Forgot your password?
typodupeerror
Security Government News

Hacker Jeff Moss Sworn Into Homeland Security Advisory Council 139

Posted by Soulskill
from the different-kind-of-expertise dept.
Wolfgang Kandek writes "Hacker Jeff Moss, founder of computer security conferences DEFCON and Black Hat, has been sworn in as one of the new members of the Homeland Security Advisory Council (HSAC) of the DHS. Moss, who goes by the handle 'the Dark Tangent' says he was surprised to be asked to join the council and that he was nominated to bring an 'outside perspective' to its meetings. He said, 'I know there is a new-found emphasis on cybersecurity, and they're looking to diversify the members and to have alternative viewpoints. I think they needed a skeptical outsider's view because that has been missing.'"
This discussion has been archived. No new comments can be posted.

Hacker Jeff Moss Sworn Into Homeland Security Advisory Council

Comments Filter:
  • by h00manist (800926) on Saturday June 06, 2009 @01:34PM (#28234455) Journal
    Either he resigns in disgust or becomes assimilated.
    • by cromar (1103585) on Saturday June 06, 2009 @01:45PM (#28234543)
      It's better than hackers not having any voice in government. I commend him. If he is able to turn around even one asinine governmental security policy, it's a step forward at least. Who knows? Maybe the US government will come to recognize us as the valuable resource we are because of our intimate knowledge of the systems that make up the modern world. Maybe hell will freeze over, pigs will fly, and the cows will come home. Well we can hope anyway!
      • Re: (Score:3, Insightful)

        by h00manist (800926)
        I've heard of various friends working in governments of threats, bribes, and turning a blind eye. Having a voice is great of course, and resigning in disgust is proper use of that voice. But to stay inside and really use your voice means either being threatened with being fired (at best), or saying things that you are allowed to, meaning, what was approved, not the full unabridged truth. If they let him in on some scope of attacks that happen all the time, say he is going to be helping, and offer him a sa
        • by Hurricane78 (562437) <deleted.slashdot@org> on Saturday June 06, 2009 @03:10PM (#28235297)

          Nah. He can still "leak" stuff. (Hey, they asked him to be their expert. If he can't circumvent their "leak protection" [whatever that might be], then nobody can. ^^)

          He can also destroy them from within, in case they become/are too evil to bear.

          It's nearly impossible for this to be bad for us. :)

          • Re: (Score:3, Interesting)

            by ErikTheRed (162431)

            Yeah, but would he be able to avoid canary traps [wikipedia.org]?

            • Easy. He just would have to spread his version to all other people that he is allowed to discuss this with. A canary trap does not work when people can share the information anyway.

              A good social engineer (or spy/agent) should know such stuff. ^^

      • Re: (Score:3, Insightful)

        by crush (19364)

        Give me a break. It's another talented, unethical scumbag joining up with the even bigger scumbags in government so that they can fuck us over more efficiently. Immunity and privilege for him, surveillance for the rest of us.

        • Re: (Score:2, Funny)

          by easyTree (1042254)

          At least you partly benefit. Less of your tax dollars needed to fuck you over ;D

        • Re: (Score:1, Flamebait)

          by merc (115854)

          It's another talented, unethical scumbag joining up with the even bigger scumbags in government

          Why the hell do you say that? Do you even know Jeff? As someone who does I can tell you your statements are ridiculous, why don't you shut the fuck up before you end up looking even stupider than you already do?

    • by TheLink (130905)
      Well it's change. He's probably not one of them yet.

      I doubt Obama can replace the entire council. So hope it works out well. Or it's back to "same old same old".
    • by telchine (719345) *

      He's a poacher turned gamekeeper?

      • Not quite (Score:5, Insightful)

        by WilliamBaughman (1312511) on Saturday June 06, 2009 @02:37PM (#28234901)
        I'll take the bait. The phrase "poacher turned gamekeeper" refers to someone who now protects the interests they previously attacked. Jeff Moss never (in public knowledge) attacked the security of the United States. He has exposed weaknesses in various security systems, but that's often considered helpful. It would be more like a naturalist with a BA in Criminal Justice turned gamekeeper.
        • Re: (Score:3, Funny)

          by hedwards (940851)
          Where have you been? The federal government frowns on talking about obvious security holes because doing so makes them exploitable. As long as we pretend that the DoD and other government agencies are properly securing their networks the crackers can't get in.
          • Re:Not quite (Score:5, Interesting)

            by _Sprocket_ (42527) on Saturday June 06, 2009 @05:17PM (#28236519)

            Where have you been? The federal government frowns on talking about obvious security holes because doing so makes them exploitable. As long as we pretend that the DoD and other government agencies are properly securing their networks the crackers can't get in.

