As is often the case, the truth is much more nuanced.
Within a few hours of arriving in Vegas, I found myself seated at the front of a conference room with Chris Hadnagy, a pioneer in the field of social engineering — a branch of hacking that involves manipulating people (instead of just computer systems) to gain access to information. A social-engineering hacker, for example, might call up your cellular provider and impersonate your spouse, in hopes of hijacking your text messages — which could then be used to bypass the two-step authentication on your email account.
Mr. Hadnagy, who for many years operated under the alias loganWHD, now works as a cybersecurity professional, consulting with and training companies to bolster their defenses. He also founded a nonprofit organization, Innocent Lives Foundation, that combats child predation.
In other words: In a world that tends to focus on villainous hackers, he’s one of the good guys.
The transition that people like Mr. Hadnagy have made — from underground hacking, using aliases, to aboveboard forms of hacking, using their real names — is the main thrust of the article that resulted from my attending Defcon. “Our clients are the Fortune 500 companies of the world,” Mr. Hadnagy said, referring to his consulting work. “You’re not going to get a giant bank to pay you if they’re hiring ‘loganWHD.’”
But as is true with many of our Surfacing pieces, another goal was to broaden reader appreciation of something that’s become increasingly apparent to me this year: that many of the world’s underrepresented communities are all too often painted with a broad brush. When reporting on what’s different, it’s easy to be distracted by what’s dramatic — and to suggest that the most dramatic elements of a community represent the whole. This trap can sometimes result in reporting that caricatures and stereotypes.
Engaging with virtuous hackers hasn’t blinded me to the threat of cyber criminals. The reach of Russian hackers during the 2016 presidential election, for example, is truly stunning — and the details are still coming to light. But now, every time I imagine a nefarious hacker targeting a voting database to commit a crime, I can counterbalance the thought by recalling a thoughtful conversation I had with Nick Bishop and Mike Westmacott, two hackers I met at Defcon who were diligently taking apart and testing a Diebold voting machine in an attempt to identify — and increase awareness of — its vulnerabilities.