Christopher Hadnagy

Last updated

Christopher J. Hadnagy
SECTF-GenAlexanderandChrisHadnagy.png
General Keith Alexander (left) offers Chris Hadnagy the NSA Director's Challenge Coin at DEF CON 20.
Born
Christopher James Hadnagy
Occupation(s) Information technology consultant, author
Organization(s) Innocent Lives Foundation, Social-Engineer, LLC
Website www.social-engineer.com

Christopher James Hadnagy is an American author and information technology security consultant.

Contents

Career

Christopher J Hadnagy is the founder and CEO of Social-Engineer LLC, [1] a company that provides education and training related to social engineering. [2] He is also a founder of Social-Engineer.Org, [3] an IT security education website.

His contributions to the information security industry over his 13-year tenure include the creation of a social engineering framework, a newsletter, and a podcast focused on social engineering. [4] [5]

Hadnagy is also an adjunct professor at the University of Arizona's Center of Academic Excellence in Cyber Operations designated by the NSA [6]

Charitable Foundation

In 2017, Christopher Hadnagy established the Innocent Lives Foundation, with the mission to help protect and rescue children from online predators. The organization aims to investigate and thwart child exploitation, sexual abuse, trafficking, and the production of child sexual abuse material.

The foundation utilizes a range of security measures, including the expertise of information security professionals, the use of open-source intelligence (OSINT) data, and cooperation with law enforcement agencies. Hadnagy's organization has garnered support from notable individuals as well as federal law enforcement agencies in the United States, such as actor Erin Gray [7] and the FBI. [8]

DEF CON

In 2009, Chris Hadnagy was invited to help create a social engineering competition for DEF CON. [9] One year later, at the 2010 DEF CON event, Hadnagy sponsored one of the very first social engineering capture the flag events. [10] During the 2018 DEF CON event, Christopher Hadnagy revealed to a reporter from The New York Times that he once operated under the online monicker "LoganWHD". [11]

In February 2022, Hadnagy was banned permanently from hacker conference DEF CON, where he operated a colocated event ("village"), for unspecified code of conduct violations, [2] as announced in the organization's transparency report: "We received multiple CoC violation reports about a DEF CON Village leader, Chris Hadnagy of the SE Village. After conversations with the reporting parties and Chris, we are confident the severity of the transgressions merits a ban from DEF CON." [12]

In Hadnagy's response on his blog, he stated he disagrees with the ban, and that he had not been informed of the details of any allegations by DEF CON representatives, and that a person affiliated with DEF CON told him the violations were not related to sexual misconduct. [13]

In August 2022, he sued DEF CON for harm to his reputation. [14] [15] The lawsuit was initially dismissed in January 2023 for lack of personal jurisdiction. [16] In August, 2023, the defamation complaint was refiled by Hadnagy and his legal team through a Nevada District Court. Court records indicate DEF CON founder Jeff Moss was served a court summons, and that the case is currently pending. [17]

BSides Cleveland

In fall of 2021, BSides Cleveland included Hadnagy on the agenda of speakers for its June 2022 event. [18] Leading up to the event, the organizer labeled Hadnagy's speaking slot as "special guest" instead of listing his name, [19] so attendees and other speakers did not know he would be speaking. [2] His talk was about cancel culture, which he had also presented at a different BSides event last year. [19] After Hadnagy gave his presentation, several other speakers pulled out of the event. [19]

Books

In 2018, Ben Rothke and Bill Varhol positively reviewed Social Engineering: The Science of Human Hacking. [20] [21] Rothke also reviewed "Unmasking the Social Engineer: The Human Element of Security. [22] Maria Patricia Prandini from Isaca Journal Book Reviews reviewed Phishing Dark Waters: The Offensive and Defensive Sides of Malicious E-mails. [23]

Publications

Related Research Articles

DEF CON is a hacker convention held annually in Las Vegas, Nevada. The first DEF CON took place in June 1993 and today many attendees at DEF CON include computer security professionals, journalists, lawyers, federal government employees, security researchers, students, and hackers with a general interest in software, computer architecture, hardware modification, conference badges, and anything else that can be "hacked". The event consists of several tracks of speakers about computer- and hacking-related subjects, as well as cyber-security challenges and competitions. Contests held during the event are extremely varied and can range from creating the longest Wi-Fi connection to finding the most effective way to cool a beer in the Nevada heat.

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and scam where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.