            And where have you been? I've been inside the federal government. I've seen them (us) use all that public knowledge and tools to deal with the security issues we've had. I've attended security conferences on the Fed's dime where information from open discussions were brought back to help deal with our vulnerabilities. The Feds have benefited greatly from open security discourse. That's not to say the Fed is effective with infosec. In recent years they've woken up to the fact that they're sorely lacking. Unfortunately, their response has been to turn the issue in to an exercise in red tape that generates a lot of effort - only a fraction of which goes to actually securing the systems involved. And that's why we get agencies that think they've secured their networks when they haven't (the more redtape exists, the more loopholes there are). It's not all a case of the Emperor's New Clothes.

            • Re: (Score:3, Informative)

              by TubeSteak (669689)

              And that's why we get agencies that think they've secured their networks when they haven't (the more redtape exists, the more loopholes there are).

              The name of the House Committee escapes me, but they do yearly reports on computer security and gov't agencies regularly get Ds (up from their previous Fs).

              http://csrc.nist.gov/groups/SMA/fisma/index.html [nist.gov] demonstrate its compliance with the security requirements as opposed to how well the requirements are actually implemented.

              • Re: (Score:3, Insightful)

                by _Sprocket_ (42527)

                The name of the House Committee escapes me, but they do yearly reports on computer security and gov't agencies regularly get Ds (up from their previous Fs).

                The big question is what do these grades really mean? Do they really provide any true indication as to how effective the Government is at securing their systems? Is a 'D' all that much better than a 'F'? And what does it mean if an organization manages a 'B' (mine did)?

                But at the same time, I get a feeling that it sort of does give an impression as to where things are. A 'D' just isn't all that great. But it is better than a 'F'.

                My little nook of the Fed world improved over the years. Infosec took

    • The first image I got was Neo being taken over by Agent Smith. You'll like being me, Missster Anderson!

    • by ErikTheRed (162431) on Saturday June 06, 2009 @04:46PM (#28236253) Homepage

      Oh, I think he'll be fine.

      Just don't be surprised when all of a sudden "Hail to the Chief" gets replaced with "All your base are belong to us."

    • In January, Moss gave a keynote presentation at the DoD Cyber Crime Conference [dodcybercrime.com]. I wonder if his presence there helped put him into this new position. It really made him public to the government there :)
  • by Goatboy (22601) on Saturday June 06, 2009 @01:36PM (#28234471)

    That Obama chap keeps making some inspired decisions - we could do with someone like him over here (UK) to bring a bit of change.

    • by Anonymous Coward on Saturday June 06, 2009 @01:44PM (#28234535)

      Quite a few of us back here would like him to be over there as well.

      • AMEN to THAT, Brother.....

  • by Tyrun (944761) on Saturday June 06, 2009 @01:38PM (#28234481)
    This is actually a great step forward. Why not have some of the best hackers review our current practices?
    • We already do. They're called the NSA.

      • by rtfa-troll (1340807) on Saturday June 06, 2009 @03:12PM (#28235315)

        Technically, you are certainly right. The NSA are brilliant in practical cryptography etc.. However, the current security disaster we call the internet is directly linked to the NSA. If they hadn't been so determined to block strong crypto for so many years; if they had actually understood the importance of computing security to the future of their nation; if they had done their job right, many things could be better. Some sensible mechanism like IPSEC could easily be standard everywhere. A civilian standard for basic secure systems could be widely recognised. Many consumer standard systems could have much better security. Having them decide cyber security policy has been a disaster which has left the commercial infrastructure of the USA and the rest of the world needlessly insecure. Having people from the outside who actually see this has to be better.

      • Re: (Score:3, Funny)

        by Hurricane78 (562437)

        I think he meant white hat hackers. ^^

  • by Jawn98685 (687784) on Saturday June 06, 2009 @01:39PM (#28234497)
    Seriously. I have no doubt that Jeff has the chops and the "perspective" that has definitely been "missing". I watched the eyes of Richard Clarke and his entourage glaze over at a "town hall" meeting with the "President's Critical Infrastructure Protection Board" (or whatever they called it then) in Portland about 8 or 9 years ago, as some very smart security folks told them what was coming and what needed to be done. Honestly, I don't know if they just couldn't grasp the issues or if they were more interested in political play, but the message was quite plain; "the government" was going to be no help in securing things. Political inertia being what it is, I doubt that much as changed, the current administration's well-meaning efforts notwithstanding. Jeff is in for a frustrating ride, I fear.
    • by MeatBag PussRocket (1475317) on Saturday June 06, 2009 @01:43PM (#28234529)

      perhaps... just perhaps his background (read: _not a stuffed shirt_ ) will allow him to say "look, this is a problem and if you dont realise it you're an idiot and these are the very real consequences" hes not beholden to any voter or company and has no political baggage. if the sky is falling he can definily say it is without worrying about constituents or political parties

      • if the sky is falling he can definily say it is without worrying about constituents or political parties

        But if they don't believe him, what good does it do?

