Feds 'not welcome' at DEF CON hacker conference

Feds 'not welcome' at DEF CON hacker conference

Summary: Last year NSA Director Keith Alexander keynoted the annual DEF CON hacker conference in Las Vegas. This year, DEF CON organizers warn that U.S. government Federal agents are explicitly not welcome. UPDATED.


Now in its 21st year, DEF CON is America's flagship hacker conference - a place where hackers, security researchers, corporate recruiters, digital frontier legal eagles and law enforcement have mingled and boozed it up on noncombatant territory.

Screen shot 2013-07-10 at 9.32.15 PM

But this year DEF CON is sending a serious message: organizers posted on the official blog that Federal agents are not welcome in any form at this year's conference.

The short post "Feds, We Need Some Time Apart" went live tonight on the DEF CON blog, just three weeks before the enormous hacker conference sets to kick off in Las Vegas:

For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.

When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a ‘time-out’ and not attend DEF CON this year.

This will give everybody time to think about how we got here, and what comes next.

Last year NSA Director Keith Alexander keynoted - amidst controversy - and the NSA had an information and recruitment table on the vendor floor. As we reported from DEF CON last year, the NSA table was placed next to the Electronic Frontier Foundation's table in whimsically trollish style for the duration of the four-day conference (the EFF filed suit against the NSA in 2008 to end the NSA's dragnet surveillance on American citizens).

Tellingly, this year the NSA will not have a table in DEF CON 21's vendor area.

As the conference nears opening day on August 1st, this move by DEF CON organizers eliminates any speculation about the possibility of the NSA participating in the hacker conference, and raises questions about what feds might encounter should they decide to attend DEF CON anyway.

The no-feds-allowed caution is ominous in light of recent world events.

As hackers and feds alike prep for Vegas, the world still reels from recent NSA/Prism revelations of extensive digital mass-surveillance on citizens worldwide, from information leaked to UK press by former fed Edward Snowden.

Just last week, a Federal judge gave the EFF a crucial winning point in its lawsuit against the government's illegal dragnet surveillance programs when the judge rejected the U.S. government's invocation of the state secrets privilege to have the EFF's case dismissed.

With this new development, this will certainly be one of the most interesting DEF CONs to date.

DEF CON occurs every year in Las Vegas just after the massive professional security conference Black Hat (at Ceaser's Palace, a short cab ride from DEF CON's Rio). The two conferences typically blend attendees.

Black Hat will prove to also be quite interesting this year as well. With the timing of current events, the conference is embracing controversy: This year, NSA's Keith Alexander will be keynoting Black Hat on July 31 at 9:00 am (the conference runs from July 27 to August 1).

Black Hat is the "work" conference for security researchers and professionals, and DEF CON is where a significant number of Black Hat attendees go afterward to get out of their suits and attend a less formal, hacker's security conference.

This year Black Hat also has a number of into-the-fire briefings on its schedule, and expects to see around 35 zero-day vulnerabilities released in the sessions.

The sessions include a presentation by security researchers Angelo Prado and Neal Harris called "SSL, Gone in 30 Seconds - A Breach Beyond Crime." The talk introduces techniques that allow attackers to obtain encrypted session identifiers, CSRF (cross-site request forgery) tokens, OAuth tokens and more - plus the researchers plan a proof-of-concept, 'gone in 30 seconds' attack against a "major enterprise product".

Law enforcement of all stripes typically attend larger hacker conferences, but DEF CON is a prime example of what happens when these strange bedfellows cross paths in a designated grey area.



Security writer Brian Krebs points out that in the past, feds trying to attend undercover have been playfully, openly poked at by Def Con attendees in a game called “Spot-the-Fed.” In light of DEF CON's 'no feds' statement this year Krebs soberingly wonders, "if 'Spot-the-Fed' could well turn into a hack-the-fed competition."

DEF CON's organizers framed the "no feds" statement as a sort-of cooling off period, but the decision was likely made to head off any potential conflict, confrontations or Prism leak anger fueled attacks between attendees - which would end well for no one.

We will be attending both conferences, reporting all developments and news as it happens from Las Vegas.

