The story of Jeff Moss, from hacker to founder of DEF CON and Black Hat

8 June 2024 11 minutes Author: Lady Liberty

The biography of Jeff Moss, known as Dark Tangent, tells the story of his journey from a passionate hacker to the founder of the world’s largest cyber security conferences, DEF CON and Black Hat. Learn how his early experiments with computer systems led to the creation of measures that changed the approach to information security.

The beginning of the hacker’s path

His first hacking experience was driven solely by the desire to use the hardware he paid for. The same motive drove hacker George Hotz (geohot) to hack a Sony PlayStation and then jailbreak an iPhone. In the early 1990s, Jeff was trying to understand how companies protect themselves against copies of computer games. He successfully launched the copied game with his friends.

At that time, there were few programming textbooks, and he began to learn assembly language on his own. He learned (had to learn! How to overclock the processor with minimal costs so that it works much faster than in the standard configuration.

He started his hacking career by learning how to remove copyright protection from a game. This is due to the fact that when trying to replace the hard drive on a computer or run the same game on another PC, the game often refused to work, so a copy of it gained relative popularity and began to get to know people who were involved in the telephone system.

When he bought his first modem and realized the endless communication possibilities offered by a message board – no one had to reveal their identity, age or gender – the desire to communicate with people on the Internet led him to resort to phone scams. Jeff hacked the phone system and was able to communicate with people over long distances for virtually free.

His knowledge of the telephone system and programming techniques came in handy when he crossed paths with a programmer who taught him the basics of hacking. Jeff’s house didn’t have a network (at that time all connections were point-to-point or dial-up), so after spending thousands of hours of self-education through trial and error, Jeff then delved into the depths of networking technology and mastered it art about hacking.

According to Jeff himself, he has been lucky many times in his life, but this time was special: “I was lucky that I learned how to work with a modem, and I was lucky that fate brought me together with a guy who told me about hacking. At that time in I didn’t have a global plan, it was just a happy coincidence.”

He graduated from Gonzaga University in 1990 with a bachelor’s degree in criminal law. (Admit it, you didn’t expect the guy who started DEF CON and Black Hat meetings to have a BA in criminal law!) After graduating from college, he was hired by Erst & Young, one of the world’s largest law firms. providing professional services, as a director of the Secure Computing Corporation division.

DEF CON: From a farewell party to one of the world’s largest hacker conferences

In the 1990s, the whole world used bulletin boards. Such boards were often used by hackers to exchange information. Jeff could maintain his own billboard and pay for Telephone Service from his salary, but his colleagues usually found a way to avoid paying for telephone service. During the same period, he became a kind of chief administrator of many international networks, such as HackNet, PhreakNet, PlatinumNet and HitNet.

In 1993, his friend, the operator of the Canadian hacking network PlatinumNet, who worked on the Fidonet protocol, decided to throw a farewell party for all members of the PlatinumNet network.

Most of the users of these networks were American, so he asked Jeff to help organize the party and bring it to America. Jeff started preparing for the party and had already found a place to hold it in Las Vegas, but his friend’s father left earlier than planned, and he managed reach the United States. It turns out that he took his son with him, and Jeff was left alone.

Moss decided not to cancel the party, organizing everything himself, inviting members of the network he managed, sending Invitations to hacker IRC chats, posting announcements on other forums, sending faxes to everyone and the US Secret Service. “They’re going.” The hacker conference was going on. in Las Vegas.

The name DEF CON has an interesting history. Defcon was the name of the main character in the movie WarGames, who decided to blow up Las Vegas. Also, the term DEF has been in use by phone scammers, including Jeff himself, because DEF is the characters on the “3” button on the phone keypad. And then the day came, 12 speakers were scheduled to speak at DEF CON. With over 100 people in attendance, the first-ever conference opened with a talk by Dan Farmer, a UNIX security expert, who talked about new tools he had developed, including SATAN, one of the first web-based network security scanners.

DEF CON 1 Defcar, 1993

Initially, the meeting was considered a one-time event for friends, but the overwhelming majority of feedback was positive, and the event was repeated 1 year later.

Moss continued to host the event, and over the next 2-3 years, DEF CON began to gain more attention, with hundreds of people attending. In the coming years, the number of jobs in the information security sector began to increase, so attendance at meetings increased more than 2 times. The invitations to the meeting were paid for, and Defcon’s business took off.

The number of participants reached its peak in the 2000s, a year before the emergence of the dotcom phenomenon – about 7,000 people, but as Moss said in a 2007 interview, “half of the participants may not have had anything to do with it, but they all just came.” After the dotcom bubble burst, the number of participants increased. the number of conference participants decreased: in 2007, the conference was attended by about five thousand people interested in the problem of hacking.

DEF CON continued to grow, following the adage that “water does not flow under a lying stone.” Her program included a CTF (capture the flag) competition, in which teams of participants compete against each other and try to find and award secret “flags” on deliberately vulnerable programs and websites faster than others. The Black Badge is the highest award given to DEF CON attendees, and the winner will receive a valuable gift and a lifetime free invitation to DEF CON.

