A year after Snowden, DEF CON and government agencies are friends again

A man types on a computer keyboard in Warsaw in this photo illustration. (Kacper Pempel/Reuters)

Last summer, with leaks from former National Security Agency contractor Edward Snowden sparking mistrust of the U.S. government by the cybersecurity community, one of the oldest and most influential hacker conferences, DEF CON, asked federal officials not to come.

But a year later, the conference is inviting the U.S. government back in and has announced not one, but two new partnerships with federal agencies.

The Federal Trade Commission announced Monday it would run a contest at DEF CON 22 this August to build a "honeypot" to lure in illegal robocallers.  "A robocall honeypot is an information system designed to attract robocallers, which can help experts and law enforcement authorities understand and combat illegal calls," the agency said in a statement.

The agency hosted its first public robocall challenge in 2012, garnering nearly 800 submissions. The challenge at DEF CON will consist of three standalone contents held throughout the conference.

Earlier in the month,  DARPA, the experimental research arm of the Department of Defense, announced it would host the finale of its "Grand Cyber Challenge" at DEF CON in 2016.  The two-year competition was announced last fall, and it will have teams develop automated systems to engage in a "capture the flag" type competition -- the same sort of security contest DEF CON normally hosts for human hackers. The winner of the final showdown stands to win $2 million cash prize, while second place can earn $1 million and third place $750,000.

Neither FTC or DARPA were key to the surveillance practices revealed by Snowden. In fact, both are arguably some of the more hacker-friendly agencies. The Internet was the result of research projects done by DARPA predecessor, ARPA, and the agency has actively recruited and worked with hackers. Meanwhile, the FTC has become the de facto cybersecurity and privacy enforcer when it comes to consumer rights. But DEF CON's relationship with the government has evolved over the years.

As recently as 2001, the feds arrested a Russian researcher who came to present a talk on e-book security.  But the first "Meet the Fed" panel at the conference happened back in 1999, and as the dearth of cybersecurity expertise in government became apparent, the feds increasingly seen DEF CON and events like it as potential recruiting grounds.

Jeff Moss, the organizer of the conference who is also known as "Dark Tangent," was appointed to the Department of Homeland Security's Advisory Counsel in 2009 -- and in 2012, then-NSA chief Gen. Keith B. Alexander gave a keynote at the conference. The increased attention to DEF CON and other hacker events from the government came as federal agencies worked to build out their own cyber-capacity -- in January 2013, the Pentagon approved a major expansion of U.S. Cyber Command from 900 to 4,900 total personnel -- and look for fresh talent.

But in the wake of the Snowden revelations last summer, Moss posted a blog dis-inviting government employees from the conference. "When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship," he wrote in a blog post, adding, "I think it would be best for everyone involved if the feds call a 'time-out' and not attend DEF CON this year."

Moss did not respond to a request for comment for this story. But many at the time saw his post as a political statement -- although others thought it may have been an attempt to maintain order at the conference.

Either way, it was seen as a set back for U.S. government attempts to ingratiate themselves into the hacker community. And in the year since the Snowden revelations, the ties between the NSA and some cybersecurity companies -- like the relationship between RSA and and the spy agency -- came under increased scrutiny.

Despite the partnerships with the FTC and DARPA, some of the talks scheduled for this year's DEF CON appear to include plenty of skepticism of NSA hacking practices. But the return to more cordial relations between the government at large and DEF CON may signal a return to a normalcy of sorts between hackers and the government so desperate to court them.

Andrea Peterson covers technology policy for The Washington Post, with an emphasis on cybersecurity, consumer privacy, transparency, surveillance and open government.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments
Most Read Business



Success! Check your inbox for details.

See all newsletters

Next Story
Hayley Tsukayama · June 16, 2014