Upgrade to Pro — share decks privately, control downloads, hide ads and more …

A Place to Hang Our Hats: Security Community and Culture by Domenic Rizzolo

A Place to Hang Our Hats: Security Community and Culture by Domenic Rizzolo

Contrary to popular belief and media depictions, hacking is a social endeavor. By examining the evolution of various hacking groups and collectives over the years, we can glean valuable insight into the structure of today’s hacking space and security culture. From white hat companies to prison, we look at how innovation in exploits and anonymity have reformed and regrouped the hacking clubs of yore.

DOMENIC RIZZOLO
DUO SECURITY

Domenic Rizzolo is a Security Research Intern in the Duo Labs division of Duo Security, studying Math and Complex Systems at the University of Michigan. He’s very interested in what exploring security and hacking culture from an historical context can tell us about modern security issues. He has no hat, as he is a very recent addition to the Duo Security team and the infosec community. Generally, he is interested in analytic solutions to social science problems.

Duo Security

August 12, 2014
Tweet

More Decks by Duo Security

Other Decks in Technology

Transcript

  1. A Place to
    Hang Our Hats
    Security Community and Culture
    @NotDomenic

    View Slide

  2. Full Disclosure

    View Slide

  3. View Slide

  4. View Slide

  5. View Slide

  6. The Alpha and the Omega
    Kevin Mitnick was the
    first and only hacker,
    lead Anon to glory, took
    down the FBI, made Tor
    untraceable, and hacked
    the alien mothership on
    the 4th of July.

    View Slide

  7. View Slide

  8. while author != tech_literate:
    if narrative < truth and news_day == slow:
    story = facts.sensationalized() + scare_factor
    print headline.cyber() + story
    else:
    print repackaged_content.rand()
    Let’s Make an Algorithm!!

    View Slide

  9. (Sidebar)
    Terms to avoid:
    ● “Cyber”.*
    ● Console Cowboys
    ● Authentification
    ● Cracker (confusion)

    View Slide

  10. View Slide

  11. Out of the Fire, Into the Flame War
    ● LOD & MOD
    ● DOJ & over-curious young people
    ● Lulzsec & Anonymous
    ● Groups like w00w00, l0pht, [insert group
    you’re outraged I didn’t include]

    View Slide

  12. Guiding Question
    Are we seeing significant changes and declines
    in hacker culture and the size of the hacking
    community?
    Maybe?

    View Slide

  13. Growth Led to Decline
    Proposal: Growth in the security community
    has changed its values and makeup.
    ● Corporate Growth
    ● Law Enforcement Growth
    ● Growth in Field Population

    View Slide

  14. Growth

    View Slide

  15. Growth

    View Slide

  16. View Slide

  17. Growth: FBI
    ● FBI Alone saw >350%
    growth in Intelligence
    Officers (support, non-
    special agents) in 90’s
    ○ 1992: 224
    ○ 2000: 1027

    View Slide

  18. View Slide

  19. Growth: NSA
    ● 11,000+ new employees
    between 2001-2013
    ● Fort Meade Facility >
    Pentagon
    ● budget_nsa *= 2
    ● Private contracting companies
    ○ Pre-2001: ~150 companies
    ○ 2010: ~ 500 companies

    View Slide

  20. Growth

    View Slide

  21. Growth

    View Slide

  22. Growth: Punishment
    ● Congress and
    Lobbies push:
    ○ CFAA
    ○ USA PATRIOT Act
    ○ DMCA

    View Slide

  23. Growth: Punishment

    View Slide

  24. Growth of InfoSec: Decline of
    Goups?
    ● With a growth in both backing of and leaning
    on security infrastructure, disclosure has
    become more frequent
    ● Wouldn’t we expect to see more hacking
    collectives?

    View Slide

  25. Growth: C****-Crime
    ● Organized crime, sometimes even state-
    sponsored, have taken on some l33t haxors
    as assets.
    ● Dark Net, Botnets, Anonymity Tools
    disincentivize strong open group
    collaboration
    ● Major busts: Just one leak

    View Slide

  26. Growth: Responsible Disclosure
    ● Old Crackers, Sneakers now have avenues
    to pursue legitimate “cracking”, “sneaking”
    ○ More profitable ones too: Biggest bug bounties now
    worth 3.877+ ISS’s
    ● Growing up, settling down, torrenting hacker
    children
    ● Less teenage angst

    View Slide

  27. Enter Enterprise
    ● Students &
    youngins’ pursuing
    entrepreneurial and
    app “hacks”

    View Slide

  28. Omnipresent: Troll & Co

    View Slide

  29. Omnipresent: Troll & Co

    View Slide

  30. Thank You’s
    ● Zach Lanier
    ● Chris Czub
    ● Vikas Kumar
    ● Mark Stanislav
    ● Jon Oberheide
    ● Tyler Shields
    ● Your patience for n00bs

    View Slide

  31. Q & (Hopefully) A

    View Slide