    • by malkavian (9512) on Saturday June 06, 2009 @02:11PM (#28234719) Homepage

      He may employ a similar tactic to the one I use when I have to deal with people above me in political clout on issues of a technical nature
      Rather than play their game, I simply produce a highly condensed set of the major risks that would be caused if the activity I recommend does not take place, then wander round to whoever it is that's trying to hold it all up/derail it, and get them to sign at the bottom of the page (has to fit on one side of paper) saying they agree that the risk is all on their own head and that they accept it entirely be not performing the activity.
      You then leave with a signature, or the support for the activity. You'd be surprised by how many people don't even try to understand the matter until their head is on the block for it. The pen is truly mightier than the sword sometimes.
      If they don't sign, they lose a lot of respect for trying to dodge the matter.

    • by The Dark Tangent (660926) on Saturday June 06, 2009 @09:52PM (#28238273)
      Thanks for the encouragement! I serve at the pleasure of the Secretary, and will do my best to give the HSAC and her the information and opinions I think are necessary to make informed and non-lame decisions. The rest will be up to the powers that be. Like someone said in another post, I have no horse in this race. I'll try to make a positive change and if I feel I can't because I am the wrong person for the job then I'll step aside for someone who can.
    • IF what you say is true, his eyes likely glazed over because he already knew the information and warned the Bush administration multiple times with no equivocation, and even included several action plans, as this 2001 memo clearly documents: http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB147/clarke%20memo.pdf [gwu.edu]

      That very memo (one of many) may possibly even include some of what those 'smart security folks' said.

      Funny how despite numerous warnings and plans of action from various intelligence organizations, the Exec

  • I think she just watched the 1993 SciFi movie "Demolition Man" with Sylvester Stallone and Wesley Snipes:
    "Send a maniac to capture a maniac".

    While I understand the gut PR logic, I fail to understand how it translates into anything but "We're thinking outside the box" political cover. I think Janet Napolitano is anxious to be seen looking open minded after the "Veterans are possible terrorists" memorandum that leaked out.

    • Re: (Score:3, Interesting)

      by Repossessed (1117929)

      Jeff is hardly a maniac, he's an expert in computer security. Far from a PR stunt, this is an effort to get somebody who knows how to secure computer systems involved in *gasp* security.

  • by Anonymous Coward on Saturday June 06, 2009 @02:27PM (#28234825)

    I guess I'll give the perspective here of a very small (yet dedicated) section of the hacker community. I have retired from hacking, but the hacker community still interests me, and I feel a responsibility with some others in guiding it.

    As far as myself, I was on H/P sub-boards of BBSs in the early/mid 1980s, and did use the Feature Group B (950-XXXX) codes they posted to phreak, but I put that aside because I did not begin to seriously hack (and phreak) until 1989, and I retired in 1996, the day I began working for an ISP. I personally have met many members of LoD, MoD, BoW, l0ck and so forth, have gone to many cons and 2600 meetings, have gone on trashing runs, talked to them on "confs" (conference calls), on BBSs, IRC etc.

    Perhaps I'll search for more original links later, but Gweeds speech [theregister.co.uk] at H2K2 in July 2002 is what was really the clarion call of the white hat backlash. That speech was great, and expressed what I felt for a long time but hadn't heard anyone else say.
    This [phiral.net] web page is dedicated to the white hat backlash as well.

    Actually, the anti-whitehat movement in my mind has itself already split. There are the older people like me, Gweeds and some others who primarily want to delineate this line between hacking and the security industry. They are two separate things, in fact, they are against each other - the security community arrests and jails hackers. The idea that there can be a grey hat who is between white hat and black hat is ridiculous, you are either a hacker, or you are working for the security industry and law enforcement. I think even a lot of anti-hacker people would agree with us on that one.

    Most of us are older, most of us don't hack any more, and the people in this movement or tendency that Gweeds became a spokesman for I have noticed are also in the anarchist movement. After all, Gweeds talked about anarchism a lot, I have been involved in the anarchist movement, and I know others of our mindset (some who I feel have expressed sympathetic sentiments are in the cDc).

    I myself more than most of this group are in a political plain at the cross-section of anarchism and Marxism. So being one more of a dialectic bent, I think the progression of what has happened - people hacked until the mid 1990s, in the mid 1990s many hackers entered the security industry and the hacking movement died out to a large degree, then Gweeds made his speech in 2002 and the hacking movement is still moribund, but has some more self-awareness now anyhow. The rise and fall of IT with the dot-coms caused a chain of reactions. Perhaps the rise and fall of IT within FIRE (Finance, Insurance and Real Estate) will have some reaction as well.

