Hackers focus on preventing attacks
user accounts that dated back to 2013 and 2014.
Black Hat, now in its 20th year, has matured since what Stamos, a longtime attendee of the computer security conference, described as its “edgy and transgressive” early days. It has grown more professional and corporate over time.
Stamos called for a culture change among hackers and more emphasis on defense — and basic digital hygiene — over the thrilling hunt for undiscovered vulnerabilities. And he called for diversifying an industry that skews white and male, and generally showing more empathy for the people whom security professionals are tasked to protect.
“It’s unfair for us to say that users should be better,” said Stamos, challenging his profession to find better ways to help people solve the most common vulnerabilities, such as reuse of passwords, email phishing attempts, and not updating devices to patch bugs.
Stamos announced that Facebook is investing $1 million to encourage defensive security research through an upcoming contest.
He also revealed the company will contribute $500,000 to a Harvard University-based bipartisan election-security project. That effort will be co-led by former presidential campaign officials for Democrat Hillary Clinton and Republican Mitt Romney. Facebook and its rival Google will help create an informationsharing and analysis hub that Stamos said could help local officials and campaigns prevent attacks.
Stamos isn’t the only one calling for a broader focus on defensive techniques.
“We should celebrate defense,” said conference attendee Amit Yoran, CEO of Columbia, Maryland-based security firm Tenable, and a former cybersecurity official during the administration of President George W. Bush. “We focus on the threat of the day, the attack of the day, instead of focusing on the foundational issues.”
But some attendees — Stamos among them — also point out that the bugsquashing hacker ethos still plays an important foundational role in helping to understand what needs to be fixed.
“Every single hacker is going to start by attacking and trying to hack things,” said Jaime Blasco, a chief scientist at San Mateo, Californiabased Alienvault, who has been trying to compromise systems since he was a 12year-old growing up in Spain. “I don’t think it’s bad.”