Black Hat: Hacking has come of age

Black Hat 2010

The presentations at the Black Hat briefings may make the headlines, but as important is what the show tells us about the overall state of the security industry.

In the years I've been covering the show, it has evolved from a motley collection of hackers, crackers and security wonks to something that feels more and more like RSA conferences. Black Hat is big business, and the smart IT concerns are moving in.

Purists will tell you that Black Hat went to the dogs in 2005, when founder Jeff Moss, aka The Dark Tangent, sold out the show to CMP Media. While it's true that the briefings have suffered, in some ways it's a sign that the hacking industry is getting old.

I nearly choked on my lunch at the Wednesday press conference when renowned hacker Dan Kaminsky turned up in a suit for possibly the second most historic press conference of his life.

I'm ashamed to say I gave him a little ribbing about it, as did others, but in fact it's a very positive sign. And he wasn’t alone. Moxie Marlinspike was wearing a collar, and a lot of otherwise non-conformists were looking surprisingly dapper.

I was told afterwards that the venture capitalists behind Kaminsky's new company Recursion Ventures had taken him clothes shopping and enrolled him in a gym. I'm not sure how true that is, but he's looking good and achieving some great things. DNSSec is something to be very proud of.

"You need the research and the breaking, but it can't stop there," said Kaminsky. "You have to work on a fix, get it out there, and then occasionally put on a suit."

The hacking industry is growing up. The early pioneers are now working out which side they want to go on, and all the gradations in between.

It used to be the dream of every script kiddie that they'd discover a great hack and then be hired by the National Security Agency or a security firm, and spend the rest of their life hacking around in the company of glamorous nymphomaniac spies.

Shows like Chuck perpetuate the myth, but instead the hacking community has got smart.

Just as criminals have realised that malware is much more useful for profit rather than bragging rights, the hacker industry is coming to the conclusion that there's a better life to be had at solving problems than being sarky.