At Black Hat, ties seen tightening between hackers, legal officials

Computerworld - LAS VEGAS -- Hackers, computer security managers and law enforcement officials teamed up at this week's Black Hat Briefings conference to discuss their respective roles in securing the Internet and to urge attendees who engage in hacking activities to stay on the right side of the law.

"The elite are not those who destroy or cause havoc in cyberspace, but rather [those who work] to protect the Net," said Kevin Manson, a senior instructor at the Federal Law Enforcement Training Center's Financial Fraud Institute, during a keynote speech yesterday morning at the fourth annual Black Hat gathering.

Even the Attrition.org hacking group, which has had run-ins with legal authorities in the past, discussed the legal and ethical lessons that were learned during the three years it posted mirror images of Internet defacements on its Web site. Attrition.org members offered plenty of advice about how to stay within the bounds of the law, even if authorities don't like what you do.

For example, Attrition.org staffers learned to report threats of Web site defacement from would-be attackers in order to avoid facing charges of aiding and abetting before the fact due to prior knowledge, explained Brian Martin, one of the founders of the group.

Martin said Attrition.org's mirroring activities initially attracted the ire of some law enforcement officials. But over time, he added, the mirror site became a valuable resource for them -- enough to make it noticeable when the group announced in May that it was stopping the mirroring work because it had become difficult to keep up with the number of defacements (see story).

"Law enforcement was pretty upset with us in the early days," Martin said. "But when we pulled the plug on the site, [they were] upset that we weren't doing it anymore."

While authorities still worry about cybervigilantes getting in the way of investigations, they've started relying more on private-sector security professionals and hackers to help them do the complex job of policing cyberspace, said Bill Tafoya, a professor of criminal justice at Governors State University in University Park, Ill., during another keynote speech here.

Tafoya spent 11 years as a computer crimes trainer for the FBI and made pioneering investigative use of the Internet when he created a Unabomber-related Web site in 1993. During the past few years, he said, there has been a big improvement in the way federal officials treat and work with hackers.

The view in Washington has changed from a feeling of suspicion to an acknowledgment of how much the help of