Forget the new cyber security czar position that President Barack Obama announced last week.

The real sign that the White House might be finally taking cyber security seriously came in an announcement on Friday that Jeff Moss, aka "Dark Tangent" and the former hacker behind the annual DefCon hacker confab in Las Vegas, has been appointed to the Department of Homeland Security's Advisory Council (HSAC).

He was among 16 people (.pdf) sworn in to the council by Homeland Security Secretary Janet Napolitano. Former CIA Director WIlliam Webster and former FBI Director Louis Freeh are also on the council, which provides advice and recommendations to the secretary. Webster is the council chair.

Moss, who lives in Seattle, says he was really surprised when he got a call about three weeks ago inviting him to join.

"I always figured that because of my associations in the past that I would be kind of out of the running for anything like this," he told Threat Level. "DefCon started as a hacking conference . . . and I just figured that that past, in a nontraditional beginning, people wouldn't know how to relate to that. To me it shows that they're really looking for fresh perspectives."

Moss, who's 39, was a phreaker in high school – someone who cracks into phone systems to make calls on the telecom's dime.

I asked him in a 2001 interview how he got into hacking.

"I didn't know there was really a scene until probably about my junior year in high school," he said. "Somebody called me up one day from the other side of the country. I was asking him how he could afford the call, and he just laughed and said, 'You're joking, right?' And he started to explain how phone systems work and how you can phone for free. That was the peeling back of the veneer."

He stopped hacking when people around him started getting arrested.

"You can only stand by and watch so many people you know get busted," he said. "Sooner or later you catch on that ... there's a limited life span to doing this kind of stuff. So before I got out of high school that was pretty much it."

He studied law for a while before switching to computer science. He launched DefCon in 1993 on a lark to bring hacker friends from around the country to the desert to party and trade skills.

Over the years, the attendance grew and the attendees' hi-jinks – cement poured into a hotel toilet, fire alarm systems and ATMs hacked – gave way to serious talks, and the conference soon became the premier "haxor" event for learning about computer security vulnerabilities and ways to exploit them. It also quickly drew the attention of undercover feds, who came to spy on hackers and recruit them. The tension between hackers and feds at the conference has loosened over the years, with help from the annual Spot-the-Fed contest.

In 1996, Moss launched Black Hat, a complementary conference to DefCon that caters more to the computer professional crowd, many of them former hackers who doffed their Goth clothes, mohawks and body piercings for khaki pants, white socks and corporate jobs. Black Hat runs in Vegas the week before DefCon, as well as in Washington, DC, Europe and Japan at other times of the year.

Moss says he didn't have a clue what the Advisory Council was when he got the call to join. But he was told that DHS was looking for outside perspectives to rejuvenate the council, which had been neglected under former Secretary Michael Chertoff. The position is voluntary and runs for a term of three years.

He was told he might have to attend quarterly meetings and occasional teleconferences but other than this, it wouldn't be a lot of work.

"I thought okay, that's fine," he says. "And then the next day all the e-mails arrived with all the financial disclosure forms and security clearances. I spent the rest of the week filling out forms like mad."

Photo courtesy of Black Hat

See also