[ISN] Hackers on a plane

From: InfoSec News (alerts@private)
Date: Sun Mar 25 2007 - 22:32:02 PST


http://www.infoworld.com/article/07/03/24/HNshmoocon_whitehats_1.html

By Matt Hines
March 24, 2007

WASHINGTON -- White hat hackers unite!

The Hacker Foundation, a nonprofit organization of ethical security 
researchers, is trying to extend its reach and encourage more people to 
join its ranks to help further codify the United States hacking 
community.

Many people working on important security research programs need 
financial help to allow them to pay their bills and maintain their 
efforts to improve IT systems defenses, Hacker Foundation leaders 
explain. In addition to giving seed money and grants to researchers, the 
group also raises funds for any legal defense fees incurred by white 
hats as they bend rules to help test the concepts they build.

By fostering a closer relationship within the white hat hacking 
population and bringing people together to raise funds and organize new 
channels for research, the growing community of individuals who engage 
in ethical hacking can form a more unified front to the outside world 
and back new projects that keep vital research moving forward, founders 
of the effort said in their presentation at the ShmooCon convention on 
March 24.

Founded in 2002, the Hacker Foundation primarily serves as a source of 
funds for financially challenged security researchers, but the group is 
hoping to begin opening facilities across the country where people can 
carry out their experiments and find other hackers with whom to share 
their work.

Hackers tend to be a solitary crowd or come together in small, 
tightly-knit groups, but there is much to gain by collecting input and 
funding from people across the U.S. white hat industry, said Nick Farr, 
treasurer and co-founder of the Hacker Foundation.

"We're trying to create a base of expertise within the community to give 
independent researchers access to things they normally wouldn't have 
access to," Farr said. "Many security researchers are doing work out of 
the goodness of their hearts. It would be great if we could get 
resources to allow to them to do their work full time and pay their 
bills; that's one of the big things we started the foundation for."

For instance, the Hacker Foundation has already set up a fund and is 
providing resources to the Metasploit Project, an open source computer 
security effort that aims to provide information to people who perform 
penetration testing, intrusion detection signature development, and 
exploit research.

Led by researcher H.D. Moore, among others, Metasploit has already made 
a name for itself by publishing details of a number of serious flaws in 
high-profile software programs, including products made by Microsoft and 
Apple.

Unlike in other countries such as Germany, where that country's Chaos 
Computer Club -- another national white hat hacker group -- receives 
government funding, U.S.-based hackers have few resources to turn to, 
according to Farr and Jesse Krembs, president of Hacker Foundation.

Other projects backed by the Hacker Foundation include efforts to get 
younger researchers into the wider community at a younger age to teach 
them the right way to go about their work, and a program to send people 
across the country, and even the world, to help rebuild IT systems after 
natural disasters such as Hurricane Katrina.

One of the groups' more significant goals, beyond generating more 
industry financing through donations, is to open the series of "hacker 
spaces" it would like to see established in different regions of the 
country to give researchers someplace to work freely, and in unison.

Like Internet cafes for the teenagers, the facilities would pitch 
themselves as convenient places for researchers to carry out their work 
and meet other hackers. By opening centers that offer free access to 
large amounts of bandwidth and other computing infrastructure, 
researchers would be able to create things they are unable to build on 
smaller home systems, and turn to colleagues when they need help or 
advice.

Although no plans are in place to open an official Hacker 
Foundation-sponsored research location, the group believes it isn't far 
from seeing the idea brought to fruition.

Washington is among the regions being considered for the initial 
facility, although rent is relatively high in the city, group leader 
noted.

"There is a strong core of people here who want to build the first 
prototype in [Washington] D.C., but if you think you have a critical 
mass to build something like this where you live, just let us know and 
we can help," Farr said. "This group was designed to take these great 
ideas that people in the community come up with and build an 
infrastructure that makes it possible for them to happen. There are a 
lot of people interested in this type of research, but almost no formal 
support for these types of projects in this country."

In perhaps its most optimistic scheme to date, the Hacker Foundation is 
also planning an unprecedented movable feast of white hat researchers 
that will begin with the Defcon hacker confab in Las Vegas in early 
August 2007.

>From that notorious hacker show, the group is chartering a private 
>plane
that will fly directly to Germany for the CCC's annual hacker show, with 
white hat activities planned for the trip.

In addition to the freedom to bring whatever unusual boxes of gear they 
would like to display or use at the show, which has become tough to do 
on commercial flights, the $5,000 per person trip will include 
round-trip airfare, all the food and drink attendees seek in transit, 
and on-board meetings to discuss events at the two industry shows.

The Hackers on a Plane adventure is just the sort of white hat industry 
fraternization that the group's organizers are hoping to spread.

"We realized that all hackers don't have a place to meet and try out new 
things, as people in places such as Germany have been doing," Krembs 
said. "We want to make that happen in the U.S.; hackers need a space to 
learn, develop, and display their skills. We're very social creatures 
despite what people think and socializing the critical mass of hackers 
is a great way to make new things happen."


_________________________________________
Visit the InfoSec News Security Bookstore
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Sun Mar 25 2007 - 22:39:31 PST