-
(music playing)
-
-
What the fuck, dude!
-
What the fuck!
-
Oh shit! There we go!
-
(music playing)
-
The history.
-
I had been running the Dark Tangent System,
-
that was the name of my bulletin board system.
-
The bulletin board was known around the world, we were on international FIDO networks.
-
And one of those networks called Platinum NET out of Canada, was going away.
-
He was shutting it down.
-
I was the biggest node, I had the most users, and I distributed to the United States.
-
And he wanted to throw a party, a going away party for all of his Platinum NET users.
-
But he didn't want to do it in Canada, and all of his users were in the states,
-
and so we were talking, he says "Well you should do it, we should work together."
-
And I said "Great. Let's do it in Vegas." That makes the most sense, cheap airfare.
-
And he said "Sounds good." And I mean, this happened over the course of less than a week.
-
It was really brief.
-
And then all of a sudden he disappeared, Platinum NET went down,
-
and all these years, 20 years later, I never heard from the guy again.
-
I can't even remember his name, it's been so long.
-
So when he disappeared, I had already started planning to do this going away party
-
for Platinum NET.
-
So instead, I invited all my networks and it went from being a going away party to, a party.
-
There was HoHoCon, there was an XCon. There was PUMPCON, Summercon.
-
But there was no real west coast con. So we figured, OK...
-
So it ended up being DEF CON.
-
The first one, there was a flier that went out and that kind of circulated
-
around on some of the sites, and, and I think that's how I came across it initially.
-
I'm assuming it was because of a book I wrote, or maybe my congressional testimony
-
I don't know, but somehow he had contacted me to come out and speak.
-
I actually didn't wanna go to the first DEF CON.
-
I did not want to go to the first DEF CON. A number of my friends were going.
-
They were trying to get me to go, they kept telling me it was going to be fun
-
and I kept thinking to myself, "I've never been to Las Vegas before",
-
and you know, I used to go to BBS user meets, and well, a lot of them
-
are pretty lame and I thought to myself
-
"OK, this is just going to be a BBS user meet... in Vegas."
-
Jeff contacted me somehow, said "You wanna come out to Vegas?"
-
I said, "Well, I don't like Vegas." "Come out and speak and there's
-
a bunch of people, Phil Zimmerman, and a couple of other folks," and...
-
DEF CON 1.
-
And I had a blast. I had so much fun.
-
It felt we were part of something that was really kinda legitimized
-
because there was this event around it, you know, it wasn't just,
-
you know, random people that you might have known or heard, or it wasn't
-
somebody (in the phone phreak world) on the end of a toll-free
-
loop around that you called at midnight. "Hey, who's there?"
-
So, I ended up meeting a lot of people, some of whom I'm still friends with to this day...out of all of that.
-
And I remember, after the first DEF CON was over, and I was back home, and I
-
was decompressing, somebody wrote me on UUCP in my email. Wrote me an
-
email and said "Hey, that was great. When are you doing it again?"
-
Until I had gotten that email, I had never thought of doing it again.
-
And then I thought, "You know, I could probably make this better. I could
-
change this, I could..." and then that started it, that was all, game over from there.
-
It was, every year, what can I make better, what went wrong, how do I fix it.
-
And that geek sort of fix-it mentality kicks in, and you're always trying to improve it.
-
It's sort of like this challenge you'll never solve, but you keep wanting to make it better.
-
(music playing)
-
The people who missed a few years. the differences between their experiences
-
is going to be pretty radically different.
-
DEF CON 1 was around 100 people, and we expect roughly 15,000 for DEF CON 20.
-
We work nonstop. I haven't seen 4th of July in like 7 years.
-
It's crazy that DEF CON, you can label it as a hobby, takes so much time.
-
Because it seems like pretty much from the moment DEF CON ends until the time
-
that we're spinning it up again, we're busy.
-
You know, technically I retired 2 years ago, but I can't give it up,
-
because it's such a part of me. I'm giving back to the same culture
-
that spawned me.
-
DEF CON for the last 10 years, especially, has been a very big part of my life.
-
It consumes most of my free time. DEF CON starts, for me, the day after DEF CON is over,
-
for the next year.
-
It's going to be amazing. We have so many surprises planned for the attendees.
-
It's going to be remarkable. This is going to be a really, really special year.
-
If you're sleeping, you're doing it wrong.
-
A lot of people who are hardcore DEF CON attendees, or staff, they negotiate
-
when they change jobs. "That's fine, everything's good, but I need to take,
-
you know, 2 weeks off."
-
I never thought that my party would be a job employment prerequisite.
-
(music playing)
-
I am not kidding, I am expecting another well orchestrated, well-oiled machine,
-
coming together and producing this amazing gathering of geeks.
-
No kidding, it's what we do. We come together and we do the HELL out of it.
-
And I expect it to happen this year.
-
(music playing)
-
There's absolutely a difference between driving and flying.
-
When Utah group, for example, used to go down to DEF CON, years and years
-
and years ago, there was a whole process where basically we gathered at this
-
restaurant called "D's", or we called it "Freaky D's", at like 2am,
-
and basically 20 or 30 of us piled into the restaurant and we'd have our caravan
-
of cars all set together, and that was our group of people.
-
There are some hijinks that I can't even imagine mentioning on the documentary,
-
that can happen on a long 9 hour drive from the Denver area to Las Vegas.
-
When you're driving, to get there, especially from the west coast,
-
you have to drive through the middle of fucking nowhere.
-
And it certainly adds to the experience when you roll in, and it's just after
-
sunrise, or just about sunset, you really have no idea what time it is, and there's
-
Sin City, and of course you're playing "Viva Las Vegas" by the Dead Kennedys
-
or something like that. It does add to the experience I think.
-
(music playing)
-
"Actually, here comes the Hack Bus now." "Pretty awesome!"
-
It kind of blows my mind that everyone's so excited about going to a BBQ
-
six miles away from the con that have to rent a taxi for, or go to the store and get food.
-
I don't know. I just feel like the BBQ is this misfit love child of DEF CON,
-
because everyone's, "There's this thing that happens over there and they're grilling alligator and elk and all this crazy meat."
-
"Why can't we ever go? Where is it?" And that kind of adds to the mystery and fun of it.
-
(Music playing)
-
Man, did I never expect that to become something a thousand people strong, now.
-
(Music Playing)
-
To me that shows an awesome community and spirit, and an effort of
-
"I want to see my friends and hang out with them and I wanna do something simple, like eat some food."
-
You know, it's not at the con, there's no crazy music, it's just a BBQ.
-
Ever since I was in town around DEF CON 10 or 11 you see those signs in the
-
airport, "Come Shoot a Machine Gun." Which, you know, is fine for me,
-
I've done that, but a lot of my friends said, "Man, I'd love to do that!"
-
Well, I said, let's just go out in the desert, I'm sure we can find a nice group rate, and
-
and we'll shoot out in a sand pit, and everyone had a blast, and they said
-
"Boy! This was great, you want to do this again?"
-
So now, there's just this well known, public shooting spot,
-
way out on the Lovell Canyon Rd, where anyone can go and
-
shoot what they want, as long as they police up the area. And we use it and it's
-
again, much like DEF CON itself, getting popular and growing.
-
Now we have canopies and tables rented, that I arrange. There's a small per head fee,
-
just to cover that. We had a hundred people on the line last year. We've got damn near that
-
many registered this year. We're going to stay safe and see what we can make happen!
-
(Gun shots, talking)
-
Can everyone hear me, over the reports, over the berm? (Yes, yes mumbles, Alright)
-
All firearms are always what? Loaded! They are always loaded!
-
Nothing is ever an unloaded firearm. You always point the firearm where?
-
where? In a safe direction. In a safe direction.
-
Yes. The key point being, not just being what is your target, but what is beyond it!
-
The hacker community, you can never put a single hat on anybody, but there's a libertarian undercurrent to
-
a lot of our membership, so being able to treat guns as, well, that's this piece of equipment
-
if you use it the right way, it's great. It percolates through most minds.
-
So, you get the occasional raised eyebrow, but half the time that's the person who's, like,
-
"I'm gonna go see exactly what you think is so fun," and they're out there shooting a cannon, or
-
an automatic rifle, and they say, "Boy, I get this."
-
(Bullets plinking, ricochets, music, cannon booms.)
