Keynote for the national HKN (Eta-Kappa-Nu) Student Leadership Conference in Feb 2016, discussing the ethics of responsibility in engineering, from my personal history in information security.

1. Good Engineering
is good enginee
the balanced engineer
HKN SLC 2016
@dugsong

2. about me

3. about me

4. ethics

5. “software is eating the world”
– Marc Andreesen
WSJ, Aug 2011

8. D&D builds character(s)
Breaks rulesPlays by rules
Helpful
Harmful
ChaoticLawful
Good
Evil

10. security and responsibilitydevious
tactics!
creative
m
isuse!

11. Lawful Good Neutral Good Chaotic Good?
Lawful Neutral True Neutral Chaotic Neutral
Lawful Evil? Neutral Evil Chaotic Evil

12. Lawful Good Neutral Good Chaotic Good?
Lawful Neutral True Neutral Chaotic Neutral
Lawful Evil? Neutral Evil Chaotic Evil

13. Students Install Hot
Tub on North Campus
February 22, 2012

15. hacking UM

16. 1999: birth of the hackathon

17. 1999: disrupting the
music industry via IRC

18. 1999: disrupting the
music industry via IRC

19. 1999: disrupting the
music industry via IRC

20. hackers save the internet

21. hackers save the internet

22. hackers save the internet

25. Ju ne 10, 2010
the nonstop party
| Rolling Stone | 6564 | Rolling Stone | Ju ne 10, 2010
how three teenage friends, fueled
by sex, drugs and illegal code, pulled off
the biggest cybercrime of all time
// by sabrina rubin erdely
T
HEY’D BEEN HIGH ALL WEEKEND LONG – ON ECSTASY, COKE, MUSHROOMS AND
acid – so there seemed little harm in doing one last bump of
Special K while they packed up to leave their $5,000-a-night duplex
in South Beach. For the past three days, the three friends had bare-
ly bothered leaving their hotel, as a dozen club kids in town for Winter
Music Conference, the annual festival that draws DJs and ravers from
all over the world, flocked to their luxury suite to partake of the drug
smorgasbord laid out on the coffee table. But even stoned on industrial-
grade horse tranquilizers, Albert Gonzalez remained focused on business
– checking his laptop constantly, keeping tabs on the rogue operators
he employed in Turkey and Latvia and China, pushing, haranguing, issuing
hackersgone wild
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
----------------------------------------------------------------------------------------------------------
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
----------------------------------------------------------------------------------------------------------

26. Ju ne 10, 2010
the nonstop party
| Rolling Stone | 6564 | Rolling Stone | Ju ne 10, 2010
how three teenage friends, fueled
by sex, drugs and illegal code, pulled off
the biggest cybercrime of all time
// by sabrina rubin erdely
T
HEY’D BEEN HIGH ALL WEEKEND LONG – ON ECSTASY, COKE, MUSHROOMS AND
acid – so there seemed little harm in doing one last bump of
Special K while they packed up to leave their $5,000-a-night duplex
in South Beach. For the past three days, the three friends had bare-
ly bothered leaving their hotel, as a dozen club kids in town for Winter
Music Conference, the annual festival that draws DJs and ravers from
all over the world, flocked to their luxury suite to partake of the drug
smorgasbord laid out on the coffee table. But even stoned on industrial-
grade horse tranquilizers, Albert Gonzalez remained focused on business
– checking his laptop constantly, keeping tabs on the rogue operators
he employed in Turkey and Latvia and China, pushing, haranguing, issuing
hackersgone wild
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
----------------------------------------------------------------------------------------------------------
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
----------------------------------------------------------------------------------------------------------

27. Entrepreneurs, Ex-Cons, Billionaires
w00w00 in 2014

28. cypherpunks write code
“privacy is necessary for an open society in the electronic age”

