Black Hat: Is It Even Relevant Anymore?

Vancouver, B.C.
January, 2013


Black Hat or Propeller Head:

Is Black Hat Even Relevant Anymore?

Black Hat brands itself as the leading global security organization determined to find meaningful cyber security and information technology solutions but is that a sham?

Over the years and hundreds of conferences globally, they have given lectures, invited experts to speak, and held countless challenges to provide a forum for innovative cyber security solutions.

It seems as if they have rather become the advertising platform for major corporations that continue to propagate sole reliance on Public Key asymmetric network systems. Whitenoise, Dynamic Distributed Key Infrastructures, and Dynamic Identity Verification and Authentication can work seamlessly with PKI systems and fix their fatal flaws by creating two channel (both asymmetric and distributed complimentary frameworks) and multifactor authentication to fix the known fatal flaws of PKI frameworks. The initial mandate and goals of the group seem to have become subservient to the Black Hat need for corporate advertising dollars and sponsorship rather than a real search for effective cyber security solutions.

Even more, actually discovering and propagating effective security solutions is an existential threat to their raison d'etre. If networks are easily secured, what need does the market have for Black Hat anymore?

In October 2012 every single executive and scientific representative of the Black Hat organization listed on their website, including their marketing company, and many journalists were contacted by Andre Brisson, founder of Whitenoise Laboratories Canada Inc. and the CEO of Whitenoise Laboratories Canada Inc. to run a challenge for any Black Hat member, or any person, government, or institution globally for that matter, to demonstrate their acclaimed abilities at breaking code.

It did not even merit a response or a return email FROM ANY OF THEM. This is very sad indeed when it is the recommendations of experts such as these that continue to foist solutions with known fatal flaws which continue to victimize people globally. Is it all about money and power and not science or proof?

Below is the correspondence sent to the following Black Hat operations persons and their marketing company (yes you are being sold) and journalists who should know better: Conan Dooley technical lead for Black Hat Senior Marketing Director Press liaison Stephen Schain Senior Marketing Director Black Hat Content director Travis Carelock Press Liaison Press Liaison Press Liaison Call for papers at Black Hat Black Hat conference chair Black Hat General Manager

We find the lack of response particularly embarrassing for Black Hat when they themselves have actively sought out and courted Mr. Marshall to be a key note speaker at their events.

" ...Marshall a member of the Senior Cryptologic Executive Service (SES) and the Defense Intelligence Senior Executive Service (DISES), is the Director of Global Cyber Security Management at DHS by special arrangement between the DIRNSA and the Secretary of Homeland Security. He is responsible for the direction of the following programs: Software Assurance; Standards and Best Practices; Supply Chain Risk Management; and Cyber Training and Education.

He was previously the Senior Information Assurance (IA) Representative, Office of Legislative Affairs at the National Security Agency (NSA). NSA's Legislative Affairs Office is the Agency's point of contact for all NSA matters concerning Congress and is committed to maintaining a relationship with Congress built on trust, candor, completeness, correctness, consistency, and corporateness.

As an additional duty, Mr. Marshall also represented NSA in the National Centers of Academic Excellence in Information Assurance Program in Boston, Massachusetts and the Detroit, Michigan areas where he led the effort to establish an International Consortium on Information Assurance. His successes were noted and praised by the Director, NSA.

Mr. Marshall is a sophisticated senior executive level leader recognized and appreciated for his political savoir-faire and common sense coupled with a polished ability to build meaningful relationships and achieve positive results. Highly respected by White House (National Security Council) and Congressional staffers, Department of Defense, Department of Homeland Security, Department of the Treasury and private sector leaders, particularly the financial services sector, for his subject matter expertise and skills in policy formulation and ardent advocacy, Mr. Marshall commands a deep understanding and appreciation for the full range of Information Assurance-related legal, legislative and policy issues.

He is highly sought after as a keynote speaker, panelist and moderator at information technology, legal and policy symposia and conferences both here and abroad. He is a nationally recognized, respected and articulate advocate of the need for the private and public sectors to work together to improve information assurance and business continuity practices, policies and technology. He has addressed various international, Department of Defense, Army, Navy and Air Force legal conferences on information operations, information assurance and critical infrastructure assurance, twice sharing the podium with the Secretary of the Air Force and once with the former Vice-President of the United States.

He has testified before numerous Congressional subcommittees and has distinguished himself as a guest lecturer at the National Defense University (NDU), the Industrial College of the Armed Forces, Stanford University, George Mason University, George Washington School of Law, Boston University, Duke University, the University of Virginia, University of Detroit-Mercy, The Harvard Club, and numerous graduate and law schools on a myriad of legal issues related to national security and information assurance.

