|
DEFCON: The Documentary (2013)
1
What the fuck, dude! What the fuck! Oh shit! There we go! The history. I had been running the Dark Tangent System, that was the name of my bulletin board system. The bulletin board was known around the world, we were on international FIDO networks. And one of those networks called Platinum NET out of Canada, was going away. He was shutting it down. I was the biggest node, I had the most users, and I distributed to the United States. And he wanted to throw a party, a going away party for all of his Platinum NET users. But he didn't want to do it in Canada, and all of his users were in the states, and so we were talking, he says "Well you should do it, we should work together." And I said "Great. Let's do it in Vegas." That makes the most sense, cheap airfare. And he said "Sounds good." And I mean, this happened over the course of less than a week. It was really brief. And then all of a sudden he disappeared, Platinum NET went down, and all these years, 20 years later, I never heard from the guy again. I can't even remember his name, it's been so long. So when he disappeared, I had already started planning to do this going away party for Platinum NET. So instead, I invited all my networks and it went from being a going away party to, a party. There was HoHoCon, there was an XCon. There was PUMPCON, Summercon. But there was no real west coast con. So we figured, OK... So it ended up being DEF CON. The first one, there was a flier that went out and that kind of circulated around on some of the sites, and, and I think that's how I came across it initially. I'm assuming it was because of a book I wrote, or maybe my congressional testimony I don't know, but somehow he had contacted me to come out and speak. I actually didn't wanna go to the first DEF CON. I did not want to go to the first DEF CON. A number of my friends were going. They were trying to get me to go, they kept telling me it was going to be fun and I kept thinking to myself, "I've never been to Las Vegas before", and you know, I used to go to BBS user meets, and well, a lot of them are pretty lame and I thought to myself "OK, this is just going to be a BBS user meet... in Vegas." Jeff contacted me somehow, said "You wanna come out to Vegas?" I said, "Well, I don't like Vegas." "Come out and speak and there's "a bunch of people, Phil Zimmerman, and a couple of other folks," and... DEF CON 1. And I had a blast. I had so much fun. It felt we were part of something that was really kinda legitimized because there was this event around it, you know, it wasn't just, you know, random people that you might have known or heard, or it wasn't somebody (in the phone phreak world) on the end of a toll-free loop around that you called at midnight. "Hey, who's there?" So, I ended up meeting a lot of people, some of whom I'm still friends with to this day... out of all of that. And I remember, after the first DEF CON was over, and I was back home, and I was decompressing, somebody wrote me on UUCP in my email. Wrote me an email and said "Hey, that was great. When are you doing it again?" Until I had gotten that email, I had never thought of doing it again. And then I thought, "You know, I could probably make this better. I could" "change this, I could..." and then that started it, that was all, game over from there. It was, every year, what can I make better, what went wrong, how do I fix it. And that geek sort of fix-it mentality kicks in, and you're always trying to improve it. It's sort of like this challenge you'll never solve, but you keep wanting to make it better. The people who missed a few years. The differences between their experiences is going to be pretty radically different. DEF CON 1 was around 100 people, and we expect roughly 15,000 for DEF CON 20. We work nonstop. I haven't seen 4th of July in like 7 years. It's crazy that DEF CON, you can label it as a hobby, takes so much time. Because it seems like pretty much from the moment DEF CON ends until the time that we're spinning it up again, we're busy. You know, technically I retired 2 years ago, but I can't give it up, because it's such a part of me. I'm giving back to the same culture that spawned me. DEF CON for the last 10 years, especially, has been a very big part of my life. It consumes most of my free time. DEF CON starts, for me, the day after DEF CON is over, for the next year. It's going to be amazing. We have so many surprises planned for the attendees. It's going to be remarkable. This is going to be a really, really special year. If you're sleeping, you're doing it wrong. A lot of people who are hardcore DEF CON attendees, or staff, they negotiate when they change jobs. "That's fine, everything's good, but I need to take", you know, 2 weeks off." I never thought that my party would be a job employment prerequisite. I am not kidding, I am expecting another well orchestrated, well-oiled machine, coming together and producing this amazing gathering of geeks. No kidding, it's what we do. We come together and we do the HELL out of it. And I expect it to happen this year. There's absolutely a difference between driving and flying. When Utah group, for example, used to go down to DEF CON, years and years and years ago, there was a whole process where basically we gathered at this restaurant called "D's", or we called it "Freaky D's", at like 2am, and basically 20 or 30 of us piled into the restaurant and we'd have our caravan of cars all set together, and that was our group of people. There are some hijinks that I can't even imagine mentioning on the documentary, that can happen on a long 9 hour drive from the Denver area to Las Vegas. When you're driving, to get there, especially from the west coast, you have to drive through the middle of fucking nowhere. And it certainly adds to the experience when you roll in, and it's just after sunrise, or just about sunset, you really have no idea what time it is, and there's Sin City, and of course you're playing "Viva Las Vegas" by the Dead Kennedys or something like that. It does add to the experience I think. "Actually, here comes the Hack Bus now." "Pretty awesome!" It kind of blows my mind that everyone's so excited about going to a BBQ six miles away from the con that have to rent a taxi for, or go to the store and get food. I don't know. I just feel like the BBQ is this misfit love child of DEF CON, because everyone's, "There's this thing that happens over there and they're grilling alligator and elk and all this crazy meat." "Why can't we ever go? Where is it?" And that kind of adds to the mystery and fun of it. Man, did I never expect that to become something a thousand people strong, now. To me that shows an awesome community and spirit, and an effort of "I want to see my friends and hang out with them and I wanna do something simple, like eat some food." You know, it's not at the con, there's no crazy music, it's just a BBQ. Ever since I was in town around DEF CON 10 or 11 you see those signs in the airport, "Come Shoot a Machine Gun." Which, you know, is fine for me, I've done that, but a lot of my friends said, "Man, I'd love to do that!" Well, I said, let's just go out in the desert, I'm sure we can find a nice group rate, and and we'll shoot out in a sand pit, and everyone had a blast, and they said "Boy! This was great, you want to do this again?" So now, there's just this well known, public shooting spot, way out on the Lovell Canyon Rd, where anyone can go and shoot what they want, as long as they police up the area. And we use it and it's again, much like DEF CON itself, getting popular and growing. Now we have canopies and tables rented, that I arrange. There's a small per head fee, just to cover that. We had a hundred people on the line last year. We've got damn near that many registered this year. We're going to stay safe and see what we can make happen! Can everyone hear me, over the reports, over the berm? All firearms are always what? Loaded! They are always loaded! Nothing is ever an unloaded firearm. You always point the firearm where? Where? In a safe direction. In a safe direction. Yes. The key point being, not just being what is your target, but what is beyond it! The hacker community, you can never put a single hat on anybody, but there's a libertarian undercurrent to a lot of our membership, so being able to treat guns as, well, that's this piece of equipment if you use it the right way, it's great. It percolates through most minds. So, you get the occasional raised eyebrow, but half the time that's the person who's, like, "I'm gonna go see exactly what you think is so fun," and they're out there shooting a cannon, or an automatic rifle, and they say, "Boy, I get this." I think it was the year when it was at the Aladdin, and we'd forgotten to sort of clean up our room, or we didn't think the maid was gonna show up as early as they did, and we had gone off to breakfast, and we came back and the maid had been in the room, and cleaned the room, and organized all of the drugs! So there's a little pile of acid, and a little pile of ecstacy, and some other pills, and they're in nice, neat little piles, and everybody's like, "Well, I guess things are different in Las Vegas." You've got to put the convention in a 24 hour city. You know, it's got to be like a New York, or Vegas, or maybe a San Francisco, because hackers get bored, and there's got to be something for them to do. And I saw what happened when you had a lot of bored hackers running around. You know, a lot of activities in the computer underground would happen after midnight. That's just the way it is. So, you know, the fact that people can move around, and not be noticed as much being a group moving around at midnight, that kind of added to the appeal. I'm big on privacy. Nevada still respects people's personal privacy. You know, your hotel room is considered your domicile. It sounded fun... you know, just a bunch of computer people, it just seemed like my group was in Vegas and it sounded like a really, really fun time. So, that, you know, whole underworld connotation of it all, was very attractive to me. So I feel like there's gonna be a stream of people really dedicated, like, "We're gonna be first! We're gonna be first in line!" I wanna make sure I get a badge. That was my biggest concern since my first DEF CON, and I wanna make sure I walk away with a badge. We're all DEF CON virgins, we gotta pop that DEF CON cherry. Get those badges! How many hours do you have before you get your badges? At least nine hours now? Ok, and that's $20. So, that's $20 plus $20 tip for you. Thank you very much! Yes, we drink. Good! What are we drinking? Stop recording, please! We've got pizza. Pizza is GOOD! Alright. Jet-Lag has sunk in. It looks like he's using a pizza box for a pillow. We will not abandon our posts. This is my first DEF CON badge! INTERVIEWER: Now what made you decided you were going to come to DEF CON? My husband's work decided to send him, and I started going through all of the videos that they had for DEF CON 19, and I started looking at that and going, "Oh, this is really cool!" This is the 20th DEF CON, and I've been wanting to do it for years, and it was just one of those things that just sort of lined up, all the moons lined up perfectly. Definitely heard a lot about the con. It's a somewhat affordable con, and there's lots of technical discussions. A whole bunch of really smart people that probably know more than I do, most of them, so I hope to learn something. You know, an opportunity to hang out with those people who really know what's going on. You know, it's too enticing to miss out on. I thought this would be an amazing place to just meet really intelligent people. So, now I'm here and I'm really excited! To meet a lot of interesting people and learn a lot and have a lot of fun at once. It's kind of, you know, a big congregation of people who live anonymously online, get to actually socialize in person, and not have to worry about, you know, revealing their identity. Well, I've read all kinds of dire warnings about using anything that's potential hackable, and nearly anything is hackable. I was told to take the battery out of my phone. You know, I've got a check list sort of in my mind, you know, kilt, colored hair, drinking before 10am I haven't seen quite just yet... Every single device in the world has some kind of computer in it, and they all have vulnerabilities one way or another and this is information of what those vulnerabilities could be and how to fix them and improve it for the future. Are you the teacher? - Yes. You are the teacher, and this is your first DEF CON? Yes. INTERVIEWER: And you thought to take a pack of neophyte students into Las Vegas to go to a hacking conference? - Yes. INTERVIEWER: Do you have tenure? Rule Number One: Follow the 3-2-1 rule. DAILY. And please bear in mind, these are minimums, at a minimum, three hours of sleep. Two meals. One shower. By tomorrow afternoon, the pungent and stank aroma of many DEF CON attendees will waft through the air and hit you like a Mack Truck. So, remember, you plus deodorant equals everybody wins! I, like many people here, will not remember your real name. There are lots of Steves, Jeffs, Chrises, and Bills, but maybe only one, maybe two, with your unique handle. Hopefully, you've picked a good and unique handle to avoid conflicts in the namespace. Create a good handle for yourself, before someone creates it for you. So I've got a question. Who here is from other countries? Wow. That's impressive, thank you for coming all the way to join us, you guys, that's awesome that you came out. DEF CON is truly an event and a conference where you get out what you put into it. DEF CON is the one time a year where everything that we do year-round actually becomes physical. All these people that you've met in IRC, All these people you've been chatting to, All these people you've been reading their research, following their work, looking at the different things they're publishing... They're here. Walk up to them, tell them that you like their work, and buy them a beer. They'll probably be your best friend. That's one of the biggest things about this crowd you've got to really swallow is the fact we're all super, super approachable. You can be a wallflower here and still get a lot out of it, but you're not gonna get your 200 bucks worth, frankly. You're gonna have to interact, work with people, get to know people, go party with people. If you don't know something, be proud of that. Be like "I don't know this." Can you please teach me? Can you please educate me and train me?" This crowd loves spinning people up. Take the time to go in and learn from these people. They're geniuses, truly geniuses, and some of the best in the world in whatever it is that they're presenting or working with. So, take advantage of it, you guys, OK? Alright, the next rule is one that basically says "The media is not your friend. Don't trust them." What do you think is the number 1 thing people misunderstand when they show up to DEF CON? That it's a den of illegal activity and you're gonna come learn how to do really neat, illegal, black hat, gonna get in trouble if the FBI shows up at your door and you should show up with your ski mask on just so no one can know your identity. What is it actually then? It's a publicly funded, private party for a bunch of really cool people. Yeah, our reputation is... it's out there, but people are proud of it and I'm probably the only one who tries to go around and go "It wasn't quite like that", it was sorta like this." I don't think people understand how much goes into creating a show of this size. DEF CON looks like this big amorphous jellyfish of people everywhere, but what I hadn't realized is that there is really a lot of stuff that goes on on the back end to keep it running like clockwork. That's what makes DEF CON so exciting. It's super organic, is the way I see it. If you're inflexible, it doesn't work with DEF CON because there's too many people and you'll just break, and that's just the reality of it. I always joke for me it's an opportunity to spend 4 days out of the year not caring about computers or computer security. Everybody's Christmas, New Year's, Birthday, Anniversary, wrapped up into one, for hackers. It's an experience that's not like anything that anybody has described because it's kind of something you can make what you want out of it. You can show up and you can just go to talks and you can sit there and get that out of the conference or you can show up and just party. You can show up and hang out in your hotel room with a bunch of friends. When it comes down to it, you're the driver of the experience. It's not a pony show where you can just, you know, sit down in a seat and let it unfold before you. The more active you become inside the con the more fun you can have. For me, I think it's more social. Mainly, for me, it's just a lot of close friends that I get to meet once a year because of the diversity of where they all live in the United States. So this is kind of like a meeting point. Go out there, be social, just run into people and say "hi" and just strike up a conversation because you will meet interesting people here. It's fantastic, everybody is friendly. I can sit down and talk to anybody and I just ask them "what do you do" and they're happy to tell me about what kind of employment they do or the hobbies that they're in. It's just striking up conversations. That's my personal favorite. It's a combination of the people who I run into at DEF CON and just sort of the atmosphere. It's like a giant party that doesn't want to end but there is a lot of really smart people in one place and it's just, there is really no other place like it. The first qualification, if you will, to be a vendor at DEF CON is "how are you" "providing back to the hacker community at large." A lot of money goes through there. It's kind of staggering. One thing that we try and do is most of these guys, most of the vendors if you walk around that room, this isn't their primary business. These are people that are in the community. Take a look at these guys. They're only doing this this time of year and it's only to provide something to the community that they think is neat. Those are the kind of folks that definitely get a priority when I'm looking through applications. It looks like you're doing things right. Ok, is this on? Oh, Boy! Ok... What I've tried to do with the whole hacking community is raise the level of discourse, that's the thing is, to bring information, to make it accessible and widely dispersed at a reasonable price and make people happy. And if I put a smile on their face it's like "Wow, really, that's a great price and" "I get that too?" That's good. I don't need every last dollar. What are you gonna do with dollars anyway? They're just numbers. Our main job actually is to create mayhem. That's actually what we've been asked by the management. Make sure we create a lot of mayhem. We actually have official DEF CON 8 posters from years ago that we found, so, we're not selling them, we're giving them away, but you have to convince us to give you one, and that requires mayhem in the dealer's room of some sort that we don't officially support but for some reason they end up with a poster. Who knew, right? We are simplewifi.com. We are long range wireless made easy. We custom make all of our antennas in Miami, Florida, so if you want to go creating a hotspot around your whole neighborhood or you have that guy with an unfortunately has an open signal and you don't want to pay for Wi-Fi you can set your antenna pointing right at it, grab that signal and you have Internet for free. The people that want something one year that you didn't bring, invariably won't want it next year. It's like everyone wanted network cables. Everyone wanted PIN card readers, or prox card readers or mag stripe readers, encoders, decoders, you know, it varies every year. And then everyone that leaves something behind, like "We need a hub" It's like, OK... I only have 53 tables in total that can be sold. Some vendors are getting 2, some vendors are getting 3 so you have to decide what's going to actually provide the most benefit to the attendees, what are they actually gonna want to buy and we certainly have made mistakes in the past. For one thing... It used to be we shouldn't have even called it the vendor area. There were a couple of years, and I can't blame anybody but myself for this, where it should have been called the "buy your t-shirts room." The only thing that was for sale in there was t-shirts. You had 2 hardware vendors and 33 t-shirt vendors. Hackers love their t-shirts. In a weird way, it's like a way to kind of express your identity. I think we all do that through our shirts. It's a way when you're walking down the hall at DEF CON or any other conference or at work or wherever for people to kind of get an idea of who you are. So yeah, I mean the T-shirt aspect of it is certainly important. This is the one place I can wear all my T-shirts... and people will know what it is. - Yeah, people get it. There's something about that like, cinematic hacker. That's both goofy and inspiring and... Like I still play up... There's this mystery around it. Oooh, Spooky Hackers... and, like there's this dark side to it.. And I still think I play that up in the art. That I'm still intrigued... I still don't know all of what's going on... Like, I'm a maker... I'm not a hacker. So, I was a goon the first year and they stuck me in the info booth. And then, about half way through the first day Russ came over first and said... "Hey I want you to draw on my badge..." We had great big badges that Joe Grand did... ...and so I drew on it and then... Pyro came over and said "Hey, draw on my badge." And then in like 10 minutes there was this line out the door of people like "Draw on my badge.." and so Russ came up with the idea... "Well, if you're going to draw on the badge... "Why don't you make them give $5 to EFF for every badge you draw on. And raise some money." So, like, laptops I'd charge $20 for EFF... and then it ended up with a pile of money for EFF like the first year. So then the second year they said "You're not going to be in the info booth." "You're going to have A booth and sell art and draw on things for people "to raise money for EFF." And that's how that took off so... You have to believe in what you're doing... and you have to believe that whatever you have is the hottest, coolest, newest, best thing... and that if you have any shred of doubt about what you're presenting... or if your hearts not 100 percent into it, the audience is going to pick up on that right away. And... tune out. That's the thing, I think the B.S. filter here at DEF CON is very, very strong. I think the talks and the speeches are absolutely important because it gives the world an opportunity for a very inexpensive price to be able to go learn from the absolute best in the world in this industry about the absolute bleeding cutting edge of technology... It was between 300 and 400 submissions that came in for people that wanted to speak at DEF CON this year. Yeah, it was a rough, rough year just because of the number of quality submissions... There were some that any other year absolutely would have been accepted... I think because this is the 20th DEF CON and it's because people want to be a part of DEF CON 20... we got so many more submissions. And so many more quality submissions... DEF CON speakers are all different types. Especially this year you have... you have generals, and you have 15 year old kids... all of whom have something different to contribute. There's not really one thing you can say that unites a DEF CON speaker... except for their desire to present their ideas to an audience. And we've got a really cool V.I.P. this year... Yup... Really Cool. They better show up. The big celebrity speaker V.I.P. for this year at DEF CON, The director of the NSA and director of cyber command General Alexander. We've been trying to get somebody from the NSA high level to speak for... 10 years. And it just so happens that we finally get somebody. And it just happens to be our 20th year anniversary so... the timing just works out really well. And I know people are going to get all bent in a knot over it... It's going to be like the love-hate relationship... They're also going to be really interested in what he has to say... and at the same time be really fearful of the NSA. It's a milestone to see someone of his position and level come here and speak about security and hackers and those types of things. Jeff Moss made a valid call and he kind of said... "Look, you know, we have to interact with these people." you know. We have the technical skills and they're the ones calling the shots. So we've got to interact with them. And at the end of the day... we've got to educate them. Ya know? Helloooo DEF CON! Something I try to do with DEF CON is I want to expose you guys, from the very first DEF CON, to people you don't normally see like... I'm sure you guys just don't hang out and have coffee with the General and, neither do I so to me it's really eye opening to understand the world from their view. Having the NSA here was a great unveiling of the support and I think a little bit of appreciation from the government towards our community now, and a little bit more understanding of the work we do, and the actual end goals of what we are trying to accomplish here. Thank you... It's an honor to be here. It's an honor and a privilege to be here. You know, one of the things I want to talk about is the Freedom domain. The Internet. And what we can all do to work on this, and so I've got about 6 hours of presentation and slides that we'll cut down to some meaningful time for you. I think it's amazing and D.T. wouldn't believe you if you could go back in time and tell him that 20 years from now you're gonna have an NSA general here talking to the group sort of as an ally. Seeing people like General Alexander come down and meet with us hackers... it's just amazing. I've been in the hacking scene for over, what, 25 years now and I remember the days when we were just considered criminals that no one wanted to integrate with, they didn't understand how a hacking ethos could be applied to things that weren't illegal. And now... this completely legitimizes what we're doing. People want to see what we're doing and they want to hear about what we're doing, and they're realizing that we have a role to play in keeping the world's infrastructure safe and keeping the government safe. And that... that's awesome. And there's a lot of things that are going on here. We can sit on the sidelines, and let others who don't understand this space tell us what they're going to do, or we can help by educating and informing them on the best strategy going forward that benefits all of us and our nation. And that's the real reason that I came here, to solicit your support. But on the other side we also have super privacy advocates, the E.F.F. is going to be right there next to them. And they're probably in a constant lawsuit with the N.S.A. so... we try