Infosec 2015 John McAfee delivered a surprisingly non-controversial keynote speech to the London Infosec Conference on Wednesday afternoon, lauding the value of privacy, doing so – to the concern of his bewildered audience – whilst seemingly tickling himself through the cloth of his pocket.
McAfee's talk was essentially a rant against governments' security-compromising activities, summed up by his statement: "We cannot allow a fearful government to create weaknesses in the very software we are trying to protect. By putting backdoors in the software, we have given hackers the access we are trying to prevent."
Easily the rockstar of infosec, McAfee took to the stage fashionably late – though his audience had remained comfortable, being plied with free alcohol, free food and an enjoyable musical set (wasted on Infosec's more senior attendees) during their wait.
The man himself, a young 70-year-old in a handsome navy suit, looking and seeming much like a millionaire version of Matthew McConaughey's Rust Cohle, was quick to address what he regarded as the major political influences upon security and explicitly criticised governments' notions of backdooring software. A strong approach to a conference which has always had plenty of government security bods attending.
"Take control of your lives," McAfee urged Infosec. "Say 'I am going to be responsible for myself, at least to some extent.' Governments cannot protect you."
If a burglar is in your house, holding a gun to your head, is there a magic button you can press where a policeman will materialise between you and the burglar? No. No, you're on your own here. The illusion of protection is really nothing more than after-the-fact 'we will come in and locate the guy and punish him for you.' Well, that doesn't help me any. That's not protection. We have to take control ourselves.
"The government is not here to be our fathers and mothers," McAfee later added, noting the bidirectional quality of both government desire for more security powers and the public's increasing deference to government on these issues, and the increasing amount of suspicion towards those questioning these developments. "If someone is treating you as the enemy, then maybe you are."
Can you live in a society that is more paranoid than I'm supposed to be?
As the subject of a sensational manhunt, McAfee blogged about his various disguises whilst on run. The Register's favourite involved smearing himself with shoe polish and pretending to be a Guatemalan trinket peddler, complete with a faked limp and a "shaved" tampon up his right nostril.
Evidently having learned much from this event, McAfee emphasised that the issues facing information security were not merely technical but also a result of social complacence, whether produced through consumer complacence or simple naivete. Social engineering, and its results, are not just a means to illicitly acquire information but also to exploit it.
McAfee said the hack of Adult Friend Finder was, he thought, "one of the scariest hacks since the existence of computers. It is very easy to recover from financial loss, but it is very difficult to recover from a loss of this nature."
"When we have congressmen and senators, and members of parliaments, that are involved in an adult site, and that information is leaked, then it is very difficult to recover. If they're married, they're risking their families, they're risking their careers, and they are open to manipulation by foreign governments and other agencies," said McAfee.
"This is the problem we're having. We've attacked one half of the system, the technological side, but we have not given training to corporations or individuals to prevent the social engineering aspect of hacking."