He was recently recognized by CS Magazine, the world's most influential IT publication as one the nation's most influential cyber security professionals who have helped shape the information security industry.

Mr. Marshall successfully represented the United States in two high profile cases in the United Kingdom: a civil matter for the USAF with an amount in controversy of almost a billion dollars and a criminal matter for GCHQ and NSA where he appeared before the High Court of Justice in London as the lead US Counsel. In each case, in large measure through his efforts, the United States prevailed.

He has also been an invited speaker at another Hacking Group that appears to be supplanting Black Hat in credibility.

Meet the Feds - their bio of Richard Marshall

By Christopher Cleary, former Cyber Command; Jerry Dixon, former DHS; Jon Iadonashi, former Navy; Rich Marshall, DHS; Tony Sager, NSA; Linton Wells, NDU; Ryan Pittman, CCIU; Daron Hartvigsen, AFOSI; Barry Grundy, TIGTA; SA Ahmed Saleh

Meet federal agents from three letter agencies and beyond.  Let's talk about criminal investigations, intelligence gathering, cyber weapons, war strategy, and more. Come with questions.

Richard H.L. Marshall, Esq., a member of the Senior Cryptologic Executive Service (SES) and the Defense Intelligence Senior Executive Service (DISES), is the Director of Global Cyber Security Management at DHS by special arrangement between the DIRNSA and the Secretary of Homeland Security. He is responsible for the direction of the following programs: Software Assurance; Standards and Best Practices; Supply Chain Risk Management; and Cyber Training and Education.

Correspondence to Black Hat:


From: Andre Brisson

Sent: Monday, October 15, 2012 4:42 AM



Subject: Whitenoise and a Black Hat Challenge

To whom it concern

At the recommendation of Richard Marshall, former Director of Cyber for the US Department of Homeland Security, and the Standards Council of Canada, we have been trying to get your attention for a Black Hat Challenge.

We have unbreakable key technologies that are patented globally and which Canada is currently in processing of submitting for international standardization through the ISO-IEC JTC SC27 and the IETF. I have attached a paper to that body.

We would like to challenge anyone who is a member of Black Hat, and/or anyone on earth be it academia, law enforcement or governments to try to break a Whitenoise key.

We have done this before. After a fraudulent claim, we put $100,000 on the table and provided 13 times as much key stream information as the claim said was required.

This challenge was done in front of every major cryptographer (or self claimants) in North America, as well as senior scientists from major contractors such as Lockheed Martin, acclaimed academics like senior fellows from Bell, and significant US military people like from the Joint Chiefs of Staff.

It was unfortunate the way it had to be done before but if you read all the links at the bottom of the following challenge page, and read who was included in the email list, you will get the gist.

We would like to do something similar with your austere group. Click the link at the bottom of the page.


Andre Brisson

Co Founder

Whitenoise Laboratories Canada Inc.


The Challenge Black Hat wouldn't take


About Whitenoise

Complete network security: 1 dynamic framework and 1 dynamic protocol - Virtually manufactured - virtually delivered - virtually no cost.

Whitenoise, Dynamic Distributed Key Infrastructures, Dynamic Identity Verification and Authentication etc. are patented globally in countries with 2/3s of the world's population, economic activity and IT manufacturing.

They are proven to be:

•  Man-in-the-Middle attack resistant because there is no key exchange during sessions.

•  Side Channel attack resistant because all operations are order 1 operations after key load

•  Mathematical attack resistant

•  Quantum computing attack resistant because all variables are variable and there are no fixed key sizes

•  Botnet attack resistant by configuring a second external key on a non-comandeered computer

•  Mitigates against Denial of Service attacks because of identity, provenance and secure network access

•  Cloud computing secure because it uses the strongest endpoint encryption and identity keys known - the endpoint keys used are greater than 250,000 bits strong and generate key streams greater than 10 to the 60th power bytes in length that operate like a one-time-pad.

•  Brute Force attack resistant

Exhaustive keysearch is not a threat. With the recommended parameters, Whitenoise uses keys with at least 1600 bits of randomness. Exhaustive search of 1600-bit keys is completely and absolutely infeasible. Even if we hypothesized the existence of some magic computer that could test a trillion trillion key trials per second (very unlikely!), and even if we could place a trillion trillion such computers somewhere throughout the universe (even more unlikely!), and even if we were willing to wait a trillion trillion years (not a chance!), then the probability that we would discover the correct key would be negligible (about 1/2 to the 1340 power), which is unimaginably small). Hence, if keys are chosen appropriately and Whitenoise is implemented correctly, exhaustive keysearch is not a threat.