So here’s our group photo from our booth in the vendor area at Defcon. Unfortunately, we took the picture during tear-down, so you don’t get to see our banners and other wares.
We had tons of visitors! There typically was a long line to talk to Johnny and the rest of us would work the crowd while they waited. Lots of folks were drawn in by our ambivalent taglins, “I Hack Charities.”
The good folks at BackTrack donated vinyl stickers and t-shirts for us. I was surprised at how fast those got swallowed up. Between the shirts, stickers and books, we raised a lot of money. We also managed to get several pages worth of volunteers to sign up. I think there’s about 600 new volunteers–now we just need to get them assigned to projects! Hopefully we’ll soon have a viable model to keep this group going for a long time.
It was interesting to talk to the current Hackers for Charity group and the prospective volunteers. I wanted to know more about the reasons why someone would volunteer for this group. My hope was that there would be a significant amount of interest in doing the Right Thing and maybe spin out an ethical sense of some kind.
The picture was of course more complex. There was a little talk, but not much, about the good ethics of charity development. A lot of folks wanted to unload old hardware as a tax writeoff. Some young programmers want to develop skills and build up their resume. And there were some who were just impressed that hackers could do something more-or-less selfless.
It’s hard to quantify, but there’s a variety of reasons why people have been choosing to volunteer. Discerning a sense of a hacker ethic is difficult, but its principles and values are definitely there. There’s too much talk of good and bad, right and wrong and black and white (hats) to be without meaning. My hypothesis is that this language sits on top of an implicit ethic and morality that is worth exploring.
Most of Sunday I spent at the I Hack Charities booth, meeting people, selling shirts and talking about new charities to work with. One person came by and suggested that undergraduates be required to work on I Hack Charities projects as a senior thesis. Doing a senior team project is standard for bachelor’s degrees in CS but typically (as mine was) are pointless project with no real application. It’s an exciting prospect that I hope can take off–getting college CS students to use their skills for the benefit of charities.
Internet Wars
This panel was a one hour presentation from, as it appeared, whoever bothered to show up. There was no panelist list and it seemed mostly thrown together. A huge portion focused on industrial SCADA systems and whether or not SCADA could be attacked to shut down factories or power plants. Lots of it was theoretical and possibly BS. It was a quick hour, so I suffered through the topics I had only vague interest in.
Replacement Talk
As the EFF had promised, there was “something interesting” in place of the banned MBTA talk. I showed up to a packed room and found a chair in the corner. The new presenter was Brenno De Winter a hacktivist (hacker activist) and journalist. Brenno is from the Netherlands and broke the original story about problems with the Amsterdam Mifare system. The talk could have just about been the talk on the MBTA if one replaced Amsterdam with Boston and Mifare with Charlie Ticket.
The more interesting part of the talk was about Brenno’s trials in getting his stories to the surface and the legal problems he kept running into. In the end, he was able to get his word out freely. The ultimate lesson was that his work and the MIT students’ work is in fact academic research in security and therefore protected by Dutch and US law. The idea that some research is not to be discussed in public is an attack on those laws and helps show the world that the US is the kind of country interested in suppressing research.
At least, that’s his take on it, which I like greatly. The talks and the slides all have enough removed that they are not complete manuals for attack, but are in fact outlines of principles and methods. There’s not much “danger” in having them beyond applying pressure to NXP to fix Mifare and to the MBTA to upgrade to Mifare Plus. Lots of ovations were given to Brenno and the EFF for coming up with this talk.
Making a Text Adventure Documentary
I went to Jason Scott’s two hour presentation on his newest documentary, Get Lamp. This documentary follows after his BBS documentary from 2005. In this one, he captures the spirit of text adventures: the people who played them and the people who made them. He showed a lot of clips of the blind interviewees who cannot play video games, but can enjoy text adventures. He even has footage of him inside of Colossal Cave, which is generally considered off limits and impossible to get into.
Here’s the most recent trailer:
For one portion, he showed clips out of the documentary and asked us to clap if we knew who the person or thing being discussed was. The list included Colossal Cave, Infocom implementors, the TinyMUD author and several other obscure people. I clapped for a bunch of them and so did the guy in front of me. Apparently he and I were the two alpha nerds in the audience since we applauded for things that almost no one else recognized.