-
I think it was the year when it was at the Aladdin, and we'd forgotten to sort of clean up our
-
room, or we didn't think the maid was gonna show up as early as they did, and we had gone off to breakfast, and we came back
-
and the maid had been in the room, and cleaned the room, and organized all of the drugs!
-
So there's a little pile of acid, and a little pile of ecstacy, and some other pills, and they're
-
in nice, neat little piles, and everybody's like, "Well, I guess things are different in Las Vegas."
-
You've got to put the convention in a 24 hour city.
-
You know, it's got to be like a New York, or Vegas, or maybe a San Francisco, because
-
hackers get bored, and there's got to be something for them to do. And I saw what happened when you had a lot of bored hackers running around.
-
You know, a lot of activities in the computer underground
-
would happen after midnight. That's just the way it is. So, you know,
-
the fact that people can move around, and not be noticed as much being
-
a group moving around at midnight, that kind of added to the appeal.
-
I'm big on privacy. Nevada still respects people's personal privacy.
-
You know, your hotel room is considered your domicile.
-
It sounded fun... you know, just a bunch of computer people, it just seemed like
-
my group was in Vegas and it sounded like a really, really fun time.
-
So, that, you know, whole underworld connotation of it all,
-
was very attractive to me.
-
So I feel like there's gonna be a stream of people really dedicated, like, "We're gonna be first! We're gonna be first in line!"
-
I wanna make sure I get a badge. That was my biggest concern since my first DEF CON, and I wanna make sure I walk away with a badge.
-
We're all DEF CON virgins, we gotta pop that DEF CON cherry. Get those badges!
-
INTERVIEWER: How many hours do you have before you get your badges?
-
At least nine hours now?
-
(Background noise)
-
Ok, and that's $20. So, that's $20 plus $20 tip for you.
-
Thank you very much! Yes, we drink. Good! What are we drinking? Stop recording, please!
-
We've got pizza. Pizza is GOOD! Alright.
-
Jet-Lag has sunk in. It looks like he's using a pizza box for a pillow.
-
We will not abandon our posts.
-
(Music and background noise.)
-
(Music, background noise, and crowd control.)
-
(Music and background noise.)
-
This is my first DEF CON badge! INTERVIEWER: Now what made you decided you were going to come to DEF CON?
-
My husband's work decided to send him, and I started going through all of the videos
-
that they had for DEF CON 19, and I started looking at that and going, "Oh, this is really cool!"
-
This is the 20th DEF CON, and I've been wanting to do it for years, and it was just one of those things that just sort of lined up,
-
all the moons lined up perfectly.
-
Definitely heard a lot about the con. It's a somewhat affordable con, and there's lots of technical discussions.
-
A whole bunch of really smart people that probably know more than I do, most of them, so I hope to learn something.
-
You know, an opportunity to hang out with those people who really know what's going on.
-
You know, it's too enticing to miss out on.
-
I thought this would be an amazing place to just meet really intelligent people.
-
So, now I'm here and I'm really excited!
-
To meet a lot of interesting people and learn a lot and have a lot of fun at once.
-
It's kind of, you know, a big congregation of
-
people who live anonymously online, get to actually
-
socialize in person, and not have to worry about,
-
you know, revealing their identity.
-
Well, I've read all kinds of dire warnings about using anything
-
that's potential hackable, and nearly anything is hackable.
-
I was told to take the battery out of my phone.
-
You know, I've got a check list sort of in my mind, you know, kilt,
-
colored hair, drinking before 10am I haven't seen quite just yet...
-
Every single device in the world has some kind of computer in it, and they all
-
have vulnerabilities one way or another and this is information of
-
what those vulnerabilities could be and how to fix them and improve it for the future.
-
INTERVIEWER: Are you the teacher? - Yes. INTERVIEWER: You are the teacher, and this is your first DEF CON?
-
- Yes. INTERVIEWER: And you thought to take a pack of neophyte students into
-
Las Vegas to go to a hacking conference? - Yes. INTERVIEWER: Do you have tenure?
-
Rule Number One: Follow the 3-2-1 rule. DAILY.
-
And please bear in mind, these are minimums,
-
at a minimum, three hours of sleep.
-
Two meals. One shower.
-
By tomorrow afternoon, the pungent and stank aroma
-
of many DEF CON attendees will waft through the air and hit you like a Mack Truck.
-
So, remember, you plus deodorant equals everybody wins!
-
(Laughter)
-
I, like many people here, will not remember your real name.
-
There are lots of Steves, Jeffs, Chrises, and Bills, but maybe only one, maybe two, with your unique handle.
-
Hopefully, you've picked a good and unique handle to avoid conflicts in the namespace.
-
(Music)
-
Create a good handle for yourself, before someone creates it for you.
-
So I've got a question. Who here is from other countries?
-
WOW. (applause)
-
That's impressive, thank you for coming all the way to join us, you guys,
-
that's awesome that you came out.
-
DEF CON is truly an event and a conference where you get out
-
what you put into it.
-
DEF CON is the one time a year where everything that we do year-round
-
actually becomes physical.
-
All these people that you've met in IRC, All these people you've been chatting to,
-
All these people you've been reading their research, following their work,
-
looking at the different things they're publishing... They're here.
-
Walk up to them, tell them that you like their work, and buy them a beer.
-
They'll probably be your best friend.
-
That's one of the biggest things about this crowd you've got to really swallow
-
is the fact we're all super, super approachable.
-
You can be a wallflower here and still get a lot out of it, but you're not gonna
-
get your 200 bucks worth, frankly.
-
You're gonna have to interact, work with people, get to know people,
-
go party with people.
-
If you don't know something, be proud of that. Be like "I don't know this.
-
Can you please teach me? Can you please educate me and train me?"
-
This crowd loves spinning people up.
-
Take the time to go in and learn from these people. They're geniuses,
-
truly geniuses, and some of the best in the world in whatever it is
-
that they're presenting or working with. So, take advantage of it, you guys, OK?
-
Alright, the next rule is one that basically says
-
"The media is not your friend. Don't trust them." (laughter)
-
INTERVIEWER: What do you think is the number 1 thing people misunderstand
-
when they show up to DEF CON?
-
That it's a den of illegal activity and you're gonna come learn how to do really
-
neat, illegal, black hat, gonna get in trouble if the FBI shows up at your door
-
and you should show up with your ski mask on just so no one can know your identity.
-
INTERVIEWER: What is it actually then?
-
It's a publicly funded, private party for a bunch of really cool people.
-
Yeah, our reputation is ... it's out there, but people are proud of it
-
and I'm probably the only one who tries to go around and go "It wasn't quite like that,
-
it was sorta like this."
-
I don't think people understand how much goes into creating a show of this size.
-
DEF CON looks like this big amorphous jellyfish of people everywhere, but what I hadn't
-
realized is that there is really a lot of stuff that goes on on the back end
-
to keep it running like clockwork.
-
That's what makes DEF CON so exciting. It's super organic, is the way I see it.
-
If you're inflexible, it doesn't work with DEF CON because there's too many
-
people and you'll just break, and that's just the reality of it.
-
I always joke for me it's an opportunity to spend 4 days out of the year
-
not caring about computers or computer security.
-
Everybody's Christmas, New Year's, Birthday, Anniversary, wrapped up into one, for hackers.
-
It's an experience that's not like anything that anybody has described because it's
-
kind of something you can make what you want out of it.
-
You can show up and you can just go to talks and you can sit there and get that
-
out of the conference or you can show up and just party. You can show up and hang
-
out in your hotel room with a bunch of friends. When it comes down to it,
-
you're the driver of the experience. It's not a pony show where you can just, you know,
-
sit down in a seat and let it unfold before you. The more active you become
-
inside the con the more fun you can have.
-
For me, I think it's more social.
-
Mainly, for me, it's just a lot of close friends that I get to meet once a year
-
because of the diversity of where they all live in the United States.
-
So this is kind of like a meeting point.
-
Go out there, be social, just run into people and say "hi" and just strike up a
-
conversation because you will meet interesting people here.
-
It's fantastic, everybody is friendly. I can sit down and talk to anybody and I
-
just ask them "what do you do" and they're happy to tell me about what kind of
-
employment they do or the hobbies that they're in. It's just striking up
-
conversations. That's my personal favorite.
-
It's a combination of the people who I run into at DEF CON and just sort of the atmosphere.
-
It's like a giant party that doesn't want to end but there is a lot of
-
really smart people in one place and it's just, there is really no other place like it.
