Def Con Banned a Social Engineering Star - Now He's Suing (theverge.com) 79
Several readers have shared this report: In February, when the Def Con hacker conference released its annual transparency report, the public learned that one of the most prominent figures in the field of social engineering had been permanently banned from attending. For years, Chris Hadnagy had enjoyed a high-profile role as the leader of the conference's social engineering village. But Def Con's transparency report stated that there had been multiple reports of him violating the conference's code of conduct. In response, Def Con banned Hadnagy from the conference for life; in 2022, the social engineering village would be run by an entirely new team. Now, Hadnagy has filed a lawsuit against the conference alleging defamation and infringement of contractual relations. The lawsuit was filed in the United States District Court for the Eastern District of Pennsylvania on August 3rd and names Hadnagy as the plaintiff, with Def Con Communications and the conference founder, Jeff Moss, also known as "The Dark Tangent," as defendants. Moss was reportedly served papers in Las Vegas while coordinating the conference this year.
There are few public details about the incidents that caused Hadnagy's ban, as is common in harassment cases. In the transparency report announcing the permanent ban, Def Con organizers were deliberately vague about the reported behavior. "After conversations with the reporting parties and Chris, we are confident the severity of the transgressions merits a ban from DEF CON," organizers wrote in their post-conference transparency report following the previous year's conference. Def Con's Code of Conduct is minimal, focusing almost entirely on a "no-harassment" policy. "Harassment includes deliberate intimidation and targeting individuals in a manner that makes them feel uncomfortable, unwelcome, or afraid," the text reads. "Participants asked to stop any harassing behavior are expected to comply immediately. We reserve the right to respond to harassment in the manner we deem appropriate."
There are few public details about the incidents that caused Hadnagy's ban, as is common in harassment cases. In the transparency report announcing the permanent ban, Def Con organizers were deliberately vague about the reported behavior. "After conversations with the reporting parties and Chris, we are confident the severity of the transgressions merits a ban from DEF CON," organizers wrote in their post-conference transparency report following the previous year's conference. Def Con's Code of Conduct is minimal, focusing almost entirely on a "no-harassment" policy. "Harassment includes deliberate intimidation and targeting individuals in a manner that makes them feel uncomfortable, unwelcome, or afraid," the text reads. "Participants asked to stop any harassing behavior are expected to comply immediately. We reserve the right to respond to harassment in the manner we deem appropriate."
Time to spill all the details (Score:1)
So Defcon tried to keep it relatively hush hush, but now all the details have to be spilled out for the court case? Sounds like a losing situation for both sides. Great popcorn fodder tho.
Re:Time to spill all the details (Score:5, Funny)
Great popcorn fodder tho.
Indeed! My investments in popcorn, rather than scammy cryptocurrencies, is totally paying off!
Re: (Score:1, Insightful)
The guy is entitled to his day in court just like any
Re: (Score:1)
>For a prominent member of the community to be banned means that it went through multiple levels of leadership and got vetted by at least 3 lawyers. In other words, whatever this guy did is probably well beyond acceptable behavior.
This sounds like a very reasonable assumption that you just made up, but the same sort of thing can be said about any reaction: "they wouldn't have done it this way if they didn't have a good reason!" Sometimes the "reason" really is just pettiness and frivolity.
Counterpoint: h
Re:Time to spill all the details (Score:4, Insightful)
Re: (Score:3)
And way more likely the one guy suing did go crazy and thinks whatever he did was perfectly acceptable.
Re: (Score:2)
And way more likely the one guy suing did go crazy and thinks whatever he did was perfectly acceptable.
Especially when your skillset is "social engineering" i.e. manipulating people into doing things they didn't want to do.
Re: (Score:1)
I, for one, will place BOTH parties in the "innocent until proven guilty" categories and see where the suit ends up. Something tells me it'll be settled before it goes anywhere, though.
Re: (Score:2)
"By tomorrow I'll have forgotten." /. is so resplendently filled with dupes.
Thank you goldfish memory man, this is why
just so you don't forget.
