Epstein Hacker Removed: The Black Hat and Code Blue Conference Mystery Unfolds
The cybersecurity world is reeling from the recent removal of Vincenzo Iozzo, a prominent figure with ties to convicted sex offender Jeffrey Epstein, from the review boards of two leading industry conferences: Black Hat and Code Blue. This development, coinciding with the release of Department of Justice documents detailing Iozzo’s interactions with Epstein, has sparked intense scrutiny and raised questions about vetting processes within the cybersecurity community. This article delves into the details of this unfolding mystery, exploring Iozzo’s background, the released documents, and the implications for the future of cybersecurity conference governance.
The Disappearance from Black Hat and Code Blue
As of Thursday, Vincenzo Iozzo’s name no longer appears on the official review board pages of either Black Hat, one of the world’s largest cybersecurity conferences, or Code Blue, a respected Japanese security conference. Just last week, he was still listed on both. Iozzo had been a member of the Black Hat review board since 2011, a testament to his long-standing presence and influence within the industry, as evidenced by his LinkedIn profile.
The removal occurred without public explanation, fueling speculation and prompting inquiries from media outlets. While Code Blue offered a somewhat coincidental explanation, the timing remains suspect given the recent revelations.
Iozzo’s Response and Black Hat’s Silence
In a statement provided to GearTech through a spokesperson, Iozzo asserted he “will not willingly resign” and explicitly welcomed “a full investigation.” This suggests a confidence in his position and a desire to clear his name. However, spokespeople for Black Hat have remained conspicuously silent, declining to respond to requests for comment, adding to the air of mystery surrounding the situation.
A Cybersecurity Veteran with a Complex Past
Vincenzo Iozzo is a well-known figure in the cybersecurity landscape. Currently the founder and CEO of cybersecurity startup SlashID, he boasts a significant track record. He authored one of the earliest manuals for researchers investigating Apple’s mobile software, demonstrating his early expertise in mobile security. In 2015, he founded IperLane, a cybersecurity startup later acquired by CrowdStrike, where he served as a senior director for nearly four years. This demonstrates a consistent pattern of innovation and leadership within the field.
The Epstein Connection: Documents Released
The catalyst for this recent upheaval is the release of over 2,300 documents, including numerous emails, as part of the Department of Justice’s mandated publication of materials from its investigation into Jeffrey Epstein. These documents reveal interactions between Iozzo and Epstein spanning from October 2014 to December 2018. This period coincides with the emergence of serious allegations against Epstein, detailed in late 2018 by the Miami Herald, concerning the abuse of over 60 women, including underage girls.
Significantly, the newly released emails show Iozzo attempting to meet with Epstein at his New York townhouse shortly after these allegations surfaced. This timing raises questions about the nature of their relationship and Iozzo’s awareness of Epstein’s alleged crimes.
The “Personal Hacker” Allegation
Among the released materials is a report from an FBI informant claiming Epstein had a “personal hacker.” While the document is heavily redacted and does not explicitly name the individual, identifying details strongly suggest the informant believed Vincenzo Iozzo was the person in question. Italian newspaper Il Corriere della Sera previously reported on these emails and identified Iozzo as the likely individual redacted in the informant document.
It’s crucial to emphasize that the FBI informant’s claims remain unconfirmed by the FBI itself and may contain inaccuracies. Furthermore, there is currently no concrete evidence within the released emails to suggest Iozzo engaged in any unlawful activities for Epstein.
Iozzo’s Denial and Explanation
In his statement to GearTech, Iozzo acknowledged knowing Epstein “for professional reasons” and expressed regret for the association. However, he vehemently denied being Epstein’s “personal hacker” or performing any hacking services for him.
“We were introduced in 2014 when I was a 25-year-old at MIT fundraising for my startup, by people whom I trusted and admired. Because of this, I failed to ask the right questions that, in retrospect, seem obvious,” the statement, relayed by spokesperson Joan Vollero, read. “I foolishly accepted the narrative that was presented to me by others that greatly minimized the magnitude of his horrific actions. I regret the past association and take full responsibility for not exercising greater judgment at the time.”
Iozzo further stated, “My interactions with Epstein were limited to business opportunities that never materialized, as well as discussions of the markets and emerging technologies. I never observed nor participated in any illegal activity or behavior.”
The Epstein Case: A Brief Recap
Jeffrey Epstein pleaded guilty in 2008 to soliciting sex from girls as young as 14 and registered as a sex offender in Florida and New York. Renewed allegations of serial sex abuse and trafficking of underage girls at his private island emerged in 2018, leading to formal charges by the Justice Department in 2019. Epstein died in jail while awaiting trial.
The Lack of Transparency and the Future of Conference Vetting
Neither Iozzo’s spokesperson, Joan Vollero, nor his attorney, Emma Spiro, provided a specific explanation for his removal from Black Hat’s website, but they did not dispute the fact of the removal. Vollero stated that Iozzo “welcomed an independent investigation from Black Hat, rather than a knee-jerk removal decision, because he is confident that he would be cleared through that process.”
Code Blue spokesperson Ken-ichi Saito confirmed Iozzo’s removal, attributing it to a pre-planned update to remove Iozzo and two other review board members who had been “inactive.” Saito claimed the timing was coincidental with the release of the Epstein documents. However, this explanation feels insufficient given the circumstances.
The Need for Robust Vetting Processes
This incident highlights a critical need for more robust vetting processes for individuals serving on review boards and in leadership positions at cybersecurity conferences. The cybersecurity community prides itself on ethical conduct and integrity. Associations with individuals accused of or involved in serious crimes can erode public trust and damage the reputation of the industry.
Potential Implications for the Cybersecurity Industry
The fallout from this situation could have broader implications for the cybersecurity industry. It raises questions about the responsibility of industry leaders to thoroughly investigate the backgrounds of those they associate with and the potential consequences of failing to do so. Enhanced due diligence and transparency are now paramount.
What’s Next?
The situation remains fluid. The lack of transparency from Black Hat is particularly concerning. A thorough and independent investigation is crucial to determine the extent of Iozzo’s relationship with Epstein and whether any ethical boundaries were crossed. The cybersecurity community will be watching closely to see how Black Hat and Code Blue respond and what steps they take to prevent similar situations from occurring in the future. The integrity of these conferences, and the industry as a whole, depends on it.
Further investigation is needed to determine:
- The full extent of Iozzo’s interactions with Epstein.
- Whether Iozzo was aware of Epstein’s alleged crimes.
- The specific reasons for Iozzo’s removal from Black Hat and Code Blue.
- What changes Black Hat and Code Blue will implement to improve their vetting processes.