Light Dark
August 19, 2015 By Martin McKeay 3 min read
Intelligence & Analytics

The first week of August marks an annual pilgrimage of security professionals to Las Vegas for the Black Hat, DEF CON and BSides conferences. I’ve personally been making the annual trek for over a decade. It’s a set of events I simultaneously look forward to and dread more than any other week of the year.

I look forward to being in Vegas because of the crowd of security minds that gather to talk, share ideas and catch up on the goings-on of the previous year. And I dread it because a week in Las Vegas listening to talks, being social and interviewing people is one of the most exhausting experiences of my life. Here are some of the most interesting talks and conversations I experienced.

Hot Topics at Black Hat and BSides

I attended all three Las Vegas events: Black Hat, DEF CON and BSides. If you’re not familiar with BSides, it’s a type of counter-counter-counterculture event that’s put on purely thanks to the efforts of volunteers, and it’s free as long as passes last. It kicks off the week and features dozens of interesting speakers (including yours truly, on a panel about stress in the security industry).

One of the most important tracks at the conference was organized by a group called I Am The Cavalry and concentrated on the challenges posed by the Internet of Things (IoT). This track had many interesting talks, but my favorite was “Hack the Future,” given by Keren Elazari. While she mentioned many of the threats posed by the IoT, her main point was that the security and hacking communities can actually shape the future of the IoT by getting involved in creating the protections that this new wave of technologies will need.

Another important talk at BSides was given by Jen Ellis, called “Barely Legal: The Hacker’s Guide to Cybersecurity Legislation.” There’s a long history of the legislature like the Digital Millennium Copyright Act (DMCA) and Computer Fraud and Abuse Act (CFAA) being used to stop research and to intervene with presentations at events, and then there’s potential changes to the Wassenaar Arrangement that are currently being discussed. Now that computer security has become part of the international conversation and something the public has become full aware of, legislators worldwide are paying more attention to the laws about security. This talk was an effort to educate security professionals about legislature we can’t afford to ignore and must make an effort to influence.

While not a track, one of the discussions I had many times at Black Hat was about the U.S. Office of Personnel Management (OPM) hack. The OPM attack from earlier this year has caught the public’s attention, leaks from the White House suggest that some sort of retaliation is brewing and public opinion seems to support targeting the supposed perpetrator. Most of the security professionals I talked to expressed the opinion that this is a bad idea, primarily because attribution is always a dicey proposition in the best of situations.

The Future of the Internet

Along the same lines as BSides, Black Hat hosted a number of talks on legislature and the future of the Internet. Jennifer Granick, director of civil liberties at the Stanford Center for Internet and Society, gave a keynote called “The Lifecycle of a Revolution.” She talked about the dying dreams of a free and open Internet. With cries from lawmakers and law enforcement agencies around the globe to weaken encryption and tighten the reins of control on traffic flowing through the digital pipes, Jennifer’s talk is especially timely and pointed.

In contrast, Leonard Bailey from the U.S. Department of Justice (DoJ) gave a talk called “Take a Hacker to Work Day,” explaining how the DoJ uses the CFAA to prosecute only a small number of cases each year rather than the hundreds that might be imagined by researchers and security professionals. My personal opinion is that while only a relative handful might actually get prosecuted each year, the threat of such prosecution is often enough to stop research from happening or talks from being given.

A Curious Absence

A perfect example of my last point was the ProxyHam talk, which was canceled under mysterious circumstances. A talk on a project supporting privacy using ham radio equipment to hide the physical location of the user was pulled a month before DEF CON. Except this action didn’t actually stop the talk from happening: Robert Graham and Dave Maynor from Errata Security created an equivalent device, HamSammich, on their own. This follows in a long tradition at DEF CON of making talks happen, no matter how uncomfortable some organizations might be with them.

Looking back at the week, it’s easy to see that legislature and legal concerns consumed a lot of my attention. While these are not subjects that every security professional really wants to be looking at, as our lawmakers and the public become more aware of what goes on in the world of security, they are subjects we need to pay attention to. The fact that there were so many talks about the legal landscape is an indication that our industry is growing up and getting the attention we’ve asked for. Now we just need to make sure we make the best of that attention.

 |  |  |  |  | 
Martin McKeay
Security Advocate

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature