Fear and loathing in Las Vegas: tipping a black hat to the DefCon hackers

What would Hunter S. Thompson have made of DefCon 2011? Profound Whatever

Las Vegas has a long association with people on the fringe of society but even Hunter S. Thompson’s characters Raoul Duke and his drug-soaked Samoan lawyer would have found visitors to the DefCon hacker conference at the extreme edge of these fringes.

As the late, great Gonzo journalist would have put it: “There was madness in any direction, at any hour. You could strike sparks anywhere.”

This year’s DefCon, named after the US military’s “defense readiness condition”, was held from August 4 to August 7.

It followed on from the Black Hat 2011 conference, also held in Las Vegas (from July 30 to August 4), which brought together academics, professional security experts and hackers alike.

Of the two conferences, Black Hat is probably the more serious (and tamer).

This year, Black Hat was in the news thanks to demonstrations of how to electronically and remotely unlock and start a Subaru Outback.

The hack involved a man-in-the-middle attack with the hackers setting up their own GSM network to intercept messages sent to the car’s management systems and reading the contents before passing them on.

Access codes gathered in this way could then be used to control the car, opening the doors and starting the engine. Known as “war-texting”, the technique can be used with a wide variety of equipment including security cameras and power- and water-supply sensors.

Another development that attracted some coverage was the (theoretical) ability to hack a person’s insulin pump and get it to administer a fatal dose.

Also at Black Hat, researchers from Carnegie Mellon University demonstrated how they could use facial recognition software on Facebook profile photos (and photos from other sites) to identify people and gather a considerable amount of information about those identified.

Less well-publicised were talks on how to set up and defend a crisis map, which are increasingly being used to collate information from social media to establish an accurate picture of what is happening during crises such as Egyptian uprising.

Governments would have a huge interest in disrupting these services if they thought they were being used for the benefit of those involved in the revolution.

DefCon

Where Black Hat is a more serious and security-oriented conference, DefCon is more of a social event, with a greater emphasis on hacking than traditional security applications.

The conference was founded in 1993 by [“Dark Tangent”](http://en.wikipedia.org/wiki/Jeff_Moss_(hacker) (Jeff Moss) as a party for hackers. Since then it has grown into an event that attracts more than 15,000 attendees.

Journalists attending DefCon were warned to leave credit cards at home, to not use their telephones and not to connect to any wireless network unless it was using a secure connection.

Within hours of the conference opening, hackers had interfered with the software controlling the lifts and, allegedly, ATM machines, poker machines, the public address system and lighting at the venue.

While conferences such as DefCon are primarily male-dominated affairs – around 90% of attendees at this year’s event – a ten-year-old girl known as CyFi, founder of DefCon Kids caused a bit of a stir after revealing a security exploit she had found.

She found the zero-day exploit in games on iPhones and Android devices. The exploit allowed CyFi to “speed up” time in Farm-style games where rewards and achievements only occur after a certain period of time.

Government hackers

This year’s DefCon also saw an appearance by representatives from the US National Security Agency (NSA) and other secret service organisations, groups that were actively recruiting “cyber warriors” from conference attendees and speakers.

As cyber security increasingly becomes a major area of concern for nations around the world, recruitment in this area has risen accordingly.

Such attention has not necessarily been welcomed by the hacker community. An open letter was published last week, calling for hackers not to “sell out” to the NSA.

And of course no article on hacking would be complete without a mention of LulzSec and Anonymous, the current hacktivists du-jour.

Obligingly, DefCon hosted a discussion panel featuring an at-times heated discussion about the groups’ activities.

There was some suggestion that the hackivists should focus their efforts on unearthing corruption or child exploitation web sites, rather than hacking for fun or other, less noble, reasons.

It was suggested there were members of LulzSec and Anonymous both in the audience and generally attending the conference.

In many ways, these conferences highlight that it is possibly not the widely-publicised hacks – such as those carried out by LulzSec and Anonymous – that we should be concerned about.

With computers increasingly interfacing with every part of our lives, it is the undetected and subtle ways in which hackers can take control of these interfaces that is of most concern.

And as recent global events have highlighted, it is possibly not just the teenage hackers we should be worried about but the governments who are employing them.

As Thompson might have put it: “When the going gets weird, the weird turn pro.”

Are hackers the new celebrities? Should they be? Leave your views below.

Facts matter. Your tax-deductible donation helps deliver fact-based journalism.