McAfee sideshow eclipses Defcon's real security breakthroughs

The security pioneer's appearance at Defcon highlighted the best and worst impulses of the hacker community

John McAfee's decision to speak at last weekend's Defcon hacking conference on Friday was one of the worst-kept secrets in Las Vegas.

Earlier in the week, when Mr. McAfee's keynote at Defcon and B-Sides Las Vegas, a newer, mini con, were still an official secret, a friend gave me the heads-up: holding up his smartphone and flashing a picture of a bearded man, cigarette in hand, standing on a grassy hillside surrounded by machine-gun-toting bodyguards and buxom, scantily clad women. "Don't you know who that is?" he asked. "Chuck Norris?" I offered.

At Defcon on Friday, McAfee doubled down on the kind of bluster he's become known for. Though I'd never heard him speak in person before, the talk was -- by all accounts -- vintage McAfee in winter.

The onetime technology wunderkind, who left a job working for Lockheed to turn his curiosity about computer viruses into a thriving, global corporation, offered some off-the-cuff rebukes to firms like Google. He also rambled long and hard about the dark forces that pursue him: the U.S. government, the government of Belize, Central American drug cartels and script kiddies desperate for his (virtual) scalp. Everywhere he goes, people take his picture. Who are they working for? The phones and computers he buys are bugged. His movements are being tracked. Those in attendance were admonished to beware of government snooping -- especially via mobile applications. "Without privacy there is no freedom," McAfee intoned.

That well-worn advice was but a digression in the world according to John: a convoluted and paranoid recounting of his troubles with the authorities in Belize (where he was suspected by law enforcement of murdering a neighbor), mixed with the brilliance and creativity of his escape from that company and his resistance (McAfee claims to have harvested reams of incriminating evidence on the Belize officials by way of malware infected hardware he "donated" to the government). He also talked up his latest effort to make the world a better place: BrownList, a kind of Yelp for the disgruntled where visitors can vent their anger online about everything from parking tickets to personal slights.

"Instead of getting angry and shooting at somebody on the highway, or yelling at your wife, you can log onto the site," McAfee told Reuters. Road ragers rejoice!

Listening to McAfee rant, it's easy to forget there were plenty of folks walking the halls of Defcon, Black Hat, and B-Sides who actually were there to make the world a better place in very concrete ways.

Defcon's organizers devoted an entire track to countersurveillance talks, including a presentation that educated attendees on myriad ways that governments spy on their citizens and a talk by PGP inventor-turned-executive Phil Zimmerman. His company, SilentCircle, is working with telecommunications firms to market a supersecure smartphone. The volunteer group I Am the Cavalry made a public call on automotive executives to improve the quality of the software powering electric vehicles, and the crew behind are offering to work with the teams behind crowdfunded electronics projects to get their crypto and application security straight before they release their wares to the public.

Against that backdrop, McAfee seemed like an unwelcome reminder of what many at Defcon (including its organizers) would like to leave behind: the drunk at the back of the party who's talking too loud and saying stupid stuff. Boozing and partying have long been staples of the scene, and it's not unusual for Defcon attendees and instructors to sport flasks and 40-ounce beer cans, even during presentations. Critics -- many of them female hackers and attendees -- have reported incidents of boorish behavior or outright assault at Defcon and other security industry events. Defcon is still struggling with these demons.

The problems McAfee is warning of are real enough. It's easier than ever for cyber criminals, bored teenagers, greedy corporations, or suspicious governments to compromise your privacy and impinge on your freedom. But McAfee was hardly the first to warn about these problems, and his insights into them are neither original nor very helpful.

We stand poised between two eras: the old Internet of machines and an Internet of things that has already arrived. In that time, the information security industry -- long an oddity -- has assumed a place at the center of public discourse and policy. Shows like Defcon aren't just fun and far out; they're actually important. It's not enough to tell people that "the world sucks," Defcon founder Jeff Moss told me earlier this month. "You also have to show them how to fix it."

I couldn't agree more. But what that means, practically, is that Defcon and the information security community it represents might have to show guys like John McAfee to the door.

This article, "McAfee sideshow eclipses Defcon's real security breakthroughs," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow on Twitter.

Copyright © 2014 IDG Communications, Inc.