What is it about the association with the mysterious or sinister that draws us in? Maybe its edgier, slightly menacing connotation is just more interesting. We can only guess that was the inspiration behind information security trade shows like Black Hat that hits Las Vegas July 22-27 and DEF CON, which follows immediately after.
Their names reference hacker culture. Black hat describes those computer hackers with malicious intent as opposed to white hats that use their skills to benefit society, testing and assessing the security of online systems to prevent breaches. But these white hats could very well be reformed black hats. The line isn’t always clear. It takes the very same skills to protect computer systems as it does to successfully attack them.
No matter where on the spectrum they fall, there’s long been a media fascination with hackers. Think back to the early days in the 1980’s with War Games, then Hackers in the 90’s, and many others since. The debut of Mr. Robot in 2015 finally brought a more nuanced representation and embraced the good/bad duality. The main character, a “cybersecurity engineer by day, vigilante hacker by night,” brought at least a glimmer of realism to the screen with references to real-world hacks, leaks and breaches.
In a July 26 New Yorker piece, Emily Nussbaum called “Mr. Robot” a “parable of class rage with a vigilante anti-hero.” She continued, “Mr. Robot may be self-serious, but it’s also a rarity on TV, capturing a modern mood, an ambient distrust based on genuine social betrayals. For all its flaws, it feels like an alarm going off.”
There’ve been lots of reclusive young men in dark hoodies hacking for the challenge, financial gain or to exact revenge. It’s assumed that at least some black hat hackers have moved into the light or (gasp!) into cubicles, seduced by the perks and steady paychecks of a corporate existence. Of course the shadow element is still there. The poles just seem to have moved further to the extreme.
And the fascination continues – for good reason. Given the dominance of digital in our daily life, hackers that run the gamut from the annoying to the criminal to the downright terrifying are now daily media discourse. Groups like Anonymous, the loosely associated group of ‘hacktivists,’ or Edward Snowden, not so much a hacker but a cybersecurity criminal or ‘insider threat,’ have become modern-day heroes, at least to some.
Maybe that’s why the once subversive and authentic has gone mainstream or in one Black Hat attendee’s words ‘corporate.’ In part because what was once in the shadows is now so fully out in the open. High-profile recent data breaches span healthcare (Anthem), retail (Target and Home Depot), and banking (JP Morgan Chase) not to mention the more embarrassing Ashley Madison, which cost the company an estimated $850 million (as reported by the New York Times), and Sony. And the list goes on.
Security has come a long way from the Norton anti-virus days most of us remember. Companies risk tremendous scrutiny—including federal regulatory oversight—for not having the right protections in place. There is a lot at stake and often beyond immediate financial losses. In the face of losing public trust, the need for deft PR is paramount. It only stands to reason that security has become corporate. The focus has shifted to corporations because it had to – and it’s big business.
The cybersecurity show granddaddy of them all, the annual RSA Conference, which draws more than 40,000 attendees to San Francisco’s Moscone Center, is decidedly corporate focused and mainstream. It caters directly to companies that know what’s at stake and the sophistication needed to ensure their online systems and data.
DEF CON, held July 27-30 in Las Vegas, has retained its more subversive reputation and is considered the closest to its roots as a hacker show. Even its website, with its dark, menacing feel and animation-style graphics, has a less business-oriented and more insurgent vibe. They’re even hosting a “Spot the Fed” contest at the show.
There is an undeniable and symbiotic relationship between hacking/hacker culture and cybersecurity. Government agencies, businesses large and small, and the general public, will continue to grapple with the term and the perception. Mark Zuckerberg, on the eve of Facebook’s initial public offering five years ago, bemoaned the “unfairly negative connotation” of the term. Hacking, he wrote, “just means building something quickly or testing the boundaries of what can be done. Like most things, it can be used for good or bad.”
It’s not just businesses that need to worry about online security. We all fret about our personal information, protecting our privacy and our identity, day in and day out, whether punching in our codes at the ATM, sliding our credit cards at the gas pump, or making online purchases. And our nation itself is at risk, amid a continuing spate of high-profile hacks—most noticeably the one involving one of the world’s super powers and the recent presidential election.
Even our own president seems stuck with a one-dimensional view of a hacking criminal perpetrator as a “400-pound guy in his basement.” Was he wearing a hoodie too, Mr. President?