33. Network Situational
Awareness with d00gle
Dug Song
dugsong@monkey.org
First private Microsoft BlueHat conference

34. Our Goals
Intelligence, Surveillance, Reconnaissance
Extract as much information as we can passively
Assemble it into a coherent relational database
Perform data correlation and analysis real-time
Support interesting queries and visualization of the data
Enable rapid prototyping of new traffic analysis tools
Maintain dsniff's tool-oriented modularity
Share the code (GPL) to encourage experimentation

35. Data collected
Login / authentication information
Phone numbers / calls
E-mail messages
Instant messages
WWW usage
Connection information
Host inventory: IP, mac address, hostname/DHCP name, OS
version, open ports / services / applications
Interactive / encrypted sessions
Exec briefing included live demo against MS

36. Future work
User / social network profiling
Semantic analysis of conversation data
Auto-focus
Speech transcription for full-text VOIP search? :-)
Other Big Brother stuff
Contributions and derived work from users like you!
Never released or productized, but…

40. lawful neutral? evil?

41. chaotic good?

43. exploit market$$$

44. ethics of responsibility
• Do not contribute with your work to
social harm.
• Contribute with your work to the
social good.
• These obligations stem from your
professional role.
Philip Rogaway,
“The Moral Character of Cryptographic Work”

45. 2014: 600m users go dark

46. CYBERCRIME: $8B IN LOSSES SINCE 2008
Michigan firm sues bank over theft of $560,000
Experi-Metal says Comerica Bank's online security practices resulted in theft
February 12, 2010
A Michigan-based manufacturing firm is suing its bank after online crooks depleted the
company's account by $560,000 via a series of unauthorized wire transfers last year.
FDIC: Hackers took more than $120M in 3 months
March 08, 2010, 8:24 PM EST
Online banking fraud involving the electronic transfer of funds has been on the rise
since 2007 and rose to more than $120 million in the third quarter of 2009
Louisiana firm sues Capital One after losing
thousands in online bank fraud
December 7, 2009, 4:15 PM EST
An electronics testing firm in Louisiana is suing its bank, Capital One, alleging that
the financial institution was negligent when it failed to stop hackers from transferring
nearly $100,000 out of its account earlier this year.
Poughkeepsie, N.Y. slams bank for $378,000 online theft
February 8, 2010
The theft of $378,000 from the town of Poughkeepsie, N.Y. is prompting questions
about the responsibility of banks to protect customer accounts from online criminals.
In a statement last week , a town official revealed that thieves had broken into the
town's TD Bank account and transferred $378,000 to accounts in the Ukraine.

47. MALWARE & CYBERCRIME SUCCESS
Delaware FINCEN SARsAV-Test Malware Samples

48. DEMOCRATIZE SECURITY
by making it easy & effective
Mission

49. 1/12
3/12
5/12
7/12
9/12
11/12
1/13
3/13
5/13
7/13
9/13
11/13
1/14
3/14
5/14
7/14
9/14
11/14
1/15
3/15
5/15
7/15
9/15
11/15
Doing Well by Doing GoodDuo by the numbers
Analyzing 1M
Endpoints
98% of Customers Would
Recommend Duo
Customers from
100+ Countries
200+ Apps
Supported
99.995%
Uptime
30+
Patents
2M+ Daily
Authentications
8000+
Customers
98% of Customers
Would Recommend
5000
Customers
Customers from
80+ Countries
3M+ Daily
Authentications
250+ Apps
Supported
20+
Patents
Duo by the numbers
Analyzing 1M
Endpoints
98% of Customers Would
Recommend Duo
Customers from
100+ Countries
200+ Apps
Supported
99.995%
Uptime
30+
Patents
2M+ Daily
Authentications
8000+
Customers

50. thank you!

51. lessons from crazy jack
< 20: Be A Good Student,
Learn to Learn
20s: Follow a Good Boss,
Not a Company
30s: Try Working for Yourself,
Choose Best Field
40s: Be Aware Of and
Utilize Your Strengths
50s: Young People Lead;
Invest in Them