DEF CON

DEF CON
Status Active
Genre Security Conference, Hacker Conference
Frequency Annual
Venue Caesars Palace
Location(s) Las Vegas, Nevada
Years active 25
Inaugurated June 9, 1993 (1993-06-09)[1]
Founder Jeff Moss
Previous event August 9-12, 2018
Next event August 8-11, 2019
Website defcon.org

DEF CON (also written as DEFCON, Defcon, or DC) is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada, with the first DEF CON taking place in June 1993. Many of the attendees at DEF CON include computer security professionals, journalists, lawyers, federal government employees, security researchers, students, and hackers with a general interest in software, computer architecture, phone phreaking, hardware modification, and anything else that can be "hacked." The event consists of several tracks of speakers about computer- and hacking- related subjects, as well as cyber-security challenges and competitions (known as hacking Wargames). Contests held during the event are extremely varied, and can range from creating the longest Wi-Fi connection (aircrack-ng) to finding the most effective way to cool a beer in the Nevada heat.

Other contests, past and present, include lockpicking, robotics-related contests, art, slogan, coffee wars, scavenger hunt and Capture the Flag. Capture the Flag (CTF) is perhaps the best known of these contests. It is a hacking competition where teams of hackers attempt to attack and defend computers and networks using certain software and network structures. CTF has been emulated at other hacking conferences as well as in academic and military contexts.

Federal law enforcement agents from the FBI, DoD, United States Postal Inspection Service, DHS via us-cert.gov and other agencies regularly attend DEF CON.[2][3]

History

DEF CON was founded in 1993 by Jeff Moss as a farewell party for his friend, a fellow hacker and member of "Platinum Net", a Fido protocol based hacking network from Canada.[4] The party was planned for Las Vegas a few days before his friend was to leave the United States, because his father had accepted employment out of the country. However, his friend's father left early, taking his friend along, so Jeff was left alone with the entire party planned. Jeff decided to invite all his hacker friends to go to Las Vegas with him and have the party with them instead. Hacker friends from far and wide got together and laid the foundation for DEF CON, with roughly 100 people in attendance.

The term DEF CON comes from the movie WarGames, referencing the U.S. Armed Forces defense readiness condition (DEFCON). In the movie, Las Vegas was selected as a nuclear target, and since the event was being hosted in Las Vegas, it occurred to Jeff Moss to name the convention DEF CON. However, to a lesser extent, CON also stands for convention and DEF is taken from the letters on the number 3 on a telephone keypad, a reference to phreakers. Any variation of the spelling, other than "DEF CON", could be considered an infringement of the DEF CON brand. The official name of the conference includes a space in-between DEF and CON.

Though intended to be a one-time event, Moss received overwhelmingly positive feedback from attendees, and decided to host the event for a second year at their urging. The event's attendance nearly doubled the second year, and has enjoyed continued success.[5] In 2016, 22,000 people attended DEF CON 24.

For DEF CON's 20th Anniversary, a film was commissioned entitled DEFCON: The Documentary.[6] The film follows the four days of the conference, events and people (attendees and staff), and covers history and philosophy behind DEF CON's success and unique experiences.

In January of 2018, the DEF CON China [Beta] event was announced. The conference will be held May 11-13, 2018 in Beijing, and it marks DEF CON's first conference outside the United States.

Black Badge

The Black Badge is the highest award DEF CON gives to contest winners of certain events. Capture the flag (CTF) winners sometimes earn these, as well as Hacker Jeopardy winners. The contests that are awarded Black Badges vary from year to year, and a Black Badge allows free entrance to DEF CON for life, potentially a value of thousands of dollars.[7]

In April 2017, a DEF CON Black Badge was featured in an exhibit [8] in the Smithsonian Institution's National Museum of American History entitled "Innovations in Defense: Artificial Intelligence and the Challenge of Cybersecurity". The badge belongs to ForAllSecure's Mayhem Cyber Reasoning System,[9] the winner of the DARPA 2016 Cyber Grand Challenge at DEF CON 24 and the first non-human entity ever to earn a Black Badge.

Fundraising

Since DEF CON 11, fundraisers have been conducted for the Electronic Frontier Foundation (EFF). The first fundraiser was a dunk tank and was an "official" event. The EFF now has an event named "The Summit" hosted by the Vegas 2.0 crew that is an open event and fundraiser. DEF CON 18 (2010) hosted a new fundraiser called MohawkCon.

Notable incidents

High-profile issues which have garnered significant media attention.

Year Description
1999

On July 10, 1999, the Cult of the Dead Cow hacker collective released Back Orifice 2000 at DEF CON 7, in what was, at the time, the largest presentation in DEF CON history.

