Finding my niche at Defcon 24

I had a really good time at Defcon. I’ve spent the last week trying to find a theme or overarching takeaway I could use sum up the event, but there was so much going on and so many different things to do. Each of the 22,000 attendees likely had a very unique experience and for me to declare “This is Defcon” would be ridiculous.

I ran around like a crazy person trying to take it all in and of course failed, but had a good time trying.

Here’s what I did experience:

DJing in the chill room

SomaFM was invited back (4th year now) to provide music for the chill room…which initially wasn’t very chill thanks to a machine gun arcade game. Once we got that sorted (thanks to the guys that rolled it out of the room) and turned down the lights, it was semi-chill. How chill can anything really be in Las Vegas?

viewfromdeckI’m a reluctant DJ but I’m really glad I got pushed into doing this. I’m finally getting comfortable with the hardware and was able to get my songs queued up and played all while answering questions about SomaFM and, oh, Defcon in general. It was as if someone taped an “Information Booth” sign on our table. No, there are no sessions in this room. Yes there will be a movie later. The vendor room isn’t open yet. I don’t know. Yes. Tomorrow.

So many nice people came up to say they’ve been listening to SomaFM for years and thanked us. It was a really great experience. Also when I walked around the hotel, random people came up to me and said, “You were DJing earlier, weren’t you?” which made me really happy. Yes, that was me! It’s funny how merely being seen and remembered in such a huge crowd feels so good.

The Sessions

I didn’t get to as many sessions as I’d have liked to. Between DJing and trying to eat from time to time (huge lines!) I only managed one or two a day. I did see DARPA’s Cyber Grand Challenge. As much as you could see given it was seven computers trying to defend themselves from attacks launched by the referees. I can’t figure out if the computers were connected to each or simply had copies of the competitors software and tried to prove the competitors were vulnerable to the attack. You can read more about the challenge in this article.

I was amazed by the scale and production values of this event. The disco lighting on the computers. The “famous” astrophysicist commentator who had no idea what was going on and read everything on the teleprompter…which caused some of the biggest laughs of the convention. He’d sometimes pop out a, “That was amazing!” exclamation when nothing happened. I mean, my god, the stage was filled with seven computers doing nothing visible. Why were we all staring at them? Granted DARPA prepared some great infographics and I understood more about running a program than I ever have. If computer programming was every purely visual I might be able to do it.

shellphish

My favorite part of this all was that the computers were air-gapped to the extreme, so that results of each match were written to DVD and dropped by a robot arm off the platform.

Still, I felt foolish sitting there after an hour or so and wandered off.

I went to “Feds and O days” which speculated on how many zero day exploits the FBI and NSA might be holding onto (vs. informing the vendors so they could patch them). The speaker, Jay Healey, researched this and concluded the number is probably under 20. The audience was skeptical.

What is crazy is that this is now happening…a hacker/group claims to have gotten zero day exploits from a group associated with the NSA and is auctioning them off!

Jennifer Granick’s talk, “Slouching Towards Utopia, The State of the Internet Dream,” was pretty much bad news all around, and she said something like, the future of the internet is the dark web, the only place that will be anything like what the web was imagined to be when it started.

defconspeaker

I saw other panels including one on picking Bluetooth low-energy locks from a quarter mile away, bypassing Little Snitch, Ask the EFF, and getting into penetration testing.

One of best talks was the Mr. Robot panel, with writers and technical consultants tasked with keeping the hacks on the show “real.” One problem being they can’t do the same thing twice, nor can they always do the most obvious hack if it is too easy and undramatic. One of the consultants formerly worked at the FBI and he said how he’s getting uncomfortable now that the plot involves hacking  the FBI…he’s not sure what to say or not say when asked for advice from the writers.

I never thought I’d say this in any context, but I had a great time waiting in lines. I met so many interesting people.

The Villages

Not far from the chill room in Ballys were all the “villages.” Hardware hacking, Car hacking, Biohacking, Tamper evident, Privacy, Capture the flag and more.

hhvillage

Some of these villages confused me. I wasn’t sure whether the equipment was public or private. I stood and watched and that was about it. The Capture the Flag area…wow. Those people camped out. From what I could tell from the empty food and beverage containers they spent all four days there trying to hack each other. Pretty intense.

ctfI’m not sure if the vendor room counts as a village (not) but I’ll mention that here. Bizarre to see a big, bright  room full of stuff that can be used for testing, or for no good, for sale out in the open, not in a dark alley from a guy in a trench coat.

