Cyberattacks reach sabotage stage
Security conference hears call for low-grade hackers to help battle major assaults
LAS VEGAS, Nev. — Against a backdrop of cyberattacks that have grown into full-fledged sabotage, Facebook chief security officer Alex Stamos brought a sobering message Wednesday to hackers and security experts at the Black Hat conference.
In short: It’s time for hackers once known for relatively harmless mischief to shoulder responsibility for helping detect and prevent major attacks that threaten billions of internet users around the world.
The Black Hat security gathering, happening this week in Las Vegas, follows a series of attacks and data breaches that have paralyzed hospitals, disrupted commerce, caused blackouts and interfered with national elections.
Stamos joined Facebook from Yahoo, which last year disclosed more than a billion account breaches.
“People now know how important it is to build secure systems to underlie our civilization,” Stamos said at a keynote speech. “A topic that was once considered fringe, a topic that we had to fight for respect for, is now on the front page of every newspaper pretty much once a week.”
Stamos called for a culture change among hackers and more emphasis on defense — and basic digital hygiene — over the thrilling hunt for undiscovered vulnerabilities. And he called for diversifying an industry that skews white and male, and generally showing more empathy for the people whom security professionals are tasked to protect.
“It’s unfair for us to say that users should be better,” said Stamos, challenging his profession to find better ways to help people solve the most common vulnerabilities, such as reuse of passwords , email phishing attempts , and not updating devices to patch bugs.
Stamos says Black Hat has matured since its “edgy and transgressive” early days. It has grown more professional and corporate over time. But many of the “really sexy, difficult problems” that security researchers dwell on are far more complicated than the problems that usually harm the average user, he said.