Preview Mode Links will not work in preview mode

Aug 27, 2019

The History of DEF CON Welcome to the History of Computing Podcast, where we explore the history of information technology. Because understanding the past prepares us for the innovations of the future! Todays episode is on the history of DEF CON. I have probably learned more about technology in my years attending Blackhat and DEF CON than from any other source other than reading and writing books. But DEF CON specifically expanded my outlook on the technology industry and made me think of how others might consider various innovations, and sometimes how they might break them. DEF CON also gave me an insight into the hacker culture that I might not have gotten otherwise. Not the hacker culture many think of, but the desire to just straight up tinkerate with everything. And I do mean everything, sometimes much to the chagrin of the Vegas casino or hotel hosting the event. The thing that I have always loved about DEF CON is that, while there is a little shaming of vendors here and there, there’s also a general desire to see security research push the envelope of what’s possible, making vendors better and making the world a more secure place. Not actually trying to back things in a criminal way. In fact, there’s an ethos that surrounds the culture. Yes, you want to find sweet, sweet o days. But when you do, you disclose the vulnerability before you tell the world that you can bring down any Cisco firewall. DEF CON has played a critical role in the development and remediation of rootlets, trojans, viruses, forensics, threat hunting research, social engineering, botnet detection and defeat, keystroke logging, DoS attacks, application security, network security, and privacy. In 2018, nearly 28,000 people attended Def Con. And the conference shows no signs of slowing down. In fact, the number of people with tattoos of Jack, the skull and crossbones-esque logo, only seems to be growing. As does the number of people who have black badges, which give them free access to DEF CON for life. But where did it get its start? The name is derived from WarGames, a 1983 movie that saw Matthew Broderick almost start World War III by playing a simulation of a nuclear strike with a computer. This was obviously before his freewheeling days as Ferris Bueller. Over the next decade, Bulletin Board Networks had become a prime target for hackers in it for the lolz. Back then, Bullet Boards were kinda’ like what Reddit is today. But you dialed a network and then routed through a hierarchical system, with each site having a coordinator. A lot of Fido hacking was trying to become an admin of each board. If this sounds a lot like the Internet of today, the response would be “ish”. So Jeff Moss, also known as Dark Tangent, was a member of a group of hackers that liked to try to take over these bulletin boards called “Platinum Net”. He started planning a party for a network that was shut down. He had graduated from Gonzaga University with a degree in Criminal Justice a few years earlier, and invited #hack to join him in Vegas. Moss had graduated from Gonzaga University in Criminal Justice and so why not have 100 criminals join him in Vegas at the Sands Hotel and Casino! He got a little help from Dead Addict, and the event was a huge success. The next year, Artimage, Pappy Ozendorph, Stealth, Zac Franken, and Noid threw in to help coordinate things and the attendees at the conference doubled to around 200. They knew they had something special cookie’ up. Def Con two, which was held at the Sahara, got mentions by Business Week and the New York Times, as well as PC Magazine, which was big at the time. DEF CON 3 happened right after the Hackers movie at the Tropicana, and DEF CON 4 actually had the FBI show up to to tell the hackers all the things at the Monte Carlo. DEF CON 4 also saw the introduction of Black Hat, a conference that runs before DEF CON. DEF CON 5 though, saw ABC News ZDNet, Computer World, and saw people show up to the Aladdin from all over the world, which is how I heard of the conference. The conference continued to grow. People actually started waiting to release tools until DEF CON. DEF CON 6 was held at the Plaza and then it went to the Alexis Park Resort from DEF CON 7 to DEF CON 13. DEF CON 7 will always be remembered for the release of Back Orifice 2000, a plugin based remote admin tool (or RAT) that I regrettably had to remove from many a device throughout my career. Of course it had an option for IRC-based command and control, as did all the best stuff on the Silk Road. Over the next few years the conference grew and law enforcement agents started to show up. I mean, easy pickings, right? This led to a “spot the fed” contest. People would of course try to hack each other, which led to maybe the most well-known contest, the scavenger hunt. I am obviously a history nerd so I always loved the Hacker Jeapoardy contest. You can also go out to the desert to shoot automatic weapons, participate in scavenger hunts, pick all the locks, buy some shirts, and of course, enjoy all the types of beverages with all the types of humans. All of these mini-events associated with DEF CON have certainly helped make the event what it is today. I’ve met people from the Homebrew Computer Club, Anonymous, the Legion of Doom, ShadowCrew, the Cult of the Dead Cow, and other groups there. I also met legends like Captain Crunch, Kevin Poulsen, Kevin Mitnick, L0pht (of L0phtcrack, and many others. By DEF CON 7 in 2000, the conference was getting too big to manage. So the Goons started to take over various portions of the con. People like Cjunky, Agent X, CHS, Code24, flea, Acronym, cyber, Gattaca, Froggy, Lockheed, Londo, Major Malfunction, Mattrix, G Mark, JustaBill, helped me keep from getting by eyebrows shaved off and were joined by other goons over the years. Keep in mind there are a lot of younger script kiddies who show up and this crew helps keep them safe. My favorite goon might be Noid. This was around the time the wall of sheep appeared, showing passwords picked up on the network. DEF CON 11 saw a bit of hacktivism when the conference started raising money for the Electronic Frontier Foundation. By 2005 the conferences had grown enough that Cisco even tried to shut down a talk from Michael Lynn that could basically shut down the Internet as we know it. Those pages mentioning the talk had to be torn out of the books. In one of the funner moments I’ve seen Michell Madigan was run out of the con for trying to secretly record one of the most privacy oriented groups I’ve ever been a part of. Dan Kaminsky rose to prominence in 2008 when he found some serious flaws in DNS. He was one of the inaugural speakers at Def Con China 1 in 2018. 2008 also saw a judge order a subway card hacking talk be cancelled, preventing three MIT students from talking about how they hacked the Boston subway. 2012 saw Keith Alexander, then director of the NSA give the keynote. Will Smith dropped by in 2013, although it was just to prepare for a movie. Probably not Suicide Squad. He didn’t stay log. Probably because Dark Tangent asked the feds to stay away for awhile. DARPA came to play in 2016 giving out a 2 million dollar prize to the team that could build an autonomous AI bot that could handle offense and defense in a Capture the Flag style competition. 2017 made the news because they hosted a voting machine hacking village. Cambridge Global Advisors was a sponsor. They have no connection with Cambridge Analytica. No matter how you feel about politics, the hallmark of any democracy is certifying a fair and, um, democratic election. Jimmy Carter knows. He was 92 then. 2019 saw 30,000 people show up in Vegas for DEF CON 27. At this point, DEF CON has been on the X-Files, Mr. Robot, and given a node in the movie Jason Bourne. It is a special event. Being surrounded by so many people with unbridled curiosity is truly inspiring. I doubt I would ever have written my first book on security if not for the opportunity they gave me to speak at DEF CON and Blackhat. Oh, recording this episode just reminded me - I need to go book my room for next year! If you want to learn more about DEF CON, we’ll include a link to the documentary from 2013 about it in the show notes. https://www.youtube.com/watch?v=3ctQOmjQyYg