-
(music playing)
-
(music playing)
-
The first qualification, if you will, to be a vendor at DEF CON is "how are you
-
providing back to the hacker community at large." A lot of money goes through
-
there. It's kind of staggering. One thing that we try and do is most of these
-
guys, most of the vendors if you walk around that room, this isn't their primary
-
business. These are people that are in the community. Take a look at these guys.
-
They're only doing this this time of year and it's only to provide something to the
-
community that they think is neat. Those are the kind of folks that
-
definitely get a priority when I'm looking through applications.
-
(music playing)
-
INTERVIEWER: It looks like you're doing things right.
-
Ok, is this on? Oh, Boy! Ok...
-
What I've tried to do with the whole hacking community is raise the level
-
of discourse, that's the thing is, to bring information, to make it
-
accessible and widely dispersed at a reasonable price and make people happy.
-
And if i put a smile on their face it's like "Wow, really, that's a great price and
-
I get that too?" That's good. I don't need every last dollar. What are you gonna do
-
with dollars anyway? They're just numbers.
-
Our main job actually is to create mayhem. That's actually what we've been asked by
-
the management. Make sure we create a lot of mayhem. We actually have official
-
DEF CON 8 posters from years ago that we found, so, we're not selling them,
-
we're giving them away, but you have to convince us to give you one, and that
-
requires mayhem in the dealer's room of some sort that we don't officially support
-
but for some reason they end up with a poster. Who knew, right?
-
We are simplewifi.com. We are long range wireless made easy. We custom make all of
-
our antennas in Miami, Florida, so if you want to go creating a hotspot around your
-
whole neighborhood or you have that guy with an unfortunately has an open signal and
-
you don't want to pay for Wi-Fi you can set your antenna pointing right at it,
-
grab that signal and you have Internet for free.
-
The people that want something one year that you didn't bring, invariably won't
-
want it next year. It's like everyone wanted network cables. Everyone wanted PIN card readers,
-
or prox card readers or mag stripe readers, encoders, decoders, you know,
-
it varies every year. And then everyone that leaves something behind, like
-
"We need a hub" It's like, OK...
-
I only have 53 tables in total that can be sold. Some vendors are getting 2,
-
some vendors are getting 3 so you have to decide what's going to actually provide
-
the most benefit to the attendees, what are they actually gonna want to buy and
-
we certainly have made mistakes in the past. For one thing....
-
It used to be we shouldn't have even called it the vendor area. There were a couple of years, and I
-
can't blame anybody but myself for this, where it should have been called the
-
"buy your t-shirts room." The only thing that was for sale in there was t-shirts.
-
You had 2 hardware vendors and 33 t-shirt vendors.
-
Hackers love their t-shirts. In a weird way, it's like a way to kind of express
-
your identity.
-
I think we all do that through our shirts. It's a way when you're
-
walking down the hall at DEF CON or any
-
other conference or at work or wherever
-
for people to kind of get an idea of who you are.
-
So yeah, I mean the T-shirt aspect of it is certainly important.
-
This is the one place I can wear all my T-shirts...
-
and people will know what it is. - Yeah, people get it.
-
There's something about that like, cinematic hacker.
-
That's both goofy and inspiring and...
-
Like I still play up... There's this mystery around it.
-
Oooh, Spooky Hackers... and, like there's this dark side to it..
-
and I still think I play that up in the art.
-
That I'm still intrigued... I still don't know all of what's going on...
-
Like, I'm a maker... I'm not a hacker.
-
So, I was a goon the first year and
-
they stuck me in the info booth.
-
And then, about half way through the first day Russ came over first and said...
-
"Hey I want you to draw on my badge..."
-
We had great big badges that Joe Grand did...
-
..and so I drew on it and then...
-
Pyr0 came over and said "Hey, draw on my badge."
-
And then in like 10 minutes there was this line
-
out the door of people like "Draw on my badge.."
-
and so Russ came up with the idea...
-
"Well, if you're going to draw on the badge...
-
"Why don't you make them give $5 to EFF for every badge you draw on.
-
and raise some money."
-
So, like, laptops I'd charge $20 for EFF...
-
and then it ended up with a pile of money for EFF like the first year.
-
So then the second year they said "You're not going to be in the info booth.
-
"You're going to have A booth and sell art and draw on things for people
-
to raise money for EFF." And that's how that took off so...
-
[music playing]
-
You have to believe in what you're doing...
-
and you have to believe that whatever you have
-
is the hottest, coolest, newest, best thing...
-
and that if you have any shred of doubt about what you're presenting...
-
or if your hearts not 100 percent into it, the audience is going to pick up on that right away.
-
And... tune out.
-
That's the thing, I think the B.S. filter here at DEF CON is very, very strong.
-
I think the talks and the speeches are absolutely important
-
because it gives the world an opportunity for a very inexpensive price
-
to be able to go learn from the absolute best in the world in this industry
-
about the absolute bleeding cutting edge of technology...
-
[music playing]
-
It was between 300 and 400 submissions that came in for people that
-
wanted to speak at DEF CON this year.
-
Yeah, it was a rough, rough year just because of the number of quality submissions...
-
There were some that any other year absolutely would have been accepted...
-
I think because this is the 20th DEF CON and it's because people want to be
-
a part of DEF CON 20... we got so many more submissions.
-
And so many more quality submissions...
-
DEF CON speakers are all different types. Especially this year you have... you have generals, and you have 15 year old kids...
-
all of whom have something different to contribute.
-
There's not really one thing you can say that unites a DEF CON speaker...
-
except for their desire to present their ideas to an audience.
-
[music playing]
-
[applause]
-
And we've got a really cool V.I.P. this year... Yup... Really Cool.
-
They better show up. [laugh]
-
The big celebrity speaker V.I.P. for this year at DEF CON,
-
The director of the NSA and director of cyber command
-
General Alexander.
-
We've been trying to get somebody from the NSA
-
high level to speak for... 10 years.
-
and it just so happens that we finally get somebody.
-
And it just happens to be our 20th year anniversary so...
-
the timing just works out really well.
-
And I know people are going to get all bent in a knot over it...
-
It's going to be like the love-hate relationship...
-
They're also going to be really interested in what he has to say...
-
and at the same time be really fearful of the NSA.
-
It's a milestone to see someone of his position and level
-
come here and speak about security and hackers and those types of things.
-
Jeff Moss made a valid call and he kind of said...
-
"Look, you know, we have to interact with these people." you know.
-
we have the technical skills and they're the ones calling the shots.
-
so we've got to interact with them. and at the end of the day...
-
we've got to educate them. ya know?
-
Helloooo DEF CON!
-
[applause]
-
Something I try to do with DEF CON is I want to
-
expose you guys, from the very first DEF CON,
-
to people you don't normally see like...
-
I'm sure you guys just don't hang out and have coffee with
-
the General and, neither do I
-
so to me it's really eye opening to understand the world from their view.
-
Having the NSA here was a great unveiling of the support
-
and I think a little bit of appreciation from the government
-
towards our community now, and a little bit more understanding
-
of the work we do, and the actual end goals of what we are trying to accomplish here.
-
[applause]
-
Thank you...
-
It's an honor to be here. It's an honor and a privilege
-
to be here.
-
You know, one of the things I want to talk about
-
is the Freedom domain. The Internet.
-
And what we can all do to work on this,
-
and so I've got about 6 hours of presentation and slides [audience laughs]
-
that we'll cut down to some meaningful time for you.
-
I think it's amazing and D.T. wouldn't believe you if you could
-
go back in time and tell him that 20 years from now
-
you're gonna have an NSA general here talking to the group
-
sort of as an ally.
-
Seeing people like General Alexander come down
-
and meet with us hackers... it's just amazing.
-
I've been in the hacking scene for over, what, 25 years now
-
and I remember the days when we were just considered criminals
-
that no one wanted to integrate with, they didn't understand how
-
a hacking ethos could be applied to things that weren't illegal.
-
And now...this completely legitimizes what we're doing.
-
People want to see what we're doing and they want to hear
-
about what we're doing, and they're realizing that we
-
have a role to play in keeping the world's infrastructure safe
-
and keeping the government safe.
-
And that... that's awesome.
-
And there's a lot of things that are going on here.
-
We can sit on the sidelines, and let others
-
who don't understand this space
-
tell us what they're going to do, or we can help by
-
educating and informing them on the best strategy going forward
-
that benefits all of us and our nation.
-
And that's the real reason that I came here,
-
to solicit your support.