<span class="mw-page-title-main">Social engineering (security)</span> Psychological manipulation of people into performing actions or divulging confidential information

In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. It has also been defined as "any act that influences a person to take an action that may or may not be in their best interests."

A white hat is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission.

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers.

Summercon is one of the oldest hacker conventions, and America's oldest and longest-running information security conference. It helped set a precedent for more modern "cons" such as H.O.P.E. and DEF CON, although it has remained smaller and more personal. Summercon has been hosted in cities such as Pittsburgh, St. Louis, Atlanta, Washington, D.C., New York City, Austin, Las Vegas, and Amsterdam. Originally run by Phrack, the underground ezine, and held annually in St. Louis, the organizational responsibilities of running Summercon were transferred to clovis in 1998 and the convention took place in Atlanta, dubbed 'Summercon X'.

William Genovese is a former greyhat hacker turned security professional, who goes by the alias illwill.

<span class="mw-page-title-main">Joe Grand</span> American electrical engineer

Joe Grand is an American electrical engineer, inventor and hardware hacker known in the hacker community as Kingpin. He achieved mainstream popularity after his appearance on Prototype This!, a Discovery Channel television show. He specializes in, "finding security flaws in hardware devices and educating engineers on how to increase the security of their designs". Grand has testified before the U.S. Senate Committee on Governmental Affairs regarding government and homeland computer security under his internet handle, Kingpin.

Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution. The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. It is considered more technical than other ethical hacking certifications, and is one of the few certifications that requires evidence of practical penetration testing skills.

A computer security conference is a convention for individuals involved in computer security. They generally serve as meeting places for system and network administrators, hackers, and computer security experts.

In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application.

<span class="mw-page-title-main">Elie Bursztein</span> French computer scientist (born 1980)

Elie Bursztein, born 1 June 1980 in France, is a French computer scientist and software engineer. He is currently Google and DeepMind AI cybersecurity technical and research lead.

<span class="mw-page-title-main">HackMiami</span>

HackMiami is a formal organization of information security professionals who host the annual international hacker conference that takes place in Miami Beach, FL known as the 'HackMiami Conference.'

<span class="mw-page-title-main">Iftach Ian Amit</span> Israeli Hacker

Iftach Ian Amit is an Israeli Hacker/computer security researcher and practitioner. He is one of the co-founders of the Tel Aviv DEF CON Group DC9723, the Penetration Testing Execution Standard, and presented at hacker conventions such as DEF CON, Black Hat, BlueHat, RSA Conference. He has been named SC Magazine's top experts and featured at Narratively's cover piece on Attack of the Superhackers and is frequently quoted and interviewed

Security BSides is a series of loosely affiliated information security conferences. It was co-founded by Mike Dahn, Jack Daniel, and Chris Nickerson in 2009. Due to an overwhelming number of presentation submissions to Black Hat USA in 2009, the rejected presentations were presented to a smaller group of individuals. Over time the conference format matured and was released to enable individuals to start their own BSides conferences. The Las Vegas BSides conference is also considered part of Hacker Summer Camp given its schedule and proximity to other security conferences during that time.

<span class="mw-page-title-main">HackRF One</span> SDR half-duplex transceiver

HackRF One is a wide band software defined radio (SDR) half-duplex transceiver created and manufactured by Great Scott Gadgets. It is able to send and receive signals. Its principal designer, Michael Ossmann, launched a successful Kickstarter campaign in 2014 with a first run of the project called HackRF. The hardware and software's open source nature has attracted hackers, amateur radio enthusiasts, and information security practitioners.

<span class="mw-page-title-main">Jake Braun</span> American political, cyber and national security expert

Jacob H. Braun is an American politician, cyber and national security expert. He was appointed by President Joseph Biden as the U.S. Department of Homeland Security (DHS) Secretary's Senior Advisor to the Management Directorate. Braun is also a lecturer at the University of Chicago’s Harris School of Public Policy Studies where he teaches courses on cyber policy and election security. He previously served as the Executive Director for the University of Chicago Harris Cyber Policy Initiative (CPI).

<span class="mw-page-title-main">Graylog</span> American software company

Graylog, Inc is a log management and security analytics software company based in Houston, Texas. Their main product is a log management software which is also called Graylog.

<span class="mw-page-title-main">Innocent Lives Foundation</span>

The Innocent Lives Foundation, also known as ILF, is an international nonprofit organization dedicated to finding the true identities of anonymous child predators using open-source intelligence, compiling conclusive reports, and handing the reports over to various types of law enforcement to help bring predators to justice. ILF also works to combat child sexual abuse material by educating parents and guardians on ways to talk to their children about their online activity. The Innocent Lives Foundation was founded by Christopher J. Hadnagy in 2017.

