From Aug. 8-11, nearly 30,000 people descended on the casinos of Las Vegas for the world’s largest and most iconic annual gathering of hackers and cyber security experts: DEF CON. Bellevue College was able to send nine of its computer science club members to attend in order to learn, network, and immerse themselves in the culture. The event was overwhelming in size and scope, spanning four casinos over three blocks and having events from 8 a.m. until 2 a.m. almost every day.
DEF CON has an interesting history and seems a bit daunting to a first timer. In its 27th year, DEF CON has come a long way since its days as an informal meetup of roughly 100 people. The FBI comes to the conference to hire hackers and many attendees make it a badge of honor to exploit any electronic vulnerabilities they can find. In previous years, the casinos have had slot machines hacked, the casino PA commandeered, a fake ATM which tricked hundreds of visitors who have had their usernames and IP addresses added to the “wall of sheep.”
I was slightly nervous before the conference. I read about how, with the wrong settings activated, people can remotely hack a cell phone, an RFID gun can remotely read the information stored in credit cards and some IDs, and more than a few horror stories about people having computers wiped and identities stolen. I took several precautions: all of my cards went into RFID-shielded cases, I deleted my banking and money transfer apps from my phone, and made sure I had cash to use instead of my card. Fortunately, a lot of the conference is focused on ethical hacking and nobody in our group had any negative experiences. We did learn a lot, though, getting a chance to participate in several hacking challenges and attend talks.
The organization of DEF CON is pretty awesome, with 27 different groups, called villages, which have their own area of focus, schedule of events, and many of them have year-round online communities. The village I found most fascinating was the social engineering village, which focused primarily on how people are actually the weakest part of almost any cybersecurity system. Some of the other notable villages we checked out included ethical hacking, which focused on how to use hacking for good; internet of things, which is the new wave of WiFi-enabled smart devices in many homes; car hacking; aviation village; voting machine hacking; hacking the sea; and biohacking, which focused on the connection between the medical world and computers.
One really cool thing that the conference does is use interactive badges. Typically, every other year they use an electronic “hackable” badge, which is what we had this year. The badges had sensors that could detect other badges, and the rumored task was to “bump” badges with each of the 10 types. Our entire group was among the 26,500 “human” badges that were issued, and it was a challenge tracking the other types, which ranged from 550 “goons,” or organizers, down to 20 “uber” badges. This challenge offered a great excuse to strike up conversations with random people and led to more than a few interesting and enlightening conversations. Nobody in our group completed the task, but we looked at the code and found that upon completion of the bumps, the badges are programmed to play Rick Astley’s “Never Gonna Give You Up,” a fitting tune for a community of hackers.