Jeff Moss, aka Dark Tangent, the person who founded DEF CON and Black Hat

Reading Time: 5 Minutes

Jeff Moss was born in California, United States in January 1975. He is a hacker, computer, and Internet security expert who founded the Black Hat and DEF CON security conferences.

Jeff Moss – source: globsec.org

Early Life

He got his first computer at the age of 10 and he was fascinated by the power to communicate and engage in adult conversations with people around the world. He couldn’t drive a car or vote but he could communicate with people much older than him and no one cared about his age or looks.

The beginning of his hacking journey

What drove him into his first hacking adventure was purely the willingness to use the equipment that he paid for,  in its full spectrum, the same idea that drove the hacker George Hotz (geohot) to hack into Sony PlayStation and then jailbreak the iPhone. He was trying to figure out the copy protection that the computer games were using back in the early 90s in order to play copied games with his friends.

Back in the days, there weren’t a whole lot of programming handbooks, he started learning on his own the assembly language. Then he was forced to know how to overclock his CPU cheaply to perform much better than what the default CPU configuration was able to produce.

In his early hacking days, he started by removing copyright protection from games which at the time, copy protection was unpleasant for most of the gamers who were looking for ways to get around the copy protection because oftentimes the games wouldn’t work if you changed the hard drives on your computer or if you tried to play the same game on another pc.  Through that, he met people who were exploring the phone system.
He got very excited when he got his first modem and saw the endless possibilities to communicate with people online through the bulletin boards without the need to give out his identity, age, or gender. His excitement to communicate with people online lead him to phone phreaking. Jeff was trying to understand better the phone system to achieve cheaper ways of communicating with people over long distances.

The knowledge of phone systems and software programming came to fruition when he met a hacker that taught him about hacking. The lack of networking knowledge was due to the reason that his home had no network, (everything was a point to point, dial-up then). Through him, trial & error, and thousands of hours of studying, he learned about networking and hacking.

He considers himself lucky on many occasions in his life, but this particular one as he said: “it was lucky I learned about the modem and lucky I ran into that guy who taught me about hacking. I would love to say it was some master plan on my part, but it was a happy set of circumstances.

In 1990, Jeff graduated from Gonzaga University with a Bachelor’s degree in Criminal Justice (you didn’t expect the guy who founded DEF CON and Black Hat to had his BA in Criminal Justice). He then got his first job in one of the largest professional services networks in the world now, Ernst & Young, in their Information System Security division where he served as a director at the Secure Computing Corporation division.

DEF CON: from a farewell party to one of the biggest hacking conventions in the world

In the 90s, everybody was using bulletin boards around the world, and the boards were mostly affiliated with hacking, phreaking, and information sharing networks. Jeff was operating his bulletin board set up and he was able to afford his phone bill with the money from his job where everybody else was mainly phreaking their connections. In the meantime, he became a big hub for multiple international networks like HackNet, PhreakNet, PlatinumNet, and HitNet.

In 1993, the operator of PlatinumNet, a FidoNet protocol based hacking network from Canada,  wanted to throw a farewell party to all the people that made up the PlatinumNet network because his dad was moving on to a better job and he couldn’t pretty much handle it.

As most of the users of those networks were Americans, the operator wanted help from Jeff to organize the party and host in the US.  As soon as  Jeff proceeded with finalizing the details of the party and found a place in Las Vegas to host it, the operator of PlatinumNet vanished as his dad took the job earlier and probably had to move on earlier than he expected.

Moss had to organize it alone, he invited everybody from the networks that he was acting as a hub, send invites in IRC hacking chatrooms, announced it in some other bulletin boards, sent faxes to everybody, and eventually sent faxes to U.S  Secret Services telling them that “they were coming”. He was spreading the message about making a hacking show in Las Vegas.

The name “DEF CON” has a little of a “back” story behind it, the word Defcon was used in the movie WarGames as the main character in the movie that he ultimately decided to nuke the city of Las Vegas. Also, the term DEF was used by phone phreakers like Jeff, where DEF is the number three on the telephone keypad. The day came, and DEF CON was ready to open its doors with 12 speakers. More than 100 people were showing up at the door, and the first-ever conference started with a speaker named Dan Farmer, a UNIX security expert, who talks about his upcoming tools, including SATAN, one of the first Network Security Scanners with a web UI.

DEF CON 1 Defcar, 1993 – Source: media.defcon.org

As it was intended to be a one-time event, the conference was credited as success and feedback were overwhelmingly positive.

Moss continued doing the event, and the following 2-3 years of DEF CON were getting more and more attention, thus attracting hundreds of people. Many more people attended the conference in the next couple of years with the opening of jobs in the security sector. When more money entered the equation in the following years, DEF CON was booming.

A year before the dot-com bubble in the 2000s, they saw a peek of people attending the show, around seven thousand people, but as Moss said in a 2007 interview: “probably half of them didn’t belong there, but they were there”.
After the dot-com bubble burst, the conference showed a decline in the number of attendees, and in 2007 around five thousand people who were involved with hacking were enough to keep the conference going.

From then, DEF CON kept evolving,  as the saying goes “evolve or die”. They added CTF (capture the flag) events, where teams of  participants competing with each other to try and find the secret “flags” in time, in purposefully vulnerable programs or websites to win awards. The Black Badge is the highest award that DEF CON gives to the participants, where the winners get valuable awards and a free entrance to DEF CON for life.

