Calling on all the good hackers: It’s time for culture change
LAS VEGAS — Against a backdrop of cyberattacks that have grown into full-fledged sabotage, Facebook chief security officer Alex Stamos brought a sobering message Wednesday to hackers and security experts at the Black Hat conference.
In short: it’s time for hackers once known for relatively harmless mischief to shoulder responsibility for helping detect and prevent major attacks that threaten billions of internet users around the world.
The Black Hat security gathering, happening this week in Las Vegas, follows a series of attacks and data breaches that have paralyzed hospitals, disrupted commerce, caused blackouts and interfered with national elections.
Stamos joined Facebook from Yahoo, which last year disclosed breaches of more than a billion user accounts .
“People now know how important it is to build secure systems to underlie our civilization,” Stamos said at a keynote speech. “A topic that was once considered fringe, a topic that we had to fight for respect for, is now on the front page of every newspaper pretty much once a week.”
Stamos called for a culture change among hackers and more emphasis on defence — and basic digital hygiene — over the thrilling hunt for undiscovered vulnerabilities. And he called for diversifying an industry that skews white and male, and generally showing more empathy for the people whom security professionals are tasked to protect.
“It’s unfair for us to say that users should be better,” said Stamos, challenging his profession to find better ways to help people solve the most common vulnerabilities, such as reuse of passwords , email phishing attempts , and not updating devices to patch bugs.
Black Hat has matured since what Stamos, a longtime attendee of the computer security conference, described as its “edgy and transgressive” early days. It has grown more professional and corporate over time. But many of the “really sexy, difficult problems” that security researchers dwell on are far more complicated than the problems that usually harm the average user, he said.
The Nevada event is known for its spectacular demonstrations, such as a hack to spit cash out of an ATM or take remote control of an internet-connected car. Part of that is because of the healthy intellectual curiosity of hackers, but it’s also driven by marketing and economic incentives, Stamos said.
“I appreciate the showmanship, but we need a little more thoughtfulness, a little less showmanship in our field,” Stamos told reporters after his speech.
Others are also calling for a broader focus on defensive techniques.
“We should celebrate defence,” said conference attendee Amit Yoran. “We focus on the threat of the day, the attack of the day, instead of focusing on the foundational issues.”