Jeff Moss, founder of the Black Hat and Defcon hacker and security conferences, was among 16 people sworn in on Friday to the Homeland Security Advisory Council.

The HSAC members will provide recommendations and advice directly to Secretary of Homeland Security Janet Napolitano.

Moss' background as a computer hacker (aka "Dark Tangent") and role as a luminary among young hackers who flock to Defcon in Las Vegas every summer might seem to make him an odd choice to swear allegiance to the government. (Although before running his computer conferences, Moss also worked in the information system security division at Ernst & Young.)

I'd like to hear some of the banter as he rubs elbows with the likes of former CIA (Bill Webster) and FBI directors (Louis Freeh), Los Angeles County sheriff, Miami mayor, New York police commissioner, governors of Maryland and Georgia, former Colorado Sen. Gary Hart, and the president of the Navajo Nation.

In an interview late on Friday, Moss, who is 39, said he was surprised when he got the call and was asked to join the group.

"I know there is a newfound emphasis on cybersecurity and they're looking to diversify the members and to have alternative viewpoints," he said. "I think they needed a skeptical outsider's view because that has been missing."

Asked if there was anything in particular he would advocate, Moss said: "There will be more cyber announcements in coming weeks and once that happens my role will become more clear. This meeting was focused on Southwest border protection... With things like Fastpass and Safe Flight, everything they are doing has some kind of technology component."

Moss, who is genuinely humble, said he was "fantastically honored and excited to contribute" to the HSAC and not concerned with losing any street cred among what some would call his fan base. He did concede that his new position would give him an unfair advantage in Defcon's "Spot The Fed" contest in which people win prizes for successfully outing undercover government agents.

Security consultant Kevin Mitnick, who spent five years in prison on computer-related charges and was on the FBI's most wanted list, praised Moss' diplomacy, but said: "I'm surprised to see Jeff on the list. I would have expected (crypto/security guru and author) Bruce Schneier to be on the council."

Moss "is a great crowd pleaser" and "he's just bad enough for them to say 'we're crossing the ranks,'" said journalist and threat analyst Adrian Lamo, who served two years of probation for breaking into computer networks. "But the reality is he's as corporate as hiring someone out of Microsoft."

Malware has been found on ATMs in Eastern Europe and elsewhere that allows criminals to steal account data and PINs and even empty the machine of its cash, a computer forensics expert said.

About 20 ATMs have been compromised in that manner, mostly in Russia and the Ukraine, but there are "early indications" of compromised ATMs in the U.S., said Nicholas Percoco, vice president and head of SpiderLabs at Trustwave, which provides data security and payment card compliance services.

Percoco said he could not elaborate further on where the compromised ATMs were located and how they were used.

Someone had to manually install the malware on the machines, so it's likely that an insider is responsible; either an employee at the bank, the ATM vendor, a company that services the machines or someone close to an insider, Percoco said in a telephone interview late on Wednesday.

The machines, all running Windows XP, had an executable on them that was masquerading as a legitimate Windows protected storage service, he said. The malware looks at all the data being processed by the ATM and records account information that is stored on the magnetic stripes on cards inserted into the machine and encrypted PIN blocks that are generated when someone types in their personal identification number, he said.

Although the PINs are encrypted, criminals could potentially intercept the encryption keys exchanged with the bank and use them to decrypt the PINs, he added.

Once the malware has been hidden on the ATM for a period of time, the criminal can return to the machine and use a special "trigger" card to control the ATM and print out the stolen data directly from the machine or instruct the ATMS to dispense all the cash it has, according to Percoco. ATMs can hold as much as $600,000 at a time, he said.

"There is evidence that (trigger) cards were used," he said, adding that he could not comment on the number of accounts affected or amount of money stolen. The malware was first installed on at least one of the machines in July 2007, he said.

This is not the first time malware has been discovered on ATMs, Percoco said. "But this is probably the most sophisticated malware found on an ATM," he said. "In all the versions we've looked at (the criminals) are enhancing the application as they go. They must be getting feature requests from someone."

The latest version of the malware code found on some of the machines includes a function for writing the stolen data onto a card with a memory chip on it, which are commonly used in Europe, he said. However, that function does not appear to work, he added.

Although the malware was installed on the ATMs manually, it's possible that future attacks would involve the propagation of the malware through the ATM network, he said.

Consumers should avoid using any ATM that does not "look right," Percoco said, for instance, if the screen has a different interface or strange commands.

Also, criminals use "skimmers" over the slot where the card is inserted that steal the data that way and can record PINs with a hidden video camera positioned nearby.