UPDATE Thursday July 11, 2:15 am: Reaction to DEF CON's decision is strong and hackers are voicing both anger and support - fights are breaking out on Twitter and other social mediums. Hacker News doesn't fail to extrapolate that DEF CON's founder (and author of the organization's statement) The Dark Tangent - aka Jeff Moss - is a member of the Homeland Security Advisory Council for ICANN. However, this is not a secret and if there is a connection it is not apparent and organizers are making no comment either way.

But not everyone agrees.

OpenStack developer and DEF CON speaker Matt Joyce wrote and published a lengthy opinion piece that echoes sentiments on Twitter and Hacker News, positioned in contrary to DEF CON.

Joyce sums it up in A Note of Dissent, Regarding DEF CON:

(...) Which brings me to my second point of contention. This is a moment in our nations history when a great deal is at stake. The last thing our community needs at this moment is balkanization, and bridge burning. If we really want to change the way our government approaches security, and intelligence gathering, no group is better positioned to open a truly positive and beneficial dialogue than the Def Con community. This is an opportunity for us to converse, and debate as a civilized people. And instead we have the organizer of the conference publicly burning bridges, and stating his hope that, that simply does not happen. That’s tragic.

We’re hackers. All of us. Fed, State, Non-profit, Money loving entrepeneurs, we’re all hackers. That has always been one great defining aspect of our community. Def Con has been one of the most successful commons of the people who wear the moniquer of ‘hacker’ proudly. It truly is a place where people of every background can meet, exchange ideas, and grow as hackers, and as people. And suggestions that some part of that greater community should simply excise itself is a betrayal of everything that Def Con has become over it’s 20 plus years. And I figured it warranted a public note of dissent.

Joyce then openly invites government employees to "Fed Con."

Perhaps the best summary came to me via email after the news hit - regardless of what side you take, it's safe to say that DEF CON has been snowed in.

Topics: Security, Government US, Legal

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Goons?

    I wonder what this means for goons who are also feds.
    • Goon Feds/

      Goons are Goons. They are not in the capacity of their federal employment while on duty as staff [if they happen to be federal employees].
      The Goons
      Blak Dayz
  • Stupid move

    If the feds don't come openly, then they will surely show up under cover.
    John L. Ries
    • Undercover Lover

      The feds already come undercover. That won't change.
      Blak Dayz
    • I was thinking the same thing.

      Even if you don't invite them, they'll still be there.

      Maybe they'll just hack their way in.
      William Farrel
      • Nah, I am sure they have enough surveillance equipment in place already...

        Nah, I am sure they have enough surveillance equipment in place already...
  • I believe it.

    "Reaction to DEF CON's decision is strong and hackers are voicing both anger and support - fights are breaking out on Twitter and other social mediums."

    I believe it.
  • lol

    Well they should block them... Especially with all the crap that the NSA is doing these days...
  • Tinfoil Hat

    Just my opinion, but there really is enough crazy out there to be it's own category. If one is to consider intent driving White Hat, Black Hat demographic divides, then really, the aliens leaked the information that in the future this will be a conference topic, so open your eyes man!
    Dave Walters
  • Separating evil from neutral

    As Mr. Snowden has demonstrated, when you are an NSA employee under contract, there is a high price to pay for disagreement with your superiors. Although disinviting the NSA & others from DEF CON does send a message, it isn't clear that the right people are getting it. The govt. employees who normally come probably aren't high enough in the chain to set policy... even Mr. Alexander may not be that high. Let's be honest-- the buck stops with our Teflon President. Has he taken ownership of this mess in any meaningful way? Does your personal privacy concern him AT ALL??

    To ask that question is to answer it. All we know for sure is that the secrets of the United States don't warrant "scrambling jets to take out high school dropout hackers". Wow. There is so much there to respond to...

    POTENTIAL UPDATE: when Snowden makes his move, and strange things begin happening to a commercial jet over the Atlantic which requires it to make an unscheduled landing at a U.S. controlled airport, then we'll have a clearer indication of what Pres. Teflon thinks.