DEFCON: The Documentary (2013)

1
What the fuck, dude!
What the fuck!
Oh shit! There we go!
The history.
I had been running the
Dark Tangent System,
that was the name of my
bulletin board system.
The bulletin board was known around the world,
we were on international FIDO networks.
And one of those networks called Platinum
NET out of Canada, was going away.
He was shutting it down.
I was the biggest node, I had the most users,
and I distributed to the United States.
And he wanted to throw a party, a going away
party for all of his Platinum NET users.
But he didn't want to do it in Canada,
and all of his users were in the states,
and so we were talking, he says "Well you
should do it, we should work together."
And I said "Great. Let's do it in Vegas."
That makes the most sense, cheap airfare.
And he said "Sounds good." And I mean, this
happened over the course of less than a week.
It was really brief.
And then all of a sudden he
disappeared, Platinum NET went down,
and all these years, 20 years later,
I never heard from the guy again.
I can't even remember his
name, it's been so long.
So when he disappeared, I had already started
planning to do this going away party
for Platinum NET.
So instead, I invited all my networks and it
went from being a going away party to, a party.
There was HoHoCon, there was an XCon.
There was PUMPCON, Summercon.
But there was no real west coast con.
So we figured, OK...
So it ended up being DEF CON.
The first one, there was a flier that
went out and that kind of circulated
around on some of the sites, and, and I think
that's how I came across it initially.
I'm assuming it was because of a book I
wrote, or maybe my congressional testimony
I don't know, but somehow he had
contacted me to come out and speak.
I actually didn't wanna
go to the first DEF CON.
I did not want to go to the first DEF CON.
A number of my friends were going.
They were trying to get me to go, they
kept telling me it was going to be fun
and I kept thinking to myself, "I've
never been to Las Vegas before",
and you know, I used to go to BBS
user meets, and well, a lot of them
are pretty lame and I thought to myself
"OK, this is just going to be
a BBS user meet... in Vegas."
Jeff contacted me somehow, said
"You wanna come out to Vegas?"
I said, "Well, I don't like Vegas."
"Come out and speak and there's
"a bunch of people, Phil Zimmerman,
and a couple of other folks," and...
DEF CON 1.
And I had a blast. I had so much fun.
It felt we were part of something
that was really kinda legitimized
because there was this event around
it, you know, it wasn't just,
you know, random people that you might
have known or heard, or it wasn't
somebody (in the phone phreak
world) on the end of a toll-free
loop around that you called at midnight.
"Hey, who's there?"
So, I ended up meeting a lot of people, some of whom I'm
still friends with to this day... out of all of that.
And I remember, after the first DEF CON
was over, and I was back home, and I
was decompressing, somebody wrote
me on UUCP in my email. Wrote me an
email and said "Hey, that was great.
When are you doing it again?"
Until I had gotten that email, I had
never thought of doing it again.
And then I thought, "You know, I could
probably make this better. I could"
"change this, I could..." and then that started
it, that was all, game over from there.
It was, every year, what can I make
better, what went wrong, how do I fix it.
And that geek sort of fix-it mentality kicks
in, and you're always trying to improve it.
It's sort of like this challenge you'll never
solve, but you keep wanting to make it better.
The people who missed a few years. The
differences between their experiences
is going to be pretty
radically different.
DEF CON 1 was around 100 people, and we
expect roughly 15,000 for DEF CON 20.
We work nonstop. I haven't seen
4th of July in like 7 years.
It's crazy that DEF CON, you can label
it as a hobby, takes so much time.
Because it seems like pretty much from
the moment DEF CON ends until the time
that we're spinning it
up again, we're busy.
You know, technically I retired 2
years ago, but I can't give it up,
because it's such a part of me. I'm
giving back to the same culture
that spawned me.
DEF CON for the last 10 years, especially,
has been a very big part of my life.
It consumes most of my free time. DEF CON
starts, for me, the day after DEF CON is over,
for the next year.
It's going to be amazing. We have so many
surprises planned for the attendees.
It's going to be remarkable. This is going
to be a really, really special year.
If you're sleeping,
you're doing it wrong.
A lot of people who are hardcore DEF CON
attendees, or staff, they negotiate
when they change jobs. "That's fine,
everything's good, but I need to take",
you know, 2 weeks off."
I never thought that my party would
be a job employment prerequisite.
I am not kidding, I am expecting another
well orchestrated, well-oiled machine,
coming together and producing
this amazing gathering of geeks.
No kidding, it's what we do. We come
together and we do the HELL out of it.
And I expect it to happen this year.
There's absolutely a difference
between driving and flying.
When Utah group, for example, used to
go down to DEF CON, years and years
and years ago, there was a whole process
where basically we gathered at this
restaurant called "D's", or we
called it "Freaky D's", at like 2am,
and basically 20 or 30 of us piled into
the restaurant and we'd have our caravan
of cars all set together, and
that was our group of people.
There are some hijinks that I can't even
imagine mentioning on the documentary,
that can happen on a long 9 hour drive
from the Denver area to Las Vegas.
When you're driving, to get there,
especially from the west coast,
you have to drive through the
middle of fucking nowhere.
And it certainly adds to the experience
when you roll in, and it's just after
sunrise, or just about sunset, you really
have no idea what time it is, and there's
Sin City, and of course you're playing
"Viva Las Vegas" by the Dead Kennedys
or something like that. It does
add to the experience I think.
"Actually, here comes the Hack
Bus now." "Pretty awesome!"
It kind of blows my mind that everyone's
so excited about going to a BBQ
six miles away from the con that have to rent
a taxi for, or go to the store and get food.
I don't know. I just feel like the BBQ
is this misfit love child of DEF CON,
because everyone's, "There's this thing that happens over there
and they're grilling alligator and elk and all this crazy meat."
"Why can't we ever go? Where is it?" And that
kind of adds to the mystery and fun of it.
Man, did I never expect that to become
something a thousand people strong, now.
To me that shows an awesome community
and spirit, and an effort of
"I want to see my friends and hang out with them and
I wanna do something simple, like eat some food."
You know, it's not at the con, there's
no crazy music, it's just a BBQ.
Ever since I was in town around DEF CON
10 or 11 you see those signs in the
airport, "Come Shoot a Machine Gun."
Which, you know, is fine for me,
I've done that, but a lot of my friends
said, "Man, I'd love to do that!"
Well, I said, let's just go out in the desert,
I'm sure we can find a nice group rate, and
and we'll shoot out in a sand pit, and
everyone had a blast, and they said
"Boy! This was great, you
want to do this again?"
So now, there's just this well
known, public shooting spot,
way out on the Lovell Canyon
Rd, where anyone can go and
shoot what they want, as long as they
police up the area. And we use it and it's
again, much like DEF CON itself,
getting popular and growing.
Now we have canopies and tables rented, that I arrange.
There's a small per head fee,
just to cover that. We had a hundred people on
the line last year. We've got damn near that
many registered this year. We're going to
stay safe and see what we can make happen!
Can everyone hear me, over
the reports, over the berm?
All firearms are always what? Loaded!
They are always loaded!
Nothing is ever an unloaded firearm.
You always point the firearm where?
Where? In a safe direction.
In a safe direction.
Yes. The key point being, not just being
what is your target, but what is beyond it!
The hacker community, you can never put a single hat
on anybody, but there's a libertarian undercurrent to
a lot of our membership, so being able to treat
guns as, well, that's this piece of equipment
if you use it the right way, it's great.
It percolates through most minds.
So, you get the occasional raised eyebrow, but
half the time that's the person who's, like,
"I'm gonna go see exactly what you think is so
fun," and they're out there shooting a cannon, or
an automatic rifle, and they
say, "Boy, I get this."