-
But on the other side we also have super privacy advocates,
-
the E.F.F. is going to be right there next to them.
-
And they're probably in a constant lawsuit with the N.S.A.
-
so... we try to represent both sides.
-
I mean, they're the ones that have been out there and
-
helping when people try and do crazy laws
-
that, you know, don't really understand the implications.
-
The E.F.F. will step up and try and right the ship
-
and make things good for everyone and
-
we like to support them.
-
And what I'm trying to do when I have these speakers
-
is I'm trying to expose the audience to people they wouldn't normally
-
come in contact with. It's not just always fun and games.
-
hacking a system. There's a bigger world out there,
-
and you're playing a part in it.
-
A very important part.
-
And if I didn't, I kind of think I'd be doing a disservice.
-
It would be sort of like intentionally, I don't know, not aiming as high.
-
So, if you don't like that speaker don't go to that talk.
-
And I think that when you bring in not only our great talent here
-
but those of our allies I think that's absolutely superb.
-
All right, that brings this session to a close, so let's
-
have a round of applause for General Alexander.
-
[applause]
-
[music playing]
-
I think the contest and events is very key because
-
it's one of the things that you'll find if you go to a lot of different conferences
-
especially in the security arena... it's very boring. [laughs]
-
Usually you're sitting around in a bar getting really, really drunk
-
with a bunch of friends.
-
And going to a couple talks that you're interested in seeing.
-
But over all it's a lot of looking for something to do.
-
We've just grown to where now I believe I'm managing about 50 events.
-
50 events and contests throughout DEF CON 20.
-
[music playing]
-
INTERVIEWER: What's going on? -Not much, just cutting some mohawks.
-
It just started out as shenanigans... with, like, drunk people in bathrooms
-
at DEF CON.
-
But people started giving us money. I started telling them to donate to the E.F.F.
-
and so people told me I should make it official cause
-
it just became tradition.
-
(music playing)
-
Last year we raised about $4000 total for EFF, Hackers for Charity,
-
and other hackerspaces around the country.
-
(music playing)
-
I've been growing my hair out for 2 years ...it was difficult for the girl, because
-
she was about this tall and she had to stand up on a chair to actually
-
finish it all.
-
This year we have a goal because last year he shook on it:
-
DT will be getting a mohawk this year, if he likes it or not.
-
(music playing)
-
I've been playing Hack Fortress, which is an amazing competition, it's one of the highlights
-
of DEF CON for me. Essentially we have a team of 6 to 8
-
players who play Team Fortress really how it's meant to be played.
-
You know: Medic, Heavy, and they try and capture points. We as the hacking team,
-
essentially we're doing hacking challenges: cryptography, forensics,
-
physical challenges, social engineering, information gathering, and that gets
-
our team benefits. So it might light the other team on fire, it might make
-
everything our team shoots a critical hit. It's just a really cool combination
-
of both gaming and hacking which, you know, is awesome.
-
(music playing)
-
Now you've got an objective here, you've got a 3 person team, and you
-
have to infiltrate this office, steal a lot of information and get back out
-
again, in 15 minutes.
-
But it's a penetration and data exfiltration job. So team-based people
-
will penetrate into a virtual office, and we're framing out the walls and
-
everything. You'll have to pick in, once you're in, a team of people then
-
can try to get documents, which you don't just unlock a lock, you have to
-
spread them out, legibly photograph them, put them back where you found
-
them. I think we're including now, there's a smartphone, like an Android
-
phone, so you have to hold it up just right and maybe you see the pattern.
-
You swipe it out and you get some contacts.
-
So I have this computer running Windows 3.11, so I'm watching people try to fumble
-
their way through Windows File Manager, looking for data, but the really key
-
thing is that if you can unlock the computer where it's chained up,
-
can you get the whole computer out of the office, and can you do it without
-
powering it off?
-
So we are hot-jacking into the wires, splicing in the UPS using a tool
-
the feds use, called a 'hotplug', to transfer the switching of the power
-
on a whim, but a lot of people mad dash, half tiger-team, half Marx Brothers movie,
-
running around this office, getting everything, getting out clean, locking
-
it up after themselves. Yeah, I can see a lot of us who used to be the guy who
-
would maybe get drunk and worry about being arrested, now we all have jobs
-
where we do this professionally and get paid for it.
-
(applause)
-
(music playing)
-
All right, all right, we are ready to begin! Everyone we're going to do science over
-
here, we're going to do less science over there!
-
These teams are tasked with cooling the beer to exactly 42 degrees...which is
-
ridiculous...but...
-
People came through...people came through in amazing ways that I never expected.
-
This year I took away all the restrictions about what you can and
-
can't do and I said you have to get it to exactly 42 degrees.
-
And....time!
-
And this last minute entry "Team Ice not Science" if I got their name right...
-
hit it! Exactly! ... It was a fantastic success in the end!
-
(music playing)
-
Stop! This is ShizNiz live from DEF CON in the beautiful city of Las Vegas
-
behind me you can see the skyline...
-
It's a rooftop! Look at that rooftop!
-
Over to your right if Dave can get it...
-
There you go, there's the mountains...
-
There's the Alexis Park...
-
(music playing)
-
The Alexis Park is part of the DEF CON legend. It definitely, it's probably the
-
closest thing DEF CON has to a home.
-
I know, I wish it was still at the Alexis Park.
-
There was a long period of time that I associate with Alexis Park.
-
We were there for a long time, like 6 or 7 years
-
You've got the whole property. You can hang out by the pool...
-
This is some horrible 70's-like apartment building laid out rows
-
of these hotel rooms, with pools and grassy areas down the middle.
-
It's like multiple pools that we could just party at all night...
-
If you don't know what the Pool 2 means, if you don't know what Pool 3 means...
-
You weren't there...I mean it, some really ridiculous stuff went on.
-
Pool 2 and Pool 3 were just sort of like these nexuses of activity and energy...
-
You could be guaranteed to find something going on at 2am, 3am all the
-
way to the sunrise.
-
And we had folks that were underage, and we had folks that were overage, and
-
everyone was not sober, and doing their thing...
-
I was told at one point that at the Alexis Park, we did enough business in
-
alcohol sales that equalled about 4 months of their normal alcohol sales.
-
And you talk about debauchery?
-
The AP was where true debauchery at DEF CON occurred.
-
(applause)
-
(cheering)
-
And at the time, the hotel owners, they were alright, they were alright.
-
They basically had the attitude of, "You know what? You can trash our hotel if you want."
-
"You'll pay for it, but at the end of the day, we'll take your money."
-
They weren't as concerned about the lights around the pool getting destroyed,
-
any things of that nature, so it was a little bit easier to deal with, you know,
-
destruction in that way.
-
I go to check in, and they hand me a list, "Ok, let me explain this to you."
-
And it's a list of all of the objects in the room at the Alexis Park
-
with a dollar amount next to it. "If you would like to destroy this object in your room
-
this is how much it will cost you."
-
You could just get insane and you weren't waking anyone up, you didn't have to
-
worry about security coming and telling you to stop doing something because
-
usually you were doing it to somebody who wanted you to.
-
The Alexis Park, we were much more hands-on because they didn't
-
have a security staff that a casino has
-
So I was arrested at DEF CON in 2002 by the hotel security guards, but I don't
-
know who ordered it, I guess a goon, probably Priest ordered it, and I ended
-
up in the Alexis Park jail, which is very roomy, it was kind of a Bacchanalian,
-
Mediterranean motif, there were grape leaves on the walls and things like that.
-
There's no bars or anything like that.
-
And since it was a non-gambling hotel you could do whatever you want, wherever
-
you want, because you didn't have to be an adult.
-
You used to make announcements at DEF CON that, "So and so's parents are
-
looking for their runaway child," you know, who was 17 and was off at the con
-
It was a different experience, everybody says "I wish it was the Alexis Park again."
-
"Oh, I wish we were back at the Alexis Park." Honestly, I do too. I really liked the
-
environment, the pool parties, the open atmosphere, we had the whole hotel.
-
But then everybody forgets that, oh, the lines are ridiculous, all the rooms were overcrowded
-
Oh, I couldn't do anything, it was awful.
-
There was no room for speaking. I mean, people would make t-shirts about how
-
terrible it was to get into the tent in the parking lot.
-
So, it's better, it's more organized, yeah It's a little different, I wouldn't go back.
-
For us to go back there now, we would have to cut this conference by 2/3.
-
And, nostalgically, yes I look back on that time, and it was a great time.
-
But we need a venue the size of the Rio, now, to support the size that we've become.
-
But, that's probably the time, when, things seemed to settle in.
-
That, you know, we've going something going here, and it's probably going to continue for a while.
-
Well, and that's one the things. Obviously, the Alexis Park is near and dear to a lot of people because,
-
this is, you know, how many years have we been away from the Alexis Park?
-
And still, every year, somebody drives over there, walks into the front of the hotel,
-
and steals the giant floor mat in the front, and brings it back to con. (laughing)
-
A conference badge has three purposes.
-
The first purpose is to show that you've paid for the conference. It's a security token.
-
Number 2, it sets the level of your security, when you're within the conference.
-
Third, I wanted the badges, that I created, to be something that helped brought people together.
-
I intentionally designed the badges to cause people to have to look at each other, and talk to each other.
-
To get to know somebody that they might not otherwise have known.
-
It really is the interaction with the other people at DEF CON that makes DEF CON what it is.
-
It's not the "oh, I have this uber, awesome, electronic circuit badge that does such and such."
-
It's the people wearing the badge that matter. And, I think a lot of people miss that.
-
The years where we've had an electronic badge, people show up wanting to do something with this awesome
-
little piece of tech that they were just given for their entry fee.
-
This is, we're helping... This is like an open badge solder session.
-
We're helping people complete adding the connectors to their badges.
-
We're not doing it for them, we're assisting them, and letting them do it themselves. Because that way they learn how to solder.
-
So far, no one's done anything that hasn't been able to be fixed.
-
So it's more of just learning, and, community learning project, I guess. Just doing the badges.
-
Yes. First DEF CON. First time soldering. A lot of firsts this weekend.
-
I really like to help other people just get better at what they do.
-
Or to find an inspiration, something they're passionate about.
-
And I like to help them progress along that path.
-
Pretty much 90% of the people here have never soldered in their life.
-
This is their first time. And that's the goal.
-
It lets people, introduce people. Hey, it's not that scary. It's okay.
-
We're here to guide you, and maybe, you'll do it in the future. And if not, you'll know you've done it. So it's one of those skills you'll have.
-
Usually, the only people that are really getting it, are sequestered in their hotel room, just, going crazy on it.
-
There are some people that counterfeit the badges every year.
-
And we try to make the badges hard to counterfeit. And there are some people that spend a lot of time counterfeiting the badges.
-
And, I think that's cool.
-
If you can counterfeit the badge, and you can get past the guards, repeatedly, good for you. You probably deserve to get in. Right?
-
That's what a hacking convention is all about.
-
If you're good enough to fool everybody, you've put more energy into hacking that badge than we did, probably, producing it.
-
So, good for you.
-
They had the smiley face, you know, skull and crossbones, the basic logo for the con.
-
And I think their first design flaw was, same PCB board, different colors.
-
So you had people that went out and spray painted them. And things like that.
-
Well, the absolute worst thing to do is to step into the goon SOC (Security Operations Center) with your cute, little red badge, and claim that you're a goon.
-
Because we all know who we are. And once the door closes, you're ours.
-
(music playing)
-
And so it was a space where I felt more at home, where I didn't have to explain anything to anybody
-
than any other context I'd ever been in.
-
Real hackers are incredible.
-
They take nothing for granted, and they look at things to see how they can be combined to make something new.
-
And hackers really have a interesting, innovative, creative way, the best of them,
-
of looking at all sorts of problems.. that a normal person wouldn't know how to do.
-
And being fearless in the face of ambiguity;
-
holding multiple representations of reality simultaneously, in their minds,
-
even though they may be contradictory, and conflicting...
-
And holding them there, lightly, while you explore which ones are a best fit for now,
-
to the sensory data coming into society...
-
You know, Feynman, great physicist, he said "The interesting fact is the anomalous fact."
-
Emphasize both fact, and anomaly.
-
Because it says there's a whole cornerstone here of another way of looking at things,
-
that we're missing.
-
Well, that's what hackers are looking for. And that's why I've taken to it so.
-
Because the edge where new realities are appearing, and normals don't see them at first...
-
But hackers are looking for them. They're kind of the little homunculus, inside the machine.
-
When I come here, I don't have to explain anything, to anybody.
-
my point of view, or my point of reference.
-
Or, why I said what I said. Or, what was ironic. Or, or, what was meant straight up.
-
Because people just kinda get it.
-
And that's a terrific thing.
-
(music playing)
-
Probably our signature event, is Capture the Flag.
-
When you go to DEF CON, and walk through the Capture the Flag area,
-
you're seeing some of the best of the best teams that are out there.
-
Well, this is really, this is the Wimbledon, this is the place around the world where it all comes together.
-
What strikes me isn't in the room. It's the fact that there were a couple thousand people competing, from around the world, to get into that room.
-
Some of those guys, that travel from like South Korea, or from the Middle East, to do CTF...
-
they came thousands of miles, and are not going to sleep for three days.
-
To participate in one game, at one event, that happens once a year.
-
And that's what amazes me.
-
It's about a bunch of different teams, getting together on a big network,
-
trying to steal each other's stuff, in essence.
-
Capture the Flag has been there since the beginning.
-
And, really, from a hacker perspective, it's the type of thing that you think of,
-
"Hey, how do I take over this guy's computer?"
-
Don't miss any con where you can sit down at a laptop and make the network work, and start breaking things.
-
(music playing)
-
So, Crash and Compile is a programming contest, crossed with a drinking game.
-
What could possibly go wrong?
-
If you're familar with the ACM style programming contests;
-
you're given a challenge, a word problem, you know?
-
Write a program, that takes this kind of input and generates that kind of output.
-
Or some arbitrary word problem.
-
And you start coding. And you're coding along, you're coding along,
-
and then you say, "I think I'm gonna test something," and you try and compile it.
-
And it doesn't compile. You take a drink.
-
If it compiles, but doesn't run, you take a drink.
-
If it runs, but doesn't produce the right output, you take a drink.
-
Okay, you can see how this could degrade very quickly.
-
After 45 minutes, any points that are not awarded, or that have not already been awarded to competing teams get awarded to Team Distraction.
-
The team with the most points at the end of the night goes home with a Black Badge.
-
No, Team Distraction does not qualify for a Black Badge, unfortunately.
-
And you're coding? No. I am part of Team Distraction.
-
Our first goal is make sure that they get enough water, and they don't drink too much.
-
But then, of course, you know, we have to distract them from their coding,
-
and kinda like mess them up, and, you know, just, distract them a little.
-
Does everyone have a beer? (affirmation from the contestants) Let's rephrase that. Who doesn't have a beer?
-
Are we there yet? We're there. Okay.
-
Any other questions? No? Groovy. Let's go program.
-
Brilliant. Let's go program.
-
(singing)
-
(background noise)
-
(music playing)
-
Gotta energize the crowd. I gotta set the pace, set the tone. And then I have
-
to say something outrageous pretty damn quickly, gotta insult somebody quickly.
-
The show's begun and I'm not really aware of much of anything else for the
-
next couple of hours. I want the audience engaged within 10, 15 seconds.
-
I want to have that dialogue.
-
"Copyright lawyers mean this, by I.P." [buzzer goes off] "Win or Lose!"
-
"What is intellectual property?" - "What is intellectual property is correct!"
-
You can piss this crowd off very easily. So, you get your feedback very very quickly
-
as to whether you're doing a good job or a bad job.
-
Jeff and I had talked, and he says "I really wanna notch up the 20th, I wanna go out
-
with a bang, and I wanna do all these crazy things." And it was "COOL!"
-
"The final category is Beer." (cheers)
-
I think that this audience, probably 50% bigger than last year. So that would put
-
that crowd, I'm guessing, in the 2,500 range, something like that. But this one was huge.
-
We'll see you tomorrow night, for the final final final round of Hacker Jeopardy, DEF CON 20.
-
(music playing)
-
Common experiences at DEF CON include... I don't remember.
-
Meaning that if you have a good con you probably have no recollection of what
-
actually happened.
-
(music playing)
-
(music playing)
-
If you've never been, don't base your assumptions off what you've read or heard.
-
At this point especially, DEF CON is something you just have to experience.
-
DEF CON is not a convention, it's a meta-convention. But there's so many smaller
-
events, gatherings, meet-ups, projects, that it's become a group of other smaller conferences.