2001

On July 16, 2001, Russian programmer Dmitry Sklyarov was arrested the day after DEF CON for writing software to decrypt Adobe's e-book format.

2005

On July 31, 2005, Cisco used legal threats to suppress Mike Lynn from presenting at DEF CON about flaws he had found in the Cisco IOS used on routers.[10]

2007

In August 2007, Michelle Madigan, a reporter for Dateline NBC, attempted to secretly record hackers admitting to crimes at the convention. After being outed by DEF CON founder Jeff Moss during an assembly, she was heckled and chased out of the convention by attendees for her use of covert audio and video recording equipment. DEF CON staff tried to get Madigan to obtain a press pass before the outing happened.[11]

A DEF CON source at NBC had tipped off organizers to Madigan's plans.[2]

2008

MIT students Zack Anderson, R.J. Ryan and Alessandro Chiesa were to present a session entitled "The Anatomy of a Subway Hack: Breaking Crypto RFIDS and Magstripes of Ticketing Systems." The presentation description included the phrase "Want free subway rides for life?" and promised to focus on the Boston T subway.[12] However, the Massachusetts Bay Transit Authority (MBTA) sued the students and MIT in United States District Court in Massachusetts on August 8, claiming that the students violated the Computer Fraud and Abuse Act (CFAA) by delivering information to conference attendees that could be used to defraud the MBTA of transit fares.[13][14] The court issued a temporary restraining order prohibiting the students from disclosing the material for a period of ten days, despite the fact the material had already been disseminated to DEF CON attendees at the start of the show.

In 2008's contest "Race to Zero," contestants submitted a version of given malware which was required to be undetectable by all of the antivirus engines in each round. The contest concept attracted much negative attention.[15][16]

2009

WIRED[17] reported that an ATM kiosk was positioned in the conference center of the Riviera Hotel Casino capturing data from an unknown number of hackers attending the DEF CON hacker conference .

2011

Security company HBGary Federal used legal threats to prevent former CEO Aaron Barr from attending a panel discussion at the conference.[18]

2012

The director of the National Security Agency, Keith B. Alexander, gave the keynote speech.[19] During the question and answers session, the first question for Alexander,[19] fielded by Jeff Moss,[20] was "Does the NSA really keep a file on everyone, and if so, how can I see mine?" Alexander replied "Our job is foreign intelligence" and that "Those who would want to weave the story that we have millions or hundreds of millions of dossiers on people, is absolutely false…From my perspective, this is absolute nonsense."[19]

On March 12, 2013, during a United States Senate Select Committee on Intelligence hearing, Senator Ron Wyden quoted the 2012 DEF CON keynote speech and asked Director of National Intelligence James Clapper if the U.S. conducted domestic surveillance; Clapper made statements saying that there was no intentional domestic surveillance.[19] In June 2013 NSA surveillance programs which collected data on US citizens, such as PRISM, had been exposed. Andy Greenberg of Forbes said that NSA officials, including Alexander, in the years 2012 and 2013 "publicly denied–often with carefully hedged words–participating in the kind of snooping on Americans that has since become nearly undeniable."[19]

2013

On July 11, 2013, Jeff Moss posted a statement,[21] located on the DEF CON blog, titled "Feds, We Need Some Time Apart." It stated that "I think it would be best for everyone involved if the feds call a ‘time-out’ and not attend DEF CON this year."[22] This was the first time in the organization's history that it had asked federal authorities not to attend.[21] Actor Will Smith visited the convention to study the DEF CON culture for an upcoming movie role.[23]

2016

On August 4, 2016 DEF CON and DARPA co-hosted the 2016 Cyber Grand Challenge, a first-of-its-kind all-machine hacking tournament. Competing teams had to create a bot capable of handling all aspects of offense and defense with complete autonomy. Seven finalists competed for a US$2M grand prize.

The winner of the Cyber Grand Challenge was "Mayhem", an AI created by ForAllSecure of Pittsburgh, Pennsylvania. Mayhem then went on to participate in the previously humans-only DEF CON Capture the Flag Contest [24], where it finished in last place, despite pulling ahead of human teams often in a contest for which it was not specifically designed.

2017

At the "Voting Machine Village" event, dozens of voting machines brought to the conference were breached.[25]

In September 2017, the Voting Machine Village produced "DEF CON 25 Voting Machine Hacking Village: Report on Cyber Vulnerabilities in US Election Equipment, Databases and Infrastructure" summarizing its findings. The findings were publicly released at an event sponsored by the Atlantic Council[26] and the paper went on to win an O'Reilly Defender Research Award.[27]

Marcus Hutchins, better known online by his handle MalwareTech, the 23-year-old British security researcher who was credited with stopping the WannaCry outbreak was arrested by the FBI at the airport preparing to leave the country after attending DEF CON over his alleged involvement with the Kronos banking trojan.[28]

2018

In March of 2018, the DEF CON Voting Machine Hacking Village was awarded a Cybersecurity Excellence Award. The award cites both the spurring of a national dialog around securing the US election system and the release of the nation's first cybersecurity election plan.

