A Brief Black Hat 2019 Retrospective

When I first set foot inside the Mandalay Bay Convention Center for Black Hat, my first thought was that it looked no different than any of the other tech conferences I had attended in the past. Turns out, I couldn't have been more wrong. No, Black Hat (and Defcon, which immediately follows), is the kind of place where the activities of the day are hacking voting machines. This is where knowledgeable attendees avoid bringing their mobile devices, lest they get hacked and put on the wall of sheep, and where the average person is knowledgeable enough to fact-check and call out dishonest talks in real-time. This wasn't a group of semi-knowledgeable enthusiasts. I was surrounded by bonafide hackers.

Hacker Culture

The environment was like nothing I'd experienced at a tech conference before. In a way, it reminded me more of geek culture conventions I had attended in the past, such as San Diego Comic-Con or GenCon. Everybody was excited to be there, running back and forth between briefings, the Arsenal, and the many challenges and games available to attendees. And yet, even though everybody was busy, most were still just as excited to sit down, chat, and to welcome a newbie like me.

There was so much to do and see for a first-timer like myself that I frankly felt overwhelmed. There was no way I'd be able to see even a fraction of what I wanted to.

Protecting Security One Email at a Time

Because of my work at Hacware, I was drawn to sessions related to phishing and anti-phishing. Elie Burstztein and Daniela Oliveira's presentation *Deconstructing the Phishing Campaigns that Target Gmail Users *was particularly enlightening. Two facts in particular stood out:

  • 68% of all phishing emails blocked by Gmail are different from day to day.
  • 45% of internet users don't even know what phishing is.

These two facts together paint a troubling picture. Namely, almost half of all people using the internet are supremely vulnerable to phishing attempts, and the constantly changing environment doesn't help matters. And considering a single employee falling for a single fraudulent email can expose a company to massive data breaches and/or financial losses, the general public's lack of literacy regarding email security is troubling.

The talk continued, expressing that while yes, there are plenty of defenses to protect one's account in the event of a breach, and plenty of ways to detect less-sophisticated phishing attempts, the fact is that phishers are very clever in their methods. As such, user awareness is critical.

This is where Hacware comes in. Hacware is a TechStars NYC 2019 company working to improve our collective knowledge of how to avoid phishing attacks and protect both people and companies from the potential loss of privacy, data, or money. We are building an AI-driven anti-phishing program that helps train employees on how to avoid phishing scams. This makes for a two-pronged defense against phishing. The machine learning engine keeps Hacware abreast of the latest tricks employed by phishers, while the training materials serve to train employees on how to spot potentially unsafe situations.

Looking Forward

It was truly humbling to be at Black Hat 2019, surrounded by the best and brightest hackers. People who are accustomed to thinking outside the box, to reveling in challenges, who see just how fast technology is progressing and are determined to keep up with it. It was an experience like no other and I hope I have the opportunity to attend again.

Maybe in the future, Hacware too will be featured alongside the many impressive people and companies at Black Hat. So that Hacware too can share how we are protecting companies from phishing on a larger scale.