Re: (Score:2)
Not only that, but you can bet your rear that any "hacking" related conference by now has a kick-ass team of lawyers.
They pretty much have to, if they still exist...
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Wouldn't this be federal since the communication was across state lines?
Re: (Score:2)
Kinda like the new challenge with state abortion bans. People will be crossing state lines to get abortions, but the feds aren't going to chase them for violating some extremist Texas law.
Re: (Score:2)
Some of the rules of security conferences are certainly "I'm curious why they exist" material. Like "the appearance and disappearance of ATMs must be reported immediately".
Re: (Score:2)
The Defcon code of conduct is broad and not particularly specific, either about exactly what harassment is or exactly how much you need to do to get a ban rather than a talking to or no action; so claiming that "After conversations with the reporting parties and Chris, we are confident the severity of the transgressions merits a ban from DEF CON." amounts to d
Re: (Score:2, Interesting)
"Capn Crunch still after the young boys...".
Having had personal experience with that piece of shit, I can't wait for him to die so I can go piss on his grave.
That bastard groomed me on my late night radio show (circa 1982) for months before I agreed to meet him in person, that was a huge mistake.
To this very day, whenever I see his name it sets off my damn PTSD.
If I ever see him in public, I'll punch that asshole and take the legal punishment, it would be worth it.
Re: (Score:2)
I'm guessing he tried to "exercise" with you?
Maybe Social Engineering Backfire? (Score:3)
Re:Maybe Social Engineering Backfire? (Score:5, Interesting)
What it sounds like is much less interesting: Being so used to manipulating others that you forget when to turn it off. Or, more specifically, being so highly praised for manipulating others that you lose touch with reality and think it's a right, normal, and proper way to behave, even toward peers who aren't playing a particular game.
Re: (Score:2)
I dunno, manipulating others is pretty much what life is all about when you get down to it.
You want something for whatever reason (job, wealth, safety for family, privilege, etc)....you do what it takes to get others to bend to your will so you succeed.
The best way to do it...is to make them think it was their idea in the first place...etc.
Re: (Score:2)
"You want something for whatever reason (job, wealth, safety for family, privilege, etc)....you do what it takes to get others to bend to your will so you succeed."
I don't.
Re: (Score:2)
Even when the tactics overlap, the targets and objectives don't.
A predatory or parasitic mindset opts for manipulation because of its one-sidedness, and that kind of mindset tends to use it destructively against others. Persuasion is communicative and functions on a two-way street, aiming for and often achieving mutual benefit.
Re: (Score:2)
That's what I was thinking. It's a very fine line to thread between social engineering and harassment - because social engineering attempts to basically get the target to do s
Re: (Score:2)
] but that is purely speculation...
That's pronounced "disgusting victim blaming by someone with delusions that their guesswork is something other than lying for attention"
Re: (Score:1)
Harassment includes deliberate intimidation and targeting individuals in a manner that makes them feel uncomfortable, unwelcome, or afraid,
at a fucking social engineering event, it sounds more like some pronouned blue-haired bi-gender self-identified hackxer had their gender-feelings hurt.
Re: (Score:2)
I see you couldn’t even make it to the second paragraph.
Re: (Score:3)
Def Con's Code of Conduct is minimal, focusing almost entirely on a "no-harassment" policy. "Harassment includes deliberate intimidation and targeting individuals in a manner that makes them feel uncomfortable, unwelcome, or afraid," the text reads. "Participants asked to stop any harassing behavior are expected to comply immediately. We reserve the right to respond to harassment in the manner we deem appropriate."
Pretty straight forward. They asked him to stop and he apparently didn’t.
Re: (Score:2)
That doesn't say that the guy deserved a ban, or what he did. It just says that they reserve the right to be draconian -- and that they reserve the right to be draconian about any harassment, not only if the person continues.
Re: (Score:2)
Yes, people have a right to be intolerant jerks. That doesn't mean it's a good idea to exercise that right, which was the whole question here: What justified their decision? Were they doing something that most people would think is reasonable, or were they being arbitrary?