I love Jason Scott’s documentary work and seeing him up on stage. He’s got a lot of good talks up on Youtube from previous years and they are worth checking out.
End of the Booth
After the documentary presentation, I headed back to the booth. The vendor area was slowly packing up and we were no exception. We counted the leftover shirts and the donated money. We packed up the posters and miscellaneous junk. Johnny signed a book for all of us who helped out and we had a group photo that I’ll post later.
We all had a great time and went out for dinner at the Pepper Mill to make a few plans for next year’s Con. Can’t wait!
While at breakfast, I met David Scott Lewis. David was the model for the character David Lightman in the movie Wargames. He saw my clerical collar and came over to chat with me. He was fun to meet and talk to and he, like a few others, quietly whispered that he was a Christian too. As Courtney said to me, being a Christian at Def Con isn’t all that different than ancient Rome. It’s something that covert and in the whispers more than it is out in the open.
Booth
Most of my day was spent at the I Hack Charities booth. We sold tons of T-shirts, books and vinyl stickers. I pretty much have a spiel worked out that I recited more times than I can remember.
Johnny has been a Def Con speaker for many years so a good portion of our booth traffic was people coming to ask why he wasn’t speaking this year and trying to get him to commit to next year’s con. While folks were queueing up to see Johnny, the rest of us hucksters at the booth could give the I Hack Charities pitch and maybe make a sale. It’s a scheme that was generally unplanned, but worked out great!
Ask the EFF
The EFF Panel was extra-exciting. I’m already interested in the EFF’s work with digital rights and public policy so their panel was a natural draw for me. Typically, they describe what they’ve been up to over the past year and then open the panel for questions.
This year they opened with what they’ve been up to “over the past twenty-four hours.” One of the talks, “The Anatomy of a Subway Hack,” had been pulled from the schedule as the presenters (three MIT undergrads) had been given a temporary restraining order from a federal court. Their presentation was initially a class project to duplicate the London, Amsterdam and Rotterdam hacks on the Mifare system. Apparently the Charlie Card (like the Oyster Card) is incredibly insecure and one can store arbitrary amounts of money on the ticket, eliminating the need to ever pay again for the subway.
The presentation was being used (in part) as a pressure tactic. Their hope was to persuade the Mifare vendor to fix the system already in place in Boston. So, they offered to let Mifare be fixed. After it wasn’t fixed, they took the presentation to Def Con. In a ham-fisted CYA move, the MBTA took the students to court under the pretense of the Computer Fraud and Abuse Act. The EFF’s lawyers contend that the Abuse Act itself is horribly abused and misread and cannot be used to punish the students for what they are doing.
On Friday, August 8, the court handed over the restraining order without any time to challenge the order before the conference. So, the EFF folks read their press release and took questions. The general sense was that
the students were omitting enough details to keep the talk educational and not directly explain an attack,
this reading Computer Fraud and Abuse Act sets awful precedents for the future,
that only these three students have been limited from discussing the attack (that is to say, the other 8,000 conference attendees all have the presentation’s slides on their CDs and are not limited from distributing the materials). The slides can be downloaded in PDF format from MIT here.
The EFF assured us that the slot for the Sunday presentation would be filled with “something interesting.”
After this, Peter Eckersley gave a detailed presentation on Switzerland, a new program from the EFF for net neutrality. The software helps site administrators determine whether or not ISPs like Comcast are interfering with their traffic (specifically, traffic over peer-to-peer services like BitTorrent). It’s not yet a program for home users, but there’s a lot of work that’s gone into developing this much-needed tool.
I went to the Q&A session with the EFF after the general panel was over. They took questions from the smaller crowd. Most people were dropping kittens over laptop searches and seizures at the US border. More and more security professionals are encrypting laptops, as they are frequently stolen. If most (or all) laptops were encrypted, few criminals would find it worth their time to steal them. However, this emphasis is coming at the same time the US border patrols will consider encryption a sign of “something to hide.” The folks at the Q&A group were suggesting deliberate provocations for the border patrol. The EFF basically said that if you get arrested doing this, don’t call us–that’s not the kind of case we take on.
Afterward I talk to Eva, one of the EFF lawyers. I’ve been hoping to continue my work on providing theological support for privacy and security concerns. (Somewhere on this blog is my 2003 sermon against the USA PATRIOT Act.) She said that the EFF would be pleased to check over things that I write, not for theological correctness, but to make sure that I was accurately describing, say, network neutrality, fair use, or the FISA laws.
