An Inside Look At The Hacker Conferences
DAVID GREENE, HOST:
Thousands of computer hackers are in Las Vegas right now for two major hacker conventions this week. One is called DEF CON, and the other's called Black Hat. Now, lest you just think these are just gatherings of computer geeks trying to break into your bank account or tap into your text messages, there is a lot more to these events. We called NPR's Steve Henn, who's in Las Vegas, checking out what's going on. Steve, good morning.
STEVE HENN, BYLINE: Good morning.
GREENE: OK. So we have these conventions of hackers taking place. What are they, and what's the difference between the two?
HENN: Black Hat has kind of a corporate feel to it. People who go to this conference try to network and get business. It's the security technology industry conference. DEF CON's older and bigger and a little bit wilder. Feels more like a techie, hippie, libertarian festival. And DEF CON started 21 years ago. And in the beginning, I'm told it was a pretty ragtag group, largely of kids. You know, they created this conference as a safe place for hackers of all stripes to get together and show off what they were working on and meet each other. Remember, a lot of these people spent hours communicating on sort of the proto-Internet. But they hadn't actually met.
Over the years, you know, computer security became an industry. So, fast forward to the late-'90s. The computer industry had woken up to the fact that security issues were big problems. And that's when Black Hat was born, when they realized that the industry itself needed a convention also. So, today, there are two conferences. They both have ethical hackers showing off what they can do, but they still have really different feels to them.
GREENE: And, Steve, you say ethical hackers. And that's an interesting question, because hacking is sometimes something that can run you afoul of the law. I mean, have any of these people who attend this conference done things that can be considered illegal?
HENN: Well, sure. You know, lots and lots of people attend DEF CON. But the idea of ethical hacking is that you find a vulnerability in a product that lots of people use, and you disclose it responsibly. Usually, that means, you know, reaching out to the company, letting them know that something about their product might make people vulnerable to an attack, or having their identity stolen and giving them a chance to fix it. One of the problems, though - especially in industries that aren't used to dealing with hackers - is they don't necessarily know how to handle someone who they've never heard of coming up and saying, hey, you know, we broke this, and people can get hurt.
GREENE: I've been in your computer system.
HENN: Right. And so this relationship is often fraught.
GREENE: I'm imagining rows of people sitting at computers, trying out ways to break into government or corporate websites. Is that what these events look like?
HENN: Well, you know, Black Hat really doesn't look that way, but at DEF CON - which, as I said, is a little bit wilder - there is something called the wall of sheep, where hackers will sit along a wall, and they will try to hack into the devices of attendees. And if they break into your device and figure out who you are, your name goes up on a board to sort of shame you for having, you know, lax personal cyber-security hygiene.
GREENE: Wow. That's one way to drive home you need to beef up your security. And, Steve, really interesting keynote address coming at Black Hat, General Keith Alexander, the director of the National Security Agency. And he's, of course, been taking a lot of heat for those revelations by former contractor Edward Snowden. It's pretty remarkable that he's come there, isn't it?
HENN: Yeah, that's right. A lot of people didn't expect him to show up. And not only is he delivering a speech this morning, he spent yesterday meeting privately with a group of high-level security industry leaders. There's a real lack of trust right now between this industry and the intelligence community. A lot of people in it are concerned that international clients are going to be afraid to store data in the United States if they feel that the NSA can just walk in and grab it. So, he's going to face a tough audience today.
GREENE: Thanks so much for coming on.
HENN: Oh, my pleasure.
GREENE: That's NPR's Steve Henn, and he's covering two hacking conferences in Las Vegas.