Jumping to "well, the language of the contract gives them sole discretion" and "they have the right!" is a way to avoid those questions that suggests the decision was arbitrary.
Re: (Score:2)
Re: (Score:2)
Do you agree with their decision? On what basis? The whole point of this discussion is that the process was opaque, and nobody else can't understand why this decision was made. It's exactly why the US has a strong presumption of public access to court filings, orders and decisions: so that we don't need to have blind faith in the system.
Re: (Score:2)
Re: (Score:1)
Your posting to slashdot is making me feel uncomfortable. Please stop posting.
Re:Harassment can now mean a lot of things, some f (Score:4, Interesting)
Pretty straight forward. They asked him to stop and he apparently didn’t.
Um no it isn't. I have no idea if the conference organizers made the right decision here. But there are plenty of possible situations here where even if we had video tape of the incident, different folks would see the events differently. That's why someone's feelings are a bad standard with high potential for abuse. Emotions are irrational things.
feel uncomfortable, unwelcome, or afraid,
This type of standard (which is common now) is meaningless and open for abuse. People feel all sorts of ways for all sorts of reasons and emotions are just not rational things. Now, I am not arguing that people should be able to treat others like shit for no reason, but what does it mean to feel unwelcome? Any number of silly and unintentional slights can trigger this. And there are quite a few folks these days who spend their life looking to feel offended. Couple that with a conference full of social awkward and introverted folks who maybe aren't the best at reading social queues and its surprising this doesn't happen more often. Add money into the mix and someone who is professionally manipulative and well I have run out of superlatives to use to describe how likely abuse of such a vaguely worded policy is. Your intent is good but you are expecting nobody to ever abuse such a policy is just plain naive. Sociopaths exist and I feel confident there are more than a few at DefCon and probably a few of them are involved in operating the conference (just statistically it is likely). So either come up with wording that is more clear than how someone feels but still bars unacceptable behavior, or drop this stuff entirely. Otherwise, it is likely that someday someone who wants something you have will have no problem with abusing such polices to take it from you. All it takes sometimes is the ability to cry on queue (or some other manipulative behavior).
Re: (Score:3)
Much easier said than done. If you list a number of clearly delineated acts as outlawed, you get asshole rules lawyers who come right up to the line but know they can't be punished for it. This is identical to your kid brother holding a finger an inch from your face and repeating "I'm not touching you! I'm not touching you!" You also end up with situations in which th
Harassment can now mean a lot of things, most bad (Score:2)
Re:Harassment can now mean a lot of things, some f (Score:4, Insightful)
That doesn't matter. Freedom of association [umkc.edu] means that an organization can reject members for almost any reason absent discrimination against a protected class. People joking about furries are not a protected class.
You may not think that it's a good idea, but then you can start your own organization (with blackjack, and hookers) which only implements good ideas. And I can start my own organization in which members can only say "waffles." [youtube.com]
Seems logical... (Score:3)
Every time I've ever read about social engineering, in the end, its core, base "philosophy" ends up being some kind of lie, fraud, or identity theft. I find it shocking. SHOCKING. that someone teaching or endorsing these acts could earn a less-than-stellar reputation.
Re: (Score:2)
Every time I've ever read about social engineering, in the end, its core, base "philosophy" ends up being some kind of lie, fraud, or identity theft.
Uh yeah, fundamentally the idea is to get someone to do something they don't want to do. At best you're letting them sucker themselves for your benefit. And at there's at least one villain in the story.
Re: Seems logical... (Score:2)
I think this will be the basis of his defense. All social engineering requires getting under someone's skin. Playing the pity card or similar. To do this, there is always an aggressive pressure which is the definition of harassment.
I suspect consent to be part of these interactions was not clear to all parties and in his village he did do his "job". The leadership complained, he laughed that you're fucking kidding me, and they banned him for his demeanor in regards to his reaction...
