Austin Hackers Group Gets Recognition From Global Body: The room where it hackens – News
Tod Beardsley, founder of AHA!, who officially joined the Common Vulnerabilities and Exposures (CVE) system last month (photo by Dex Wesley Parra)
On the last Thursday of every month, in the walled-off back room of a North Austin sports bar just off I-35, a motley crew of 40-odd information-industry types — computer programmers, web developers and the like – get together for a few hours in the evening to present the latest coding bugs they’ve discovered. They call themselves Austin Hackers Anonymous, abbreviated as AHA! like eighties pop act (let hackers claim the takeonme.org URL). Recording and filming are not allowed, everyone has to contribute, and if someone wants to promote a product or company, well, they have to buy alcohol, according to the bylaws. Needless to say, the crowd is a rowdy bunch of idiots.
“At its heart, it’s a hacker meetup for InfoSec professionals,” said AHA! founder Todd Beardsley. The collective started more than a dozen years ago, but in early February, they officially joined the Common Vulnerabilities and Exposures system. Think of CVE as a global dictionary for flaws in software and software. As a CVE Numbering Authority (CNA) vendor, AHA! Members can report vulnerabilities both for assets they control (including their website and communication channels) and for assets owned or operated by other organizations. So, in their spare time, these hackers are inspecting the code, finding errors that can lead to serious security risks and reporting them to an international authority. “A safer and more secure Internet is critical to culture and society,” Beardsley said.
Cybersecurity companies and researchers make up the majority of CNA vendors. After all, many in the field are penetration testers who, in Beardsley’s words, “get paid to show up, get into someone’s network, and show them how they got in.” . He said CVE recognizing AHA! as a counting authority is “odd, because as far as I know, we’re the only unorganized hacker collective that’s also a CNA.” (A scan of 274 CVE partners confirms this.)
While the CNA designation comes as a surprise, this is not the first time that AHA! is ahead of the curve. Since their initial gathering over a decade ago, hackers in several cities across the country have emulated AHA!’s meeting format, including Houston Area Hackers Anonymous (HAHA), Bay Area Hackers Association (BAHA), and The Secret Society of Phoenix Hackers (PSSH). The Austin club is not directly related to the others, though certainly influential enough to call them “our spawn” on their website.
Many of the weaknesses AHA! identifies and reports are exploitable, such as tricking less tech-savvy users into clicking on dangerous links in emails, a practice called phishing. When hackers find these bugs, Beardsley said, he encourages them to report them to vendors, which can be a complicated process since many companies are litigious about a bug. The way he sees it, “if you don’t fix it, bad things are going to happen to you because even though I may be very, very smart, I’m probably not the last person to see this, and I’m probably just the most the last to notice it.”
Do you have something to say? The Chronicle welcomes opinions on any topic from the community. Submit yours now at austinchronicle.com/opinion.