WarGames
After more time at the booth and quick dinner, I went to the 25th Anniversary showing of WarGames. It’s a movie that probably every person at Def Con has seen at least ten times. I know that I have. Even though it was the same classic movie, it was great to watch it with a large, like-minded group. Everyone cheered for the “nuke Las Vegas” line and clapped for the description of David Lightman as “intelligent but an underachiever,” which fits just about all of us.
Dark Tangent interviewed David Scott Lewis, who consulted MGM on the character of David Lightman. Lewis went on a lot of tangents himself, talking about life in China and generally avoiding talking about the WarGames sequel. The most informative part was on the original material for WarGames. Apparently the first screenplay was called “Genius” and was about a Stephen Hawking-like character trying to pass on his unification theories to a young protege. Of course, the final product wound up far afield from that first try!
Interestingly, David Scott Lewis took an informal poll from the audience and asked, “What other movie does a better job of depicting hackers and hacking?” No one had a good answer. The closest were Sneakers and the Matrix, but they were distant. I’d agree with the rest: there hasn’t been a hacking movie that has surpassed the 1983 classic in capturing that particular mindset.
After all the excitement from the booth, movie and the EFF, I was beat and went straight to bed.
After hitting the breakfast buffet, I made sure to get to the introductory Welcome talk. Dark Tangent gave a short overview of what was to come, including some details about the CD.
Most of the talk was lead by Joe “Kingpin” Grand. He talked about the technical aspects of designing and building the badge. There were more than a few snafus in the process, mostly logistical problems of getting everything to the fabricators. The badges were assembled in China and getting things through Chinese customs this close to the Olympics was just about impossible.
Here’s a short version of Joe’s talk about the design of the badge:
He really did a fine job of creating something good looking, fun to wear and easy to modify and build upon. He pointed out that the Def Con CD has all of the software tools you need to hack the badge.
I Hack Charities Booth
After the Welcome, I headed over to the I Hack Charities booth in the vendor hall.The vendor hall was smaller than I expected, but had a wide range of goods. Many booths simply sold hacker-themed t-shirts, stickers and music (a la Jinx). Others had over-caffeinated snacks and energy drinks. The EFF, FSF and UAT all had booths. There were a minority of people selling hardware: refurbished computers and wifi antennas. One booth (I forget who) represented a lock picking group and had all kinds interesting wares on the table.
Johnny gave me a t-shirt and I was able to wear it comfortably over my clerical collar. (Photos to come.) For the most part, I filled in while there were only a few people at the booth. Seeing that they were over-staffed, I headed off to another talk.
Hacking in the Name of Science
So I headed off to my first real talk and found myself sitting on the floor. This one was a panel discussion focusing on the theme of doing hacking in the academic context. One panelist was an associate professor and the others seemed to be grad students (I got there late).
Some of them spoke on the problems of RFID cards and demonstrated their research in tracking people who carry them and in reading them from much farther distances than advertised. Giving it a medical twist, one researcher worked with implantable cardioverter-defibrillator (ICD) devices. These devices are surgically implanted and programmed via radio to keep a patient’s heart stable. With his work, he was able to retrieve the patient’s medical information with a simple radio device and hinted at the possibility of reprogramming the ICD device with ugly consequences. In my mind, unknowingly surrendering personal medical data is bad enough without thinking too much about what reprogramming would do.
Satan is on My Friends List
I didn’t actually go to this talk, but it was one of the most talked-about ones at the Con. Widely known as “the Myspace talk,” the speakers talked about the problem of implicit trust thrown around so easily on social networks.
To give the talk an apocalyptic theme, the speakers wore clerical collars. For the rest of the Con, people kept congratulating me on a great talk. So, I had to remind everyone politely that I couldn’t take credit for that (and that I had earned my clerical ‘stripe’ and didn’t just order it from a catalog). I did pass on all of the goodwill to one of the actual speakers. I can’t wait to see this talk on Youtube later.
Generic, Decentralized, Unstoppable Anonymity
This talk was good, but kind of a chore. It was two hours long and went into great detail about how Internet Protocol (IP) has inherent problems and proposes a new Anonymous Protocol to replace it. Interestingly, he is designing it to be entirely backward-compatible with the current IP.