Unlike others, I wouldn'
Re: (Score:2)
My assumption is that the leadership would take that into account. This isn't their first rodeo. This guy probably can't turn it off, and manipulates people all the time. Most of the most successful manipulators I've known have been like that. They work people even when they don't have to.
Re: (Score:2)
Well, like with any valuable skill, you have practice, practice, practice....to stay in shape.
Re: (Score:2)
Well, like with any valuable skill, you have practice, practice, practice....to stay in shape.
I don't volunteer to be anyone's social engineering practice subject, and if I feel that's what's happening, I will elect to do something else. Consequently these people either have to have a pool of friends who they don't treat that way, which is a tacit acknowledgement that it's harmful behavior, or they have to not have friends.
Re: (Score:2)
If you're doing it right....the subjects don't realize it's being done.
Re: (Score:2)
If you're doing it right....the subjects don't realize it's being done.
If you're surrounding yourself with people you can con all the time, you're doing it wrong. It's somewhat fun being the smartest person in the room, but it's lonely.
Re: (Score:2)
It's not like there aren't plenty of people who either just don't care; or who actively enjoy hunting for soft targets and see weakness as downright deserving of exploitation for its own sake, al
I no longer go to these conferences (Score:1, Troll)
We had EMF Camp just down the road from where I live earlier this year and I did NOT attend because of this shit. All that I saw of it was the laser show from the hills, that's it. I don't want some busybody censoring my speech and risking being publicly defamed should I say som
Re: (Score:1)
That is why I don't go to these conferences anymore, social justice warriors have taken over the entire community.
Yep. That is usually also the end of any competent work a bit later.
Re: (Score:3, Informative)
Snowflake.
Re: (Score:1)
https://en.wikipedia.org/wiki/Moral_panic [wikipedia.org]
"A moral panic is a widespread feeling of fear, often an irrational one, that some evil person or thing threatens the values, interests, or well-being of a community or society. It is "the process of arousing social concern over
Re: (Score:2)
Yep, that is pretty much how it goes. The FOSS community should have never let these toxic, typically non-contributing, cretins in.
Re: (Score:2)
That is why I don't go to these conferences anymore, social justice warriors have taken over the entire community. The guy probably used the wrong pronouns or said something that offended some politically correct radical feminist.
We had EMF Camp just down the road from where I live earlier this year and I did NOT attend because of this shit. All that I saw of it was the laser show from the hills, that's it. I don't want some busybody censoring my speech and risking being publicly defamed should I say something they find "inappropriate". It's too risky, because it could have potentially career ending consequences, with HR departments googling your name all the time.
And today you created a slashdot account! C'mon azjxgu2817...
Re:I no longer go to these conferences (Score:5, Insightful)
tl;dr I can’t behave by the rules of society.
Re: (Score:2)
I don't know this guy, I haven't been to this thing. I've known some people who have, and I've known some of them to be pretty great people, and some of them to have certain control issues, and for there to be some overlap there. I don't know anything about anything really so I fundamentally can't be defending anything. With that said, the society in question has often been pretty weird and fringey. Literally all of the people I've known who have been involved, even the relatively [in]famous ones, have been
Kicked out of the club? (Score:2)
Re: (Score:1)
The hosts are allowed to ban someone for whatever reason they choose, but the ban is at least potentially defamatory. If the hosts ban someone, people who hear about the ban are likely to assume it's because the person did something wrong. If they know the official policy for banning someone, they can make a reasonable inference about what that thing is. If it turns out the ban was for some other reason, like a dispute with the organizers, it might be considered defamatory because it makes people assume
Re: (Score:3)
Yep, and Hagnagy has already been banned or dis-invited from other security conferences. BHIS even pulled out of a conference they had confirmed attendance on, citing the fact that Hadnagy had been sneaked onto the schedule.
There's a strange line that these entities are straddling where they won't reveal any details of a complaint, but will cite the policy which a partner has allegedly violated. If defcon just said "We won't be working with Chris any more do to creative differences" or the like, it would
So now he is becoming... (Score:2)