Hacker, businessman, government adviser: Black Hat founder Jeff Moss on cybersecurity

The origins of Black Hat and Defcon, two influential conferences dedicated to counterculture, hacking and security, can be traced back to a man called Jeff Moss – in some circles, better known as The Dark Tangent.

He is a hacker, entrepreneur and cybersecurity adviser to the US government – all at once. In person, Moss is youthful and enthusiastic. Beer in hand, he takes half an hour from his schedule to chat about the conferences and why they remain unique – even as 'cyber' goes mainstream.

"I think what's happened is the people who came to Black Hat earlier, they have grown up," he tells IBTimes UK as the second day of Black Hat Europe in London comes to a close. "Now they are in management, not just IT, they are directors."

Reflecting on the changes, he adds: "It's getting to the point where I'm hoping that pretty soon the term 'cyber' kind of goes away. It's part of manufacturing, part of automotive, part of safety, part of medical – it's part of everything and we can't prefix it all. It's becoming so pervasive, it's just, security."

Four years after founding Defcon, Black Hat emerged as an experimental enterprise-facing conference. This, Moss said, was largely due to attendees having to justify their tickets to their employers. In 2016, it takes place across Las Vegas, London, Washington DC and Abu Dhabi.

"If Defcon was the hacking conference, Black Hat became the enterprise conference – before there was an enterprise," Moss explained. "All my hacking and security buddies, we got together and I got them to talk about what they found interesting, what were their security research projects and what were they thinking of.

"It turned out that people wanted to come along and hear what they had to say. Over the years, I realised that what Black Hat had turned into what sort of a crystal ball because [...] it turns out that the people who got their hands deep in the mud, they can see what's coming."

Hackers and the three-letter agencies

Deep down – at its core – Defcon has always had a proud streak of rebellion. It remains to this day a place where hackers can brush shoulders, and sometimes be recruited, by a slew of secretive government agencies, usually with three letters to their name.

"I love Defcon because it's different. It's got a sense of fun but it's really about individual discovery," Moss said. "They are different, one is more self-exploration, joy of discovery and puzzle-solving and the other one is about professional development and future trends and training. They are complementary."

In some ways it seems that hackers and the government should not get along. After all, federal agencies and judges are after accused of handing down tough sentences to hackers and online activists, from Jeremy Hammond to Bradley Manning.

Moss acknowledges there is a conflict of interest and admits that – in a post-Snowden world – things have changed. Before the former NSA analyst released troves of classified data he said G-men were "tolerated" and, in turn, "they put up with us."

He elaborated: "After the Snowden leaks there was sort of a disconnect where trust was broken and I think it's going to be a while before it's repaired." Interestingly, Moss believes the ongoing hacks against the US government by suspected Kremlin-affiliated groups is mending this relationship.

"I think one way or the other though the attacks of Russian against the United States in this election cycle is in a weird way repairing a lot of that," he said. "It's made it more concrete, it's 'oh, that's why we need an intelligence agency because there is actually bad people out there.'"

For nearly a decade, Moss has worked alongside the US government rather than against it. His other accolades include jobs with Internet Corporation for Assigned Names and Numbers (ICANN), the Council on Foreign Relations (CFR) and the Atlantic Council.

So, it turns out he holds a more nuanced view on hackers vs. the government. As he explains to IBTimes UK, it's a complex situation the intelligence agencies find themselves in. Or as he puts it: "It's just a big ball of conflicted emotion."

On the topic of should government store zero-days – the same type of alleged NSA exploits recently leaked into the public domain by a group called The Shadow Brokers – Moss said previously abstract concepts ("do they use them or tell the companies about them?") are now commonplace.

"Will it make things better?" he pondered out loud. "It might make the military or intelligence jobs harder. If it's their job to protect the country does that mean they we are now basically giving bullets away to our enemy? Why would you do that if nobody else is?"

The future of Black Hat

Yet even as cybersecurity goes mainstream – and as hacks and breaches are more widespread than ever before – Moss still believes that hackers and academics are "the only ones who are telling you what's really happening with technology."

Looking ahead, he remains passionate about the continued growth of both the conferences – but also maintaining the spirit of those early days.

"My philosophy is that Black Hat and Defcon are platforms and we provide audiences with an opportunity for new researchers to show off how smart they are, what they found, compete with each other," he said. "What I hope to see is that sort of friendly rivalry continue and instead of people turning it into a purely professional development platform I want them to still have fun.

"This is a chance where I want to make it a safe haven for these people to recharge, get excited about something new and look at the problems in a different way instead of just taking it for granted."