Last week, the popular hacking conference DerbyCon announced that it was shutting down. The next DerbyCon, the organizer said, will be the last.
“Conferences in general have shifted focus to not upsetting individuals and having to police people’s beliefs, politics, and feelings,” part of the organizers’ lengthy statement about the cancellation said. “Instead of coming to a conference to learn and share, it’s about how loud of a message a person can make about a specific topic, regardless of who they tear down or attempt to destroy.”
Some in the infosec community read the organizers’ statement and began to blame the shutdown on “Social Justice Warriors,” and women who complained too much. For example, far right blog Gateway Pundit pointed to an incident where an attendee complained that other attendees were joking about sexual assault outside of the conference’s Mental Health Village. Others on Twitter latched on to the rumor that “SJWs” killed DerbyCon.
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
Regardless of the reason for the conference’s cancellation, the announcement renewed a conversation about toxicity in the infosec community that has been taking place in earnest since at least 2017 (and in smaller circles before then), when the Verge reported on chat logs from well-known security researcher Morgan Marquis-Boire, in which he confessed to a series of sexual assaults; the Verge and VICE corroborated that reporting with multiple women who have knowledge of the assaults.
While some women in the cybersecurity world were discussing the toxic interactions, sexual harassment, and assaults they’ve faced in the infosec community, members of a popular closed Facebook hacking group called “illmob” began to attack women who have spoken up about these issues, including Georgia Weidman, a security researcher who recently tweeted that her career was hurt by attending and speaking at DerbyCon in 2013.
“Let’s be real here, they don’t belong anywhere near cons,” Corey Barnhill, a member of the Facebook group and hacker rumored to be involved with various hacking groups such as Crackas With Attitude, wrote in a recent thread referring to women who complain about being mistreated at security conferences. “They belong in mental wards. I’m so sick of seeing these wacko chicks freaking out over nothing at cons. It’s always the really ugly ones too.”
Barnhill was commenting in a thread linking to Weidman’s tweet. Barnhill declined to comment for this article.
Illmob is a hacker group founded by Will Genovese, who gained notoriety for stealing Microsoft source code in 2004. The feds arrested and charged him for that theft. The popular Facebook group is named after Genovese’s hacking group, which still exists as a website. The Facebook group has almost 500 members, which include Facebook, Intel, and Okta employees; former Amazon and Uber employees; workers of several infosec companies, and other well-known cybersecurity researchers, according to their Linkedin pages. I was invited to the group a few years ago and noticed the posts about Derby Con.
“OMG. I can’t handle my liquor, get drunk in public and make bad decisions!” Arian Evans, another member who works at Facebook, commented in the same Facebook thread. “SEXISM and reputational RAPE!”
When reached by Motherboard, Evans said that “that statement was a reply to a specific male regarding a specific male drinking situation. No gender or individuals were implicitly or explicitly identified by that statement because it was simply a recognition that drinking to excess in public can be bad for one's reputation.”
In the same thread Evans also wrote: “It always seems to be the ones who are insecure about their mediocre tech skills and obsessively worry about their looks. Neurotic insecurities are a powder keg combined with a rage outlet and SJW mob.”
”#MeToo has opened a lot of eyes, but it's going to take years of effort before we can rid our industry (and hopefully our society) of these bad actors.”
In a chat with Motherboard, Dave Kennedy, founder and organizer of DerbyCon, dismissed the rumors that the conference shut down because of sexual harassment or incidents between attendees.
“[It] has nothing to do with that. Although some of the complaints around that are missing some very big facts on the situation,” he told me in an online chat. “Has to do more with burning out having to deal with continual behavior of people and increasingly harder to put on a con. Not women not men, just in general.”
When asked specifically about the complaints about “SJWs,” Kennedy said they are “total bogus.”
“It wasn’t one event it’s been many over years and we honestly grew too large for the event for it to be fun for us anymore,” he added.
In any case, women, trans people, and other historically underrepresented groups continue to be scapegoats and targets for many men in the infosec community, which is clear on a number of threads in the Illmob Facebook group.
In one of the many threads proposing that Illmob organize its own conference in response to DerbyCon shutting down, illmob member Kurt Nuke said that “as long as we can throw Big Macs at tranny’s then we good.” Nuke did not respond to a request for comment.
“Illmobcon. No pandering. No SJWs. Shut up and learn,” posted Nathan Magniez, who works at Reliant, a New York City-based security company, according to his Linkedin account. In a Facebook message, Magniez said that his post “aimed at all the drama surrounding the hacker community and that day specifically for the cancellation of my favorite con (Derbycon).”
“No sexism behind it,” he said. “I don't have any problems with any women in security and I take my wife and daughter to conferences when time/school allows.”
Misogyny in the group is not limited to DerbyCon-related topics, however. In another thread, several members complained about Def Con not allowing strippers at its traditional—and controversial—Hacker Jeopardy event. One group member even created a timeline of “SJW Bullshit at Tech Conferences,” lamenting cases where women spoke up against discrimination.
The moderators and admins of Illmob have thus far ignored misogynistic content. Scrolling down for a few hours unearthed several offensive threads and comments.
Ilmob’s admin and founder, Genovese, told Motherboard that “none of the content is really moderated,” but denied that there’s misogynistic content.
“Occasionally some drama content occurs and people answer emotionally either because it affects them personally or the community as a whole,” Genovese told Motherboard in an online chat. “I would not say misogynistic as both men and women are often the topic. Anything from fraudsters to snake oil to noobs are the topic regardless of gender.”
One female member of the Facebook group who asked to remain anonymous in order to avoid retaliation told Motherboard she monitors illmob as a way to avoid hiring questionable individuals.
“I’ve chosen to remain a member of the group to see who not to hire in the future,” she said.
Weidman, whose tweet was the subject of vitriol in the group, said the group’s posts are a perfect example of the kind of treatment women still get in the infosec world.
“This is exactly the kind of behavior that I hinted at when I said Derbycon 2013 was worse for me than Confidence 2013 (where I successfully fended off a would-be rapist with a coffee cup),” Weidman told Motherboard in an email. “The community that I expected to ‘have my back’ turned on me. I'm older now. I've sadly gotten used to ‘Let's meet alone, no you can't bring an advisor’ and unsolicited penis pictures as part of the gauntlet that a woman in cybersecurity still has to run even in 2019. #MeToo has opened a lot of eyes, but it's going to take years of effort before we can rid our industry (and hopefully our society) of these bad actors.”
Jackie Singh, the founder of Spyglass Security, said that “those comments reflect a set of beliefs that many people pretend don't exist in our community.”
“Some of those involved hold respectable day jobs in cybersecurity and often show a different face to the world than the one they feel safer to express among others with similar beliefs,” Singh told me in an online chat. “However it is important to state the illmob chat is not the cause, but only a symptom.”
After I reached out to a few members of illmob asking about their comments, and Genovese, the admins kicked me out of the group.
Correction 1/29/19: Due to an editing error, the original version of this article said that Corey Barnhill is a member of the hacking group Crackas With Attitude. Though he has been rumored to be a member of that group on hacking sites and forums, Motherboard could not independently verify that he is indeed a member. We regret the error.
Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.