I think it was the year when it was at the Aladdin,
and we'd forgotten to sort of clean up our
room, or we didn't think the maid was gonna show up as early as
they did, and we had gone off to breakfast, and we came back
and the maid had been in the room, and cleaned
the room, and organized all of the drugs!
So there's a little pile of acid, and a little
pile of ecstacy, and some other pills, and they're
in nice, neat little piles, and everybody's like,
"Well, I guess things are different in Las Vegas."
You've got to put the
convention in a 24 hour city.
You know, it's got to be like a New York,
or Vegas, or maybe a San Francisco, because
hackers get bored, and there's got to be something for them to do. And I
saw what happened when you had a lot of bored hackers running around.
You know, a lot of activities
in the computer underground
would happen after midnight. That's
just the way it is. So, you know,
the fact that people can move around,
and not be noticed as much being
a group moving around at midnight,
that kind of added to the appeal.
I'm big on privacy. Nevada still
respects people's personal privacy.
You know, your hotel room is
considered your domicile.
It sounded fun... you know, just a bunch
of computer people, it just seemed like
my group was in Vegas and it sounded
like a really, really fun time.
So, that, you know, whole
underworld connotation of it all,
was very attractive to me.
So I feel like there's gonna be a stream of people really dedicated,
like, "We're gonna be first! We're gonna be first in line!"
I wanna make sure I get a badge. That was my biggest concern since
my first DEF CON, and I wanna make sure I walk away with a badge.
We're all DEF CON virgins, we gotta pop
that DEF CON cherry. Get those badges!
How many hours do you have
before you get your badges?
At least nine hours now?
Ok, and that's $20. So, that's
$20 plus $20 tip for you.
Thank you very much! Yes, we drink. Good!
What are we drinking? Stop recording, please!
We've got pizza. Pizza is GOOD! Alright.
Jet-Lag has sunk in. It looks like
he's using a pizza box for a pillow.
We will not abandon our posts.
This is my first DEF CON badge! INTERVIEWER: Now what
made you decided you were going to come to DEF CON?
My husband's work decided to send him, and
I started going through all of the videos
that they had for DEF CON 19, and I started looking
at that and going, "Oh, this is really cool!"
This is the 20th DEF CON, and I've been wanting to do it for years,
and it was just one of those things that just sort of lined up,
all the moons lined up perfectly.
Definitely heard a lot about the con. It's a somewhat
affordable con, and there's lots of technical discussions.
A whole bunch of really smart people that probably know
more than I do, most of them, so I hope to learn something.
You know, an opportunity to hang out with
those people who really know what's going on.
You know, it's too
enticing to miss out on.
I thought this would be an amazing place
to just meet really intelligent people.
So, now I'm here and I'm really excited!
To meet a lot of interesting people and
learn a lot and have a lot of fun at once.
It's kind of, you know,
a big congregation of
people who live anonymously
online, get to actually
socialize in person, and
not have to worry about,
you know, revealing their identity.
Well, I've read all kinds of dire
warnings about using anything
that's potential hackable, and
nearly anything is hackable.
I was told to take the
battery out of my phone.
You know, I've got a check list
sort of in my mind, you know, kilt,
colored hair, drinking before 10am
I haven't seen quite just yet...
Every single device in the world has some
kind of computer in it, and they all
have vulnerabilities one way or
another and this is information of
what those vulnerabilities could be and how
to fix them and improve it for the future.
Are you the teacher?
- Yes. You are the teacher, and this is your first DEF CON?
Yes. INTERVIEWER: And you thought to
take a pack of neophyte students into
Las Vegas to go to a hacking conference?
- Yes. INTERVIEWER: Do you have tenure?
Rule Number One: Follow
the 3-2-1 rule. DAILY.
And please bear in mind,
these are minimums,
at a minimum, three hours of sleep.
Two meals. One shower.
By tomorrow afternoon, the
pungent and stank aroma
of many DEF CON attendees will waft through
the air and hit you like a Mack Truck.
So, remember, you plus deodorant
equals everybody wins!
I, like many people here, will
not remember your real name.
There are lots of Steves, Jeffs, Chrises, and Bills, but
maybe only one, maybe two, with your unique handle.
Hopefully, you've picked a good and unique
handle to avoid conflicts in the namespace.
Create a good handle for yourself,
before someone creates it for you.
So I've got a question. Who
here is from other countries?
Wow.
That's impressive, thank you for coming
all the way to join us, you guys,
that's awesome that you came out.
DEF CON is truly an event and a
conference where you get out
what you put into it.
DEF CON is the one time a year where
everything that we do year-round
actually becomes physical.
All these people that you've met in IRC,
All these people you've been chatting to,
All these people you've been reading
their research, following their work,
looking at the different things
they're publishing... They're here.
Walk up to them, tell them that you
like their work, and buy them a beer.
They'll probably be your best friend.
That's one of the biggest things about
this crowd you've got to really swallow
is the fact we're all
super, super approachable.
You can be a wallflower here and still get
a lot out of it, but you're not gonna
get your 200 bucks worth, frankly.
You're gonna have to interact, work
with people, get to know people,
go party with people.
If you don't know something, be proud of that.
Be like "I don't know this."
Can you please teach me? Can you
please educate me and train me?"
This crowd loves spinning people up.
Take the time to go in and learn
from these people. They're geniuses,
truly geniuses, and some of the
best in the world in whatever it is
that they're presenting or working with.
So, take advantage of it, you guys, OK?
Alright, the next rule is
one that basically says
"The media is not your friend.
Don't trust them."
What do you think is the number
1 thing people misunderstand
when they show up to DEF CON?
That it's a den of illegal activity and
you're gonna come learn how to do really
neat, illegal, black hat, gonna get in
trouble if the FBI shows up at your door
and you should show up with your ski mask
on just so no one can know your identity.
What is it actually then?
It's a publicly funded, private party
for a bunch of really cool people.
Yeah, our reputation is... it's out
there, but people are proud of it
and I'm probably the only one who tries to go
around and go "It wasn't quite like that",
it was sorta like this."
I don't think people understand how much
goes into creating a show of this size.
DEF CON looks like this big amorphous jellyfish
of people everywhere, but what I hadn't
realized is that there is really a lot
of stuff that goes on on the back end
to keep it running like clockwork.
That's what makes DEF CON so exciting.
It's super organic, is the way I see it.
If you're inflexible, it doesn't work
with DEF CON because there's too many
people and you'll just break, and
that's just the reality of it.
I always joke for me it's an opportunity
to spend 4 days out of the year
not caring about computers
or computer security.
Everybody's Christmas, New Year's, Birthday,
Anniversary, wrapped up into one, for hackers.
It's an experience that's not like anything
that anybody has described because it's
kind of something you can
make what you want out of it.
You can show up and you can just go to
talks and you can sit there and get that
out of the conference or you can show up
and just party. You can show up and hang
out in your hotel room with a bunch of friends.
When it comes down to it,
you're the driver of the experience. It's not
a pony show where you can just, you know,
sit down in a seat and let it unfold before you.
The more active you become
inside the con the
more fun you can have.
For me, I think it's more social.
Mainly, for me, it's just a lot of close
friends that I get to meet once a year
because of the diversity of where
they all live in the United States.
So this is kind of like a meeting point.
Go out there, be social, just run into
people and say "hi" and just strike up a
conversation because you will
meet interesting people here.
It's fantastic, everybody is friendly. I
can sit down and talk to anybody and I
just ask them "what do you do" and they're
happy to tell me about what kind of
employment they do or the hobbies that they're in.
It's just striking up
conversations. That's
my personal favorite.
It's a combination of the people who I run into
at DEF CON and just sort of the atmosphere.
It's like a giant party that doesn't
want to end but there is a lot of
really smart people in one place and it's
just, there is really no other place like it.
The first qualification, if you will, to
be a vendor at DEF CON is "how are you"
"providing back to the hacker community
at large." A lot of money goes through
there. It's kind of staggering. One thing
that we try and do is most of these
guys, most of the vendors if you walk
around that room, this isn't their primary
business. These are people that are in the community.
Take a look at these guys.
They're only doing this this time of year
and it's only to provide something to the
community that they think is neat.
Those are the kind of folks that
definitely get a priority when I'm
looking through applications.
It looks like you're doing things right.
Ok, is this on? Oh, Boy! Ok...
What I've tried to do with the whole
hacking community is raise the level
of discourse, that's the thing is,
to bring information, to make it
accessible and widely dispersed at a
reasonable price and make people happy.
And if I put a smile on their face it's like
"Wow, really, that's a great price and"
"I get that too?" That's good. I don't need
every last dollar. What are you gonna do
with dollars anyway?
They're just numbers.
Our main job actually is to create mayhem.
That's actually what we've been asked by
the management. Make sure we create a lot of mayhem.
We actually have official
DEF CON 8 posters from years ago that
we found, so, we're not selling them,
we're giving them away, but you have to
convince us to give you one, and that
requires mayhem in the dealer's room of
some sort that we don't officially support
but for some reason they end up with a poster.
Who knew, right?
We are simplewifi.com. We are long range
wireless made easy. We custom make all of
our antennas in Miami, Florida, so if you
want to go creating a hotspot around your
whole neighborhood or you have that guy with
an unfortunately has an open signal and
you don't want to pay for Wi-Fi you can
set your antenna pointing right at it,
grab that signal and you
have Internet for free.
The people that want something one year
that you didn't bring, invariably won't
want it next year. It's like everyone wanted network cables.
Everyone wanted PIN card readers,
or prox card readers or mag stripe
readers, encoders, decoders, you know,
it varies every year. And then everyone
that leaves something behind, like
"We need a hub" It's like, OK...
I only have 53 tables in total that can be sold.
Some vendors are getting 2,
some vendors are getting 3 so you have to
decide what's going to actually provide
the most benefit to the attendees, what
are they actually gonna want to buy and
we certainly have made mistakes in the past.
For one thing...
It used to be we shouldn't have even called it the vendor area.
There were a couple of years, and I
can't blame anybody but myself for this,
where it should have been called the
"buy your t-shirts room." The only thing
that was for sale in there was t-shirts.
You had 2 hardware vendors
and 33 t-shirt vendors.
Hackers love their t-shirts. In a weird
way, it's like a way to kind of express
your identity.
I think we all do that through our shirts.
It's a way when you're
walking down the hall at DEF CON or any
other conference or at work or wherever
for people to kind of get
an idea of who you are.
So yeah, I mean the T-shirt aspect
of it is certainly important.
This is the one place I can
wear all my T-shirts...
and people will know what it is.
- Yeah, people get it.
There's something about that
like, cinematic hacker.
That's both goofy and inspiring and...
Like I still play up... There's
this mystery around it.
Oooh, Spooky Hackers... and, like
there's this dark side to it..
And I still think I play
that up in the art.
That I'm still intrigued... I still
don't know all of what's going on...
Like, I'm a maker... I'm not a hacker.
So, I was a goon the first year and
they stuck me in the info booth.
And then, about half way through the first
day Russ came over first and said...
"Hey I want you to draw on my badge..."
We had great big badges
that Joe Grand did...
...and so I drew on it and then...
Pyro came over and said
"Hey, draw on my badge."
And then in like 10 minutes
there was this line
out the door of people
like "Draw on my badge.."
and so Russ came up with the idea...
"Well, if you're going
to draw on the badge...
"Why don't you make them give $5 to
EFF for every badge you draw on.
And raise some money."
So, like, laptops I'd
charge $20 for EFF...
and then it ended up with a pile of
money for EFF like the first year.
So then the second year they said "You're
not going to be in the info booth."
"You're going to have A booth and sell
art and draw on things for people
"to raise money for EFF." And
that's how that took off so...
You have to believe in
what you're doing...
and you have to believe
that whatever you have
is the hottest, coolest,
newest, best thing...
and that if you have any shred of
doubt about what you're presenting...
or if your hearts not 100 percent into it, the
audience is going to pick up on that right away.
And... tune out.
That's the thing, I think the B.S. filter
here at DEF CON is very, very strong.
I think the talks and the
speeches are absolutely important
because it gives the world an opportunity
for a very inexpensive price
to be able to go learn from the absolute
best in the world in this industry
about the absolute bleeding
cutting edge of technology...
It was between 300 and 400 submissions
that came in for people that
wanted to speak at DEF CON this year.
Yeah, it was a rough, rough year just because
of the number of quality submissions...
There were some that any other year
absolutely would have been accepted...
I think because this is the 20th DEF
CON and it's because people want to be
a part of DEF CON 20... we got
so many more submissions.
And so many more quality submissions...
DEF CON speakers are all different types. Especially this year you have...
you have generals, and you have 15 year old kids...
all of whom have something
different to contribute.
There's not really one thing you can
say that unites a DEF CON speaker...
except for their desire to present
their ideas to an audience.
And we've got a really cool V.I.P.
this year... Yup... Really Cool.
They better show up.
The big celebrity speaker V.I.P.
for this year at DEF CON,
The director of the NSA and
director of cyber command
General Alexander.
We've been trying to get
somebody from the NSA
high level to speak for... 10 years.
And it just so happens that
we finally get somebody.
And it just happens to be our
20th year anniversary so...
the timing just works out really well.
And I know people are going to get
all bent in a knot over it...
It's going to be like the
love-hate relationship...
They're also going to be really
interested in what he has to say...
and at the same time be
really fearful of the NSA.
It's a milestone to see someone
of his position and level
come here and speak about security and
hackers and those types of things.
Jeff Moss made a valid call
and he kind of said...
"Look, you know, we have to interact
with these people." you know.
We have the technical skills and
they're the ones calling the shots.
So we've got to interact with them.
And at the end of the day...
we've got to educate them. Ya know?
Helloooo DEF CON!
Something I try to do
with DEF CON is I want to
expose you guys, from
the very first DEF CON,
to people you don't normally see like...
I'm sure you guys just don't
hang out and have coffee with
the General and, neither do I
so to me it's really eye opening to
understand the world from their view.
Having the NSA here was a great
unveiling of the support
and I think a little bit of
appreciation from the government
towards our community now, and a
little bit more understanding
of the work we do, and the actual end goals
of what we are trying to accomplish here.
Thank you...
It's an honor to be here.
It's an honor and a privilege
to be here.
You know, one of the things
I want to talk about
is the Freedom domain. The Internet.
And what we can all do to work on this,
and so I've got about 6 hours
of presentation and slides
that we'll cut down to some
meaningful time for you.
I think it's amazing and D.T.
wouldn't believe you if you could
go back in time and tell
him that 20 years from now
you're gonna have an NSA general
here talking to the group
sort of as an ally.
Seeing people like General
Alexander come down
and meet with us hackers...
it's just amazing.
I've been in the hacking scene
for over, what, 25 years now
and I remember the days when we
were just considered criminals
that no one wanted to integrate
with, they didn't understand how
a hacking ethos could be applied
to things that weren't illegal.
And now... this completely
legitimizes what we're doing.
People want to see what we're
doing and they want to hear
about what we're doing, and
they're realizing that we
have a role to play in keeping
the world's infrastructure safe
and keeping the government safe.
And that... that's awesome.
And there's a lot of things
that are going on here.
We can sit on the
sidelines, and let others
who don't understand this space
tell us what they're going
to do, or we can help by
educating and informing them on
the best strategy going forward
that benefits all of us and our nation.
And that's the real
reason that I came here,
to solicit your support.
But on the other side we also
have super privacy advocates,
the E.F.F. is going to be
right there next to them.
And they're probably in a
constant lawsuit with the N.S.A.
so... we try to represent both sides.
I mean, they're the ones
that have been out there and
helping when people
try and do crazy laws
that, you know, don't really
understand the implications.
The E.F.F. will step up and
try and right the ship
and make things good for everyone and
we like to support them.
And what I'm trying to do
when I have these speakers
is I'm trying to expose the audience
to people they wouldn't normally
come in contact with. It's not
just always fun and games.
Hacking a system. There's
a bigger world out there,
and you're playing a part in it.
A very important part.
And if I didn't, I kind of think
I'd be doing a disservice.
It would be sort of like intentionally,
I don't know, not aiming as high.
So, if you don't like that
speaker don't go to that talk.
And I think that when you bring
in not only our great talent here
but those of our allies I think
that's absolutely superb.
All right, that brings this
session to a close, so let's
have a round of applause
for General Alexander.
I think the contest and
events is very key because
it's one of the things that you'll find if
you go to a lot of different conferences
especially in the security arena...
it's very boring.
Usually you're sitting around in a
bar getting really, really drunk
with a bunch of friends.
And going to a couple talks that
you're interested in seeing.
But over all it's a lot of
looking for something to do.
We've just grown to where now I
believe I'm managing about 50 events.
50 events and contests
throughout DEF CON 20.
What's going on? -Not much,
just cutting some mohawks.
It just started out as shenanigans...
with, like, drunk people in bathrooms
at DEF CON.
But people started giving us money. I started
telling them to donate to the E.F.F.
and so people told me I
should make it official cause
it just became tradition.
Last year we raised about $4000
total for EFF, Hackers for Charity,
and other hackerspaces
around the country.
I've been growing my hair out for 2 years.
It was difficult for the girl, because
she was about this tall and she had
to stand up on a chair to actually
finish it all.
This year we have a goal because
last year he shook on it:
DT will be getting a mohawk this
year, if he likes it or not.
I've been playing Hack Fortress, which is an
amazing competition, it's one of the highlights
of DEF CON for me. Essentially
we have a team of 6 to 8
players who play Team Fortress
really how it's meant to be played.
You know: Medic, Heavy, and they try and
capture points. We as the hacking team,
essentially we're doing hacking
challenges: Cryptography, forensics,
physical challenges, social engineering,
information gathering, and that gets
our team benefits. So it might light
the other team on fire, it might make
everything our team shoots a critical hit.
It's just a really cool combination
of both gaming and hacking
which, you know, is awesome.
Now you've got an objective here,
you've got a 3 person team, and you
have to infiltrate this office, steal
a lot of information and get back out
again, in 15 minutes.
But it's a penetration and data exfiltration job.
So team-based people
will penetrate into a virtual office,
and we're framing out the walls and
everything. You'll have to pick in,
once you're in, a team of people then
can try to get documents, which you
don't just unlock a lock, you have to
spread them out, legibly photograph
them, put them back where you found
them. I think we're including now,
there's a smartphone, like an Android
phone, so you have to hold it up just
right and maybe you see the pattern.
You swipe it out and
you get some contacts.
So I have this computer running Windows
3.11, so I'm watching people try to fumble
their way through Windows File Manager,
looking for data, but the really key
thing is that if you can unlock the
computer where it's chained up,
can you get the whole computer out of
the office, and can you do it without
powering it off?
So we are hot-jacking into the wires,
splicing in the UPS using a tool
the feds use, called a 'hotplug', to
transfer the switching of the power
on a whim, but a lot of people mad dash,
half tiger-team, half Marx Brothers movie,
running around this office, getting
everything, getting out clean, locking
it up after themselves. Yeah, I can see
a lot of us who used to be the guy who
would maybe get drunk and worry about
being arrested, now we all have jobs
where we do this professionally
and get paid for it.
All right, all right, we are ready to begin!
Everyone we're going to do science over
here, we're going to do
less science over there!
These teams are tasked with cooling the
beer to exactly 42 degrees... which is
ridiculous... but...
People came through... people came through
in amazing ways that I never expected.
This year I took away all the
restrictions about what you can and
can't do and I said you have to
get it to exactly 42 degrees.
And... time!
And this last minute entry "Team Ice not
Science" if I got their name right...
hit it! Exactly!... It was a
fantastic success in the end!
Stop! This is ShizNiz live from DEF CON
in the beautiful city of Las Vegas
behind me you can see the skyline...
It's a rooftop! Look at that rooftop!
Over to your right if Dave can get it...
There you go, there's the mountains...
There's the Alexis Park...
The Alexis Park is part of the DEF CON legend.
It definitely, it's probably the
closest thing DEF CON has to a home.
I know, I wish it was
still at the Alexis Park.
There was a long period of time
that I associate with Alexis Park.
We were there for a long
time, like 6 or 7 years
You've got the whole property.
You can hang out by the pool...
This is some horrible 70's-like
apartment building laid out rows
of these hotel rooms, with pools
and grassy areas down the middle.
It's like multiple pools that we
could just party at all night...
If you don't know what the Pool 2 means,
if you don't know what Pool 3 means...
You weren't there... I mean it, some
really ridiculous stuff went on.
Pool 2 and Pool 3 were just sort of like
these nexuses of activity and energy...
You could be guaranteed to find
something going on at 2am, 3am all the
way to the sunrise.
And we had folks that were underage, and
we had folks that were overage, and
everyone was not sober,
and doing their thing...
I was told at one point that at the
Alexis Park, we did enough business in
alcohol sales that equalled about 4
months of their normal alcohol sales.
And you talk about debauchery?
The AP was where true
debauchery at DEF CON occurred.
And at the time, the hotel owners,
they were alright, they were alright.
They basically had the attitude of, "You know what?
You can trash our hotel if you want."
"You'll pay for it, but at the end
of the day, we'll take your money."
They weren't as concerned about the
lights around the pool getting destroyed,
any things of that nature, so it was a
little bit easier to deal with, you know,
destruction in that way.
I go to check in, and they hand me a
list, "Ok, let me explain this to you."
And it's a list of all of the objects
in the room at the Alexis Park
with a dollar amount next to it. "If you would
like to destroy this object in your room"
this is how much it will cost you."
You could just get insane and you weren't
waking anyone up, you didn't have to
worry about security coming and telling
you to stop doing something because
usually you were doing it to
somebody who wanted you to.
The Alexis Park, we were much
more hands-on because they didn't
have a security staff that a casino has
So I was arrested at DEF CON in 2002 by
the hotel security guards, but I don't
know who ordered it, I guess a goon,
probably Priest ordered it, and I ended
up in the Alexis Park jail, which is very
roomy, it was kind of a Bacchanalian,
Mediterranean motif, there were grape
leaves on the walls and things like that.
There's no bars or anything like that.
And since it was a non-gambling hotel you
could do whatever you want, wherever
you want, because you
didn't have to be an adult.
You used to make announcements at DEF
CON that, "So and so's parents are"
"looking for their runaway child," you
know, who was 17 and was off at the con
It was a different experience, everybody
says "I wish it was the Alexis Park again."
"Oh, I wish we were back at the Alexis Park."
Honestly, I do too. I really liked the
environment, the pool parties, the open
atmosphere, we had the whole hotel.
But then everybody forgets that, oh, the lines
are ridiculous, all the rooms were overcrowded
Oh, I couldn't do
anything, it was awful.
There was no room for speaking. I mean,
people would make t-shirts about how
terrible it was to get into
the tent in the parking lot.
So, it's better, it's more organized, yeah
It's a little different, I wouldn't go back.
For us to go back there now, we would
have to cut this conference by 2/3.
And, nostalgically, yes I look back on
that time, and it was a great time.
But we need a venue the size of the Rio,
now, to support the size that we've become.
But, that's probably the time,
when, things seemed to settle in.
That, you know, we've going something going here,
and it's probably going to continue for a while.
Well, and that's one the things. Obviously, the Alexis
Park is near and dear to a lot of people because,
this is, you know, how many years have
we been away from the Alexis Park?
And still, every year, somebody drives over
there, walks into the front of the hotel,
and steals the giant floor mat in the
front, and brings it back to con.
A conference badge has three purposes.
The first purpose is to show that you've paid
for the conference. It's a security token.
Number 2, it sets the level of your security,
when you're within the conference.
Third, I wanted the badges, that I created, to be
something that helped brought people together.
I intentionally designed the badges to cause people to
have to look at each other, and talk to each other.
To get to know somebody that they
might not otherwise have known.
It really is the interaction with the other
people at DEF CON that makes DEF CON what it is.
It's not the "oh, I have this uber, awesome,
electronic circuit badge that does such and such."
It's the people wearing the badge that matter.
And, I think a lot of people miss that.
The years where we've had an electronic badge, people
show up wanting to do something with this awesome
little piece of tech that they were
just given for their entry fee.
This is, we're helping... This is
like an open badge solder session.
We're helping people complete adding
the connectors to their badges.
We're not doing it for them, we're assisting them, and letting
them do it themselves. Because that way they learn how to solder.
So far, no one's done anything
that hasn't been able to be fixed.
So it's more of just learning, and, community
learning project, I guess. Just doing the badges.
Yes. First DEF CON. First time soldering.
A lot of firsts this weekend.
I really like to help other people
just get better at what they do.
Or to find an inspiration, something
they're passionate about.
And I like to help them
progress along that path.
Pretty much 90% of the people here
have never soldered in their life.
This is their first time.
And that's the goal.
It lets people, introduce people.
Hey, it's not that scary. It's okay.
We're here to guide you, and maybe, you'll do it in the future. And if
not, you'll know you've done it. So it's one of those skills you'll have.
I know a lot of guys, who are like, collecting badge firmwares, and
flashing stuff, and have no idea what they're supposed to be solving.
Usually, the only people that are really getting it, are
sequestered in their hotel room, just, going crazy on it.
There are some people that
counterfeit the badges every year.
And we try to make the badges hard to counterfeit. And there are
some people that spend a lot of time counterfeiting the badges.
And, I think that's cool.
If you can counterfeit the badge, and you can get past the guards,
repeatedly, good for you. You probably deserve to get in. Right?
That's what a hacking
convention is all about.
If you're good enough to fool everybody, you've put more energy
into hacking that badge than we did, probably, producing it.
So, good for you.
They had the smiley face, you know, skull
and crossbones, the basic logo for the con.
And I think their first design flaw
was, same PCB board, different colors.
So you had people that went out and spray
painted them. And things like that.
Well, the absolute worst thing to do is to step into the goon SOC
with your cute, little red badge, and claim that you're a goon.
Because we all know who we are. And
once the door closes, you're ours.
And so it was a space where I felt more at home,
where I didn't have to explain anything to anybody
than any other context I'd ever been in.
Real hackers are incredible.
They take nothing for granted, and they look at things
to see how they can be combined to make something new.
And hackers really have a interesting,
innovative, creative way, the best of them,
of looking at all sorts of problems.. that
a normal person wouldn't know how to do.
And being fearless in
the face of ambiguity;
Holding multiple representations of
reality simultaneously, in their minds,
even though they may be
contradictory, and conflicting...
And holding them there, lightly, while you
explore which ones are a best fit for now,
to the sensory data
coming into society...
You know, Feynman, great physicist, he said
"The interesting fact is the anomalous fact."
Emphasize both fact, and anomaly.
Because it says there's a whole cornerstone
here of another way of looking at things,
that we're missing.
Well, that's what hackers are looking for.
And that's why I've taken to it so.
Because the edge where new realities are
appearing, and normals don't see them at first...
But hackers are looking for them. They're kind
of the little homunculus, inside the machine.
When I come here, I don't have
to explain anything, to anybody.
My point of view, or
my point of reference.
Or, why I said what I said. Or, what was ironic.
Or, or, what was meant straight up.
Because people just kinda get it.
And that's a terrific thing.
Probably our signature
event, is Capture the Flag.
When you go to DEF CON, and walk
through the Capture the Flag area,
you're seeing some of the best of
the best teams that are out there.
Well, this is really, this is the Wimbledon, this is the
place around the world where it all comes together.
What strikes me isn't in the room. It's the fact that there were a couple
thousand people competing, from around the world, to get into that room.
Some of those guys, that travel from like South
Korea, or from the Middle East, to do CTF...
they came thousands of miles, and are
not going to sleep for three days.
To participate in one game, at one
event, that happens once a year.
And that's what amazes me.
It's about a bunch of different teams,
getting together on a big network,
trying to steal each other's stuff, in essence. 6930:57:42.592
-- 0:57:45.428 It's worth coming once, to see it.
Capture the Flag has been
there since the beginning.
And, really, from a hacker perspective,
it's the type of thing that you think of,
"Hey, how do I take over
this guy's computer?"
Don't miss any con where you can sit down at a laptop
and make the network work, and start breaking things.
So, Crash and Compile is a programming
contest, crossed with a drinking game.
What could possibly go wrong?
If you're familar with the ACM
style programming contests;
You're given a challenge,
a word problem, you know?
Write a program, that takes this kind of
input and generates that kind of output.
Or some arbitrary word problem.
And you start coding. And you're
coding along, you're coding along,
and then you say, "I think I'm gonna test
something," and you try and compile it.
And it doesn't compile.
You take a drink.
If it compiles, but doesn't
run, you take a drink.
If it runs, but doesn't produce the
right output, you take a drink.
Okay, you can see how this
could degrade very quickly.
After 45 minutes, any points that are not awarded, or that have not
already been awarded to competing teams get awarded to Team Distraction.
The team with the most points at the end
of the night goes home with a Black Badge.
No, Team Distraction does not qualify
for a Black Badge, unfortunately.
And you're coding? No. I am
part of Team Distraction.
Our first goal is make sure that they get
enough water, and they don't drink too much.
But then, of course, you know, we have
to distract them from their coding,
and kinda like mess them up, and, you
know, just, distract them a little.
Does everyone have a beer? Let's rephrase that.
Who doesn't have a beer?
Are we there yet? We're there. Okay.
Any other questions? No? Groovy.
Let's go program.
Brilliant. Let's go program.
Gotta energize the crowd. I gotta set
the pace, set the tone. And then I have
to say something outrageous pretty damn
quickly, gotta insult somebody quickly.
The show's begun and I'm not really
aware of much of anything else for the
next couple of hours. I want the
audience engaged within 10, 15 seconds.
I want to have that dialogue.
"Copyright lawyers mean this, by I.P."
[buzzer goes off] "Win or Lose!"
"What is intellectual property?"
- "What is intellectual property is correct!"
You can piss this crowd off very easily. So,
you get your feedback very very quickly
as to whether you're doing
a good job or a bad job.
Jeff and I had talked, and he says "I really
wanna notch up the 20th, I wanna go out"
with a bang, and I wanna do all these
crazy things." And it was "COOL!"
"The final category is Beer."
I think that this audience, probably 50%
bigger than last year. So that would put
that crowd, I'm guessing, in the 2,500 range,
something like that. But this one was huge.
We'll see you tomorrow night, for the final final
final round of Hacker Jeopardy, DEF CON 20.
Common experiences at DEF CON include...
I don't remember.
Meaning that if you have a good con you
probably have no recollection of what
actually happened.
If you've never been, don't base your
assumptions off what you've read or heard.
At this point especially, DEF CON is
something you just have to experience.
DEF CON is not a convention, it's a meta-convention.
But there's so many smaller
events, gatherings, meet-ups, projects, that it's
become a group of other smaller conferences.
There are other aspects, other facets
of the con, that are completely
different then what you have heard, thought
of, expect or even dreamt are possible.
There's people you've known from internet stuff,
only through that, and you come from a small
town, right, you don't know anybody, and you have this
weird stuff you're into. And then you go to DEF CON,
And that's where you meet the people, right?
And it's beautiful. Just hangin' out,
the conversations. It's the place.
DEF CON is the place.
So they change periodically. And so the
fire marshall you had last year may not be
the fire marshall... Oh, I think that's... the attorney.
"Hello? Hey, OK, we'll let you in."
I can think of a couple of things he might have
done, ya know, that I wished he hadn't have done.
I can think of one.
When we started, it was very clear that Jeff
was younger, and he was way smarter then me,
but in my opinion, he had no street sense,
which essentially just meant that he didn't
know what the ramifications could be from
a law standpoint on some of the stuff we
were dealing with. You know, it's really
not property damage stuff. We, you know,
that, we can do something about. You can
liquidate that, you can price it, you
can figure it out. I mean, we've had
lawsuits, we've dealt with big major
battles with me versus eight lawyers
from Cisco for about 2 years. You know,
it's got these players that can get involved
that aren't really attached to DEF CON that
could put DEF CON at massive risk for
government intervention, heavy duty
lawsuit intervention.
People want to come to DEF CON, which is fine,
that's what DEF CON, Jeff likes it, I think.
They come to DEF CON, they're like
"Hey man, I wanna step on the toes of
"fill in the blank" mondo, master, master
of the universe, aggressive company.
"I wanna come to DEF CON and piss them off,
what do you think?" And it certainly isn't
boring when somebody says "Yeah, I'm gonna
shut down, ya know, huge Corporation X."
So there's problems the public knows about, and
there's problems that never see the light of day.
Or hopefully never see the light of day.
So we've had a little bit on both sides.
Nearly dodged lawsuits, those
kinds of things. We had one at
the Alexis Park where there was a federal
grand jury we heard about that was
investigating DEF CON and they were asking
for all the room reservation, credit card
info on everybody who attended DEF CON.
Luckily we are cash only, so there's no
records to seize from us. So as the
organization we were fine, but the hotel
and vendors in the area, they were getting
their records taken, seized, and they're
performing some investigations. In the
end, nothing came of it. The grand jury
as far as I know never did anything with it.
But, that's one of those things
where for years I was telling people,
there's a reason why you don't process
credit cards and keep records. And after
years of doing that, I was vindicated
in my paranoia. Because that would have
been a huge legal battle to deal with
all of that. To try and turn it over,
not turn it over. So there's battles
like that that never see the light of day.
And this is the first time I've ever
actually talked about it.
Describe Jeff Moss.
- Describe Jeff Moss. Oh...
Jeff is a friend. He's an interesting guy.
He travels a lot. He's very intelligent.
Jeff's awesome. He is legitimately a good person.
He's absolutely brilliant.
And in my opinion, if we didn't have
Jeff, this community and this culture
would have never grown to what it is.
Without Jeff, DEF CON never would
have made it this far. I believe that
without DEF CON goons, it also never
would have made it this far, but Jeff
is the glue. You know, he's the
glue that brought us this far.
This grew from a very small
conference where the staff was
equal to, or more than the
attendees, to a crowd that
regularly we've had to move venues every
couple years, because we keep growing so much.
Yet, that continual continuity,
and the spirit of DEF CON
if you will, is maintained
because of Jeff.
He's overly concerned about what the DEF
CON attendees think about the conference.
He wants them to have a good
experience, he really does.
Jeff cares about DEF CON, so much!
He's a bit shy, as I'm sure everybody has
gotten to figure out over the years.
It's difficult to get a hold of him sometimes
at DEF CON, and difficult to grab him.
You know, he's like most hackers. He's not
overly social, and he's got that quiet side,
a little withdrawn. He's only got
so much he's willing to give you.
He is a really personable,
kind-hearted guy.
He is managing chaos, and
it is not an easy job, and he's a very
smart guy, and it's very difficult job,
and fortunately, he's also surrounded himself
with people who can help him do that.
In the early days, there
wasn't a formal structure.
Kind of in the beginning,
we all were security goons
to a certain extent, and whether is was official or
unofficial there was a group of people that helped
control of what was going on, and it wasn't until later
years, that, as the attendance went up, that we had
to deal with more formal roles.
Rule number four. Do listen to the Goons. If a
red shirt tells you to do something, do it.
The goons aren't trying to ruin your fun. They're just
trying to make DEF CON an enjoyable experience for everyone.
I mean, without the Goons, I think there are a lot
of things that would just fall apart really fast.
And they have in the past.
It may have been after DEF CON 9, it was really a rough year.
I don't exactly remember why, but we had growth spurts.
Where at the Alexis Park, they're physically breaking up fights.
They're picking drunks up out of the
rose bushes. They're doing CPR on people.
The Goons at the early Alexis Park
days that everybody misses,
were actually Goons.
There have been some serious cardiac events, that
I participated in, but we have had no deaths.
We were really beat up after 9,
and we had discussions then as
to, "You know, do we call it quits at 10? We've had a good run.
Ten years, that's substantial..."
Maybe we'll do it one more
and see how we feel."
And we did 10, and 10 turned out to be
pretty good, and thankfully, we didn't quit.
All of the various teams have
kind of occurred organically.
There's a lot of compartmentalization,
that I don't think people realize.
Everyone has their own responsibilities
that they're dealing with.
We've spent a lot of time over the past
year setting up for this convention.
It is truly a labor of love.
We are all volunteers.
We don't do this for glory, we don't do this for anything
other than we want you guys to have a good time.
When I'm not at DEF CON, we're talking about DEF CON.
The entire year, we're planning for DEF CON.
We're thinking about DEF CON.
We're telling DEF CON stories.
Because we live it. We love it.
You don't become a Goon.
You're born a Goon.
The joke is that we work for shirts.
We get a couple of shirts to go and
work for twelve hour days plus at DEF CON, plus all
the volunteer time throughout the rest of the year.
A couple of our guys have worn pedometers over the years, and
the average shift is between fifteen and twenty-five miles.
So, we tend to, especially newer people,
tell them to wear the right footwear,
make sure you always have water on you.
Never walk into a situation where you
don't have a plan.
One of the things I like to say is: "At DEF CON, I
live my life in the gutter, so you don't have to."
But, you're right, things that people don't see, that's
our DEF CON. That's the Security Goons' DEF CON.
I'm glad to do anything I
can for my fellow Goons.
Any time, any day.
I was creating a contest that would be
something I would want to participate in.
I used to say, magic is dead in the world,
so I'm gonna create some for everybody else.
I have to design cryptography and puzzles
for an incredibly brilliant audience
that is designed to be solved in three days.
That's not too easy, not too hard.
So now, that became my personal contest.
My challenge to myself is
how do I continue to entertain some of the smartest people
in the world and keep their brains occupied for three
days when a lot of them are smarter than
I am, and can figure this stuff out.
We've mapped out this challenge. The first thing we got on this
challenge, was a writer with two keywords. "We program" and "Under Foot.
This referred to an insane sentence
in the program. It's on page forty.
"Underfoot" represents the
third oval, the third
sticker in the convention center, and
those two things are two markers we
have to write on a piece of paper and give to 1057. Probably
one of the biggest compliments I've ever been paid was
and I've heard this a couple of times, "I
go to DEF CON to compete in your contest."
And that's, I mean I don't know what
anyone else could say, I'm very
flattered. I'm shocked, because it's just stupid
stuff that I think up throughout the year and then
I put it together, and try to make
it a coherent flowing contest
to the best of my ability.
We're inside the Lockpick Village at DEF CON 20, and this is where we
teach people how to pick locks for entertainment and sport reasons.
Most technical people seem to have a
rather strange curiosity about how
things work, and one of the things that
lead us into that is how locks work.
We can teach most people within five or ten
minutes how to start picking locks, and
then some of them will stay in here and at
the end of the day we throw them out, and
they'll say, "Oh, I didn't go to the talks I was supposed
to.", because they'd been sitting in here picking
locks all day long.
Most DEF CON talks start with a great deal of alcohol and
end with a great deal of alcohol, at least the good ones
I've noticed.
The aircraft tracking stuff came out
of the fact that I bought an app
for a couple bucks that let me point my cell phone
at the contrail and look at the information
for that particular flight was overlaid on the camera.
As I started digging, I found more and more issues.
Just, you know, out of my own curiosity, I thought "How does this work?".
I found all these issues, and it got really scary because,
I speak a lot, and I go to a whole bunch of conferences.
You know, this stuff can start
getting really dangerous, so I was thinking, "Even if I
don't have all the answers, I need to get this answer out."
Really, I've done enough of these
things and know the crowd that
I don't get jitters or nerves
or anything like that.
It's the sort of thing that I'm running through some of the
slides in my talk, some of the jokes I may have constructed.
For a particular slide
or a particular moment.
But mostly, it's just "OK, does my laptop work?
Are the slides up?"
Does the projector work?
Yep. OK. All good."
Thank you.
So, generally what I say is that
when I get bored, bad things happen.
At the Las Vegas Airport here, you've
got a flight landing every 90 seconds.
That's an awful lot of metal, money and
people moving around. How does this all
work? How does this all fit together? You
always hear about air traffic control,
but does anybody really
know how it works anymore?
I think that the audience is
looking to learn something new.
They're looking for an entertaining discussion
on interesting technologies that at the
end of the day are kind of important.
So increasingly my talks have gone into Why
is the Internet such an insecure place?
What do we have to do, not in theory, not
to satisfy academic stuff, but like, real
world, what do we need to change
to make this thing secure?
All year, all my best research comes here.
All year I work on "What am I gonna bring"
to DEF CON for the next year" "What am
I gonna do for this particular event?"
Because it's where it began for me. My
career started because I started speaking
out here in Vegas. I started coming out
to DEF CON and showing off these toys.
I'll be honest, a lot of my talks have had
nothing to do with security, it's just
like "Yo, look what I can
make THAT thing do!"
The presentation was just facilitating dialog
with this industry because unfortunately with
something like a major vulnerability in air
traffic control, there's no phone number to
call in for that and say "Hey, can we
talk about this?" That doesn't exist.
It was the first time I dealt with something
that was really serious. The entire talk
was theory. I had no facilities to
actually test anything in a real world
scenario because obviously I don't want to
be screwing with a plane while in flight.
(Now the attacker is one step away between
an evaluation and attacker controlled code.)
My talks are stories and that's the
one thing that I advise everyone else
giving a speech. You're telling a story
to your friends about some cool stuff.
I have hundreds of hours of research
that I have to tie together into a
coherent explanation of the world.
I was expecting a response and oh boy, did I get it.
I was talking to people
from major airlines, people with different
airplane manufacturers, air traffic controllers,
trainers, I've got a pocket full of business
cards after this that I have to go through.
This was me loudly knocking on the door
and saying "You might have a problem"
here. Let's talk about this."
Over the years, I've gotten relatively
high profile and I'm very happy and
honored for all the obligations that
come along with being a high profile
individual, but I do miss being able to
just wander through the crowds and see cool
stuff and watch cool talks. I've got a lot
of stuff I've gotta do; It's a lot of
obligations. I'm not complaining. This is
a tremendous amount of fun that I get to
have. I build all these crazy toys and
fill Penn and Teller and show them off.
The best moment for me at DEF CON is always
going to be at 4 in the morning when
someone's showing off some really silly
stunt that they built. And maybe it's
good and maybe it's not, but man they love
it and they're enjoying talking about it.
The community has matured from DEF CON 4
and 5 dramatically. When I was coming to
DEF CON 4 and DEF CON 5 and seeing people
in an official capacity, I'm now seeing
them bring their children and in some
cases their grandchildren to DEF CON 20.
I say "Great, bring your kids to DEF CON"
because there is no better community to
have your kids around than the people
that go to DEF CON. There's every
opportunity for them to learn something
and as long as you're a good
parent, as long as you're a good hacker,
anything that they see or experience you
can lead them on that path.
Yep, so this is plastic. So, this is just
a long string of plastic. So it goes into
this, this thing melts it. There's a
little heater in here that melts it, and
then it squirts it out as the machine...
Yeah, it's like toothpaste.
This is the second time for DEF CON Kids and
the second time that I've been involved
and DEF CON Kids. Last year sort of was just
a smaller way to try to get kids and their
parents involved in the hacker community
and basically teach kids about lockpicking
and soldering and hardware hacking and
privacy issues and law enforcement issues,
just all of the things that kids
don't normally learn in school.
Speaking at DEF CON Kids and working with
these kids is almost more exciting to me,
or just as exciting if not more, than
giving a talk at DEF CON and having an
opportunity to directly influence these kids.
It's like an immediate... you can see
it in their eyes, it's this immediate
understanding once you show them something.
They get it, and that
can change their life.
I would like to start programming, I would
like to start learning the languages
that they mentioned, for example, I
would like to start learning python.
What we were thinking of doing is adding
some little extra pieces onto here and
solder those on and make some other cool
programming with the light and make a
cool little light show.
The kids love all these speakers
and they're the best speakers...
and I couldn't believe that DEF CON Kids
had these same top speakers addressing
our children.
We're supportive, helpful, and just
want the kids to gain this love of what
they're passionate about and sharing
it with the world and it's wonderful.
This is kind of for the kids to really
inspire them to get involved in
the hacking community and start doing some things.
We've had the privilege to
hear from some really great guys and the kids
are excited to go back and start doing things.
It's been a lot of fun so far.
Even though it's only day 1 and
I think we've only had about 4 or 5
hours of sleep, it's been awesome.
Well, most interested in, I think, is hacking.
I kind of want to be a hacker
when I get older, you know?
I would definitely call myself a hacker.
So this is the year that your daughter,
your eldest, goes to DEF CON, right?
I plan on bringing my 14 year old to CON.
This year, hopefully, will be her first
year, so I'm hoping to drag her out and
show her, not just what I have experienced
over the years, but frankly, where she came from.
Because at a basic level I have to
explain to my kids that I
met your mom at DEF CON 4.
I've asked Dark Tangent for child support
and he's like "hahahha.. Who are you?"
That's how it went, really.
I don't expect Jeff to know who I am.
After all these years, I mean, I've been
going to his shows for 16 years, and that's OK.
I feel OK with him not knowing me
personally. Because frankly, the dude's got
like 20,000 people that some of them expect
him to know them personally.
And I'm OK with that.
If there's a message you want
to say to him what would it be?
Thank you, Jeff.
After Capture the Flag I thought that
the Scavenger Hunt embodied the hacker
spirit the most.
No, No, AAAAAAHH!!
It's a tin foil swim suit.
Good Job!
They're going to suck my blood.
Hi, How are you? Good, I'm
here to get my daughter.
We've got a huge list of items and
or tasks for the teams to complete.
By the end of the day or
the end of the weekend
the team with the most points wins.
There's a lot of activity
at the tables constantly
because the list is things
to get and things to do and
things to perform and that sort
of thing we get a lot of...
- find, make... meet. -Activity
all around the table.
We want people to have a good time and ending
up in jail generally is not a good time.
While there may have been things that are a grey
area, or could end up being illegal activty...
I think we come from a community who...
knows not to get caught.
We don't condone fire
or stealing mostly...
Umm...
And I don't know how someone sourced it
or found it but, the... head of a cow.
We put on the scavenger hunt list a live
chicken, and I think we got six or something.
Scavenger hunt winners of the
past go on to become goons
and contest creators and contest
organizers and speakers and staff.
Because you have so much social interaction
it really engrains you into the community.
Oh, on the weekend of DEF CON...
I think last year we booked 14 shows.
I issued the ultimatum I'm going to book less shows...
and it ends up being more.
The thing about DEF CON that I
find incredibly fascinating
is that, yeah.. a lot of these basement
dwelling guys that basically...
are getting tan off of an LCD monitor party
the hardest out of anybody I've ever met...
Like.. Serious rockstars here..
Everybody just fueled by alchohol and
Ballz and any type of A.D.H.D. medication
they can get their hands on...
Hey, so we are going to
kick this thing off...
we've got really a lot of things to talk
about but we've tried to organize it...
So... This is the 20th year.
How many people believe that?
Yeah...
So I'm just curious by show of hands.. How
many people was this your first DEF CON?
So we scared away everybody else...
We've got guys that have been
helping out for 19 years...
That's amazing, I would just
never have expected that.
So, I guess I'm most proud of producing
something, having a group of people support me...
that's still doing stuff
that people care about.
So... what I want to do is we want to
hand it over to Zac Franken
who's been the head of
operations for I don't know...
closer to 18 years.
Let's hear a round of applause...
Thanks.
Thank you DEF CON 20!
DEF CON, as Jeff has already said, couldn't exist
with out a lot of effort from a lot of people.
And, in the early years I
used to name them all...
but now there's 300 of them.
I've trimmed it slightly.
So, while DEF CON is running, basically I'm
almost certainly not having a good time...
Mainly because I just run
around and put out fires.
And of course my friend Jeff who,
threw this shindig 20 years ago..
I can't believe it's still fucking going...
but it is...
I can't believe there's so many
people here that had a great time!
And.. most of all.. thanks to you..
It's you guys that make DEF CON!
Thank you so much!
DEF CON is not something that happens for us
for 3 days in July or August every year...
it's almost something that we think
about and work on and do stuff for
all year round.
It becomes almost a part of your identity
and I know that sounds kind of weird...
it's when everything comes together...
I know why I stayed up all night...
so many nights in a row...
There have been moments where you sit back and
you say "That is just absolutely amazing."
That someone was able to think of that, or several
someone's were able to think about that...
and do that.
I still love, just how excited people are there...
and the fact that you helped...
to make it happen for them.
I said to Deviant, it was a really great challenge.
Tt was fun to compete and...
DEF CON was great! Thank you everybody!
This community, is
misunderstood by the media...
and unfortunately, the media
is the message out to
the non geek, non hacker community.
But the thing that I think came out perhaps
this year more than any other year...
So, I just want to tell you what we've
been doing for the last 3 years.
Year 1 we had 95 people sign up for the
Be the Match bone marrow donor registry.
Year 2 was 161 and this year
we got 232 people to sign up.
In addition to that we raised
over 3,300 dollars as well.
More than any other year this one was really about love.
With the blood raising, the cancer stuff,
the huge amount of money for E.F.F... I mean even just
saying it or thinking it gives me kind of goose bumps.
This one was, 20 years of love.
Ok, we've got some numbers for you. The info booth
raised 58 dollars, the firearms simulator 3,620 dollars,
Mohawks...$4,333
Eddie Mize, was the artist with the great
t-shirts you can still get outside
of the contest area, $3,500
The Summit, 1,500...789 dollars...
$15,000...$15,789!
And Hacker Jeopardy, for a total
of $30,380...so thank you,
thank you very much!
So I'm going to go over here
So... you have to understand, he's made this
promise for what, 3 years in a row now?
This is beautiful, we have been waiting
for this, time for Jeff to get his hawk.
Now, Jeff failed to mention that he has
like 6 different meetings with incredibly
important people around the world
in the next couple of weeks
You know, it's actually really nice
fulfilling a promise, cause now
they can't bug me
True!
That's true, now, but I haven't decided,
don't I have to donate money to the EFF
for this?
Of course!
I was thinking maybe $10,000
What do you think? That's
probably a pretty good thing...
Thank you very much, see
you next year! Woo!
I joke with Jeff that he could cancel
it tomorrow, like legitimately
cancel it, say "Screw it, I'm done. I'm
going to do something else with my time."
And DEF CON would still happen, it would
continue to happen. Everybody would just
go to Vegas anyways. Eventually people would
start talking about stuff. Eventually
they'd say, "Let's go down to the bar and
take over this empty conference room and"
"talk about it." And DEF CON would
continue to happen organically, probably
for years after we just
walked away from it.
So, for those of you who aren't in the
conference business, what happens is you
sign hotel contracts for years in the future.
You have to look into the future
and decide, "Ok, 2 years from now, are
we going to be burned out? Are people"
even want to come to DEF CON 2 years in
the future or 3 years in the future?"
Because you have to sign these hotel
contracts years in advance, and so who
could you hand this off to? Or who would
want to take on that responsibility?
And I think the conclusion I've
come to is, I'd probably just stop.
You know, and I'd... people could continue
the organization, continue, they'd just
name it something different. I'd give
them all my projectors, it would carry on
maybe under a different name, but it
probably wouldn't carry on under the
DEF CON name. The only scenario I figured
that out was if I get hit by a bus and I die
and I want to have the final DEF CON,
huge party, though somebody would have to
plan that, cause I wouldn't be around.
I don't know why, every year, honestly.
Every year after DEF CON, I think half
the senior staff says never again. All
of us, we're all, "Yeah me too, me too."
And then all your friends, I have friends
all over the world that DEF CON for sure
they show up to. And, you get wound up,
you get excited for it, you look forward
to the experience again. So...
yeah, we forget how much it hurt.
Yeah, I do it, I've been doing it for a long time.
You know, my second, she's 10
years younger than I am, she's been doing
it for 5 years. She's probably due for
her shot to do it, and I can be the old
grey beard that shows up at DEF CON, just
sits in the corner has a
beer, and reminisces.
I can honestly say that without that first
DEF CON, and without, you know, shaking
hands and meeting people, becoming a Goon,
I wouldn't be the position that I'm
in now, and I wouldn't have the career
and the means to support my family that
I do now.
It's outside of my imagination,
missing a DEF CON.
When I started, it was like, "Oh my God,
I found my home!" and that was, that's
kind of where it started, for me.
Once I got to the first one, I
was hooked from that point on.
It's a degenerate family reunion.
These people are my family. It's a family
reunion, you gotta come every year and
see everyone.
Basically, if you go once, you're hooked.
DEF CON is, it's an experience like
nothing else. It's great people and a
great atmosphere, and I think from the
time that I went, I knew that I would
always go, that I would find a way to
make sure that I was there every year,
and 13 years later I'm still going.
These people aren't just my friends, they're
my family, you know, and I genuinely
genuinely love them.
I don't believe it's appropriate
to talk about that on camera.
Ah, I can't discuss that.
I'll tell the story, but I don't
think we should actually...
No, no naming names, no naming names
We'll tell you off-camera
I can neither confirm nor deny that.
Sorry.
All right! Edit that out...
Nothing I'm going to admit on camera
at this time, and 'til the statutes of
limitations run out. And then I'm happy
to admit it later on, that's once we've
you know, checked with the
lawyers and all that stuff.
I think half of the experiences of
my life that I attribute back to...
happened at DEF CON. I don't know how
many of them I can talk about, I probably
can't talk about any of them. I
really would like to, but, ahh, I...
Transcription by: Anch, Phorkus,
AlxRogan, Medic, Panadero, and Russr