#SecTorCa: Jeff Moss Defines the Role of Hacking
Jeff Moss, also known as The Dark Tangent, is a well-known figure in the security community, as the founder of Defcon and Black Hat security conferences. Moss is also a hacker, a moniker that everyone doesn’t understand well.
In a keynote session at the SecTor security conference on November 3, Moss detailed the evolution of the hacking movement from the 1970s through to the modern era. He started his talk by declaring that people fear what they do not understand and historically people do not understand hacking.
“They don’t understand complex computer systems and information security and because of that, it’s kind of a voodoo, and if they can’t easily understand, it’s like magic,” Moss said: “So a lot of the problems we’ve had is communicating with people what it is we do and how we do it.”
Defining Hacking
Part of the fear of the term ‘hacker’ is also because the word is not well defined either.
Moss defined hacking as a combination of curiosity and skills. It’s about having an innate curiosity, seeking knowledge and getting pleasure out of novel results. He added that individuals could use hacking skills for both good and evil.
There is also a difference between information security, commonly referred to as infosec and hacking. In Moss’ view, one of the big problems is that people treat all infosec as hacking and all hacking as infosec.
“Hacking can provide a lot of joy and absolutely no income,” Moss said: “With InfoSec, the goal is to produce income. It’s a job; you have to do the thing, solve the problem, write the report.”
There are multiple groups at play in the security world in the modern era, each with different IT security goals. The first group listed by Moss are nation-states that generally are looking to find secrets and are involved in espionage-type activities. Nation-state threat actors primarily are not looking for money.
On the other hand, organized cybercriminals are motivated by money and are another active threat actor in the modern internet. Finally, hacktivists represent another group that is sometimes identified as hackers. Moss explained that hacktivism is about protesters that want some form of change and use hacking skills to try and advance their goals.
The other key group is one that Moss referred to simply as hackers and researchers. This group is mainly concerned about the pursuit of knowledge, and it’s the group where Moss places himself.
“This is my sweet spot,” Moss said: ”I believe that hackers and researchers really lead the way in a number of areas as we discover new classes of vulnerabilities, we expose poor product security, and we spur public debate.”
The Positive Role of Hackers in Society
The innate curiosity and skills that hackers bring to the table fill a critical role in society.
As an example, Moss noted that if there is a new high-security lock available, the manufacturer will not tell you how to bypass it, and neither is the government. If criminals figure out how to bypass the lock, they are unlikely to say to the public how to do it either. Moss said that researchers and hackers are acting as the sort of public disclosure of the risks of technology.
“The better you understand the risks, the better informed your decisions will be,” Moss said. “If you’re getting that risk information from hackers and researchers and not from the manufacturers, it tells you that there’s a really important civil society role for us for hackers to speak truth to power into reveal what’s really going on.”