http://news.cnet.com/8301-27080_3-10377162-245.html By Elinor Mills InSecurity Complex CNet News October 19, 2009 Like many young hackers, Jeff Moss got his start copying computer games, learned how to program, and began to explore the world through a modem. Unlike many young hackers, Moss has managed to turn his computer and social-networking skills into a business. He founded Defcon, the first major hacker conference and the largest in the world, as well as Black Hat, its more corporate counterpart. And now he is helping the U.S. government, as a member of the Homeland Security Advisory Council. Moss talked to CNET News during National Cyber Security Awareness Month about his digital coming-of-age and how Google, Yahoo, Facebook, and other sites are putting consumer privacy at risk and jeopardizing social-justice movements around the world. This is the final installment of a two-part Q&A with Moss. Part 1 ran on Friday. Q: When you first started Defcon, that was what year again? Moss: Ninety-two, '93. I think I started planning in '92 and it happened in '93. So, things were different then. Can you talk about how the landscape has changed and what the real threats are now? Moss: I'd say the biggest change is just that money got involved and once money was involved it changed everything. Actually that's not true. Technology grew up. So two things: money and technology. Technology grew up and a lot of the original motivations for hacking sort of changed, at least for my generation. When Internet access is essentially free and Unix is free and phone calls are essentially free and pennies on the minute, not dollars on the minute, why do you need to steal a phone call when it's free? Why do you need to break into a university to read man (manual) pages on Unix when you can download free security guides online? You had to work so hard to learn something, and once you learned it you felt like it was yours. You made it yours by discovering it and figuring it out and sharing it with your friends. But now it's basically just handed to you on a Google search page so that motivation is just different now. Now it's not a question of figuring out how the SS7 phone switching network works. You can download 50 documents that tell you how it works. It's more about now the information is basically free what do you do with the information? How do you use it? Before it was about the quest for information; just getting your hands on the information was a victory. As soon as people started making money on the Net...during the dot-com boom, that's when you could see the impact. Everybody needed somebody with Internet skills. And at that time it was hackers and early adopters. So all the early adopters could go out and get paid for their hobbies. That changed the nature of it too. It became a job as opposed to a hobby. When the criminals finally caught on that there was some real money with low risk and potential high reward...once nation states and organized crime groups got involved, that was the end of the age of innocence. It happened really quickly; 10 years or so. It used to be that you could probably defend against the bored college student and a couple of his buddies and you could do some defensive maneuvers and watch your log and know when somebody is poking around (your network) and have a pretty good handle on things. But the amount of noise and the amount of scanning and the amount of resources that people can put against you now, its kind of...(laughs) I used to always say that large governments, military, and an EDS or a Microsoft, they've got the in-house talent to defend themselves and the budget to do it if they have to. But the SMBs, the small and medium businesses, they don't have the talent or the budget or the experience, so those poor companies are at a disadvantage in this kind of world... The technology hasn't matured to where you just plug it in and it works. You still need a certain amount of high-end talent if you want to be secure. So we're not at the point where you buy a car and you've got the air bag. We're not there yet. Every year the bar keeps getting raised and it's a little bit harder to break in. But that just means that the better-funded organized crime groups and governments could potentially be the last ones left standing. And when the attacks get so sophisticated and so subtle your average sec guy is not going to necessarily have the computer skills to protect against it. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Tue Oct 20 2009 - 00:18:38 PDT
This archive was generated by hypermail 2.2.0 : Tue Oct 20 2009 - 00:31:11 PDT