A Place to Hang Our Hats: Security Community and Culture by Domenic Rizzolo

A Place to Hang Our Hats: Security Community and Culture by Domenic Rizzolo

Contrary to popular belief and media depictions, hacking is a social endeavor. By examining the evolution of various hacking groups and collectives over the years, we can glean valuable insight into the structure of today’s hacking space and security culture. From white hat companies to prison, we look at how innovation in exploits and anonymity have reformed and regrouped the hacking clubs of yore.

DOMENIC RIZZOLO
DUO SECURITY

Domenic Rizzolo is a Security Research Intern in the Duo Labs division of Duo Security, studying Math and Complex Systems at the University of Michigan. He’s very interested in what exploring security and hacking culture from an historical context can tell us about modern security issues. He has no hat, as he is a very recent addition to the Duo Security team and the infosec community. Generally, he is interested in analytic solutions to social science problems.

A02711a8124144850ed0076dfcc3f4a2?s=128

Duo Security

August 12, 2014
Tweet

Transcript

  1. A Place to Hang Our Hats Security Community and Culture

    @NotDomenic
  2. Full Disclosure

  3. None
  4. None
  5. None
  6. The Alpha and the Omega Kevin Mitnick was the first

    and only hacker, lead Anon to glory, took down the FBI, made Tor untraceable, and hacked the alien mothership on the 4th of July.
  7. None
  8. while author != tech_literate: if narrative < truth and news_day

    == slow: story = facts.sensationalized() + scare_factor print headline.cyber() + story else: print repackaged_content.rand() Let’s Make an Algorithm!!
  9. (Sidebar) Terms to avoid: • “Cyber”.* • Console Cowboys •

    Authentification • Cracker (confusion)
  10. None
  11. Out of the Fire, Into the Flame War • LOD

    & MOD • DOJ & over-curious young people • Lulzsec & Anonymous • Groups like w00w00, l0pht, [insert group you’re outraged I didn’t include]
  12. Guiding Question Are we seeing significant changes and declines in

    hacker culture and the size of the hacking community? Maybe?
  13. Growth Led to Decline Proposal: Growth in the security community

    has changed its values and makeup. • Corporate Growth • Law Enforcement Growth • Growth in Field Population
  14. Growth

  15. Growth

  16. None
  17. Growth: FBI • FBI Alone saw >350% growth in Intelligence

    Officers (support, non- special agents) in 90’s ◦ 1992: 224 ◦ 2000: 1027
  18. None
  19. Growth: NSA • 11,000+ new employees between 2001-2013 • Fort

    Meade Facility > Pentagon • budget_nsa *= 2 • Private contracting companies ◦ Pre-2001: ~150 companies ◦ 2010: ~ 500 companies
  20. Growth

  21. Growth

  22. Growth: Punishment • Congress and Lobbies push: ◦ CFAA ◦

    USA PATRIOT Act ◦ DMCA
  23. Growth: Punishment

  24. Growth of InfoSec: Decline of Goups? • With a growth

    in both backing of and leaning on security infrastructure, disclosure has become more frequent • Wouldn’t we expect to see more hacking collectives?
  25. Growth: C****-Crime • Organized crime, sometimes even state- sponsored, have

    taken on some l33t haxors as assets. • Dark Net, Botnets, Anonymity Tools disincentivize strong open group collaboration • Major busts: Just one leak
  26. Growth: Responsible Disclosure • Old Crackers, Sneakers now have avenues

    to pursue legitimate “cracking”, “sneaking” ◦ More profitable ones too: Biggest bug bounties now worth 3.877+ ISS’s • Growing up, settling down, torrenting hacker children • Less teenage angst
  27. Enter Enterprise • Students & youngins’ pursuing entrepreneurial and app

    “hacks”
  28. Omnipresent: Troll & Co

  29. Omnipresent: Troll & Co

  30. Thank You’s • Zach Lanier • Chris Czub • Vikas

    Kumar • Mark Stanislav • Jon Oberheide • Tyler Shields • Your patience for n00bs
  31. Q & (Hopefully) A