A popular part of the DEF CON event over the years has been workshops (special meetings that address various information security topics with an emphasis on practice) such as digital forensics, hacking IoT devices, and villages (special seats within the conference with mini-conference status). in financing various programs. We have also contributed to the increase in the number of people living in the area.

Over the years of the event, hackers have been able to show the world how easy it is to hack ordinary computers as well as information security 2018, Jeff held the first DEF CON conference outside the US in Beijing, and in 2019, the format was expanded to DEF CON China1.0.

30,000 people attended DEF CON27 in 2019, and some of the speaker’s revelations were unexpected. Hackers broke into a complex for processing ballots in the United States within minutes of scanning and found significant vulnerabilities in them. One hacker managed to demonstrate the malicious functions of the Apple USB lighting cable and many other critical vulnerabilities found in VPNs and printers.

DEF CON 27

How the Black Hat conference began

In 1997, before DEF CON7 in Las Vegas, Jeff held the first ever Black Hat conference dedicated to the computer security industry. At the Black Hat conference, software developers met with computer security experts and hackers. The Black Hat conference was originally held as an annual event in Las Vegas, but today it is held in several locations around the world.

In 2005, Jeff sold the rights to the Black Hat conference to United Business Media-owned CMP Media of the United Kingdom for $113.9 million.

The conference consists of 3 sections: black hat briefing, black hat training and black hat arsenal. The briefing section covers a variety of topics including technology disclosure, computer hacking and privacy. Leading information security experts from the Department of Defense, the Department of Homeland Security, and the NSA, as well as from various US agencies.

The training session will feature security solution providers and security experts. The seminar, which will last about 1 week, will be held by such software providers as Cisco, Offensive Security and others. The Arsenal section was founded in 2010. The goal of the conference is to provide a real-time demonstration of the latest open source information security tools created by researchers and the community, where attendees can ask questions and test real-world tools.

The Black Hat conference is usually held at DEF CON, and many attendees attend both events. In the security industry, Black Hat is considered a more formal security conference, while DEF CON is more informal in nature.

Black Hat USA 2016

Other events in Jeff’s career

Throughout his career, Jeff has used his skills and understanding of the principles and practices of the hacking community and imparted this knowledge to organizations to help them secure their global network. From 2005 to 2014, he also spoke at numerous events held around the world as a keynote speaker and participated in dozens of forums. Some similar activities are conducted by CodeGate, the US Department of Homeland Security, the NSA, NATO, and many other international organizations and institutions.

In 2009, Jeff joined the group of 16 people elected to the National Security Advisory Council. Members of the Advisory Committee may provide recommendations and advice directly to the Secretary of Homeland Security.

On December 2, 2011, Jeff was appointed Vice President and Chief Security Officer of the Internet Corporation for Domain Names and IP Addresses (ICANN), a multinational nonprofit organization working to create a secure, stable, and unified global Internet. Many officials, including the President of ICAAN, noted Jeff’s professionalism and skills and praised him for his excellent understanding of security threats and how to protect against them.

In late 2013, he resigned from his position at ICAAN. His next major career step came in 2017 when he was appointed as a Commissioner of the Global Commission on Stability in Cyberspace (GCSC), which is composed of 24 respected independent commission members from around the world. The purpose of the Commission’s work is to increase awareness and mutual understanding between different communities in cyberspace and to study issues related to global cyber security.

In 2017, at DEF con25, we introduced the Voting Machine Village to DEF CON attendees. At this workshop, hackers were able to test the security of electronic voting machines, including some models still in active use in the United States. DEF CON participants were able to hack all the machines (25 models in total), some of which were hacked just hours after the village opened. The event received media coverage and sparked a national debate about voting security.

In 2018, the Voting Machine Village project received the Cybersecurity Excellence Award as the Cybersecurity Project of the Year.

What is Jeff doing now?

Jeff currently lives in Seattle, Washington and is a security consultant for a company. He tests security systems and consults with other companies while hosting DEF CON conferences as president of DEF CON Communications, Inc. He was also a technical consultant for the TV series Mr. Robot and still invests in many information security startups.

Final thoughts

In the world of information security, such hard-working and highly educated people as Jeff Moss are extremely rare. This has had an impact on the hacking community, and the openness of that community has increased the likelihood of interaction with software vendors and manufacturers. Through DEF CON and Black Hat meetings, contacts are made between hackers and software vendors. At these events, organizations learn how to protect their infrastructure and work with independent security experts to identify and remediate security threats.

It all started in 2009, when he sent an open letter to Google with a proposal to switch to the HTTPS format by default, but Jeff has been an integral part of the information security community.

As software and hardware develop, which as a result becomes more complex and leads to the appearance of new vulnerabilities, enterprises and government institutions need to keep their finger on the pulse and be ready for anything.

People like Jeff Moss are calling on the information security industry to not stand still and show how hackers work — decisively, creatively, unconventionally, and very often without thinking about money. Since the best defense is always an attack, the information security industry can always evolve and be ready for any attack by understanding how to do it.

As mentioned earlier, DEF CON, which originated in the USA, has already been held in China. That is, regardless of the approach to information security in a specific country, today’s information security issues are relevant for all people without exception. This means that in the next few years, the demand for ethical hacking will not only grow, but it will grow with some probability, more explosively than large.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.