Entertainment references

  • DEF CON was also portrayed in The X-Files episode "Three of a Kind" featuring an appearance by The Lone Gunmen. DEF CON was portrayed as a United States government-sponsored convention instead of a civilian convention.
  • A semi-fictionalized account of DEF CON 2, "Cyber Christ Meets Lady Luck" written by Winn Schwartau demonstrates some of the early DEF CON culture.[29]
  • A trip to DEF CON for a hacker showdown figures into the plot of "The Signal". Director William Eubank came to Las Vegas and screened the film at DEF CON Movie Night.
  • A fictionalized version of DEF CON called "EXOCON" is the setting for the climax of Jason Bourne, the fifth film of the Bourne film series. The primary antagonist of the film, a fictionalized CIA director (played by Tommy Lee Jones), is a keynote speaker at the event, mimicking DEF CON 20's controversial keynote speaker, NSA director Keith B. Alexander.
  • In the "Mr. Robot" Season 3 opener "eps3.0_power-saver-mode.h" Elliot and Darlene visit a qualifying tournament for the DEF CON Capture The Flag (CTF) contest. Sharp-eyed viewers will notice DEF CON's smiley-face-and-crossbones mascot Jack among the set decorations.
  • Famed documentarian Werner Herzog included DEF CON in his 2016 film Lo and Behold, Reveries of the Connected World, a film described as a "playful yet chilling examination of our rapidly interconnecting online lives."

Venues, dates, and attendance

Each conference venue and date has been extracted from the DC archives for easy reference.[30]

DC Hotel Days Year Attendance
DEF CON 26 Caesars Palace and Flamingo August 9–12 2018 N/A
DEF CON 25 Caesars Palace July 27–30 2017 25,000[31]
DEF CON 24 Paris Hotel and Bally's Hotel August 4–7 2016 22,000
DEF CON 23 Paris Hotel and Bally's Hotel August 6–9 2015 15,000
DEF CON 22 Rio Hotel & Casino August 7–10 2014 16,000 [32]
DEF CON 21 Rio Hotel & Casino August 1–4 2013 12,000 [32]
DEF CON 20 Rio Hotel & Casino July 26–29 2012 N/A
DEF CON 19 Rio Hotel & Casino August 4–7 2011 N/A
DEF CON 18 Riviera Hotel & Casino July 30 – August 1 2010 N/A
DEF CON 17 Riviera Hotel & Casino July 30 – August 2 2009 N/A
DEF CON 16 Riviera Hotel & Casino August 8–10 2008 8,000[33]
DEF CON 15 Riviera Hotel & Casino August 3–5 2007 N/A
DEF CON 14 Riviera Hotel & Casino August 4–6 2006 N/A
DEF CON 13 Alexis Park Resort July 29–31 2005 N/A
DEF CON 12 Alexis Park Resort July 30 – August 1 2004 N/A
DEF CON 11 Alexis Park Resort August 1–3 2003 N/A
DEF CON 10 Alexis Park Resort August 2–4 2002 N/A
DEF CON 9 Alexis Park Resort July 13–15 2001 N/A
DEF CON 8 Alexis Park Resort July 28–30 2000 N/A
DEF CON 7 Alexis Park Resort July 9–11 1999 N/A
DEF CON 6 Plaza Hotel & Casino July 31 – August 2 1998 N/A
DEF CON 5 Aladdin Hotel & Casino July 11–13 1997 N/A
DEF CON 4 Monte Carlo Resort and Casino July 26–28 1996 N/A
DEF CON 3 Tropicana Resort & Casino August 4–6 1995 N/A
DEF CON 2 Sahara Hotel and Casino July 22–24 1994 200 (rough estimate)
DEF CON 1 Sands Hotel & Casino June 9–11 1993 100 (rough estimate)

