In February, when the Def Con hacker convention launched its annual transparency report, the general public discovered that one of the outstanding figures within the subject of social engineering had been completely banned from attending.
For years, Chris Hadnagy had loved a high-profile position because the chief of the convention’s social engineering village. However Def Con’s transparency report said that there had been a number of experiences of him violating the convention’s code of conduct. In response, Def Con banned Hadnagy from the convention for all times; in 2022, the social engineering village can be run by a completely new staff.
Now, Hadnagy has filed a lawsuit towards the convention alleging defamation and infringement of contractual relations.
The lawsuit was filed in america District Court docket for the Jap District of Pennsylvania on August third and names Hadnagy because the plaintiff, with Def Con Communications Inc. and the convention founder, Jeff Moss, often known as “The Darkish Tangent,” as defendants. Papers had been served to Jeffrey McNamara, lawyer for Moss, on the convention in Las Vegas this 12 months.
There are few public particulars concerning the incidents that induced Hadnagy’s ban, as is widespread in harassment instances. Within the transparency report asserting the permanent ban, Def Con organizers had been intentionally imprecise concerning the reported conduct. “After conversations with the reporting events and Chris, we’re assured the severity of the transgressions deserves a ban from DEF CON,” organizers wrote of their post-conference transparency report following the earlier 12 months’s convention.
Def Con’s Code of Conduct is minimal, focusing nearly totally on a “no-harassment” coverage. “Harassment consists of deliberate intimidation and focusing on people in a fashion that makes them really feel uncomfortable, unwelcome, or afraid,” the textual content reads. “Members requested to cease any harassing conduct are anticipated to conform instantly. We reserve the suitable to answer harassment within the method we deem applicable.”
On the convention this 12 months, varied folks conversant in the matter advised The Verge that Hadnagy’s conduct met the definition of harassment as outlined by the code of conduct however declined to offer extra particulars on the file.
Reached for remark, Melanie Ensign, press lead for Def Con, pointed The Verge to an announcement beforehand posted by Moss upfront of the convention this 12 months. “Once we obtain a report of a Code of Conduct violation, our management staff… conducts a assessment of the substance in session with our lawyer as wanted,” the assertion reads. “We then assessment all of the proof out there to us via neighborhood experiences, information media, and inner investigations to find out whether or not the allegations are substantiated.”
The infosec neighborhood has had a variety of high-profile sexual misconduct instances, some implicating the neighborhood’s most notable researchers. In 2016, former Tor developer Jacob Appelbaum resigned from the Tor Challenge after quite a few allegations of “sexually aggressive conduct,” which the undertaking’s govt staff investigated and confirmed. A 12 months later, The Verge reported information that safety researcher Morgan Marquis-Boire had been credibly accused of sexually assaulting ladies over a interval of many years.
Def Con’s dedication to a public transparency report — first introduced in 2017 — marked a brand new push from organizers to create a safer convention by cracking down on harassment in areas associated to the convention.
Even so, Hadnagy’s ban has despatched shockwaves via the Def Con neighborhood, significantly given his standing as a convention insider and coordinator of a preferred exercise zone. As chief of the SE Village — the place attendees be taught the artwork of eliciting delicate info from targets via psychological tips — Hadnagy held a celebrated position on the convention 12 months after 12 months, explaining tradecraft and operating a crowd-pleasing capture-the-flag competitors. As a broadcast creator and frequent speaker on the subject of social engineering, Hadnagy’s participation was a giant draw for these trying to break into the sector.
This 12 months, the village — rebranded as Social Engineering Neighborhood — was below new management, with JC Carruthers and Stephanie “Snow” Carruthers in control of occasions. The brand new organizers advised The Verge that they’d stepped in on brief discover with a proposal to run the village after information of Hadnagy’s ban broke and that suggestions from attendees this 12 months had been constructive. Each declined to touch upon the particular nature of the accusations towards Hadnagy.
Reached by The Verge, Hadnagy claims that convention organizers didn’t present particulars of the accusations towards him and denies any wrongdoing.
“My firm and I constantly deny and proceed to disclaim any and all allegations of misconduct,” he mentioned in an e-mail assertion to The Verge. “To handle these false accusations, defamatory statements and innuendos I’ve filed a lawsuit towards each DEF CON Communications and Jeff Moss.”
Within the lawsuit, Hadnagy alleges that the statements within the transparency report, mixed with the rarity of being barred from the convention, imply that the ban quantities to “extreme and irreversible” hurt to his fame, for which he’s searching for damages in extra of $75,000. The grievance additionally consists of additional counts of interference with contractual relations, infliction of emotional misery, and invasion of privateness — with the identical quantity of damages being hunted for every.
For the reason that ban, Hadnagy has turn out to be a persona non grata at comparable occasions. Lately, one of many fundamental organizers of the BSides Cleveland safety convention stepped down after booking Hadnagy as a surprise keynote speaker. Hadnagy was reportedly intending to deliver a talk that included a criticism of “cancel tradition.”
As information of the case grew to become public, some notable voices within the infosec neighborhood gave a essential response. Alyssa Miller, chief info safety officer at enterprise companies agency Epiq International, branded the lawsuit an abuse of the authorized system and an attempt to manipulate conference organizers.
“Let’s be clear about what this lawsuit is about,” Miller tweeted. “It’s not about DEFCON or DarkTangent. That is about [Chris Hadnagy] making an attempt to power the names and full particulars of his accusers into the general public sphere so he can go after them, assault them, and attempt to discredit them.”
Correction August 18, 4:15PM ET: An earlier model of this story claimed that Jeff Moss was served papers immediately. In reality, papers had been served to Moss’s lawyer, Jeffrey McNamara. We remorse the error.