Modern field guide to security and privacy

At cybersecurity gatherings, a thaw between feds and hackers

At an Atlantic Council event this week, cybersecurity researchers and experts said last week's Black Hat and DEF CON conferences showed that Washington is working harder to build better relations with the hacker community.

David Becker/Reuters
The 2016 Black Hat cybersecurity conference in Las Vegas.

Over the past 20 years, the Black Hat and DEF CON hacker conferences have grown from intimate gatherings of computer tinkerers and tech outsiders to glitzy conventions that draw thousands of attendees and international media attention. 

While the security research revealed at the back-to-back events – from breaking into ATMs to hacking roller coasters – seemed like science fiction just a few years ago, the work on display at last week's conferences in Las Vegas drew the attention of major global corporations and governments from around the world. 

This year also marked the debut of a DEF CON event sponsored by the Defense Advanced Research Projects Agency (DARPA). The DARPA Cyber Grand Challenge aimed to prove that sophisticated computers can find and eliminate flaws in computer code without the help of human operators. Organizers broadcast the seven-team competition, which could revolutionize the cybersecurity process in the future, on jumbo screens for scores of spectators.

For the first time, politics played a bigger role in Vegas. Not only did representatives from Congress, the FBI, and the Federal Trade Commission attend the gatherings, but supporters of Democratic presidential nominee Hillary Clinton staged a fundraiser at the conferences.

But even though hackers and politicians are increasingly working together, there's still a wide gulf between Washington and the broader cybersecurity community. At an Atlantic Council Cyber Statecraft Initiative and Passcode event on Wednesday, security researcher and policy experts explored the growing bond between between the two camps – and what still divides them.

Panelists included Lorrie Faith Cranor, chief technologist at the FTC; Jason Healey, senior research scholar at Columbia University’s School of International and Public Affairs; Beau Woods, deputy director at the Atlantic Council's Cyber Statecraft Initiative and Brent Scowcroft Center on International Security; and security researcher Cris Thomas (also known by his hacker handle Space Rogue) of the cybersecurity firm Tenable Network Security.

Here are just a few things we learned:

1. The relationship between hackers and feds is warming 

“We’re seeing a change from a completely adversarial relationship between government and the hacker community,” said Mr. Thomas.  

The once-popular game "Spot the Fed" is perhaps the best example of that animosity. The game once challenged conference-goers to look for anyone who appeared to be an undercover officer. Judges awarded both the fed and spotter with free T-shirts.

Now, DEF CON organizers invite DC insiders into their hacker circles. This year featured a panel called Meet the Feds, in which the FTC's Ms. Cranor and representatives from the Federal Communications Commission and the White House shared their point of view with hackers.

“We wanted to do outreach to the hacker community by letting them know what our agency does and to show people we’re interested in what they’re doing,” Cranor said Wednesday.

2. It’s still a boys club

Women represented a mere 10 percent of the 22,000-or-so attendees at DEF CON this year, said Ms. Cranor. But that didn't necessarily make her uncomfortable, she said. At least most of the time. For instance, she said, at point during the popular "Hacker Jeopardy" game, one presenter known as “Vinyl Vanna” performed a striptease on stage. As a woman, she said, "It can be isolating."

3. Hackers get political

There was also the “Hackers for Hillary” event, where cybersecurity pros gathered for the Clinton fundraiser.

But Columbia’s Mr. Healey had a different take. He said the Hackers for Hillary event was "where we started to matter. Normally we would have to go to DC to testify, but now they’re coming to us.”

That's not all. There’s also a new willingness among lifelong hackers to participate in what’s going on outside the hacking community, said Thomas. Often, that means having a dialogue with policy wonks about encryption, or campaigning against the Computer Fraud and Abuse Act, which most respondents in a Passcode poll said stifles legitimate security research.

“There’s a growing movement, at least in the circles that I run in, of people actually trying to get involved,” he said. “When the FTC opens a comments period, people actually submit comments. There are more than enough of us who are willing to put a tie on.”

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to At cybersecurity gatherings, a thaw between feds and hackers
Read this article in
QR Code to Subscription page
Start your subscription today