The addition of Workshops,(dedicated classes on various topics related to information security) like Digital Forensics investigation, hacking IoT devices, and Villages (dedicated spaces within the conference where are considered as mini-conferences ) contributed to took off the popularity of the event.

DEF CON, also hosted multiple fundraiser programs over the years.

Over the years, during the event,  hackers were able to show the world how easily is to hack into a mainstream machine, along with many innovative tools/programs that help to revolutionize the Information Security Industry. In 2018  Jeff launched the first-ever DEF CON convention outside of the US, in China, Beijing, and they continue in 2019 as it was formalized as  DEF CON China 1.0.

In 2019, 30 thousand people attended DEF CON 27,  and some of the revelations of the speakers in the conference were overwhelming. Hackers were able to hack into US voting machines while finding critical vulnerabilities in minutes of scanning them. A hacker was able to show the malicious capabilities of  Apple’s USB lighting cable and many other critical vulnerabilities that were found in VPNs, and printers.

DEF CON 27 - Source: media.defcon.org

How Black Hat started

Before DEF CON 5, in July 1997, also in Las Vegas, Jeff launched the first-ever Black Hat conference that was aimed at the computer security industry. While other conferences focused on information and network security, Black Hat conferences were all about bringing software developers/engineers face-to-face with the computer security experts and hackers. Black Hat was also started as a single annual event in Las Vegas, but today is held in multiple locations around the world.

In 2005, Jeff sold Black Hat to CMP Media, a UK-based United Business Media, for a reported amount of 13.9 million USD.

The conference is composed of three sections, the Black Hat Briefings, Black Hat Trainings, and Black Hat Arsenal.
The Briefings cover various topics including reverse engineering, hacking, privacy, etc., while also containing speeches from leading people in the information security field from various US departments like the Defense, Homeland Security,  and NSA.

The Trainings section is offered by various computer security vendors and individual security professionals with workshops held for less than a week by vendors like Cisco, Offensive Security, and many others. Arsenal was added in 2010, and it’s dedicated to giving a place to showcase the latest open-source information security tools by researchers and communities with live tool demonstrations where attendees can ask questions or even try them out.

Black Hat is typically held before DEF Con with many of the attendees going to both events. It’s considered by the security industry as a more corporate security conference whereas DEF CON is more informal.

Black Hat USA 2016 – Source: pcmag.com

Other involvements during his career

Throughout his career, Jeff used his skills and understanding of the hacking community and its methods to help organizations secure their global networks. He was also presented at a wide range of venues, worldwide, as being the keynote speaker, panelist in dozens of events from 2005 to 2014.  Some of the events were hosted by NSA, NATO, CodeGate, DHS, and many other organizations and institutions around the world.

In 2009, Jeff was among the 16 people that were selected to be part of the Homeland Security Advisory Council.  The members of the Advisory were able to provide recommendations and advice directly to the Secretary of Homeland Security.

After 2 years, in 2011 Jeff appointed as Vice President and Chief Security Officer of the Internet Corporation for Assigned Names and Numbers (ICANN), a multinational non-profit organization working for a secure, stable, and unified global Internet. Many officials including the president of ICAAN had exceptional words to say about Jeff, as they acknowledged his skills and that he was being among the greatest in terms of understanding the security threats and how to defend them.

At the end of 2013, he stepped down from his position at ICAAN. The next major step in his career came in 2017, when he was named a Commissioner at the Global Commission on the Stability of Cyberspace(GCSC) which is composed of  24 prominent and independent commissioners from all over the world who help promote awareness and understanding among the various cyberspace communities while working on issues related to the worldwide cybersecurity.

In 2017, he was also the leading creator of the DEF CON Voting Machine Village which debuted at DEF CON 25. It was all about hackers that we’re able to put into test the security of the electronic voting machines, which included several models that were still in use for voting in the US. The machines were all compromised(25 models in total) by the hackers within hours of the village’s opening, with such a result, the media sparked a national discussion about the security of voting.

The machine hacking village challenge was awarded by the Cybersecurity Excellence awards as the Cybersecurity Project of the Year in 2018.

Current position

Jeff now lives in Seattle, Washington, where he has the position of a security consultant in a company based in Seattle where he performs security testing and consulting for other companies, while running DEF CON as the President of DEF CON Communications, Inc. He was also the technical advisor to the TV series “Mr. Robot”  and he’s being an investor to many startups in the information security sector.

Closing thoughts

It is a privilege to have such hard-working and full of true knowledge people like Jeff Moss in the information security world.
His influence and continuous evolvement to the hacking world resulted in more openness in the community on the part of vendors and software manufacturers. The channel of communication between hackers and vendors is magnified through  DEF CON and Black Hat events, where many organizations learn how to defend better and build a framework for reporting security issues while working with independent security researchers to identify and patch them.

From the open letter to Google in 2009, asking them to make everything HTTPS by default, to today, Jeff became an integral part of the Information Security community.

More and more challenges are seen on the horizon with the increasing complexity of both software and hardware that will lead to more vulnerabilities in the future, so companies and governments must be aware and prepare for the upcoming challenges.

Thanks to people like Jeff Moss, that helped awaken the Information Security Industry, by showing how a hacker’s determination, passion, thinking outside the box, and most of the time, not about the money – that the InfoSec industry is evolving continuously and is more than needed in today’s world, to be standardized in every company or government. Because offense, is always the best defense.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]