to represent both sides. I mean, they're the ones that have been out there and helping when people try and do crazy laws that, you know, don't really understand the implications. The E.F.F. will step up and try and right the ship and make things good for everyone and we like to support them. And what I'm trying to do when I have these speakers is I'm trying to expose the audience to people they wouldn't normally come in contact with. It's not just always fun and games. Hacking a system. There's a bigger world out there, and you're playing a part in it. A very important part. And if I didn't, I kind of think I'd be doing a disservice. It would be sort of like intentionally, I don't know, not aiming as high. So, if you don't like that speaker don't go to that talk. And I think that when you bring in not only our great talent here but those of our allies I think that's absolutely superb. All right, that brings this session to a close, so let's have a round of applause for General Alexander. I think the contest and events is very key because it's one of the things that you'll find if you go to a lot of different conferences especially in the security arena... it's very boring. Usually you're sitting around in a bar getting really, really drunk with a bunch of friends. And going to a couple talks that you're interested in seeing. But over all it's a lot of looking for something to do. We've just grown to where now I believe I'm managing about 50 events. 50 events and contests throughout DEF CON 20. What's going on? -Not much, just cutting some mohawks. It just started out as shenanigans... with, like, drunk people in bathrooms at DEF CON. But people started giving us money. I started telling them to donate to the E.F.F. and so people told me I should make it official cause it just became tradition. Last year we raised about $4000 total for EFF, Hackers for Charity, and other hackerspaces around the country. I've been growing my hair out for 2 years. It was difficult for the girl, because she was about this tall and she had to stand up on a chair to actually finish it all. This year we have a goal because last year he shook on it: DT will be getting a mohawk this year, if he likes it or not. I've been playing Hack Fortress, which is an amazing competition, it's one of the highlights of DEF CON for me. Essentially we have a team of 6 to 8 players who play Team Fortress really how it's meant to be played. You know: Medic, Heavy, and they try and capture points. We as the hacking team, essentially we're doing hacking challenges: Cryptography, forensics, physical challenges, social engineering, information gathering, and that gets our team benefits. So it might light the other team on fire, it might make everything our team shoots a critical hit. It's just a really cool combination of both gaming and hacking which, you know, is awesome. Now you've got an objective here, you've got a 3 person team, and you have to infiltrate this office, steal a lot of information and get back out again, in 15 minutes. But it's a penetration and data exfiltration job. So team-based people will penetrate into a virtual office, and we're framing out the walls and everything. You'll have to pick in, once you're in, a team of people then can try to get documents, which you don't just unlock a lock, you have to spread them out, legibly photograph them, put them back where you found them. I think we're including now, there's a smartphone, like an Android phone, so you have to hold it up just right and maybe you see the pattern. You swipe it out and you get some contacts. So I have this computer running Windows 3.11, so I'm watching people try to fumble their way through Windows File Manager, looking for data, but the really key thing is that if you can unlock the computer where it's chained up, can you get the whole computer out of the office, and can you do it without powering it off? So we are hot-jacking into the wires, splicing in the UPS using a tool the feds use, called a 'hotplug', to transfer the switching of the power on a whim, but a lot of people mad dash, half tiger-team, half Marx Brothers movie, running around this office, getting everything, getting out clean, locking it up after themselves. Yeah, I can see a lot of us who used to be the guy who would maybe get drunk and worry about being arrested, now we all have jobs where we do this professionally and get paid for it. All right, all right, we are ready to begin! Everyone we're going to do science over here, we're going to do less science over there! These teams are tasked with cooling the beer to exactly 42 degrees... which is ridiculous... but... People came through... people came through in amazing ways that I never expected. This year I took away all the restrictions about what you can and can't do and I said you have to get it to exactly 42 degrees. And... time! And this last minute entry "Team Ice not Science" if I got their name right... hit it! Exactly!... It was a fantastic success in the end! Stop! This is ShizNiz live from DEF CON in the beautiful city of Las Vegas behind me you can see the skyline... It's a rooftop! Look at that rooftop! Over to your right if Dave can get it... There you go, there's the mountains... There's the Alexis Park... The Alexis Park is part of the DEF CON legend. It definitely, it's probably the closest thing DEF CON has to a home. I know, I wish it was still at the Alexis Park. There was a long period of time that I associate with Alexis Park. We were there for a long time, like 6 or 7 years You've got the whole property. You can hang out by the pool... This is some horrible 70's-like apartment building laid out rows of these hotel rooms, with pools and grassy areas down the middle. It's like multiple pools that we could just party at all night... If you don't know what the Pool 2 means, if you don't know what Pool 3 means... You weren't there... I mean it, some really ridiculous stuff went on. Pool 2 and Pool 3 were just sort of like these nexuses of activity and energy... You could be guaranteed to find something going on at 2am, 3am all the way to the sunrise. And we had folks that were underage, and we had folks that were overage, and everyone was not sober, and doing their thing... I was told at one point that at the Alexis Park, we did enough business in alcohol sales that equalled about 4 months of their normal alcohol sales. And you talk about debauchery? The AP was where true debauchery at DEF CON occurred. And at the time, the hotel owners, they were alright, they were alright. They basically had the attitude of, "You know what? You can trash our hotel if you want." "You'll pay for it, but at the end of the day, we'll take your money." They weren't as concerned about the lights around the pool getting destroyed, any things of that nature, so it was a little bit easier to deal with, you know, destruction in that way. I go to check in, and they hand me a list, "Ok, let me explain this to you." And it's a list of all of the objects in the room at the Alexis Park with a dollar amount next to it. "If you would like to destroy this object in your room" this is how much it will cost you." You could just get insane and you weren't waking anyone up, you didn't have to worry about security coming and telling you to stop doing something because usually you were doing it to somebody who wanted you to. The Alexis Park, we were much more hands-on because they didn't have a security staff that a casino has So I was arrested at DEF CON in 2002 by the hotel security guards, but I don't know who ordered it, I guess a goon, probably Priest ordered it, and I ended up in the Alexis Park jail, which is very roomy, it was kind of a Bacchanalian, Mediterranean motif, there were grape leaves on the walls and things like that. There's no bars or anything like that. And since it was a non-gambling hotel you could do whatever you want, wherever you want, because you didn't have to be an adult. You used to make announcements at DEF CON that, "So and so's parents are" "looking for their runaway child," you know, who was 17 and was off at the con It was a different experience, everybody says "I wish it was the Alexis Park again." "Oh, I wish we were back at the Alexis Park." Honestly, I do too. I really liked the environment, the pool parties, the open atmosphere, we had the whole hotel. But then everybody forgets that, oh, the lines are ridiculous, all the rooms were overcrowded Oh, I couldn't do anything, it was awful. There was no room for speaking. I mean, people would make t-shirts about how terrible it was to get into the tent in the parking lot. So, it's better, it's more organized, yeah It's a little different, I wouldn't go back. For us to go back there now, we would have to cut this conference by 2/3. And, nostalgically, yes I look back on that time, and it was a great time. But we need a venue the size of the Rio, now, to support the size that we've become. But, that's probably the time, when, things seemed to settle in. That, you know, we've going something going here, and it's probably going to continue for a while. Well, and that's one the things. Obviously, the Alexis Park is near and dear to a lot of people because, this is, you know, how many years have we been away from the Alexis Park? And still, every year, somebody drives over there, walks into the front of the hotel, and steals the giant floor mat in the front, and brings it back to con. A conference badge has three purposes. The first purpose is to show that you've paid for the conference. It's a security token. Number 2, it sets the level of your security, when you're within the conference. Third, I wanted the badges, that I created, to be something that helped brought people together. I intentionally designed the badges to cause people to have to look at each other, and talk to each other. To get to know somebody that they might not otherwise have known. It really is the interaction with the other people at DEF CON that makes DEF CON what it is. It's not the "oh, I have this uber, awesome, electronic circuit badge that does such and such." It's the people wearing the badge that matter. And, I think a lot of people miss that. The years where we've had an electronic badge, people show up wanting to do something with this awesome little piece of tech that they were just given for their entry fee. This is, we're helping... This is like an open badge solder session. We're helping people complete adding the connectors to their badges. We're not doing it for them, we're assisting them, and letting them do it themselves. Because that way they learn how to solder. So far, no one's done anything that hasn't been able to be fixed. So it's more of just learning, and, community learning project, I guess. Just doing the badges. Yes. First DEF CON. First time soldering. A lot of firsts this weekend. I really like to help other people just get better at what they do. Or to find an inspiration, something they're passionate about. And I like to help them progress along that path. Pretty much 90% of the people here have never soldered in their life. This is their first time. And that's the goal. It lets people, introduce people. Hey, it's not that scary. It's okay. We're here to guide you, and maybe, you'll do it in the future. And if not, you'll know you've done it. So it's one of those skills you'll have. I know a lot of guys, who are like, collecting badge firmwares, and flashing stuff, and have no idea what they're supposed to be solving. Usually, the only people that are really getting it, are sequestered in their hotel room, just, going crazy on it. There are some people that counterfeit the badges every year. And we try to make the badges hard to counterfeit. And there are some people that spend a lot of time counterfeiting the badges. And, I think that's cool. If you can counterfeit the badge, and you can get past the guards, repeatedly, good for you. You probably deserve to get in. Right? That's what a hacking convention is all about. If you're good enough to fool everybody, you've put more energy into hacking that badge than we did, probably, producing it. So, good for you. They had the smiley face, you know, skull and crossbones, the basic logo for the con. And I think their first design flaw was, same PCB board, different colors. So you had people that went out and spray painted them. And things like that. Well, the absolute worst thing to do is to step into the goon SOC with your cute, little red badge, and claim that you're a goon. Because we all know who we are. And once the door closes, you're ours. And so it was a space where I felt more at home, where I didn't have to explain anything to anybody than any other context I'd ever been in. Real hackers are incredible. They take nothing for granted, and they look at things to see how they can be combined to make something new. And hackers really have a interesting, innovative, creative way, the best of them, of looking at all sorts of problems.. that a normal person wouldn't know how to do. And being fearless in the face of ambiguity; Holding multiple representations of reality simultaneously, in their minds, even though they may be contradictory, and conflicting... And holding them there, lightly, while you explore which ones are a best fit for now, to the sensory data coming into society... You know, Feynman, great physicist, he said "The interesting fact is the anomalous fact." Emphasize both fact, and anomaly. Because it says there's a whole cornerstone here of another way of looking at things, that we're missing. Well, that's what hackers are looking for. And that's why I've taken to it so. Because the edge where new realities are appearing, and normals don't see them at first... But hackers are looking for them. They're kind of the little homunculus, inside the machine. When I come here, I don't have to explain anything, to anybody. My point of view, or my point of reference. Or, why I said what I said. Or, what was ironic. Or, or, what was meant straight up. Because people just kinda get it. And that's a terrific thing. Probably our signature event, is Capture the Flag. When you go to DEF CON, and walk through the Capture the Flag area, you're seeing some of the best of the best teams that are out there. Well, this is really, this is the Wimbledon, this is the place around the world where it all comes together. What strikes me isn't in the room. It's the fact that there were a couple thousand people competing, from around the world, to get into that room. Some of those guys, that travel from like South Korea, or from the Middle East, to do CTF... they came thousands of miles, and are not going to sleep for three days. To participate in one game, at one event, that happens once a year. And that's what amazes me. It's about a bunch of different teams, getting together on a big network, trying to steal each other's stuff, in essence. 6930:57:42.592 -- 0:57:45.428 It's worth coming once, to see it. Capture the Flag has been there since the beginning. And, really, from a hacker perspective, it's the type of thing that you think of, "Hey, how do I take over this guy's computer?" Don't miss any con where you can sit down at a laptop and make the network work, and start breaking things. So, Crash and Compile is a programming contest, crossed with a drinking game. What could possibly go wrong? If you're familar with the ACM style programming contests; You're given a challenge, a word problem, you know? Write a program, that takes this kind of input and generates that kind of output. Or some arbitrary word problem. And you start coding. And you're coding along, you're coding along, and then you say, "I think I'm gonna test something," and you try and compile it. And it doesn't compile. You take a drink. If it compiles, but doesn't run, you take a drink. If it runs, but doesn't produce the right output, you take a drink. Okay, you can see how this could degrade very quickly. After 45 minutes, any points that are not awarded, or that have not already been awarded to competing teams get awarded to Team Distraction. The team with the most points at the end of the night goes home with a Black Badge. No, Team Distraction does not qualify for a Black Badge, unfortunately. And you're coding? No. I am part of Team Distraction. Our first goal is make sure that they get enough water, and they don't drink too much. But then, of course, you know, we have to distract them from their coding, and kinda like mess them up, and, you know, just, distract them a little. Does everyone have a beer? Let's rephrase that. Who doesn't have a beer? Are we there yet? We're there. Okay. Any other questions? No? Groovy. Let's go program. Brilliant. Let's go program. Gotta energize the crowd. I gotta set the pace, set the tone. And then I have to say something outrageous pretty damn quickly, gotta insult somebody quickly. The show's begun and I'm not really aware of much of anything else for the next couple of hours. I want the audience engaged within 10, 15 seconds. I want to have that dialogue. "Copyright lawyers mean this, by I.P." [buzzer goes off] "Win or Lose!" "What is intellectual property?" - "What is intellectual property is correct!" You can piss this crowd off very easily. So, you get your feedback very very quickly as to whether you're doing a good job or a bad job. Jeff and I had talked, and he says "I really wanna notch up the 20th, I wanna go out" with a bang, and I wanna do all these crazy things." And it was "COOL!" "The final category is Beer." I think that this audience, probably 50% bigger than last year. So that would put that crowd, I'm guessing, in the 2,500 range, something like that. But this one was huge. We'll see you tomorrow night, for the final final final round of Hacker Jeopardy, DEF CON 20. Common experiences at DEF CON include... I don't remember. Meaning that if you have a good con you probably have no recollection of what actually happened. If you've never been, don't base your assumptions off what you've read or heard. At this point especially, DEF CON is something you just have to experience. DEF CON is not a convention, it's a meta-convention. But there's so many smaller events, gatherings, meet-ups, projects, that it's become a group of other smaller conferences. There are other aspects, other facets of the con, that are completely different then what you have heard, thought of, expect or even dreamt are possible. There's people you've known from internet stuff, only through that, and you come from a small town, right, you don't know anybody, and you have this weird stuff you're into. And then you go to DEF CON, And that's where you meet the people, right? And it's beautiful. Just hangin' out, the conversations. It's the place. DEF CON is the place. So they change periodically. And so the fire marshall you had last year may not be the fire marshall... Oh, I think that's... the attorney. "Hello? Hey, OK, we'll let you in." I can think of a couple of things he might have done, ya know, that I wished he hadn't have done. I can think of one. When we started, it was very clear that Jeff was younger, and he was way smarter then me, but in my opinion, he had no street sense, which essentially just meant that he didn't know what the ramifications could be from a law standpoint on some of the stuff we were dealing with. You know, it's really not property damage stuff. We, you know, that, we can do something about. You can liquidate that, you can price it, you can figure it out. I mean, we've had lawsuits, we've dealt with big major battles with me versus eight lawyers from Cisco for about 2 years. You know, it's got these players that can get involved that aren't really attached to DEF CON that could put DEF CON at massive risk for government intervention, heavy duty lawsuit intervention. People want to come to DEF CON, which is fine, that's what DEF CON, Jeff likes it, I think. They come to DEF CON, they're like "Hey man, I wanna step on the toes of "fill in the blank" mondo, master, master of the universe, aggressive company. "I wanna come to DEF CON and piss them off, what do you think?" And it certainly isn't boring when somebody says "Yeah, I'm gonna shut down, ya know, huge Corporation X." So there's problems the public knows about, and there's problems that never see the light of day. Or hopefully never see the light of day. So we've had a little bit on both sides. Nearly dodged lawsuits, those kinds of things. We had one at the Alexis Park where there was a federal grand jury we heard about that was investigating DEF CON and they were asking for all the room reservation, credit card info on everybody who attended DEF CON. Luckily we are cash only, so there's no records to seize from us. So as the organization we were fine, but the hotel and vendors in the area, they were getting their records taken, seized, and they're performing some investigations. In the end, nothing came of it. The grand jury as far as I know never did anything with it. But, that's one of those things where for years I was telling people, there's a reason why you don't process credit cards and keep records. And after years of doing that, I was vindicated in my paranoia. Because that would have been a huge legal battle to deal with all of that. To try and turn it over, not turn it over. So there's battles like that that never see the light of day. And this is the first time I've ever actually talked about it. Describe Jeff Moss. - Describe Jeff Moss. Oh... Jeff is a friend. He's an interesting guy. He travels a lot. He's very intelligent. Jeff's awesome. He is legitimately a good person. He's absolutely brilliant. And in my opinion, if we didn't have Jeff, this community and this culture would have never grown to what it is. Without Jeff, DEF CON never would have made it this far. I believe that without DEF CON goons, it also never would have made it this far, but Jeff is the glue. You know, he's the glue that brought us this far. This grew from a very small conference where the staff was equal to, or more than the attendees, to a crowd that regularly we've had to move venues every couple years, because we keep growing so much. Yet, that continual continuity, and the spirit of DEF CON if you will, is maintained because of Jeff. He's overly concerned about what the DEF CON attendees think about the conference. He wants them to have a good experience, he really does. Jeff cares about DEF CON, so much! He's a bit shy, as I'm sure everybody has gotten to figure out over the years. It's difficult to get a hold of him sometimes at DEF CON, and difficult to grab him. You know, he's like most hackers. He's not overly social, and he's got that quiet side, a little withdrawn. He's only got so much he's willing to give you. He is a really personable, kind-hearted guy. He is managing chaos, and it is not an easy job, and he's a very smart guy, and it's very difficult job, and fortunately, he's also surrounded himself with people who can help him do that. In the early days, there wasn't a formal structure. Kind of in the beginning, we all were security goons to a certain extent, and whether is was official or unofficial there was a group of people that helped control of what was going on, and it wasn't until later years, that, as the attendance went up, that we had to deal with more formal roles. Rule number four. Do listen to the Goons. If a red shirt tells you to do something, do it. The goons aren't trying to ruin your fun. They're just trying to make DEF CON an enjoyable experience for everyone. I mean, without the Goons, I think there are a lot of things that would just fall apart really fast. And they have in the past. It may have been after DEF CON 9, it was really a rough year. I don't exactly remember why, but we had growth spurts. Where at the Alexis Park, they're physically breaking up fights. They're picking drunks up out of the rose bushes. They're doing CPR on people. The Goons at the early Alexis Park days that everybody misses, were actually Goons. There have been some serious cardiac events, that I participated in, but we have had no deaths. We were really beat up after 9, and we had discussions then as to, "You know, do we call it quits at 10? We've had a good run. Ten years, that's substantial..." Maybe we'll do it one more and see how we feel." And we did 10, and 10 turned out to be pretty good, and thankfully, we didn't quit. All of the various teams have kind of occurred organically. There's a lot of compartmentalization, that I don't think people realize. Everyone has their own responsibilities that they're dealing with. We've spent a lot of time over the past year setting up for this convention. It is truly a labor of love. We are all volunteers. We don't do this for glory, we don't do this for anything other than we want you guys to have a good time. When I'm not at DEF CON, we're talking about DEF CON. The entire year, we're planning for DEF CON. We're thinking about DEF CON. We're telling DEF CON stories. Because we live it. We love it. You don't become a Goon. You're born a Goon. The joke is that we work for shirts. We get a couple of shirts to go and work for twelve hour days plus at DEF CON, plus all the volunteer time throughout the rest of the year. A couple of our guys have worn pedometers over the years, and the average shift is between fifteen and twenty-five miles. So, we tend to, especially newer people, tell them to wear the right footwear, make sure you always have water on you. Never walk into a situation where you don't have a plan. One of the things I like to say is: "At DEF CON, I live my life in the gutter, so you don't have to." But, you're right, things that people don't see, that's our DEF CON. That's the Security Goons' DEF CON. I'm glad to do anything I can for my fellow Goons. Any time, any day. I was creating a contest that would be something I would want to participate in. I used to say, magic is dead in the world, so I'm gonna create some for everybody else. I have to design cryptography and puzzles for an incredibly brilliant audience that is designed to be solved in three days. That's not too easy, not too hard. So now, that became my personal contest. My challenge to myself is how do I continue to entertain some of the smartest people in the world and keep their brains occupied for three days when a lot of them are smarter than I am, and can figure this stuff out. We've mapped out this challenge. The first thing we got on this challenge, was a writer with two keywords. "We program" and "Under Foot. This referred to an insane sentence in the program. It's on page forty. "Underfoot" represents the third oval, the third sticker in the convention center, and those two things are two markers we have to write on a piece of paper and give to 1057. Probably one of the biggest compliments I've ever been paid was and I've heard this a couple of times, "I go to DEF CON to compete in your contest." And that's, I mean I don't know what anyone else could say, I'm very flattered. I'm shocked, because it's just stupid stuff that I think up throughout the year and then I put it together, and try to make it a coherent flowing contest to the best of my ability. We're inside the Lockpick Village at DEF CON 20, and this is where we teach people how to pick locks for entertainment and sport reasons. Most technical people seem to have a rather strange curiosity about how things work, and one of the things that lead us into that is how locks work. We can teach most people within five or ten minutes how to start picking locks, and then some of them will stay in here and at the end of the day we throw them out, and they'll say, "Oh, I didn't go to the talks I was supposed to.", because they'd been sitting in here picking locks all day long. Most DEF CON talks start with a great deal of alcohol and end with a great deal of alcohol, at least the good ones I've noticed. The aircraft tracking stuff came out of the fact that I bought an app for a couple bucks that let me point my cell phone at the contrail and look at the information for that particular flight was overlaid on the camera. As I started digging, I found more and more issues. Just, you know, out of my own curiosity, I thought "How does this work?". I found all these issues, and it got really scary because, I speak a lot, and I go to a whole bunch of conferences. You know, this stuff can start getting really dangerous, so I was thinking, "Even if I don't have all the answers, I need to get this answer out." Really, I've done enough of these things and know the crowd that I don't get jitters or nerves or anything like that. It's the sort of thing that I'm running through some of the slides in my talk, some of the jokes I may have constructed. For a particular slide or a particular moment. But mostly, it's just "OK, does my laptop work? Are the slides up?" Does the projector work? Yep. OK. All good." Thank you. So, generally what I say is that when I get bored, bad things happen. At the Las Vegas Airport here, you've got a flight landing every 90 seconds. That's an awful lot of metal, money and people moving around. How does this all work? How does this all fit together? You always hear about air traffic control, but does anybody really know how it works anymore? I think that the audience is looking to learn something new. They're looking for an entertaining discussion on interesting technologies that at the end of the day are kind of important. So increasingly my talks have gone into Why is the Internet such an insecure place? What do we have to do, not in theory, not to satisfy academic stuff, but like, real world, what do we need to change to make this thing secure? All year, all my best research comes here. All year I work on "What am I gonna bring" to DEF CON for the next year" "What am I gonna do for this particular event?" Because it's where it began for me. My career started because I started speaking out here in Vegas. I started coming out to DEF CON and showing off these toys. I'll be honest, a lot of my talks have had nothing to do with security, it's just like "Yo, look what I can make THAT thing do!" The presentation was just facilitating dialog with this industry because unfortunately with something like a major vulnerability in air traffic control, there's no phone number to call in for that and say "Hey, can we talk about this?" That doesn't exist. It was the first time I dealt with something that was really serious. The entire talk was theory. I had no facilities to actually test anything in a real world scenario because obviously I don't want to be screwing with a plane while in flight. (Now the attacker is one step away between an evaluation and attacker controlled code.) My talks are stories and that's the one thing that I advise everyone else giving a speech. You're telling a story to your friends about some cool stuff. I have hundreds of hours of research that I have to tie together into a coherent explanation of the world. I was expecting a response and oh boy, did I get it. I was talking to people from major airlines, people with different airplane manufacturers, air traffic controllers, trainers, I've got a pocket full of business cards after this that I have to go through. This was me loudly knocking on the door and saying "You might have a problem" here. Let's talk about this." Over the years, I've gotten relatively high profile and I'm very happy and honored for all the obligations that come along with being a high profile individual, but I do miss being able to just wander through the crowds and see cool stuff and watch cool talks. I've got a lot of stuff I've gotta do; It's a lot of obligations. I'm not complaining. This is a tremendous amount of fun that I get to have. I build all these crazy toys and fill Penn and Teller and show them off. The best moment for me at DEF CON is always going to be at 4 in the morning when someone's showing off some really silly stunt that they built. And maybe it's good and maybe it's not, but man they love it and they're enjoying talking about it. The community has matured from DEF CON 4 and 5 dramatically. When I was coming to DEF CON 4 and DEF CON 5 and seeing people in an official capacity, I'm now seeing them bring their children and in some cases their grandchildren to DEF CON 20. I say "Great, bring your kids to DEF CON" because there is no better community to have your kids around than the people that go to DEF CON. There's every opportunity for them to learn something and as long as you're a good parent, as long as you're a good hacker, anything that they see or experience you can lead them on that path. Yep, so this is plastic. So, this is just a long string of plastic. So it goes into this, this thing melts it. There's a little heater in here that melts it, and then it squirts it out as the machine... Yeah, it's like toothpaste. This is the second time for DEF CON Kids and the second time that I've been involved and DEF CON Kids. Last year sort of was just a smaller way to try to get kids and their parents involved in the hacker community and basically teach kids about lockpicking and soldering and hardware hacking and privacy issues and law enforcement issues, just all of the things that kids don't normally learn in school. Speaking at DEF CON Kids and working with these kids is almost more exciting to me, or just as exciting if not more, than giving a talk at DEF CON and having an opportunity to directly influence these kids. It's like an immediate... you can see it in their eyes, it's this immediate understanding once you show them something. They get it, and that can change their life. I would like to start programming, I would like to start learning the languages that they mentioned, for example, I would like to start learning python. What we were thinking of doing is adding some little extra pieces onto here and solder those on and make some other cool programming with the light and make a cool little light show. The kids love all these speakers and they're the best speakers... and I couldn't believe that DEF CON Kids had these same top speakers addressing our children. We're supportive, helpful, and just want the kids to gain this love of what they're passionate about and sharing it with the world and it's wonderful. This is kind of for the kids to really inspire them to get involved in the hacking community and start doing some things. We've had the privilege to hear from some really great guys and the kids are excited to go back and start doing things. It's been a lot of fun so far. Even though it's only day 1 and I think we've only had about 4 or 5 hours of sleep, it's been awesome. Well, most interested in, I think, is hacking. I kind of want to be a hacker when I get older, you know? I would definitely call myself a hacker. So this is the year that your daughter, your eldest, goes to DEF CON, right? I plan on bringing my 14 year old to CON. This year, hopefully, will be her first year, so I'm hoping to drag her out and show her, not just what I have experienced over the years, but frankly, where she came from. Because at a basic level I have to explain to my kids that I met your mom at DEF CON 4. I've asked Dark Tangent for child support and he's like "hahahha.. Who are you?" That's how it went, really. I don't expect Jeff to know who I am. After all these years, I mean, I've been going to his shows for 16 years, and that's OK. I feel OK with him not knowing me personally. Because frankly, the dude's got like 20,000 people that some of them expect him to know them personally. And I'm OK with that. If there's a message you want to say to him what would it be? Thank you, Jeff. After Capture the Flag I thought that the Scavenger Hunt embodied the hacker spirit the most. No, No, AAAAAAHH!! It's a tin foil swim suit. Good Job! They're going to suck my blood. Hi, How are you? Good, I'm here to get my daughter. We've got a huge list of items and or tasks for the teams to complete. By the end of the day or the end of the weekend the team with the most points wins. There's a lot of activity at the tables constantly because the list is things to get and things to do and things to perform and that sort of thing we get a lot of... - find, make... meet. -Activity all around the