Modern field guide to security and privacy

Hackers grapple with a once-unthinkable idea: Political action

As the DNC hack puts digital security in the national spotlight, cybersecurity professionals took the unusual step of staging a Hillary Clinton fundraiser at a hacker conference known for its fiercely independent and antiestablishment attendees. 

Ann Hermes/The Christian Science Monitor
Thousands of hackers show up annually in Las Vegas for the Black Hat cybersecurity conference.

Throngs of hackers have been flocking to Sin City to celebrate their craft every summer since Jeff Moss founded the Black Hat and DEF CON conferences in the 1990s.

Yet in a community of technologists who earn a living pushing boundaries and breaking things, Mr. Moss’s riskiest move this year was not providing a forum to demonstrate how to crack ATMs or hack cars – it was daring to headline a Hillary Clinton fundraiser.

“I’ve gotten so much hate mail," laments Moss, also known by his hacker name The Dark Tangent.

The backlash isn’t because of the Democratic nominee's political views or even the email controversy. It's because for a large part of the security community, says Moss, politics is “a super dirty, dangerous word.” An independent himself, Moss describes the reaction from a certain faction as: "How dare you get close to 'The Man.' "

The hacker community has traditionally prided itself on its strong libertarian, antiestablishment streak. There’s a baseline apathy toward politics and active antipathy toward the idea of any government interference with their work. And especially at Black Hat and DEF CON, there’s a special concentration of hardcore technologists with reputations for compromising systems – legally or not. To put it in perspective, a rousing game of "Spot the Fed" – where people are encouraged to find and expose law enforcement agents in the crowd in exchange for prizes – was a popular tradition for years.

But this year is different: Politics is more intertwined with their professions than ever before.

Digital security is at the forefront of the presidential election. Suspected Russian hackers compromised Democratic National Committee servers, and the resulting leaks of private emails have sparked political resignations and party infighting. Republican presidential nominee Donald Trump's response to the attack was to go so far as to suggest that Russia actually find and leak Clinton’s emails. And of course, Clinton herself has been dogged by cybersecurity-related questions this cycle, over whether her private email server she used during her time as secretary of State contained classified information that could have been compromised by foreign adversaries.

It’s a first in US politics where a party’s digital security – or lack thereof – might actually affect the election of the next president.

So in the heat of a presidential campaign, Moss, who himself has served on the advisory council of the Department of Homeland Security since 2009, said it's the right time for the security community to open up to Washington. And so the Clinton fundraiser – which sold tickets ranging from $100 to $2,700 – was a first-of-its-kind event held on the sidelines of the hacker conferences Wednesday night, and among the first cybersecurity specific fundraisers ever held in this country.

"Some people in the community are sort of afraid of it, saying, ‘Oh, now you’re politicizing the technical arena,' " said Moss. "But for whoever gets in [the White House], a lot of these issues we care about are going to boil over. We have to be engaged – or be OK with whatever happens."

Indeed, over the past few years cybersecurity issues once considered fringe tech concerns have become part of the national conversation. There’s the roiling debate over whether the government should force companies to build in channels for the government to read encrypted communications, the open question over whether the US will forge more international agreements to curtail cyberespionage, whether to amend the controversial laws used to prosecute hackers many say could chill valid security research.

The fundraiser’s official organizer Jake Braun, chief executive of strategic advisory firm Cambridge Global Advisors and former Obama campaign staffer, was pleased to see dozens of people – at least 50 or 60, he said – donate money to attend the event in a Mexican restaurant in the Mandalay Bay hotel.

Still, despite some media outlets dubbing the group at the fundraiser “Hackers for Hillary,” many of these donors did not fit the traditional image of politicos or campaign boosters. Several said they did not come because they were huge fans of Clinton specifically or wanted to influence an election – but more to fill a sense of curiosity or show a willingness to take part in any kind of political process.

"I’m not a hacker for Hillary. I don’t know what that is,” said Evan Francen, president of FRSecure boutique information security company in Minnesota. "I’m an information security guy. I just want to hear how I can help, regardless of who wins."

Other than voting, this event is his first foray into politics, he says. "The security industry has been traditionally pretty closed over the years. I’m always a bit leery of the government controlling our industry. But we need to open up, talk to people. It can certainly set the tone to help us."

Then there was Roland Lindsey from Seattle, sporting a black kilt and shredded black T-shirt, who describes his job at F5 Networks as a "corporate spy" and was excited to finally get a chance to talk politics at Black Hat. His first Vegas hacker con was six years ago, he said, when “no one in this community wanted to talk politics.”

"The hacker community has a libertarian ethos – and not necessarily the libertarian party. More like, you live and let live and everyone looks out for themselves," Mr. Lindsey says. “This year is not a normal year. It’s not a normal year because Donald Trump is in the race.”

Lindsey is a Clinton supporter who says the "rolling calamity" of Trump’s campaign has kept him and his friends "entertained" – but it’s the role of hackers in the election that has him really intrigued.

After the DNC hack, “I’ve been calling it the ‘Hacker Primary.’ Some group of hackers will weigh in, on every election from now on, on behalf of one party or another,” he predicts. “These campaigns run rinky-dink operations on a shoestring. They’re not well secured. If this ‘Hacker Primary’ becomes a thing, the government is going to want a piece of that action and we’re going to start to be more politically active,” he says, referring to potential regulations in the future.

The room was stacked with an array of security pros, many of them stars from major companies such as Facebook and Symantec who insisted they were there in their personal capacities and declined interviews. But can Clinton, whose email practices and use of a private server FBI Director James Comey called "extremely careless,” win over the security community?

Clinton, who has formed a cybersecurity policy working group, probably understands the value of good digital security at this point, Moss says. “If she didn’t before, she does now. In a very personal and powerful way," he says. "I would like to believe she will turn to the security community – the real security community – and get real, unbiased input."

During the fundraiser, Braun sought to convince his relatively nonpolitical audience to go out and push their peers to vote for Clinton after Trump’s call on Russia to hack and release Clinton’s emails. After all, the security pros in front of him were well aware of the threat from foreign adversaries – even without a public call for more attacks.

“While the rest of the public might not know how vulnerable our voting apparatus is to cyberattacks, we are,” he said. “We need to make sure the world knows this, and that Donald Trump and his affiliates know it’s not OK to tell Russia to hack our democracy.”

He encouraged attendees to sign in on a piece of paper circulating around the room. "The secretary – if and when she wins – is going to need great people to help out on both the policy and technical perspective," he told them. There will be an administration to fill, advisory boards to stack, committees to form, and Braun says he wants a list of the "best and brightest" that emerge from this event.  

“This isn’t a politically organized industry the way others are,” he says. “It’s not like we have people in the pipeline the way other industries do. We’re hoping to pave that pipeline, or at least start to, tonight."

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Hackers grapple with a once-unthinkable idea: Political action
Read this article in
https://www.csmonitor.com/World/Passcode/Security-culture/2016/0804/Hackers-grapple-with-a-once-unthinkable-idea-Political-action
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe