's own sake.
Will the government understand and ramp itself down?
Whatever you thought about Ron Paul, his politics would have prevented all of this. All of the wars. All the foreign aid. And we would live in paradise ;)
[+] [-] a3n|12 years ago|reply
And maybe those people should go home and rethink their lives.
[+] [-] BoyWizard|12 years ago|reply
So? I work for a private company. I 'report back' on the cool shit I saw, let people know what was around, what was popular, etc. It's a learning experience. Saying they 'report back' is useless. If you go to a con and don't talk with other people about the stuff you saw there it's almost wasteful.
I think I know what you meant though - they go and see what all the 'underground hackers' are up to.
[+] [-] sbierwagen|12 years ago|reply
[+] [-] jonathanwallace|12 years ago|reply
[+] [-] rdl|12 years ago|reply
There's also OHM running in parallel, which will draw off some of the European attendees (probably not law enforcement/intel, though). If I got to pick between OHM and PW/BS/BH/DC (all 4 running in Las Vegas that week), I'd probably pick Ohm.
[+] [-] mcantelon|12 years ago|reply
[+] [-] Canada|12 years ago|reply
[+] [-] a3n|12 years ago|reply
[+] [-] dmoy|12 years ago|reply
[+] [-] Shank|12 years ago|reply
Calling the situation ironic because DT is a fed is unrelated - he may work for the government, but he isn't in a position that has a conflict of interest with a hacker conference (read: he doesn't work for the NSA). If you say "Dark Tangent" to a person in the security community, people recognize him as the creator of a hacker conference; not a government employee.
[+] [-] microb|12 years ago|reply
[+] [-] _b8r0|12 years ago|reply
[+] [-] guiambros|12 years ago|reply
Now I'm curious on how government agencies will respond. They may go anyway -- and have to deal with a very unwelcoming mood, or respect the request and give some space for the sec community to discuss the case more openly.
I, for one, fully support DT's request, and really hope the feds understand that the problem is not who they are or what they represent, but their tactics and methods recently exposed.
They can't expect to be welcomed anywhere, given the obvious abuses that are happening against U.S. Citizens (and everyone else, for the matter), under the excuse of "war on terrorism".
[+] [-] rawrly|12 years ago|reply
[+] [-] TallGuyShort|12 years ago|reply
[+] [-] merlincorey|12 years ago|reply
[+] [-] 67726e|12 years ago|reply
[+] [-] himayal4r|12 years ago|reply