<span class="mw-page-title-main">Capture the flag (cybersecurity)</span> Computer security exercise

Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully-vulnerable programs or websites. They can be used for both competitive or educational purposes. In two main variations of CTFs, participants either steal flags from other participants or from organizers. A mixed competition combines these two styles. Competitions can include hiding flags in hardware devices, they can be both online or in-person, and can be advanced or entry-level. The game is inspired by the traditional outdoor sport of the same name.

References

  1. "Hacking humans: social engineering and the power of influence". ABC Radio National. March 16, 2022. Retrieved June 23, 2022.
  2. 1 2 3 Nichols, Shaun (February 10, 2022). "DEF CON bans social engineering expert Chris Hadnagy". TechTarget. Retrieved May 4, 2022.
  3. Goodchild, Joan (October 17, 2011). "New social engineering poll reveals which scam works better". CSO Online. Retrieved June 23, 2022.
  4. "Christopher Hadnagy | SXSW Wonder House". sxsw.arizona.edu. Retrieved November 8, 2023.
  5. Yadron, Danny (April 20, 2015). "The Man Who Hacks Your Employees". Wall Street Journal. ISSN   0099-9660 . Retrieved November 11, 2023.
  6. "Faculty". The University of Arizona – Center of Academic Excellence.
  7. "Actress Erin Gray talks about The Innocent Lives Foundation - CBS Los Angeles". www.cbsnews.com. Retrieved November 8, 2023.
  8. Cox, Joseph (March 25, 2021). "FBI Paid Anti-Child Predator Charity $250,000 for Hacking Tools". Vice. Retrieved November 8, 2023.
  9. "Chris Hadnagy on the Def Con hackers posing as your coworkers". Christian Science Monitor. ISSN   0882-7729 . Retrieved November 8, 2023.
  10. "DefCon contest to spotlight social engineering". CSO Online. Retrieved November 8, 2023.
  11. Hiltner, Stephen (September 24, 2018). "When Reporting on Defcon, Avoid Stereotypes and A.T.M.s".
  12. "Post DEF CON 29". DEFCON Transparency Report. Retrieved February 10, 2022.
  13. "Chris Hadnagy's Official Statement". Security Through Education. February 25, 2022.
  14. Hetzner, Christiaan (August 19, 2022). "Star social engineer dubbed the 'human hacker' sues Def Con after receiving permanent ban". Fortune. Retrieved January 14, 2023.
  15. Faife, Corin (August 18, 2022). "Def Con banned a social engineering star — now he's suing". The Verge. Retrieved January 14, 2023.
  16. Wright, Rob (January 16, 2023). "Judge dismisses Chris Hadnagy lawsuit against DEF CON". TechTarget. Retrieved August 23, 2023.
  17. "Hadnagy et al v. Moss et al". UniCourt. Retrieved November 7, 2023.
  18. BSides, Security (June 20, 2022). "Security BSides Response to the BSides Cleveland Incident". Security Bsides. Retrieved June 23, 2022.
  19. 1 2 3 "Security BSides commits to greater conference diversity after speaker backlash". IT PRO. June 21, 2022. Retrieved June 21, 2022.
  20. "Bens Book of the Month Review of Social Engineering The Science of Human Hacking". RSA Conference. August 31, 2018. Archived from the original on October 25, 2020. Retrieved January 22, 2020.
  21. "Book Review: Social Engineering: The Science of Human Hacking". The Ethical Hacker Network. July 26, 2018. Archived from the original on June 20, 2021. Retrieved January 22, 2020.
  22. "The Cybersecurity Canon: Unmasking the Social Engineer: The Human Element of Security". Palo Alto Networks Blog. September 16, 2016. Retrieved June 23, 2022.
  23. Hadnagy, Christopher; Fincher, Michele (January 22, 2020). "Phishing Dark Waters: The Offensive and Defensive Sides of Malicious E-mails". ISACA. Archived from the original on July 17, 2017. Retrieved January 22, 2020.
  24. Human hacking : win friends, influence people, and leave them better off for having met you. OCLC   1255930084 . Retrieved June 24, 2021 via WorldCat.org.
  25. Hadnagy, Christopher (July 31, 2018). Social Engineering: The Science of Human Hacking. John Wiley & Sons. ISBN   978-1-119-43338-5.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.