See also

References

  1. "Def Con 1 Archive". Retrieved 2017-04-23.
  2. 1 2 Zetter, Kim (3 August 2007). "Dateline Mole Allegedly at DefCon with Hidden Camera – Updated: Mole Caught on Tape". Wired Blog Network. Retrieved 2007-08-15. According to DefCon staff, Madigan had told someone she wanted to out an undercover federal agent at DefCon. That person in turn warned DefCon about Madigan’s plans. Federal law enforcement agents from FBI, DoD, United States Postal Inspection Service and other agencies regularly attend DefCon to gather intelligence on the latest techniques of hackers.
  3. "DEFCON 15 FAQ's". Retrieved 9 Feb 2011. Lots of people come to DEFCON and are doing their job; security professionals, federal agents, and the press.
  4. Tangent, The Dark. "DEF CON® Hacking Conference – About". www.defcon.org. Retrieved 2016-03-12.
  5. Jeff Moss (July 30, 2007). The Story of DEFCON. Retrieved 9 Feb 2011.
  6. DEFCON: The Documentary on IMDb
  7. Tangent, The Dark. "DEF CON® Hacking Conference – Black Badge Hall of Fame". www.defcon.org. Retrieved 2016-03-12.
  8. "Innovations in Defense: Artificial Intelligence and the Challenge of Cybersecurity". americanhistory.si.edu.
  9. "Mayhem Wins DARPA CGC".
  10. Lamos, Rob (31 July 2005). "Exploit writers team up to target Cisco routers". SecurityFocus. Retrieved 2004-07-31.
  11. Cassel, David (4 August 2007). "Transcript: Michelle Madigan's run from Defcon". Tech.Blorge.com. Archived from the original on 2007-09-08. Retrieved 2007-08-15.
  12. Lundin, Leigh (2008-08-17). "Dangerous Ideas". MBTA v DefCon 16. Criminal Brief. Retrieved 2010-10-07.
  13. Jeschke, Rebecca (2008-08-09). "MIT Students Gagged by Federal Court Judge". Press Room. EFF.
  14. Massachusetts Bay Transit Authority v. Zack Anderson, RJ Ryan, Alessandro Chiesa, and the Massachusetts Institute of Technology (United States District Court District of Massachusetts). Text
  15. "Race to Zero". Contest concept.
  16. McMillan, Robert (April 2008). "Security Vendors Slam Defcon Virus Contest". IDG News Service.
  17. Malicious ATM Catches Hackers | Threat Level | WIRED
  18. Fisher, Dennis; Roberts, Paul (August 10, 2011). "Legal Threat Pushes Former HBGary Federal CEO Out Of DEFCON". Business Security. Archived from the original on 2011-08-10.
  19. 1 2 3 4 5 Greenberg, Andy. "Watch Top U.S. Intelligence Officials Repeatedly Deny NSA Spying On Americans Over The Last Year (Videos)." Forbes. June 6, 2013. Retrieved on June 11, 2013. "Eight months later, Senator Ron Wyden quoted[...]"
  20. Wagenseil, Paul. "Hackers Don't Believe NSA Chief's Denial of Domestic Spying." (Archive) NBC News. August 1, 2012. Retrieved on June 13, 2013.
  21. 1 2 Whitney, Lance. "Defcon to feds: 'We need some time apart'." CNET. July 11, 2013. Retrieved on July 12, 2013.
  22. Blue, Violet. "Feds 'not welcome' at DEF CON hacker conference." ZDNet. July 11, 2013. Retrieved on July 11, 2013.
  23. "Will Smith Makes Unexpected Appearance At Defcon Hacker Conference". Retrieved 2013-08-09.
  24. "DEF CON Capture the Flag Final Scores". blog.legitbs.net.
  25. Joe Uchill (July 29, 2017). "Hackers breach dozens of voting machines brought to conference". Thehill.com. Retrieved 2 August 2017.
  26. "DEF CON Hacking Warns Voting Machines Vulnerability, Oct 10 2017 | C-SPAN.org". C-SPAN.org. Retrieved 2017-12-08.
  27. "O'Reilly Security Conference in NYC 2017 Defender Awards". conferences.oreilly.com. Retrieved 2017-12-08.
  28. Hern, Alex; Levin, Sam (August 4, 2017). "Briton who stopped WannaCry attack arrested over separate malware claims". The Guardian. Guardian Media Group. ISSN 0261-3077. Retrieved August 11, 2017.
  29. Winn Schwartau. "Cyber Christ Meets Lady Luck" (PDF). Archived from the original (PDF) on 18 July 2011. Retrieved 9 Feb 2011.
  30. "DEF CON® Hacking Conference – Show Archives". www.defcon.org. Retrieved 2016-04-09.
  31. ""Voting Machine Hacking Village"" (PDF). September 2017. p. 4. Retrieved 2018-05-17.
  32. 1 2 "Richard Byrne Reilly" (2014-08-12). ""Black Hat and Defcon see record attendance — even without the government spooks"". Retrieved 2017-06-07.
  33. "DEF CON 17 FAQ". Retrieved 2018-07-07.

Further reading

DEF CON

Multimedia

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.