Obama has tapped the head of BlackHat to sit on the Department of Homeland Security's Advisory Council (HSAC). This is being portrayed as choosing a hacker for a high level security position, but I think that's overstating the facts, for once. Jeff Moss, whose handle is Dark Tangent, has by his own words been out of the hacking scene since high school or thereabouts. He's not a convicted hacker, like Kevin Mitnik, and was never charged for breaking into any networks that I'm aware of. And since those days he's worked for Ernst and Young, SCC, gotten a degree in criminal justice and taken BlackHat and transformed it into partial SANS-style security training (along with the hackers conference, which is well attended by law enforcement and three letter agencies). Details are here.
I don't equate this to Corporation XYZ hiring a blackhat right out of his former career to be their Chief Security Officer even to be a ethical hacker doing gigs for third party assessment. It's a long road from Jeff's high school career of using phreaking to get some long distance phone calls out of AT&T. The first ethical hack I ever sat on in used a ex-blackhat as the main pen tester. As he sat in front of five or six laptops running different exploits against our network, he entertained us with stories of his former life and the places he had broken into. He worked for a very, very large telecom who happens to have three letters in their name.
I just don't see a person who as a kid did some Cap'n Crunch style phreaking being in that same category. I think Jeff's paid his dues, and as much as I hate to grudgingly admit it, I think this pick by Obama is pretty good, unlike a whole slew of them that had me wondering what he was thinking (can you say tax-evading cabinet members?)
No comments:
Post a Comment