    I think what is more important is I think the expression of the "hacker ethic" has always been bullshit. Whether it was what the Mentor said, or that Phrack or 2600 talked about. 2600 has said things like "Companies should be glad we're hacking as we're showing them holes before the bad guys do" which sounds ridiculous to me from a hacker perspective, and I'm sure sounds ridiculous to law enforcement and companies being hacked. Gweeds, and some of the people who picked up the torch of what he said have refined that.

    I myself think another criticism has to be made, not just of the white hats, but of the crowd which I'll call the 4chan/Anonymous crowd. I think what they're doing is a new development, is sort of in the spirit of hacking, but misses the boat in a few ways.

  • Many moons ago, after a 2600 meeting, a bunch of us converged at a coffee shop. Dark Tangent & his friends were there. He had a laptop with a webcam attached to it(supposedly recording). Yet he raised a stink when someone else tried to take a picture of him. Do as I say, not as I do?

    • Re: (Score:3, Interesting)

      Um, no, you have remembered incorrectly. There as a girl with you taking film pictures of myself, Dom, K0re, and another person and trying to be clever about it. I turned a non functioning web cam around at your group to essentially say "It works both ways"
  • Holy Crap! (Score:5, Funny)

    by Bob9113 (14996) on Saturday June 06, 2009 @03:16PM (#28235357) Homepage

    This almost makes me believe that the government is serious about cyber-security.

    Now, next, add a Constitutional Rights specialist from the EFF or ACLU and I might have an honest-to-goodness heart attack.

    • This almost makes me believe that the government is serious about cyber-security.

      I'm sure they're serious about not looking like total incompetents. But a token expert probably won't have an impact on actual policy, especially when the expert tells the government it ought to butt out of an issue.

      I'll be thrilled to be proven wrong on that.

  • by It's the tripnaut! (687402) on Saturday June 06, 2009 @03:36PM (#28235591) Homepage
    Kevin Mitnick and Adrian Lamo do not seem to like the idea of Moss getting the nod. Mitnick prefers Bruce Schneier while Lamo believes Moss is a suit, "the reality is he's as corporate as hiring someone out of Microsoft."

    I wonder what the reaction in the tech community would have been had the 2 above gotten the call instead.
  • It's a trap!
  • by jcr (53032)

    It's going to be a lot easier at the next Defcon. Or, is he just going wear an "I am the fed" t-shirt for the whole conference?

    -jcr

  • by liveammo (977628)
    Of course Jeff Moss was invited into the Homeland Security Advisory Committee, he has been organizing events for over ten years to collect information about hackers in the computer underground. Anyone who goes to DEFCON or Black Hat is immediately "on the radar" of every three letter agency here and abroad. He's an FBI stooge, always has been, always will be.
  • by liveammo (977628)
    Jeff Moss initially got started as an FBI informant working with members of the "Legion of Doom"; his FBI handler was named Dick Brandis, a former polygrapher for the Pittsburgh PA Federal Bureau of Investigation. Brandis eventually ended up resigning from the Pittsburgh FBI for taking classified government information home with him and establishing his own network of hackers that Moss et al would get into compromising positions and then blackmail for information and unpublished exploits.
  • Isn't it an oxymoron: "hacker" and "Homeland Security Advisory Council" in one sentence. How about : A well known criminal John Doe joined the police force

    OutputLogic [outputlogic.com]
  • In the original 2nd amendment way, Every able-minded hacker is now in the hacker militia, it is now okay to hack computers in foreign countries... ;)

  • Grats DT (Score:4, Informative)

    by dave562 (969951) on Saturday June 06, 2009 @10:33PM (#28238493) Journal
    Having been at Defcon 1 and seen how far things have come, I have nothing but respect for DT and what he has done. It's funny how times change. To have gone from an environment where people were paranoid about "the Feds" even knowing who was attending the conference, to having the organizer of the conference working for the Feds, is a real change. He has the contacts and the insider knowledge of what the threats are. The government made a smart choice by hiring him. Now, DT... since my tax dollars are going into your pocket, how about a free admission to the next con? -Phax
    • by jhfry (829244)

      The question is, when they say he is working for the Feds does it mean that he is working for "the people" by helping the Feds improve security, or is he working for the Feds to push their own agenda.

      I, would like to believe that DT's contributions will be in the interest of the users of technology, balancing security and openness, and showing the government how being more open about technology can actually improve security.

      Only time will tell if DT can maintain the respect of the pro-hacker community and t

  • I applaud Obama, he has the right mind frame for getting cyber threats under wraps.
    Fight fire with fire....so get a hacker on board, to level the playing field.
    (Just make sure to always keep him either so terrified of not cooperating by suggesting his family might be on grave danger because he is now consorting with the gov. that they need supervision, and they will provide it just as long as he keeps on the up and up...
    which to me is not always the best, or keep him always interested in doing more and givi

FORTRAN is for pipe stress freaks and crystallography weenies.

Working...