DEF CON Initial Report: Predicting the Cypocalypse

DEF CON 18 is in full swing at the Riviera hotel at the end of the Las Vegas strip. If you haven’t heard of DEF CON before, it’s ok; the conference is focused at the über geeks among us.

Attendees at DEF CON include computer security professionals, journalists, lawyers, federal government employees, crackers, and hackers with a general interest in computer code and computer architecture.

From demonstrations of turning Pringles cans into directional antennas, through interactive discussion on hacking ATMs, physical penetration (e.g. lock picking), Internet routers, and building your own UAV to map WiFi and capture videos of your neighbors skinny dipping in their pool, DEF CON pretty much covers it all in gory technical detail.

Chronology

Of course, DEF CON pays homage to the past, too, showing a chronology of computing power dating back well into the 60’s.

I had a sentimental moment when I saw my first computing platform, the venerable Apple //c on display while I was waiting for the conference tracks to kick off this morning.

Badges

DEF CON 18 printed up 7000 badges, but those were gone in under 24 hours. Unlike traditional badges, these badges are literally printed circuit boards with a persistent display that remains even when there is no power.

Attendees are given the source code and encouraged to hack the hell out of the badges- including completely reprogramming them to do other, more “evil” things then simply displaying the DEF CON logo.

The late arrivers stick out with their laminated paper that shows a DEF CON-esque graphic, demonstrating the fact that it pays to be on time even in the geek world!

Crowds

My unprofessional estimate pegs this years DEF CON attendance around 12,000 people.   This picture on the right was from the sole hallway to the conference tracks, filled with people who were denied entry into the existing track conference rooms because they were too full!

At one point I personally felt the crowd snake a couple feet in one direction, you couldn’t help but move. It will be very interesting to see if it thins out as the conference progresses.

Some of the more compelling tracks will assuredly be difficult to get into, including “Weaponizing Lady Gaga; Psychosonic Attacks,” a talk that has been highly popular in the hallway chatter. The talk introduces an emerging attack vector of psychosonics, showing how any .mp3 can be turned into a weapon, a study aid, etc. by simply injecting an alternate data stream attack made up of psychosonic frequencies. Most intriguing, the presentation brief states that the presenters will “attack the audience” so that everyone can judge for themselves.

Tactical?

The word “tactical” doesn’t show up too often at DEF CON, and the conference’s general anti-Fed theme is exemplified with the “Spot the Fed” game that hands out prizes to attendees that successfully find a fed.

Military folks are generally not considered feds, though ultimately it is up to the audience to issue a final verdict. For example, someone in CID is highly likely to be labeled a fed, despite the fact that they are active duty military. Odds are this guy to the right is not a fed!

Tactical may be missing, but there is a palpable theme around cyber warfare activities. The former Chief Security Officer (CSO) of Facebook.com gave one of the opening keynote tracks. His presentation lacked…charisma, but the large conference hall had standing room only. Perhaps the scariest moment for the attendees was when he predicted that the upcoming “cypocalypse” would yield no more cold beer!

Vendors

The conference runs for 3 full days, but the swag is disappearing fast. The vendor space  is just as packed as the hallways–all cash deals, including the conference registration itself. (Me? At DefCon? No, I wasn’t at DEF CON!). The SerePick booth was too deep to even approach this morning as people sought out high quality physical penetration kit.

DEF CON is an exciting conference, and while I was only able to cover this morning’s event here, stayed tuned for another report sometime next week that summarizes my experiences at both the DEF CON and Black Hat security conferences.