Experts Gather For Hackers' Convention

Every year in Arlington, Va., thousands of computer security experts, hackers and FBI agents attend BlackHat in hopes of learning how to stop the next big cyber threat. Events include hacking competitions and training, as well as lectures on computer security.

Copyright © 2010 NPR. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

MELISSA BLOCK, host:

This is ALL THINGS CONSIDERED from NPR News. I'm Melissa Block.

And it's time now for All Tech Considered.

(Soundbite of music)

BLOCK: They call it the Black Hat conference, a meeting held every year to talk about cyber security. These day's corporations and governments are worried -really worried because cyber attacks are growing by the day.

And as Nate Plutzik reports, the bad guys are getting smarter and more ambitious.

NATE PLUTZIK: Jeff Moss is a renowned security expert. He founded the Black Hat conferences with hopes to bring in together experts to combat the growing threat of malicious hackers.

Mr. JEFF MOSS (Security Expert; Founder, DEFCON): Well looking into the future what are the security researchers and hackers doing today? Why are they doing it today? And where is that leading?

PLUTZIK: Hacking is taking apart electronics to understand how they work. Malicious hackers can use their skills to digitally steal a person's identity or private information. Mike Bailey is a security expert at Foreground Security. He gave a presentation on hacks he found in several social media Web sites.

Mr. MIKE BAILEY (Senior Security Researcher, Foreground Security): Some of the sites that I found these kinds of things are include Twitter, Facebook, Yahoo, Gmail, PayPal, Apple, Microsoft - the list goes on and on. And, I mean, these aren't small Web sites. Frankly these people have good security teams.

PLUTZIK: Bailey says that many of these attacks are not difficult to do. For example, a software glitch he found on Facebook could allow a malicious hacker to take over your profile and pretend to be you.

Mr. BAILEY: It just required them viewing my Web page and it would compromise their Facebook account. In this case, they read out the contents of the inbox and sent them to my server. Honestly, I could do anything. I mean anything you can do with your Web browser to Facebook, I could do through you.

PLUTZIK: Moss says the problem is that often these findings are ignored by corporate or government officials who don't want to hear bad news. They ask...

Mr. MOSS: Why couldn't you've just told us about the problem? It's like, well, we did. But you didn't believe us. That's the problem with the corporate America. That's problem with the government.

PLUTZIK: Andy Freed(ph) worked as a federal agent for 26 years. He thinks law enforcement has been largely ineffective at solving the crisis.

Mr. ANDY FREED (Former Federal Agent): My analogy was always that I felt like a sheriff on a horseback trying to catch speeding Ferraris. We know what they're doing we just can't get there fast enough. So, realizing that what works well if all the criminals were in the U.S. doing things to U.S. citizens doesn't work so well, when the criminals are from Eastern Europe attacking U.S. citizens.

PLUTZIK: Jeff Moss says cyber attacks are becoming much more sophisticated.

Mr. MOSS: The bad guys now have a budget. They've got a staff. They've got a mission statement. This is a business to them. And they'll send people to schools. They'll send them to training. They treat this as a business.

PLUTZIK: Freed and others first started to attend Black Hat to meet helpful hackers who could give them insight into these increasingly complex cyber attacks.

Mr. FREED: You know, as a law enforcement officer, I wanted to meet people so that when I needed help I had somebody to reach out to. I mean, there are some hard and bad people out there we need to be targeting.

PLUTZIK: Moss hopes Black Hat conferences will provide a place for helpful hackers and security experts to get together to stop these threats. But he isn't sure that the problem will go away.

Mr. MOSS: We don't ever really kill the old problems. What happens is things are moving so quick on the Internet, things are getting updated, new things are coming out, we tend to just sort of tamp down the fire and move onto the next thing. The world is creating technologies faster than we can secure them, faster them we can even comprehend how they're going to be used.

PLUTZIK: Black Hat conferences are spreading around the world. Later this year they'll be held in Barcelona, Abu Dhabi and Las Vegas. Moss hopes the conferences will help security posses catch up with the fast moving hackers.

For NPR News, I'm Nate Plutzik.

Copyright © 2010 NPR. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to NPR. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.

Support comes from: