Photos: Hacking at Defcon
Image 1 of 14
Teams compete in Defcon’s Capture the Flag game, organized by a group called Kenshoto. In this computer security war game, the goal is to attack rivals’ networks while simultaneously defending one’s own.rn
rnTo participate, would-be entrants must score well in a prequalifying round by answering questions ranging from hacker trivia to computer forensics and Web server administration.
What self-respecting hacker convention would not include a “Computer Controlled Weapons Development” competition? It’s called DefconBots, and the task is to create a computer-controlled gun that can track stationary targets and shoot them from 10 feet away.rn
rnFor safety’s sake, no metal projectiles were allowed (that is, no firearms). Instead, competition participants used projectiles like plastic pellets. Servo motors driven by a laptop controlled the gun. To penalize a shotgun approach, the contest rules included targets painted black that yielded negative points if they were hit.
The Electronic Frontier Foundation organized a novel fundraiser at the Defcon convention: a dunk tank.rn
rnIsaac Levy, a member of the New York City BSD User Group (pictured in the dunk tank) said he volunteered for the job “totally to support the EFF.” By late Saturday afternoon, after nearly two full days, the Electronic Frontier Foundation had raised about $2,000.
A woman who gave her name as Michele volunteered to be dunked to support the Electronic Frontier Foundation. If conference attendees couldn’t hit the target from about 25 feet away, they could pay $20 to walk up and push the lever to dunk their victim. Many did.
An electrical engineer and robotics expert named Ryan Clarke who goes by the alias “Lost Boy” (left) created a unique “Mystery Box Challenge” for this year’s Defcon hacker convention.rn
rnTeams (with names like GrayHat Militia and Aquateen Hacking Force) were given a locked metal box wrapped with wires with a simple circuit built on a breadboard inside on Friday. The task was to be the first to open the box, decode a picture puzzle, analyze the circuit and figure out the magic word. It was, by the way, “1057,” which can be read as “lost” spelled entirely in numerals.
Clarke said he started working on this puzzle in January and finished it just in time for Defcon. Out of the 15 teams that entered the competition Friday, which started at 2 p.m. PST, three successfully finished by 6 p.m. that day.rn
rn”I tried to think of a way to get hardware involved at con,” Lost Boy said. (The skeletal hand and fangs were just there for decoration.)
Lock picking has long been a Defcon tradition, mostly because hackers view locks as just another security challenge. In this photograph, conference attendees try their skill at trying to pick a series of padlocks.rn
rnAlso at the conference, attorney Marc Tobias warned that many pin tumbler locks are vulnerable to opening through technique called bumping (click here for PDF). It relies on obtaining a “bump key” that has all cuts at the maximum depth. By inserting that key and rapping it sharply, the lock can be opened.rn
rn”From a legal standpoint, from a risk standpoint, we’ve got a problem,” Tobias said. He recommended, among others, Medeco high-security locks.
For a novel twist on the staid idea of a conference badge, Defcon organizers turned to Joe Grand (alias “Kingpin”). Grand designed a badge that was a circuit board with built-in LEDs and a holder for a battery. It was manufactured by E-Teknet, pictured in this photograph, and was intended to be difficult to forge.rn
rnGrand’s creation used two light-emitting diodes, a switch and a Microchip PIC10F202 microprocessor. Of course, because thousands were distributed at a hacker convention, some attendees tried to hack their badges. One idea: Replace the badge’s blue LEDs with infrared LEDs that could then be used to control televisions in Las Vegas bars and restaurants.
Any serious wireless hacker needs an external antenna to boost Wi-Fi signals. At Defcon this year, vendors were selling “WarDriving and Penetration Testing Cards and Kits” that would dramatically amplify a laptop’s range.
This pair of pink undies asks for a username and password.
A baseball cap for sale says “I READ YOUR EMAIL.”rn
rnAt a hacker convention, it might even be true. The “Wall of Sheep” is a Defcon project that sniffs out passwords and login data that are traveling over wireless connections. If it finds one, it’ll display on a projector (though obfuscate your password just a little). Attendees are encouraged to use a wired connection instead–and encrypt everything, just in case.
Among federal intelligence and police circles, Defcon has been known as a convenient location to nab hackers. For instance, Dmitry Sklyarov was arrested five years ago for alleged Digital Millennium Copyright Act, or DMCA, violations.rn
rnNow that relationship is thawing. This photograph shows military, law enforcement and even some senior government officials showing up at Defcon for a “meet the Feds” preview.
It’s often easy to spot federal officers at a hacker convention because of their short haircuts and military demeanor. At Defcon, the conference organizers have made a sport of it, with awards going to people who are especially good at Fed spotting.
rnThe woman in this photograph, who did not give her name, verified her suspicions about this Fed (center) through a truly novel mechanism. She told the audience she had sex with the suspected Fed and then, when he was asleep, went through his belongings. The slightly embarrassed man acknowledged that he is a master sergeant in the military.
Dan Kaminsky of DoxPara Research cares so much about the concept of Net neutrality that he wrote a utility to find out whether an Internet service provider was playing fair.rn
rnThe code, as Kaminsky described it during a speech at Defcon, looks at dropped packets to detect whether any funny business is going on.rn
rn”It is automatically able to tell the amount of bandwidth between any two points,” Kaminsky said.