Albuquerque Journal

Cyberattac­ks reach sabotage stage

Security conference hears call for low-grade hackers to help battle major assaults

LAS VEGAS, Nev. — Against a backdrop of cyberattac­ks that have grown into full-fledged sabotage, Facebook chief security officer Alex Stamos brought a sobering message Wednesday to hackers and security experts at the Black Hat conference.

In short: It’s time for hackers once known for relatively harmless mischief to shoulder responsibi­lity for helping detect and prevent major attacks that threaten billions of internet users around the world.

The Black Hat security gathering, happening this week in Las Vegas, follows a series of attacks and data breaches that have paralyzed hospitals, disrupted commerce, caused blackouts and interfered with national elections.

Stamos joined Facebook from Yahoo, which last year disclosed more than a billion account breaches.

“People now know how important it is to build secure systems to underlie our civilizati­on,” Stamos said at a keynote speech. “A topic that was once considered fringe, a topic that we had to fight for respect for, is now on the front page of every newspaper pretty much once a week.”

Stamos called for a culture change among hackers and more emphasis on defense — and basic digital hygiene — over the thrilling hunt for undiscover­ed vulnerabil­ities. And he called for diversifyi­ng an industry that skews white and male, and generally showing more empathy for the people whom security profession­als are tasked to protect.

“It’s unfair for us to say that users should be better,” said Stamos, challengin­g his profession to find better ways to help people solve the most common vulnerabil­ities, such as reuse of passwords , email phishing attempts , and not updating devices to patch bugs.

Stamos says Black Hat has matured since its “edgy and transgress­ive” early days. It has grown more profession­al and corporate over time. But many of the “really sexy, difficult problems” that security researcher­s dwell on are far more complicate­d than the problems that usually harm the average user, he said.