-
There are other aspects, other facets of the con, that are completely
-
different then what you have heard, thought of, expect or even dreamt are possible.
-
There's people you've known from internet stuff, only through that, and you come from a small
-
town, right, you don't know anybody, and you have this weird stuff you're into. And then you go to DEF CON,
-
And that's where you meet the people, right? And it's beautiful. Just hangin' out,
-
the conversations. It's the place. DEF CON is the place.
-
So they change periodically. And so the fire marshall you had last year may not be
-
the fire marshall...Oh, I think that's... the attorney. "Hello? Hey, OK, we'll let you in."
-
I can think of a couple of things he might have done, ya know, that I wished he hadn't have done.
-
I can think of one.
-
When we started, it was very clear that Jeff was younger, and he was way smarter then me,
-
but in my opinion, he had no street sense, which essentially just meant that he didn't
-
know what the ramifications could be from a law standpoint on some of the stuff we
-
were dealing with. You know, it's really not property damage stuff. We, you know,
-
that, we can do something about. You can liquidate that, you can price it, you
-
can figure it out. I mean, we've had lawsuits, we've dealt with big major
-
battles with me versus eight lawyers from Cisco for about 2 years. You know,
-
it's got these players that can get involved that aren't really attached to DEF CON that
-
could put DEF CON at massive risk for government intervention, heavy duty
-
lawsuit intervention.
-
People want to come to DEF CON, which is fine, that's what DEF CON, Jeff likes it, I think.
-
They come to DEF CON, they're like "Hey man, I wanna step on the toes of
-
"fill in the blank" mondo, master, master of the universe, aggressive company.
-
"I wanna come to DEF CON and piss them off, what do you think?" And it certainly isn't
-
boring when somebody says "Yeah, I'm gonna shut down, ya know, huge Corporation X."
-
So there's problems the public knows about, and there's problems that never see the light of day.
-
Or hopefully never see the light of day. So we've had a little bit on both sides.
-
Nearly dodged lawsuits, those kinds of things. We had one at
-
the Alexis Park where there was a federal grand jury we heard about that was
-
investigating DEF CON and they were asking for all the room reservation, credit card
-
info on everybody who attended DEF CON. Luckily we are cash only, so there's no
-
records to seize from us. So as the organization we were fine, but the hotel
-
and vendors in the area, they were getting their records taken, seized, and they're
-
performing some investigations. In the end, nothing came of it. The grand jury
-
as far as I know never did anything with it. But, that's one of those things
-
where for years I was telling people, there's a reason why you don't process
-
credit cards and keep records. And after years of doing that, I was vindicated
-
in my paranoia. Because that would have been a huge legal battle to deal with
-
all of that. To try and turn it over, not turn it over. So there's battles
-
like that that never see the light of day. And this is the first time I've ever
-
actually talked about it.
-
INTERVIEWER: Describe Jeff Moss. - Describe Jeff Moss. Oh...
-
Jeff is a friend. He's an interesting guy. He travels a lot. He's very intelligent.
-
Jeff's awesome. He is legitimately a good person. He's absolutely brilliant.
-
And in my opinion, if we didn't have Jeff, this community and this culture
-
would have never grown to what it is.
-
Without Jeff, DEF CON never would have made it this far. I believe that
-
without DEF CON goons, it also never would have made it this far, but Jeff
-
is the glue. You know, he's the glue that brought us this far.
-
This grew from a very small conference where the staff was
-
equal to, or more than the attendees, to a crowd that
-
regularly we've had to move venues every couple years, because we keep growing so much.
-
Yet, that continual continuity, and the spirit of DEF CON
-
if you will, is maintained because of Jeff.
-
He's overly concerned about what the DEF CON attendees think about the conference.
-
He wants them to have a good experience, he really does.
-
Jeff cares about DEF CON, so much!
-
He's a bit shy, as I'm sure everybody has gotten to figure out over the years.
-
It's difficult to get a hold of him sometimes at DEF CON, and difficult to grab him.
-
You know, he's like most hackers. He's not overly social, and he's got that quiet side,
-
a little withdrawn. He's only got so much he's willing to give you.
-
He is a really personable, kind-hearted guy.
-
He is managing chaos, and
-
it is not an easy job, and he's a very smart guy, and it's very difficult job,
-
and fortunately, he's also surrounded himself with people who can help him do that.
-
(Music)
-
In the early days, there wasn't a formal structure.
-
Kind of in the beginning, we all were security goons
-
to a certain extent, and whether is was official or unofficial there was a group of people that helped
-
control of what was going on, and it wasn't until later years, that, as the attendance went up, that we had
-
to deal with more formal roles.
-
Rule number four. Do listen to the Goons. If a red shirt tells you to do something, do it.
-
The goons aren't trying to ruin your fun. They're just trying to make DEF CON an enjoyable experience for everyone.
-
I mean, without the Goons, I think there are a lot of things that would just fall apart really fast.
-
And they have in the past.
-
It may have been after DEF CON 9, it was really a rough year. I don't exactly remember why, but we had growth spurts.
-
Where at the Alexis Park, they're physically breaking up fights. They're picking drunks up out of the
-
rose bushes. They're doing CPR on people. The Goons at the early Alexis Park
-
days that everybody misses, were actually Goons.
-
There have been some serious cardiac events, that I participated in, but we have had no deaths.
-
We were really beat up after 9, and we had discussions then as
-
to, "You know, do we call it quits at 10? We've had a good run. Ten years, that's substantial...
-
Maybe we'll do it one more and see how we feel."
-
And we did 10, and 10 turned out to be pretty good, and thankfully, we didn't quit.
-
All of the various teams have kind of occurred organically.
-
There's a lot of compartmentalization, that I don't think people realize.
-
Everyone has their own responsibilities that they're dealing with.
-
We've spent a lot of time over the past year setting up for this convention.
-
It is truly a labor of love. We are all volunteers.
-
We don't do this for glory, we don't do this for anything other than we want you guys to have a good time.
-
When I'm not at DEF CON, we're talking about DEF CON. The entire year, we're planning for DEF CON.
-
We're thinking about DEF CON. We're telling DEF CON stories.
-
Because we live it. We love it.
-
You don't become a Goon. You're born a Goon.
-
The joke is that we work for shirts. We get a couple of shirts to go and
-
work for twelve hour days plus at DEF CON, plus all the volunteer time throughout the rest of the year.
-
A couple of our guys have worn pedometers over the years, and the average shift is between fifteen and twenty-five miles.
-
So, we tend to, especially newer people, tell them to wear the right footwear,
-
make sure you always have water on you. Never walk into a situation where you
-
don't have a plan.
-
One of the things I like to say is: "At DEF CON, I live my life in the gutter, so you don't have to."
-
But, you're right, things that people don't see, that's our DEF CON. That's the Security Goons' DEF CON.
-
I'm glad to do anything I can for my fellow Goons.
-
Any time, any day.
-
(Music)
-
I was creating a contest that would be something I would want to participate in.
-
I used to say, magic is dead in the world, so I'm gonna create some for everybody else.
-
(Music)
-
I have to design cryptography and puzzles for an incredibly brilliant audience
-
that is designed to be solved in three days. That's not too easy, not too hard.
-
So now, that became my personal contest. My challenge to myself is
-
how do I continue to entertain some of the smartest people in the world and keep their brains occupied for three
-
days when a lot of them are smarter than I am, and can figure this stuff out.
-
(Music)
-
We've mapped out this challenge. The first thing we got on this challenge, was a writer with two keywords. "We program" and "Under Foot.
-
This referred to an insane sentence in the program. It's on page forty.
-
"Underfoot" represents the third oval, the third
-
sticker in the convention center, and those two things are two markers we
-
have to write on a piece of paper and give to 1057. Probably one of the biggest compliments I've ever been paid was
-
and I've heard this a couple of times, "I go to DEF CON to compete in your contest."
-
And that's, I mean I don't know what anyone else could say, I'm very
-
flattered. I'm shocked, because it's just stupid stuff that I think up throughout the year and then
-
I put it together, and try to make it a coherent flowing contest
-
to the best of my ability.
-
(Music)
-
We're inside the Lockpick Village at DEF CON 20, and this is where we teach people how to pick locks for entertainment and sport reasons.
-
Most technical people seem to have a rather strange curiosity about how
-
things work, and one of the things that lead us into that is how locks work.
