April 29, 2011

Can A Hacker Save Us From Hackers?

The agency in charge of keeping law and order on the internet, the nonprofit Internet Corporation for Assigned Names and Numbers (ICANN), has hired a veteran hacker to be the agency's top cop, according to a recent CNET report.

Jeff Moss, founder of Black Hat conferences and the annual DefCon gathering of internet pranksters and hackers has accepted the position and will begin work this week in Washington, DC.

ICANN plays a vital role in making sure that when you type a site name into a web browser -- your computer knows where to go to find the site you're trying to reach. ICANN manages the domain name system that underlies that chain of communication.

Moss, previously known by his online identity Dark Tangent, has long since left his covert hacking days behind and was most recently director at Secure Computing and in the security division of professional services firm Ernst & Young. He received a bachelor's degree in criminal justice from Gonzaga University and also serves on the Council on Foreign Relations.

Moss told CNET: "I'm looking forward to bringing my skill sets to ICANN. Its role in coordinating the global Internet addressing system means that it is positioned to become the leader in identifying and dealing with online threats to the Domain Name System that could affect two billion global Internet users."

ICANN chief executive Rod Beckstrom joined Moss at Black Hat in Las Vegas last year to announce a key upgrade to the internet that promised to stop cyber criminals from using fake websites that dupe people into downloading viruses or revealing personal data.

Beckstrom tells AFP, "I can think of no one with a greater understanding of the security threats facing internet users and how best to defend against them than Jeff Moss. He has the in-depth insider's knowledge that can only come from fighting in the trenches of the on-going war against cyber threats."

Paul Vixie, chairman and chief scientist at the Internet Systems Consortium, said Moss has been in the infosec community, "since the dawn of time and not only knows where the weak spots are, but also how they got that way," and what to do about them.

ICANN has joined efforts with online security services firm VeriSign and the US Department of Commerce to give websites encrypted identification to prove they are legitimate. The Domain Name System Security Extensions, referred to as DNSSEC, basically adds a secret, identifying code to each website address.

The domain name system is where the world's internet addresses are registered and plays a key role in allowing computers around the world to communicate. "The global threats to the Internet's Domain Name System are in essence the digital cold war of the new millennium," said Merlin Hay, member of the British House of Lords and chairman of the Information Society Alliance.

"To win this war we need someone like Jeff Moss who understands the hacker's mindset and has the international experience to grasp that today's online attacks can come from just about anywhere on the planet."


On the Net: