A n00b’s perspective on DefCon 25
When’s the last time you checked the news without seeing a story about hackers hacking someone’s personal information, a major studio’s intellectual property or, you know, an election? The concept of hacking is so ubiquitous in our popular culture, evident everywhere from celebrities’ leaked scandals to the media’s daily finger-pointing political tirades to Hollywood’s budding cyber-punk thriller genre. Ultimately, our society seems to understand hacking and the very concept of internet security about as well as we understand electricity: we know it exists but we would probably be hard-pressed to explain how it works. After an immersive weekend at DefCon in Las Vegas, however, even the greenest noob will have their eyes opened to just how vulnerable we all are, what we can do to make a hacker’s life more difficult and why the hacker is essential to keep the safety of the modern world in check.
The vibe at DefCon is exciting but curious. This year, 25,000 people from across the globe descended upon Caesar’s Palace in sin city to find trust within a subculture that inherently trusts no one. After linking up with far more experienced folks in this community, I was briefed on some basic Defcon guidelines. To start, the 3-2-1 rule is important to get the most out of the experience: three hours of sleep, two meals and one shower per day. Because even hackers are not robots. In honor of the 25th anniversary of DefCon, our badges imitated the design of the very first one, back before each human willingly carried a vulnerable personal information transmitter on their person at all times. I was also briefed on another important suggestion: prioritize a good conversation over a scheduled presentation that will end up streaming online anyway. This is how you build relationships within the community. Also, don’t photograph anybody without their permission. Not everybody wants to be seen here. As my Egyptian-Texan roommate taught me how to secure my phone from hackers, the personal information of the blissfully ignorant was projected onto the “wall of sheep.” Somebody described the conference as the internet personified. It sure felt like it.
This was all new territory for me. As I visited the lock-picking village and saw that even a child could break a lock, the world felt suddenly precarious and limitless. If something can be locked, it can be unlocked. It all comes down to that. And it was evident when a man demonstrated how he hacked and shot a supposedly “smart gun” designed to be accessed only by its owner. It was apparent when another man demonstrated how to hack into a POS system only to nefariously install and play Doom. It was evident at the car hacking village, the tamper-evident village, the hardware hacking village, the bio-hacking village, the social engineering village and, naturally, the voting machine hacking village. Did I mention there was a voting machine hacking village? All the machines were hacked over the course of the conference. If it can be locked, it can be unlocked.
Another important guideline to adhere to at Defcon is to avoid talking about things you know nothing about, a guideline I’m trying carefully to follow now. Besides appearing like a fool, you may also find out within moments that the person with whom you are speaking may well be the inventor of the thing you claim to know so much about. As I chatted with a new friend about the software behind the voting machines, I soon found out he was behind that software. As I discussed our government’s vulnerability against cyber attacks, another new friend shared his exploits working for and exposing Uncle Sam’s most embarrassing insecurities. As I showed off my new Defcon t-shirt, the guy drinking bourbon with me told me he designed it. Indeed, every guy and girl at Defcon brought a wealth of information and ninja skills with them. It felt a good kind of dangerous.
By the closing ceremonies, I felt like I had taken the red pill and was ready to see how deep the rabbit hole goes. For four days, I had casually chatted with some of the people responsible for the security of the very systems our civilization depends on. I had also spoken to folks who would gladly penetrate those systems just to see if they could. Often, it was the same person. Once you see the world through the lens of security, there is no escaping it. Everything you love is protected with a lock. And if it can be locked, it can be unlocked.
The spirit of Defcon was to challenge the mind, break the locks, “hack all the things” and unite the rebels through one of the last bastions of freedom: the internet. I couldn’t qualify all hackers any better than I could qualify all humans. I’m sure there are some who would joyfully upload malware and cause mayhem throughout the globe. I’m also certain that some would happily penetrate and expose the sins of the elite to take down the establishment with the help of Mr. Robot. I’m sure all of these characters exist. The true spirit of the hacker, however, goes back to that kid at the lock-picking village, amazed that she was able to break a lock. The true spirit of hacking is discovery. And I think (and hope) that bodes well for humanity.
As I return to my life in the matrix—to keep that metaphor going—I can see right through the false veneer. If you’ve ever snuck into a party where you don’t belong, figured out a gate code or broken into your house when you forgot the keys, you very well might have the spirit of a hacker. The next Defcon will be in Beijing. Perhaps we ought to hack our way into it.
I would like to thank all the organizers and characters present at Defcon 25. If you should get the sudden urge to hack me, feel free. My address is:
1600 Pennsylvania Ave NW
Washington DC 20500