January 7, 2025
January 7, 2025
LAS VEGAS — Andy Greenberg of Forbes was a happy man last week at Black Hat and Defcon. His story the prior week about car hacking research that Charlie Miller and Chris Valasek later presented had made national news in a variety of outlets. The accompanying video of Charlie and Chris giving him a personal demonstration, chuckling as they sat in the back seat using a laptop to remotely mess with the brakes, steering and horn as Andy tried to drive the car was extremely entertaining and also somewhat frightening. (I asked Charlie what gave him the idea to do a demo on a reporter for a first-person attack story and he said: “I was inspired by your ”Researchers attack my iPhone via SMS‘ article” from 2009. “Reporters love it if you hack them!” Charlie’s right. But only with our prior permission.)
As part of my 6 Questions series, I talked to Andy at a Defcon party hosted by Lookout that was extremely popular with journalists (I did four interviews there and could have done more). For privacy, Andy and I retired to a quiet poolside cabana. In the Forbes video, he’s a natural in his role as shocked victim/reporter. But I came to find out he’s actually pretty shy about being the subject of an article, and the interview was punctuated with sporadic pauses as he analyzed the consequences of his comments. It was quite endearing.
How many years have you been coming to Black Hat/Defcon?
Andy Greenberg: This is my fifth Black Hat or Defcon.
Why do you like to cover it?
AG: It’s the Academy Awards of security research. I’m sure there’s some better analogy… I like it for two reasons. One is the actual content… If you miss this (event) you miss what everyone has been working on for the last year. It’s also the biggest gathering of the community in any one place, in America at least. (Andy has been to the conference organized by the Chaos Computer Club in Germany.)
What’s your strategy or approach for covering the show?
AG: (He hesitates, not sure he wants to divulge his secrets.) The way to cover these is to figure out what the big stories are going to be and use the connections to the researchers you know or get new sources (to report). I try to do all the reporting (on research being presented) before I show up and spend this time meeting people and developing bigger stories.
What do you think of this year?
AG: Never before has it felt so much like Black Hat was stuffy and institutional, and there’s more going on here (at Defcon). Maybe that’s a mean thing to say. Black Hat still has all the world-class researchers.
What message do you have for PR people trying to engage with you?
AG: Pitch actual, awesome research, present research, like IOActive did. I’m pretty psyched that Chris Valasek and Charlie Miller got into Forbes and on The Today Show.
How did you find out about their work? Did IOActive PR people contact you?
AG: No. IOActive people did not reach out to me. I saw Chris and Charlie tweeting about it and saying that the talk was rejected by Black Hat… I’m much more responsive when a researcher emails me than a PR person.
What’s the most interesting thing you’ve seen or done at a Defcon or Black Hat?
AG: I’ve been thinking a lot about Barnaby Jack’s ATM hack in 2010. It was such a wonderful piece of show business; the way he was so self-effacing onstage, but also was wearing this slick suit, the sheer epicness of his hack. I think that was the talk that will be remembered as setting the bar for the great Black Hat reveal. It was like a magic show. It was already patched – the most responsible disclosure ever. That didn’t matter because he delivered it with such showmanship.
What have I not asked that I should?
AG: Places not to stay in Las Vegas. Don’t stay at Wild Bill’s Gambling Hall and Saloon.
Where are you staying?
AG: The Quad hotel.
What’s wrong with Wild Bill’s?
AG: I don’t ask much of a hotel, but if the Wi-Fi doesn’t work (that’s a deal breaker).
