Internet Crime Focus of Black Hat Europe
“The Internet needs crime.”
So said cryptographer Whitfield Diffie Wednesday in his keynote speech opening this year’s Black Hat Europe conference in Amsterdam. Diffie, currently VP of information security and cryptography at ICANN, revolutionized cryptography in 1976 by publishing, together with Martin Hellman, a technique for anonymously exchanging public keys, thus laying the foundation for the public key infrastructure which now helps secure the Internet.
Diffie’s crime message has obvious upsides for the 400 career information security practitioners, consultants, and analysts who are attending or speaking at this week’s conference, given the job-security repercussions. But sociologically speaking, Diffie’s observation that good guys can’t exist without bad guys also helps explain the rise of—and collective fascination with—cybercriminals and groups such as Anonymous and LulzSec, which while not always engaged in criminal activities, oftentimes have at least skirted the edge of legality.
[We’re largely to blame for hacktivists’ success. Read more Anonymous Hackers’ Helper: IT Security Neglect. ]
The job of information security practitioners, of course, is to find better ways to spot and block emerging attacks, including exploits launched by hacktivists, as well as advanced persistent threats. Accordingly, this year’s Black Hat roster promises briefings and training sessions into everything from hacking HTML5 and Cisco’s voice over IP (VoIP) systems, to details of new Oracle Database Server vulnerabilities, techniques for better securing Apple iOS devices, as well as an analysis of the effectiveness (read: failure) of “military-grade encryption” for smartphones.
The conference also promises typical Black Hat servings of information security esoterica, such as a Friday session by Steve Lord, a penetration tester and malware analyst at Mandalorian Security Services, on hacking the mobile Wi-Fi hotspots known as Mi-Fi routers. According to Lord, the portable, little black boxes, which can retail for as little as $30, are also “one of the most easily re-purposed malicious toolkits.”