Sunday, January 13, 2013

Presenting Bitcoin At InfoSec And Hacker Conferences

By Jon Matonis
Bitcoin Foundation
Friday, January 12, 2013

I remember going to some of the first RSA conferences at The Fairmont where I enjoyed celebrity entertainment while feasting on lavish gourmet food spreads that included six-foot wide bowls of jumbo shrimp and massive ice sculptures.

The security conference circuit is an interesting lifestyle, but I also believe that it's vitally important for bitcoin's expansion to engage these professionals. Some conference attendees are simply there on their own but many are there because their employers have sent them to learn something new. As far as speakers go, you have the keynote regulars, the product hawkers, and the sector specialists. I tend to shy away from the product hawkers because they have most likely paid for a sponsorship in exchange for the speaking slot. Sector specialists are generally worthwhile and they can be senior employees of their companies or independent consultants with some government employees thrown in for good measure.

I always relish the opportunity to introduce bitcoin to a new vertical industry audience as bitcoin cuts through so many traditional boundaries. Usually, they have heard about bitcoin in a vague way but they aren't yet clear on why it's so significant. My goal is first to make bitcoin relevant to their industry then to outline the likely key impacts that bitcoin will have on their industry. I am not a cheerleader and I dislike the cultish phrase "fan of Bitcoin" or "fellow Bitcoiner." I wouldn't necessarily say that others are a "fan of the US dollar" except maybe Ben Bernanke.

In my opinion, bitcoin is not about convincing other bitcoin users of its economic merit. Bitcoin is about laying the foundation for a new society -- a society organized around a decentralized digital currency that rewards productivity and punishes the wealth re-distributors. During 2012, I had the privilege of presenting bitcoin at two extraordinary security conferences:

ITWeb Security Summit 2012, May 15-16th, 2012, Johannesburg, South Africa
DeepSec IDSC 2012, November 27-30th, 2012, Vienna, Austria

There are always excellent audience questions and continued dialogue on bitcoin's possibilities especially for banking and financial privacy. In casual hallway conversations with conference attendees, I never know for sure if I'm talking with a white hat or a black hat. Also, it can be a very hazy line with a lot of crossover. It doesn't really matter though, because the best way to prevent security breaches is to have a solid understanding of the advanced tactics deployed against the targets. Penetration testers are the gray hats.

If I can reach out to a technical audience already versed in security threat models, cryptographic applications, and privacy protocols, I can likely advance the movement into the class of the infrastructure builders. You would be surprised at how many white hat and black hat hackers still believe in the correctness and stability of national fiat currencies managed by central bankers. Even though bitcoin fits into the hacker culture as money with a sound basis in mathematics, they are skeptical of something so new that has grown so rapidly. Even the high-profile hacks at some bitcoin exchanges and false claims of 'Ponzi' have dissuaded intelligent hackers. Just check out some of the uninformed comments at Slashdot.

However, this is precisely the point. We all know that the high-profile bitcoin hacks resulted from poor policy planning, wallet mismanagement, and inadequate backgrounds in network security. If the hack wasn't outright theft by the principal, it was due to network security inexperience and a severe lack of funding to procure it. Where do the leading security professionals for financial institutions frequent? What is their watering hole? Well, it is the many information security and hacker conferences around the world like RSA, InfoSec World, BlackHat, and Defcon. Bringing it to the people -- that's how to prepare for the transition.

I was told confidentially by an IT Security specialist from a major bank that the public would be shocked if they knew the amounts that are stolen daily from online financial institutions via ACH and wire fraud. Typically, breaches and total numbers are not revealed because they don't want to advertise a weakness and they certainly don't want to alarm customers. Some of the more vicious attacks are State sponsored. I believe him. That's what bitcoin is up against as it progresses into the mainstream. The leading security experts are in that world, already protecting against the barbarians at the gate. They are not in the bitcoin world.

I'm looking forward to engaging new audiences and great conference opportunities are on the horizon for 2013. By promoting and embracing an anti-Statist currency that obliterates political corruption and the financial elites, I go to sleep every night knowing that I sit on the right side of history.

In the meantime, I'll be speaking at a non-hacker payments system summit in March:
Online Virtual Currencies: Cash Becoming Truly Digital

1 comment:

  1. Very good observations - might I suggest you intentionally engage the organizers of the smallers InfoSec cons? The reason being that in those more intimate, less corporate environments (vs. the ones mentioned above), you can actually make progress right on-sight on a given issue. Build more community that way face-to-face and you won't be competing with press junkets, Government, or multinationals for attention of the technical crews. -Ali (@Packetknife)