-
We can teach most people within five or ten minutes how to start picking locks, and
-
then some of them will stay in here and at the end of the day we throw them out, and
-
they'll say, "Oh, I didn't go to the talks I was supposed to.", because they'd been sitting in here picking
-
locks all day long.
-
(Music)
-
(Music)
-
(Music)
-
(Music)
-
Most DEF CON talks start with a great deal of alcohol and end with a great deal of alcohol, at least the good ones
-
I've noticed.
-
The aircraft tracking stuff came out of the fact that I bought an app
-
for a couple bucks that let me point my cell phone at the contrail and look at the information
-
for that particular flight was overlaid on the camera. As I started digging, I found more and more issues.
-
Just, you know, out of my own curiosity, I thought "How does this work?". I found all these issues, and it got really scary because,
-
I speak a lot, and I go to a whole bunch of conferences. You know, this stuff can start
-
getting really dangerous, so I was thinking, "Even if I don't have all the answers, I need to get this answer out."
-
(Music)
-
Really, I've done enough of these things and know the crowd that
-
I don't get jitters or nerves or anything like that.
-
It's the sort of thing that I'm running through some of the slides in my talk, some of the jokes I may have constructed.
-
for a particular slide or a particular moment.
-
But mostly, it's just "OK, does my laptop work? Are the slides up?
-
Does the projector work? Yep. OK. All good."
-
Thank you.
-
So, generally what I say is that when I get bored, bad things happen.
-
At the Las Vegas Airport here, you've got a flight landing every 90 seconds.
-
That's an awful lot of metal, money and people moving around. How does this all
-
work? How does this all fit together? You always hear about air traffic control,
-
but does anybody really know how it works anymore?
-
I think that the audience is looking to learn something new.
-
They're looking for an entertaining discussion on interesting technologies that at the
-
end of the day are kind of important.
-
So increasingly my talks have gone into Why is the Internet such an insecure place?
-
What do we have to do, not in theory, not to satisfy academic stuff, but like, real
-
world, what do we need to change to make this thing secure?
-
All year, all my best research comes here. All year I work on "What am I gonna bring
-
to DEF CON for the next year" "What am I gonna do for this particular event?"
-
Because it's where it began for me. My career started because I started speaking
-
out here in Vegas. I started coming out to DEF CON and showing off these toys.
-
I'll be honest, a lot of my talks have had nothing to do with security, it's just
-
like "Yo, look what I can make THAT thing do!"
-
The presentation was just facilitating dialog with this industry because unfortunately with
-
something like a major vulnerability in air traffic control, there's no phone number to
-
call in for that and say "Hey, can we talk about this?" That doesn't exist.
-
It was the first time I dealt with something that was really serious. The entire talk
-
was theory. I had no facilities to actually test anything in a real world
-
scenario because obviously I don't want to be screwing with a plane while in flight.
-
(Now the attacker is one step away between an evaluation and attacker controlled code.)
-
My talks are stories and that's the one thing that I advise everyone else
-
giving a speech. You're telling a story to your friends about some cool stuff.
-
I have hundreds of hours of research that I have to tie together into a
-
coherent explanation of the world.
-
(applause)
-
I was expecting a response and oh boy, did I get it. I was talking to people
-
from major airlines, people with different airplane manufacturers, air traffic controllers,
-
trainers, I've got a pocket full of business cards after this that I have to go through.
-
This was me loudly knocking on the door and saying "You might have a problem
-
here. Let's talk about this."
-
Over the years, I've gotten relatively high profile and I'm very happy and
-
honored for all the obligations that come along with being a high profile
-
individual, but I do miss being able to just wander through the crowds and see cool
-
stuff and watch cool talks. I've got a lot of stuff I've gotta do; it's a lot of
-
obligations. I'm not complaining. This is a tremendous amount of fun that I get to
-
have. I build all these crazy toys and fill Penn and Teller and show them off.
-
The best moment for me at DEF CON is always going to be at 4 in the morning when
-
someone's showing off some really silly stunt that they built. And maybe it's
-
good and maybe it's not, but man they love it and they're enjoying talking about it.
-
(music playing)
-
The community has matured from DEF CON 4 and 5 dramatically. When I was coming to
-
DEF CON 4 and DEF CON 5 and seeing people in an official capacity, I'm now seeing
-
them bring their children and in some cases their grandchildren to DEF CON 20.
-
I say "Great, bring your kids to DEF CON" because there is no better community to
-
have your kids around than the people that go to DEF CON. There's every
-
opportunity for them to learn something and as long as you're a good
-
parent, as long as you're a good hacker, anything that they see or experience you
-
can lead them on that path.
-
Yep, so this is plastic. So, this is just a long string of plastic. So it goes into
-
this, this thing melts it. There's a little heater in here that melts it, and
-
then it squirts it out as the machine... (Just like toothpaste?)
-
Yeah, it's like toothpaste.
-
This is the second time for DEF CON Kids and the second time that I've been involved
-
and DEF CON Kids. Last year sort of was just a smaller way to try to get kids and their
-
parents involved in the hacker community and basically teach kids about lockpicking
-
and soldering and hardware hacking and privacy issues and law enforcement issues,
-
just all of the things that kids don't normally learn in school.
-
Speaking at DEF CON Kids and working with these kids is almost more exciting to me,
-
or just as exciting if not more, than giving a talk at DEF CON and having an
-
opportunity to directly influence these kids. It's like an immediate... you can see
-
it in their eyes, it's this immediate understanding once you show them something.
-
They get it, and that can change their life.
-
I would like to start programming, I would like to start learning the languages
-
that they mentioned, for example, I would like to start learning python.
-
What we were thinking of doing is adding some little extra pieces onto here and
-
solder those on and make some other cool programming with the light and make a
-
cool little light show.
-
The kids love all these speakers and they're the best speakers...
-
and I couldn't believe that DEF CON Kids had these same top speakers addressing
-
our children.
-
We're supportive, helpful, and just want the kids to gain this love of what
-
they're passionate about and sharing it with the world and it's wonderful.
-
This is kind of for the kids to really inspire them to get involved in
-
the hacking community and start doing some things. We've had the privilege to
-
hear from some really great guys and the kids are excited to go back and start doing things.
-
It's been a lot of fun so far. Even though it's only day 1 and
-
I think we've only had about 4 or 5 hours of sleep, it's been awesome.
-
Well, most interested in, I think, is hacking. I kind of want to be a hacker
-
when I get older, you know?
-
I would definitely call myself a hacker.
-
So this is the year that your daughter, your eldest, goes to DEF CON, right?
-
I plan on bringing my 14 year old to CON. This year, hopefully, will be her first
-
year, so I'm hoping to drag her out and show her, not just what I have experienced
-
over the years, but frankly, where she came from. Because at a basic level I have to
-
explain to my kids that I met your mom at DEF CON 4.
-
I've asked Dark Tangent for child support and he's like "hahahha.. Who are you?"
-
That's how it went, really.
-
I don't expect Jeff to know who I am. After all these years, I mean, I've been
-
going to his shows for 16 years, and that's OK. I feel OK with him not knowing me
-
personally. Because frankly, the dude's got like 20,000 people that some of them expect
-
him to know them personally. And I'm OK with that.
-
If there's a message you want to say to him what would it be?
-
Thank you, Jeff.
-
After Capture the Flag I thought that the Scavenger Hunt embodied the hacker
-
spirit the most.
-
No, No, AAAAAAHH!!
-
It's a tin foil swim suit.
-
Good Job! (laughter)
-
(laughter)
-
They're going to suck my blood.
-
Hi, How are you? Good, I'm here to get my daughter.
-
We've got a huge list of items and or tasks for the teams to complete.
-
By the end of the day or the end of the weekend
-
the team with the most points wins.
-
There's a lot of activity at the tables constantly
-
because the list is things to get and things to do and
-
things to perform and that sort of thing we get a lot of...
-
-find, make... meet. -Activity all around the table.
-
We want people to have a good time and ending up in jail generally is not a good time.
-
While there may have been things that are a grey area, or could end up being illegal activty...
-
I think we come from a community who... knows not to get caught.
-
We don't condone fire or stealing mostly...
-
Umm... [orgasmic screaming]
-
[music playing]
-
And I don't know how someone sourced it or found it but, the... head of a cow.
-
We put on the scavenger hunt list a live chicken, and I think we got six or something.
-
Scavenger hunt winners of the past go on to become goons
-
and contest creators and contest organizers and speakers and staff.
