AOH :: ISNQ5979.HTM

Hacker Court at Black Hat!




Hacker Court at Black Hat!
Hacker Court at Black Hat!



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1780890755-2112941141-1217853558=:32262
Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1; FORMAT=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://blog.tenablesecurity.com/2008/08/hacker-court-at.html 

Hacker Court at Black Hat!
by Carole Fennelly

Hacker Court is once again returning to the Black Hat Briefings! For
our seventh Black Hat presentation, we will be conducting a mock court
trial focused on the issues of entrapment, journalist privilege and
wiretapping, titled "Hack MyFace."

What is "Hacker Court?"

Hacker Court is a loose organization of attorneys, security
professionals and hackers with the goal of demonstrating the dynamics,
frustrations and complexity of computer crime trials.

Teaching Points
The Hacker Court mock trials endeavor to teach a technical audience the reality
of computer crime trials.

Before joining Tenable, I was a free-lance security consultant and developed a
particular interest in computer crime cases after personal experience in dealing
with an intrusion. I thought I knew a lot about the process, but it wasn't until
I actually worked on a case with the Federal Defender's Office in NY that I
realized just how na=C3=83=C2=AFve I was on how the legal system really worked. The
defendant was even more na=C3=83=C2=AFve and honestly thought that a "jury of his peers"
meant that people like Simple Nomad, Jericho and Rain Forest Puppy would serve
on the jury. After all - his "peers" were hackers!

Since then, I've been involved in other cases and these are a few of
the major lessons I've learned:

1.=09Defendants lie, even to their own defense team
2.=09Admissibility of evidence is up to the judge, not the technology
        or its merit
3.=09A jurist with an infosec background would be disqualified from
        serving on a computer crime case
4.=09Defense experts cannot talk about the case no matter how much the
        defendant smears them to his friends
5.=09There are no "Matlock" moments
6.=09The trial is all about the attorneys' performances
7.=09Technical evidence is boring, especially to the jury
8.=09A case will most likely not be prosecuted unless there is a 95
        chance of a conviction. Corollary: if you go to trial, you're 
        probably going down.
9.=09Cross examination of witnesses is brutal
10.=09The trial may take place years after the crime

The most important (and scary) lesson I learned is that the case will be won or
lost by the side that makes their story compelling and interesting. Technical
details are neither.

How it's Done
The Hacker Court mock trials demonstrate these points by enacting a courtroom
environment where the audience is the jury. There is no pre-set outcome and we
take great pains to make the sure the deck is pretty evenly stacked (which
differs from most trials where the prosecution usually wins). Although we work
out the facts of the case ahead of time, much of the testimony from witnesses is
ad-libbed, often with amusing results.

Hacker Court differs from an actual trial in that we streamline the process and
have some fun with it. An actual trial can take weeks - we have 2 hours, which
normally wouldn't cover the opening remarks. Most trials are also extremely
boring, despite what you may see on TV. We take many liberties to make it fun,
which no judge in his right mind would tolerate in an actual trial. For example,
our 2004 presentation "Pirates of the Potomac: The Curse of the Bl4ck Perl"
featured Simple Nomad as "Captain Jack Hack" (aka "Cracker Jack"), a hacker
accused of "war-sailing" up the Potomac.

http://www.linux.com/feature/37780 

This Year's Case
This year's presentation will once again feature Simple Nomad as the defendant,
a "l33t" hacker who frequently posts to a blog run by a journalist who
investigates cases of identity theft and exposure of personal information. Nomad
claims to have a zero-day exploit that will work on any social networking site
and is goaded by another blog poster to prove it by exploiting a social
networking site called "MyFace."

A more complete case summary, along with Speaker bios, may be found at the Black
Hat site.

Both sides will argue their case on August 6, 2008 at the Palace 1 ballroom
during the Gala Reception of Black Hat. Who will win? That's for the audience to
decide! So if you're coming to Black Hat, grab some food and drink from the Gala
and join us in the Palace 1 ballroom!

regards,
-CF


--1780890755-2112941141-1217853558=:32262
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com 
--1780890755-2112941141-1217853558=:32262--

Site design & layout copyright © 1986-2014 CodeGods