I’m curious to know how much malicious hacking goes on at Defcon. I’m afraid I underestimate it because the friendly white-hat hackers were eager to talk about what they were working on, while the bad guys didn’t advertise. I was quite surprised to find that the SomaFM booth had been inadvertently hosting a wifi sniffer, hidden under the black tablecloth. The guy that retrieved the small black suitcase said he’d put it under there because it “bothered” the police to see an unattended box. Um, yeah?

soldout

The Parties!

I had to rely on the official program for these since I wasn’t plugged in enough to learn about any super secret events. I like to imagine there was a bacchanalia happening somewhere but with so many introverts, maybe not?

Friday night I went to the Queercon pool party. I asked as many people as I could if it was okay that I go if I wasn’t queer and everyone said it was. It was a really fun, massive party and being from San Francisco, swimming at night in 90 degree weather was a dream come true. The music was SUPER LOUD though and overwhelmed me after a day in the craziness of Vegas and the conference.

Saturday night I had the best time at the Whiskey Pirates party. They design an amazing unofficial badge. I arrived at 8 on the dot because I knew the suites filled up and I had trouble getting in last year. I’ve been wanting to learn more about lock picking since a guy gave me a very brief tutorial in a bar last year, and what luck! There was table at the party dedicated to this and one empty chair! I got a bourbon and coke and settled in and I could stayed there all night. The others at the table were so generous helping us newbies and lending us tools.

lockpicking

I was surprised by my own attention span. I struck up a conversation with a DJ from Oklahoma (who was also picking locks) who collects vintage arcade games and showed me the inside of the PacMan machine he brought.

packmanI was really excited to successfully pick handcuffs! They were the easiest, granted I didn’t do it while I was wearing them. A guy at the table demonstrated this feat, even pulling the pick from some secret area in the back of his belt. Everyone was impressed.

handcuffsI lost my seat when I went to get a drink, so went to check out the other room where they were assembling the very cool badges. I felt as if I’d walked into a church or secret lair! A crowd of about 15 listened, silent and rapt, as a member of the group talked about ideas for the badge next year. Anytime the door entered and a person came in from the “wild” side of the party everyone shushed them.

When I left the party the line was huge and unmoving and my friends couldn’t get in.

I waited in a LONG line (not a fun line this time) for another pool party after that but I think I was running out of steam. A fellow SomaFM DJ and I got in and were kind of like, eh. Possibly I wasn’t blown away because I’d done this the night before as well.

After that I managed to catch most of Terri Nunn and Berlin’s set because they were running so late.

terrinun1Terri Nunn was great, performing in front of the DARPA Cyber Grand Challenge computers. So Defcon!

In the middle of the show she said something like, So you are all hackers. You’re all men. I’d like to be hacker to hang out with the guys. I’m badly paraphrasing but you get the point.

The conference is still 90% men. The first year I attended I was shocked and dismayed. I hoped that in four years, the number would grow. I think it has a bit. However, there are still very few women in the field of computer/network security, so it makes sense they’d be represented in that same percentage at the conference.

Is Defcon welcoming to women? In my experience, absolutely. Defcon sounds like it was a boys club back in the day and women attendees were hit on or bothered, (I’ve heard some anecdotal history), however I’ve not seen or experienced any of this in the four years I’ve gone, and Defcon seems to be trying hard to attract more women. I went to a webcast last year (out of curiosity) where board members and members of the community brainstormed about how the get more women speakers, and it is tough because women don’t apply. I have no way of verifying that but everyone on the webcast seemed sincere. They worried that part of the problem might be that the women in the field don’t feel qualified to speak because they haven’t spoken at a conference before, and a couple of men on the call confessed that they too dealt with imposter syndrome and not feeling qualified for their titles and had to fight to get over it.

I’m pretty confident the number of women in tech is going to rise sharply in the next 10 years as people that were raised with home computers make it through school and begin to work their way up the career ladder. This is a new field and I’m optimistic. There is just so much dialog around this. It will get fixed.

seaofmen2I’m doing my part by showing up, going to talks I don’t feel qualified to attend because I’m a designer and a writer and not a programmer, and meeting people and asking questions. All I’ve learned has given me some great inspiration for science fiction stories and I’m so glad I went.