-
because you have so much social interaction it really engrains you into the community.
-
[music playing]
-
Oh, on the weekend of DEF CON...
-
I think last year we booked 14 shows.
-
I issued the ultimatum I'm going to book less shows... and it ends up being more.
-
[music playing]
-
The thing about DEF CON that I find incredibly fascinating
-
is that, yeah.. a lot of these basement dwelling guys that basically...
-
are getting tan off of an LCD monitor party the hardest out of anybody I've ever met...
-
Like.. Serious rockstars here..
-
Everybody just fueled by alchohol and Ballz and any type of A.D.H.D. medication
-
they can get their hands on...
-
[music playing]
-
[Applause]
-
Hey, so we are going to kick this thing off...
-
we've got really a lot of things to talk about but we've tried to organize it...
-
So... This is the 20th year.
-
How many people believe that?
-
[applause] Yeah...
-
So I'm just curious by show of hands.. How many people was this your first DEF CON?
-
So we scared away everybody else... [laughter]
-
We've got guys that have been helping out for 19 years...
-
That's amazing, I would just never have expected that.
-
So, I guess I'm most proud of producing something, having a group of people support me...
-
that's still doing stuff that people care about.
-
So... what I want to do is we want to
-
hand it over to Zac Franken
-
who's been the head of operations for I don't know...
-
closer to 18 years.
-
Let's hear a round of applause... Thanks. [Applause]
-
Thank you DEF CON 20!
-
DEF CON, as Jeff has already said, couldn't exist with out a lot of effort from a lot of people.
-
And, in the early years I used to name them all...
-
but now there's 300 of them.
-
I've trimmed it slightly.
-
So, while DEF CON is running, basically I'm almost certainly not having a good time...
-
Mainly because I just run around and put out fires.
-
And of course my friend Jeff who, threw this shindig 20 years ago..
-
I can't believe it's still fucking going... but it is...
-
I can't believe there's so many people here that had a great time!
-
and.. most of all.. thanks to you.. It's you guys that make DEF CON!
-
Thank you so much! [Applause]
-
DEF CON is not something that happens for us for 3 days in July or August every year...
-
it's almost something that we think about and work on and do stuff for
-
all year round.
-
It becomes almost a part of your identity and I know that sounds kind of weird...
-
it's when everything comes together... I know why I stayed up all night...
-
so many nights in a row...
-
There have been moments where you sit back and you say "That is just absolutely amazing."
-
That someone was able to think of that, or several someone's were able to think about that...
-
and do that.
-
I still love, just how excited people are there... and the fact that you helped...
-
to make it happen for them.
-
I said to Deviant, it was a really great challenge. Tt was fun to compete and...
-
DEF CON was great! Thank you everybody! [Applause]
-
This community, is misunderstood by the media...
-
and unfortunately, the media is the message out to
-
the non geek, non hacker community.
-
But the thing that I think came out perhaps this year more than any other year...
-
So, I just want to tell you what we've been doing for the last 3 years.
-
Year 1 we had 95 people sign up for the Be the Match bone marrow donor registry.
-
year 2 was 161 and this year we got 232 people to sign up.
-
In addition to that we raised over 3,300 dollars as well.
-
More than any other year this one was really about love. With the blood raising, the cancer stuff,
-
the huge amount of money for E.F.F... I mean even just saying it or thinking it gives me kind of goose bumps.
-
This one was, 20 years of love.
-
Ok, we've got some numbers for you. The info booth raised 58 dollars, the firearms simulator 3,620 dollars,
-
Mohawks...$4,333
-
Eddie Mize, was the artist with the great t-shirts you can still get outside
-
of the contest area, $3,500
-
The Summit, 1,500...789 dollars... $15,000...$15,789!
-
(applause)
-
And Hacker Jeopardy, for a total of $30,380...so thank you,
-
thank you very much! (applause)
-
(laughs) So I'm going to go over here
-
So...you have to understand, he's made this promise for what, 3 years in a row now?
-
This is beautiful, we have been waiting for this, time for Jeff to get his hawk.
-
(cheering) (applause)
-
Now, Jeff failed to mention that he has like 6 different meetings with incredibly
-
important people around the world in the next couple of weeks
-
You know, it's actually really nice fulfilling a promise (laughs), cause now
-
they can't bug me (laughs)
-
True!
-
That's true, now, but I haven't decided, don't I have to donate money to the EFF
-
for this? (applause)
-
Of course! (applause) (cheering)
-
I was thinking maybe $10,000 (cheering) (laughs)
-
What do you think? That's probably a pretty good thing...(laughs) (cheering)
-
(cheering) (applause)
-
Thank you very much, see you next year! Woo!
-
(cheering) (applause)
-
I joke with Jeff that he could cancel it tomorrow, like legitimately
-
cancel it, say "Screw it, I'm done. I'm going to do something else with my time."
-
And DEF CON would still happen, it would continue to happen. Everybody would just
-
go to Vegas anyways. Eventually people would start talking about stuff. Eventually
-
they'd say, "Let's go down to the bar and take over this empty conference room and
-
talk about it." And DEF CON would continue to happen organically, probably
-
for years after we just walked away from it.
-
So, for those of you who aren't in the conference business, what happens is you
-
sign hotel contracts for years in the future. You have to look into the future
-
and decide, "Ok, 2 years from now, are we going to be burned out? Are people
-
even want to come to DEF CON 2 years in the future or 3 years in the future?"
-
Because you have to sign these hotel contracts years in advance, and so who
-
could you hand this off to? Or who would want to take on that responsibility?
-
And I think the conclusion I've come to is, I'd probably just stop.
-
You know, and I'd...people could continue the organization, continue, they'd just
-
name it something different. I'd give them all my projectors, it would carry on
-
maybe under a different name, but it probably wouldn't carry on under the
-
DEF CON name. The only scenario I figured that out was if I get hit by a bus and I die
-
and I want to have the final DEF CON, huge party, though somebody would have to
-
plan that, cause I wouldn't be around.
-
(music playing)
-
I don't know why, every year, honestly. Every year after DEF CON, I think half
-
the senior staff says never again. All of us, we're all, "Yeah me too, me too."
-
And then all your friends, I have friends all over the world that DEF CON for sure
-
they show up to. And, you get wound up, you get excited for it, you look forward
-
to the experience again. So ... yeah, we forget how much it hurt.
-
Yeah, I do it, I've been doing it for a long time. You know, my second, she's 10
-
years younger than I am, she's been doing it for 5 years. She's probably due for
-
her shot to do it, and I can be the old grey beard that shows up at DEF CON, just
-
sits in the corner has a beer, and reminisces.
-
I can honestly say that without that first DEF CON, and without, you know, shaking
-
hands and meeting people, becoming a Goon, I wouldn't be the position that I'm
-
in now, and I wouldn't have the career and the means to support my family that
-
I do now.
-
It's outside of my imagination, missing a DEF CON.
-
When I started, it was like, "Oh my God, I found my home!" and that was, that's
-
kind of where it started, for me.
-
Once I got to the first one, I was hooked from that point on.
-
It's a degenerate family reunion.
-
These people are my family. It's a family reunion, you gotta come every year and
-
see everyone.
-
Basically, if you go once, you're hooked. DEF CON is, it's an experience like
-
nothing else. It's great people and a great atmosphere, and I think from the
-
time that I went, I knew that I would always go, that I would find a way to
-
make sure that I was there every year, and 13 years later I'm still going.
-
These people aren't just my friends, they're my family, you know, and I genuinely
-
genuinely love them.
-
(music playing)
-
I don't believe it's appropriate to talk about that on camera. (laughs)
-
Ah, I can't discuss that.
-
I'll tell the story, but I don't think we should actually ... (yeah)
-
No, no naming names, no naming names (laughing)
-
We'll tell you off-camera (laughing)
-
I can neither confirm nor deny that. (Yeah) Sorry.
-
All right! Edit that out... (laughing)
-
Nothing I'm going to admit on camera at this time, and 'til the statutes of
-
limitations run out. And then I'm happy to admit it later on, that's once we've
-
you know, checked with the lawyers and all that stuff.
-
I think half of the experiences of my life that I attribute back to ...
-
happened at DEF CON. I don't know how many of them I can talk about, I probably
-
can't talk about any of them. I really would like to, but, ahh, I ...
-
(music playing)
-
Transcription by: Anch, Phorkus, AlxRogan, Medic, Panadero, and Russr
