DEFCON 2015: An Insider’s Guide
Whether you’d like to attend next year’s DEFCON, or are just curious about the subculture of hacking, Tech Talker Eric Escobar has the insider details.
Listen
DEFCON 2015: An Insider’s Guide
This last week, I was in Las Vegas for the annual hacker conference DEFCON. It started back in 1993 and has grown to almost 20,000 attendees. It’s an awesome mix of hacking software and hardware, while engaging in fun competition.
Now when I say the word, “hacking,” most people think of a dark room with a ton of computer screens and a villain behind the keyboard. But that’s most often not the case. There are many different types of hackers, some who hack for good (aka white hat hackers), some who hack for bad intentions or personal gain (aka black hats), some that specialize in social hacking, and some that specialize in hardware, and many others. In fact, many companies actually employ white hat hackers to test the security of their computer systems and make sure that they are safe.
There are even programs that allow anyone to try and hack specific systems. For example, the website BugCrowd.com partners with companies that want to have their website, product, or system tested. You can sign up for free to become a tester, and if you find vulnerabilities, or are able to hack the system they specified, then you’ll be rewarded with a bounty, which typically falls somewhere between $50 and $5,000 depending on the severity of the issue that was found.
Now for those of you who may want to attend next year, or who are just curious about what goes on at DEFCON, let’s talk about how the conference was actually structured. Like any other conference, there were speakers who talked about their research and projects, on topics like hacking into cars, taking control of drones, and even hacking cell towers. I won’t be going over all of these today, but since I am doing a whole series on DEFCON, you can expect to hear more details in the next few weeks …
Badges
The conference has a lot of traditions surrounding it, but some of my favorite involve the badges that are handed out every year. There is always a badge challenge associated with DEFCON that can often take the entire conference to figure out. The prize for winning this challenge is that your entire team will receive coveted black badges that will let you into DEFCON for free for life. The challenge, though, is insanely difficult. Here is the full solution to last year’s challenge. The badge challenge is a huge mix of computer knowledge, cryptography, pop culture, Internet memes, music, and just plain random stuff. Clues are hidden all over the conference: on signs, in the program, the badges themselves, special email accounts, you name it!
It’s pretty awesome to watch the whole process unfold because the teams that are competing for this challenge spend almost their entire conference trying to crack the code. This year, the badge was a small record that actually played in a record player. There were clues hidden in the track. Last year, the badges could connect to your computer and when buttons were pressed in a particular order they displayed a message!
If you like puzzles, I highly recommend you read through the badge challenge that I’ve posted in the show notes of this episode. It will blow your mind how complex it is!
Villages
Next up are the villages. Now while there are big speaker rooms that hold thousands of people, there are also smaller rooms called villages where you can go and talk about specific types of hacking. Every year, the number of villages grows and, this year, the car hacking village started as well as the Internet of things village. These villages will have talks specific to their subject matter and are incredibly diverse. To name a few: there is the lock picking village, hardware hacking village, wireless village, crypto village, and data duplication village. In all of these villages, there were people to talk to and hands-on demos to mess with. For example the lock picking village had sample locks and tools you could use to try and crack different kinds of locks, and the car hacking village had cars that you could check out and fiddle around with.
Workshops
While the villages had hands-on demonstrations, there were full on workshops this year, which were half-day to full-day classes on a number of different subjects that were really interesting and included subjects like RFID hacking, (RFID are the badges frequently used to get into buildings), iOS and Android application hacking, and reverse engineering a hack.
The workshops were a lot like classroom time and were fascinating. Based on the popularity of them this year, I think that they will for sure they will be back again with many more subjects.
Competitions
Now I mentioned the badge competition, but there are so many competitions that go on at DEFCON they are hard to count. There are scavenger hunts, social engineering challenges, hacking challenges, and many more. The most elite of all of these though is the capture the flag competition that goes on over the course of the entire conference. The way that the game works is that there are files on a computer system or network that act as flags. The goal is to get to the flags before any other team. This requires breaking past firewalls, filters, programs, and a ton of other security measures! In order even compete in it you have to qualify at another conference or be a previous winner.
If you’re curious about how crazy this competition is here is a link to some of last year’s capture the flag solutions.
Now, the absolute best part of this conference has to do with the people that there are to meet. There are federal agents, hackers from Russia, teachers, students, computer novices, press, security experts, and pretty much as diverse of a mix as you can think of. The backgrounds, specialties, and interests of the attendees are pretty incredible and make the conference itself worth it.
Next week I’ll be covering some of the actual hacking that came out of the conference, what it means, and how it will affect us down the road.
Well, that’s it for today! Be sure to check out all my earlier episodes at techtalker.quickanddirtytips.com. And if you have further questions about this podcast or want to make a suggestion for a future episode, post them on Facebook QDTtechtalker.
Until next time, I’m the Tech Talker, keeping technology simple!