I gave up halfway through. I like the idea of a completely anonymous and private Internet, but can’t figure out how two computers can connect without giving up their identities.
NMAP Scanning the Internet
The famous Fyodor presented the major new features of his network mapping tool, nmap. Nmap scans networks and can report on what ports are open and, potentially, vectors for entry. There’s a lot of contributors to the project, so tons of new features got described, including the great eye-candy from “zenmap,” the improved graphical version.
To test his updated tool, Fyodor scanned about a million different Internet hosts at random. Several sites got upset, but generally were agreeable once he said that he was just trying to improve nmap. At one point, he received an angry email from some of the hosts he scanned, as they were (unknown to him) sensitive military computers. Fyodor said that he’d be happy to stop scanning sensitive military computers, if only he could have the IP addresses of those machines, he’d exclude them from the scan. Unsurprisingly, no miliatry administrator handed out the IP addresses of sensitive hosts.
Meet the Feds
I wound up late at Meet the Feds after stopping in at the I Hack Charities booth again. When I got there the Feds were playing “Spot the Lamer.” They had a random selection of conference attendees and were allowed to quiz them to see who was the nerdiest. It was pretty much over when one fed asked, “How many members of the Skywalker family can you name?” They had their lamer when one guy responded, “Just the movies or the expanded universe also?” (An uber-geeky analog to “African or European swallow?”)
I didn’t stay for the whole panel discussion. There were some interesting questions asked. There were two things that stood out to me from the talk:
The Federal agencies (NSA, FBI, NASA, Air Force Cybercommand, etc) are desperate for new blood. They stressed over and over that as long as you can pass a background check, someone will hire them. Seems like an awfully low bar. They noted that most of us here would take a significant pay cut in doing government work, but it’s a satisfying way to make a living. Asking for job applicants came up several times and it was apparent that they were looking for young blood.
The Feds are unsurprisingly not much interested in an anonymous Internet. They seemed to be interested in privacy and anonymity as long as they had some kind of “switch” to turn it off when they did special government work. Of course, this introduces (at least) two problems. First, you have to trust that the government officials will use it ethically, which they have repeatedly demonstrated they cannot do. Second, if there’s a special switch for the feds, what happens when a non-fed gets access to it. Nothing is totally secure and it would only be a matter of time before a non-fed can abuse that system.
With that, I had heard enough and sought out dinner.
Hackers Are People Too
Second-generation hacker Ashley Schwartau showed her fifty-minute hacker documentary. Ashley’s parents have been involved with Def Con for ages and started bringing her to the Con when she was 16 years old. Over the past year she filmed interviews at Def Con and Shmoo Con and got a good “slice of life” for what the hacker community is all about.
I found it a little uneven. There were some very moving moments. For example, Sandy “Mouse” Clark said that she never knew that she had no family until she found a family at Def Con that accepted her without preconditions. Other places were trite, focusing on beer, porn and nerds. Other spots were sappy, offering hugs from friendly hackers who mow lawns and do laundry like everyone else.
All in all, I enjoyed it, despite some flaws. The hacker community is obviously deeply important to Ashely’s self-identity and life story. The documentary was a wonderful craft to be offered as a paean to something she loves deeply and that come across clearly.
Here’s the trailer. Mouse appears briefly at 1:22.
Party
Through Hackers for Charity, I got an invitation to one of the private parties. It’s good to hang around Johnny. Although I went up to the skybox, I didn’t get into the party. The goons were doing a poor job of crowd control that night. Everything was overcrowded and overhot. So, I chatted with some folks in line for a while and went to bed (it was already 11pm).
However, something fun did happen. Everyone in line got rickrolled. Several guys came by with a wheeled cart. The cart had a laptop, strobe lights and enormous speakers. The laptop was blasting Never Gonna Give You Up for us losers who thought we were getting into the party. I’ve never seen a physical, meatspace rickroll before but the guys who did this deserve props.
Every post in this series will have the tag “defcon,” so they can be found together easily.
Now that I’m back from Def Con, I’ll be posting a day-by-day overview of my experiences. While there, I did not dare get online at all. Jason Scott referred to the network there as “the most evil thing ever” and most recognize it as “the most hostile network on the planet.” Since I had a Vista laptop, the only smart thing to do was to keep the wireless off.
