Once a year, in the month of August, the Nevada desert hosts a conference with a seemingly nefarious reputation. These folks make even Sin City nervous. DEF CON, affectionately known as “Hacker Summer Camp,” descends upon the city, along with the multitude of nerds, dorks, and geeks who attend. This year, I attended my first DEF CON–and I can hardly wait to go back for more next year.
There are some who hear the term “hacker” and immediately conjure up a mental image of a socially awkward loner, a young kid pulling a black hoodie over his head as he threatens to take down corporations and steal credit card numbers from a laptop keyboard. (Any Mr. Robot fans out there?) The reality is, while there are several mohawks and some magnificent moustaches in the crowd, most of the DEF CON attendees are less concerned with world domination, and more curious about how things work in this new digital landscape that we live in. They like taking things apart and putting them back together, and they love a challenging puzzle. The people who attend this conference are some of the brightest minds of their generations–each one a genius in some form or fashion. 30,000 people united by a love of information, technology, and curiosity. Many consider themselves introverts, but this is their party.
This party has rules. One rule, really: the Rule of Threes. The minimum requirements for anyone attending the conference are a daily regiment of ONE shower, TWO meals, and THREE hours of sleep. By Day Three, that one shower rule becomes crucially important, but there is inevitably that handful of stereotypes who forget that part of the Rule. Alas.
We managed to attend some really interesting talks at this year’s conference. There was the fellow who detailed his adventures in hacking the Teddy Ruxpin doll, manipulating the code and software to make Teddy’s eyes glow with the DEF CON logo and tell stories that are not downloadable from the toy company’s website. (It’s called the Internet of Things, folks. You still want Alexa listening to everything you do and say? No, thank you!) There was also the dynamic duo who presented the potential dangers lurking in simple barcode scanners, much like the ones at your local Target or Walmart. Even those seemingly innocent devices can be manipulated to deliver a malicious payload (like a good old-fashioned Rick Roll). And then, there were the Villages, entire tracks of talks devoted to one specific topic. My favorite was the Social Engineering Village.
If you’re not familiar with the term “Social Engineering,” it is most easily explained as hacking people, rather than computers. If you have ever phrased your words carefully to try to get something you want out of another person, you have employed a basic form of social engineering. The more advanced forms can be pretty darned convincing–a phone call from someone claiming your Aunt Dahlia needs to be bailed out of jail, and she’s embarrassed, so don’t tell anyone else in the family–but send money ASAP. An e-mail asking you to click a website link and confirm what kind of computers you are running, and whether you have XP or Windows 10. (And Dear God, I hope you’re not running XP.)
Here’s the great thing about SE–it doesn’t require a lot of high tech understanding. You don’t have to know how to write lines of code, or how to run executables from a command prompt. You just have to know how to read people, and how to do your research. We are living every day of our lives in a digital, wi-fi soup. (Unless you’re living in backwoods Alaska off the grid. If that’s the case, you’re a true badass and have my eternal respect. And you’re probably not reading this blog post.)
Information is literally at our fingertips at all times–we’re all addicted to our smartphones. Every company out there has a website with contact information. Sometimes they even include staff bios and directions to the office. You can find out a lot of things if you just poke around the internet a little bit–your frenemy’s favorite brand of lemonade, what your vegan-lactose intolerant-gluten free friend ate for dinner last night, the name of your neighbor’s childhood dog. You might even be able to find out what kind of car Margie in South Dakota drives, or Katie from Louisiana’s mother’s maiden name. Facebook on its own is a gold mine of information. Not only are you connected to people you know–your friends–but you’re also connected to friends of friends, and if you follow the chain back far enough, everyone has a friend who knows someone who has a friend who has a friend who worked with someone who knew someone who knows Kevin Bacon. (I know that was confusing, but legend has it that six degrees is all it takes, right?)
Social media, in general, is a great source of information. Be aware–marketers are watching your Facebook, Instagram, Twitter feed, Snapchat, etc., to see what we like, what we don’t, how we communicate, what our connections are. All social engineers do is use the information we willingly put out there to gain access to the information we may not be as willing to share.
While I was enthralled by the Social Engineering Village, DEF CONers were making news in other ways. 2018 was the second year running a dedicated Voting Machine Village, and it gained some notoriety in the press. The Voting Machine Village actually made quite the splash, with stories being picked up by the BBC and CNN. The point that gets overlooked in these stories is that the hackers pointing out these vulnerabilities aren’t out to destroy democracy. They are drawing attention to serious issues that someone out there could exploit to wreak havoc on democracy. Basically, NerdCon is kind of like the Justice League–a group of superheroes out there using their unusual talents for Truth, Justice, and the American Way (or something like that).
With so many thousands of people in one concentrated location, conference attendees (and hopefully the innocent, oblivious laypersons who wind up in DEF CON’s vicinity) walk around the exhibit halls with their phones on airplane mode for a solid week. Why, if most of the people there aren’t bent on world domination? Because while there may not be any true evil at DEF CON, that doesn’t mean there isn’t mischief. Even nerds like to have fun.