table. We want people to have a good time and ending up in jail generally is not a good time. While there may have been things that are a grey area, or could end up being illegal activty... I think we come from a community who... knows not to get caught. We don't condone fire or stealing mostly... Umm... And I don't know how someone sourced it or found it but, the... head of a cow. We put on the scavenger hunt list a live chicken, and I think we got six or something. Scavenger hunt winners of the past go on to become goons and contest creators and contest organizers and speakers and staff. Because you have so much social interaction it really engrains you into the community. Oh, on the weekend of DEF CON... I think last year we booked 14 shows. I issued the ultimatum I'm going to book less shows... and it ends up being more. The thing about DEF CON that I find incredibly fascinating is that, yeah.. a lot of these basement dwelling guys that basically... are getting tan off of an LCD monitor party the hardest out of anybody I've ever met... Like.. Serious rockstars here.. Everybody just fueled by alchohol and Ballz and any type of A.D.H.D. medication they can get their hands on... Hey, so we are going to kick this thing off... we've got really a lot of things to talk about but we've tried to organize it... So... This is the 20th year. How many people believe that? Yeah... So I'm just curious by show of hands.. How many people was this your first DEF CON? So we scared away everybody else... We've got guys that have been helping out for 19 years... That's amazing, I would just never have expected that. So, I guess I'm most proud of producing something, having a group of people support me... that's still doing stuff that people care about. So... what I want to do is we want to hand it over to Zac Franken who's been the head of operations for I don't know... closer to 18 years. Let's hear a round of applause... Thanks. Thank you DEF CON 20! DEF CON, as Jeff has already said, couldn't exist with out a lot of effort from a lot of people. And, in the early years I used to name them all... but now there's 300 of them. I've trimmed it slightly. So, while DEF CON is running, basically I'm almost certainly not having a good time... Mainly because I just run around and put out fires. And of course my friend Jeff who, threw this shindig 20 years ago.. I can't believe it's still fucking going... but it is... I can't believe there's so many people here that had a great time! And.. most of all.. thanks to you.. It's you guys that make DEF CON! Thank you so much! DEF CON is not something that happens for us for 3 days in July or August every year... it's almost something that we think about and work on and do stuff for all year round. It becomes almost a part of your identity and I know that sounds kind of weird... it's when everything comes together... I know why I stayed up all night... so many nights in a row... There have been moments where you sit back and you say "That is just absolutely amazing." That someone was able to think of that, or several someone's were able to think about that... and do that. I still love, just how excited people are there... and the fact that you helped... to make it happen for them. I said to Deviant, it was a really great challenge. Tt was fun to compete and... DEF CON was great! Thank you everybody! This community, is misunderstood by the media... and unfortunately, the media is the message out to the non geek, non hacker community. But the thing that I think came out perhaps this year more than any other year... So, I just want to tell you what we've been doing for the last 3 years. Year 1 we had 95 people sign up for the Be the Match bone marrow donor registry. Year 2 was 161 and this year we got 232 people to sign up. In addition to that we raised over 3,300 dollars as well. More than any other year this one was really about love. With the blood raising, the cancer stuff, the huge amount of money for E.F.F... I mean even just saying it or thinking it gives me kind of goose bumps. This one was, 20 years of love. Ok, we've got some numbers for you. The info booth raised 58 dollars, the firearms simulator 3,620 dollars, Mohawks...$4,333 Eddie Mize, was the artist with the great t-shirts you can still get outside of the contest area, $3,500 The Summit, 1,500...789 dollars... $15,000...$15,789! And Hacker Jeopardy, for a total of $30,380...so thank you, thank you very much! So I'm going to go over here So... you have to understand, he's made this promise for what, 3 years in a row now? This is beautiful, we have been waiting for this, time for Jeff to get his hawk. Now, Jeff failed to mention that he has like 6 different meetings with incredibly important people around the world in the next couple of weeks You know, it's actually really nice fulfilling a promise, cause now they can't bug me True! That's true, now, but I haven't decided, don't I have to donate money to the EFF for this? Of course! I was thinking maybe $10,000 What do you think? That's probably a pretty good thing... Thank you very much, see you next year! Woo! I joke with Jeff that he could cancel it tomorrow, like legitimately cancel it, say "Screw it, I'm done. I'm going to do something else with my time." And DEF CON would still happen, it would continue to happen. Everybody would just go to Vegas anyways. Eventually people would start talking about stuff. Eventually they'd say, "Let's go down to the bar and take over this empty conference room and" "talk about it." And DEF CON would continue to happen organically, probably for years after we just walked away from it. So, for those of you who aren't in the conference business, what happens is you sign hotel contracts for years in the future. You have to look into the future and decide, "Ok, 2 years from now, are we going to be burned out? Are people" even want to come to DEF CON 2 years in the future or 3 years in the future?" Because you have to sign these hotel contracts years in advance, and so who could you hand this off to? Or who would want to take on that responsibility? And I think the conclusion I've come to is, I'd probably just stop. You know, and I'd... people could continue the organization, continue, they'd just name it something different. I'd give them all my projectors, it would carry on maybe under a different name, but it probably wouldn't carry on under the DEF CON name. The only scenario I figured that out was if I get hit by a bus and I die and I want to have the final DEF CON, huge party, though somebody would have to plan that, cause I wouldn't be around. I don't know why, every year, honestly. Every year after DEF CON, I think half the senior staff says never again. All of us, we're all, "Yeah me too, me too." And then all your friends, I have friends all over the world that DEF CON for sure they show up to. And, you get wound up, you get excited for it, you look forward to the experience again. So... yeah, we forget how much it hurt. Yeah, I do it, I've been doing it for a long time. You know, my second, she's 10 years younger than I am, she's been doing it for 5 years. She's probably due for her shot to do it, and I can be the old grey beard that shows up at DEF CON, just sits in the corner has a beer, and reminisces. I can honestly say that without that first DEF CON, and without, you know, shaking hands and meeting people, becoming a Goon, I wouldn't be the position that I'm in now, and I wouldn't have the career and the means to support my family that I do now. It's outside of my imagination, missing a DEF CON. When I started, it was like, "Oh my God, I found my home!" and that was, that's kind of where it started, for me. Once I got to the first one, I was hooked from that point on. It's a degenerate family reunion. These people are my family. It's a family reunion, you gotta come every year and see everyone. Basically, if you go once, you're hooked. DEF CON is, it's an experience like nothing else. It's great people and a great atmosphere, and I think from the time that I went, I knew that I would always go, that I would find a way to make sure that I was there every year, and 13 years later I'm still going. These people aren't just my friends, they're my family, you know, and I genuinely genuinely love them. I don't believe it's appropriate to talk about that on camera. Ah, I can't discuss that. I'll tell the story, but I don't think we should actually... No, no naming names, no naming names We'll tell you off-camera I can neither confirm nor deny that. Sorry. All right! Edit that out... Nothing I'm going to admit on camera at this time, and 'til the statutes of limitations run out. And then I'm happy to admit it later on, that's once we've you know, checked with the lawyers and all that stuff. I think half of the experiences of my life that I attribute back to... happened at DEF CON. I don't know how many of them I can talk about, I probably can't talk about any of them. I really would like to, but, ahh, I... Transcription by: Anch, Phorkus, AlxRogan, Medic, Panadero, and Russr |
|