Getting there
The trip in was a snap, beyond some plane scheduling snafus. Once at the McCarran Airport in Las Vegas, I was immediately assaulted by slot machines. Not just slot machines, but Wheel of Fortune-branded gambling boxes. I don’t know how they work, but they incessantly make the iconic chime sound of a new board appearing on the show. Very annoying, very bad.
I played “spot the hacker” while standing in line for a taxi. There’s a number of guys who fit the description. The “goth hacker” is easy to spot: long, dyed hair, piercings, lots of black. The typical “nerd hacker” is there: short, greasy, unkempt hair and lots of black clothing. There’s a few variations on the theme, but if you can see someone with a black T-shirt that has a Wolfenstein or Backtrack logo on it, you’ve got yourself a Defcon attendee there.
The Riviera hotel and casino was an assault on the senses and confirmed everything that I had heard about Las Vegas. It was Times Square with gambling: lights and noise and faux-gold inescapably everywhere. The layout of the casino was a maze of twisty little passage, all bringing me back to the gambling floor. I couldn’t go anywhere without passing a bar. There are, of course, no clocks and no windows; knowing how long you’ve been gambling is impossible.
Packet
After checking in, I registered for the Con. We all got a great package of stuff. Here’s what we got:
From 0 to 2pi radians, counterclockwise, here is what you are looking at:
0 rad: The Def Con CD that contains badge-hacking info, slides from the presentations, etc
pi/3 rad: The Def Con-themed room key. A nice touch.
5pi/6 rad: The Def Con book: schedules, maps and descriptions of the events, contests and parties
pi rad: The Def Con badge. Initially these were not available and we had to come back on Friday and Saturday to pick up the real badge. Later I’ll link to Joe Grand’s video of him building the badge, just to explain its awesomeness.
7pi/4 rad: The Def Con sticker sheet: large and small Def Con logos, including the rotary dial, smiley and crossbones, floppy disk. Also includes the ninja face, a fist with ROOT tattooed on the fingers. My favorite is the bottom right: the “Hello” sticker reads “Hello, my mother’s maiden name is.” Several people put these on their shirts with (ahem) colorful answers.
theSummit party
After getting settled, I headed upstairs to theSummit party. The party is for all Def Con attendees and serves as a benefit for the Electronic Frontier Foundation and the Hacker Foundation. The entrance is $40 and also wins you a year membership in the EFF.
The party is basically a mixer with free beer. I was there for over an hour, but didn’t stick around for the music that was promised to come. I met a few guys, mostly who were also new to the Con. They appreciated having the mixer the night before, as some of them had been to Black Hat or other conferences where there wasn’t a chance to do nothing but meet people.
I got to meet one of the speakers there, Weasel. Several people said (and I agree) that the mixer is a good way to meet the conference speakers in an informal setting without the demands of 800 other people trying to ask technical questions.
All in all, it was a fun first day, and I’m looking forward to what’s up ahead. More to come!
As I wrote earlier, I’m going to Def Con 16 which is only a few days away. The website seems to have a finalized schedule, so I’ve been trying to figure out how I want to spend my time there. So, I’ve picked out the talks and panels that I’m interested in and have emailed Johnny to ask about time that he needs help at the I Hack Charities booth.
There’s an Episcopal Church about 2.5 miles away from the hotel. Christ Episcopal Church seems to be the candidate for where I’ll be on Sunday morning. Their website is less than informative and welcoming. I’ll have to call ahead and check service times or just go somewhere else.
Most of the events that I’m interested in are the less technical ones and the more philosophical and political ones. Anything lead by the EFF, I’m there for. They have a panel on issues in 2007-2008 and a fundraising party too.
There’s a talk titled “Commission on Cyber Security for the 44th Presidency” that has no description at all attatched to it. That should be interesting. I’ll probably go to a few technical talks and weep at how I’ve atrophied over the past few years.
More than anything, I’m just hoping to talk to people. For the Hackers for Charity people, I’m curious to know what motivated them to try this particular project. There’s tons of more glamorous open projects out there–why this low-key, low-glam project? Is it for the free recommendation on the resume? Self-interest? Is there a moral or ethical reason to get involved in the charity work?
Like my trips to the Young Professionals Groups, I’m hoping that just being there in a collar will start some talking. Not looking to evangelize by any means, but just hoping to see what conversations get started.
