NSA director Gen. Keith Alexander speaks at Def Con 20 in 2012.
In addition to unveiling wholesale data collection systems, it appears that Edward Snowden's revelations may now be getting in the way of federal efforts to recruit the cybersecurity experts it needs to conduct electronic surveillance and fight the US government's cyber wars.
Last week, organizers for the annual hacker confab Def Con politely requested that the feds sit out this year's conference, a move that will effectively deprive federal law enforcement and intelligence agencies of prime recruiting opportunities among the conference's 15,000+ talent pool of hackers, cyber security researchers, and corporate InfoSec experts.
"When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship," Def Con founder Jeff Moss, a.k.a. "The Dark Tangent," wrote in a blog post announcing the decision. "Therefore, I think it would be best for everyone involved if the feds call a "time-out" and not attend Def Con this year. This will give everybody time to think about how we got here, and what comes next."
Until now, Def Con has gone out of its way to welcome the feds into its hacker love-in, which unites disparate factions of the cyber security community in their common love of playing with computers. Three-letter federal agencies have been a fixture at Def Con since its inception in 1992, and the conference has become famous for its annual "Spot The Fed" contests, where hackers compete to identify government officials sticking out in the crowd.
And over the past decade, "Spot The Fed" contests have become increasingly irrelevant, as federal officials with agencies like the CIA, the Defense Department, and the National Security Administration started taking the stage to pitch hackers on the benefits of working for the government.
Ever since US DOD director Jim Christy gave his first "Meet the Fed" Def Con panel in 1999, the conference has become a breeding ground for federal recruitment efforts. Past attendees include former CIA and NSA director Michael Hayden, who spoke at Def Con 2010, and US Air Force Colonel Michael Convertino, who tried to win over new recruits in 2009.
"The mission transcends barriers—the mission is to develop and inculcate a sense of sharing and cooperation in the security community."
Last year, NSA director General Keith Alexander gave the conference's keynote speech, in which he reassured hackers that the agency was not compiling dossiers on millions of Americans, while also making the case for more government control over the Internet.
"The relationship is symbiotic," said Nick Selby, a cybersecurity expert who has spoken out against Def Con's decision to ban the feds. "The mission transcends barriers—the mission is to develop and inculcate a sense of sharing and cooperation in the security community."
Moss himself has even blurred the lines between hackers and Big Brother. The Def Con founder, once a leading champion of Damn The Man hacker ethos, was named to the Department of Homeland Security Advisory Council in 2009, and co-chaired a task force on CyberSkills last year, which advised Homeland Security Secretary Janet Napolitano on how to meet the agency's growing demand for cybersecurity professionals.
Moss did not respond to Motherboard's request for comment, and neither the NSA, the Pentagon, nor the Department of Homeland Security would comment on Def Con's decision. But it's safe to assume that the move will force federal agencies and agents to miss out on one of the year's best opportunities to meet and woo potential new recruits.
"The community at large is a fairly small ecosystem," said Trey Ford, general manager of Black Hat, a smaller and more commercial hacker conference that takes place just before Def Con. "There's a very narrow skill set—to get into security and to be considered a leader, the barrier of entry is very high. It's a very small pool. For recruiting for federal intelligence, this would be the right place to go, this would be good fishing grounds."
Def Con's disinvitation also comes at a time when federal agencies are reexamining recruitment policies in the wake of the Snowden fiasco. And while some cyber security professionals have praised the decision to give the feds a "time-out" while passions cool, others like Selby have argued that the move is short-sighted, and will hamper debate about where the cyber-security community goes from here.
"Undeniably, there is a large controversy going on, undeniably there is a global conversation going on," Selby said. "This is not a reason to stop collaborative relationships that are working to stop, deter cyberterrorism and catch criminals."
Still, federal agencies won't be completely shut out of this summer's hacker pilgrimages. Def Con has since clarified that no one will be explicitly banned from attending, and that feds could still join in a non-official capacity. Ford confirmed that Black Hat still plans on welcoming the feds—including its keynote speaker, NSA chief Alexander—to this year's conference.
"Black Hat strives to cultivate interaction, innovation, and partnership within that security ecosystem—we bring offense and defense together, private and public," Ford said. "I'm personally excited about still having the feds at the show. Black Hat should be the place for this conversation to take place—it's hard to have that conversation without them present."
Front page photo from Def Con 15 via insunlight/Flickr