DEF CON: Where Have All the Black Hats Gone?
DEF CON is one of the most controversial conferences in the world. Only at that annual event have arrests been made, legal threats shut down presentations and zero-day attacks been anted in Texas Hold ’em games.
The Usual Suspects
This is a conference of people who grew up like me — people who, at 11 years old, were using IRC (internet relay chat) to share API (application programming interface) documents or download random material such as, “The Anarchist Cookbook.” We were influenced by movies such as, “The Matrix,” and “Hackers,” all the while thinking elite hacks were the cool thing to do. We spent lots of time playing Quake and other games. As we grew up, we may have gotten into trouble building projects using proggies or sharing things we weren’t supposed to share. Most of us grew up using computers to build software and make money. Some of us graduated from college and found great jobs for our skills.
You start with chat rooms on AOL and dive deeper into IRC. You may meet people playing peer-to-peer games such as Quake. Those people share information, and, before you know it, you’ve downloaded software over peer networks and you’re sharing cracks. This is your hidden world, and your friends are handles with no name, age or location.
Then one day you decide you’re going to meet all these handles in person at a central location that is easy to get to. You’re going to save up some really good cracks you haven’t shared yet for when you meet them. That, to me, was the adolescent rebellious start to DEF CON.
Now, as adults, we appreciate the novelty of slipping away into childhood by attending DEF CON to witness new hacks and meet childhood hacker friends. It’s like meeting a bunch of people at your house who haven’t seen each other in a long time or only knew each other through internet chat rooms. It’s a good time to connect; it’s great to feel that energy.
Going Down the Rabbit Hole
Hackers are just curious folks who are so bored with all the content they consume that they turn the internet into a playground. Like every playground, there are good guys and bad guys. Sometimes they’re forced to get along. Sometimes they fight. Sometimes they decide to attack a system just because the company that runs it laid off a loved one. Other times they are just playing a friendly game of King of the Hill. You can take it too far and get in trouble or get a wake-up call. Or, you may simply grow out of it. No matter the situation, the curiosity and love for the internet remains with you; that is why DEF CON is attractive.
DEF CON is white hats teaching black hats and black hats teaching white hats with a lot of gray in between. Everyone gets along and smiles as they watch “The Matrix” or “Hacker Jeopardy” together.
Distinguishing the Hackers from the Hacks
I was waiting in line. I always communicate with the people in line and ask them about the conference, current presentations and whether they have had any experience setting up XYZ or running up a large sheet of attacks using cloud networks. At this year’s event, most of the people I ran into looked like “hackers” but had no clue what I was talking about; they just uncomfortably laughed. It’s funny: They were going to presentations to see somebody talk about something highly technical, yet they didn’t have a clue.
Lots of folks had badges, hung out and looked as though they were on vacation and decided to check out the conference. This group, I believe, came because the conference was located in a casino in Las Vegas. The whole Vegas thing is probably the top reason why DEF CON attracted larger crowds.
I noticed I found more competent folk at the Villages — different sections focusing on topics such as packet hacking, car hacking and social engineering. Villages had more unique, specific details on the concept of hacking in certain arenas. I found people were more in-tune and focused here. The Villages were away from the four main presentations rooms, which meant fewer tourist types. The Villages were where you found the passionate hackers.
White or black, it was a lot of gray. I didn’t see my friends who specialize in network protection for a living using hacker tools maliciously; rather, they were curious to know how the tools work. After Justin got his MitM (man-in-the-middle) attack working, he smiled and looked at me, “Is it this easy!?” Then, “How do we stop this? Is it really just making everything TLS? That can’t be the only way.” So we ran a few Google searches to poke around deeper. When moving around the conference, you saw guys sitting on the ground running these attacks; they were just phishing to add to the wall of sheep.
Was the guy who got paid to snoop at the Democratic National Convention convention with MitM attacks there? He might or might not have been. He might have been pioneering these attacks and learning from presenters, or he might have been so beyond what is shared at DEF CON that it was a mere novelty to attend. Even with DEF CON making it really easy to go undetected by using cash transactions, it’s still 2016 and surveillance cameras were everywhere — especially in casinos. If you’re looking to keep a low profile, DEF CON is the last place you’d want to be.
So, I’m going to go out on a limb and say that the white hats and some grays were present with maybe a Sith Lord lurking in disguise. The true black hats were most likely reporting in remotely to their Sith while they observed petty hacks and recruited from a safe distance. Or maybe, just maybe, they were in board shorts acting like a clueless tourist.
As first published in DevOps.com