DEFCON 17

Posted by The Realist on 8/12/09 • Categorized as Perspective

defcon17So there I was….

No really, I went to DEFCON 17.  This is a slight departure from the normal Pulse Review fare, but one I expect you, gentle reader, will still find interesting.  DEFCON is a conference held in Las Vegas on a yearly basis which covers topics of interest to people who like to find ways to make things do what they simply weren’t designed to do.  Things like networks, computers, locks, beer, hardware and software of every sort, ranging from iPods to the human mind.   In fact, the most fundamental target of these “hacks” is the human mind.

Cryptography is a very, very interesting topic.  I cannot even begin to talk to it in this format.  Yet the funny thing is, no matter how complex a crypto system is, there is a fallible human that uses it somewhere in the system.  That human, more often than not, is the easiest element of the system to “hack”.  This is why corporations and governments that spend millions to billions of dollars on computer security don’t want users to write their passwords down on sticky notes or give out their user name and password - ever.  Social Engineering, which is the art of using societal norms to induce people to do things that they shouldn’t, is the low-tech way to bypass high-tech security.  Oh, and it was a significant topic of discussion at DEFCON.  Human perception is an important facet to security.  The perfect example of this is how we employ locks.

Locks, as our society predominantly employs them, mostly exist to keep honest people honest.   We perceive ourselves as secure behind locked doors and our high end bicycles safe because we put basic locks on them.  The reality is that most of the locks used by private citizens only deter fundamentally honest or ignorant people.  The honest people we can  immediately remove from the equation, while the ignorant are finding it harder and harder to stay that way though.  A quick search on a popular video site can enlighten you as to how simple most locks are to bypass.  In the past, locks used to maintain their security by making their bypass techniques obscure.  That method is no longer valid in the era of mass media.  At DEFCON, there were entire rooms dedicated to the overall art of lockpicking.  The information is in the open - it is amazing what you can do with a beer can and some scissors.

Information - actionable information, that is -  is probably the ultimate commodity.  The amount of information available on the average person has never been higher, and will only increase.  The amount of information that corporations and governments both knowingly and unknowingly release is incredible.  This tsunami of information that flows around us daily is ignored by most.   This is another case where mass perception has not caught up with reality. The ability to derive a great deal of very personal and private information is present to people who know how to analyze social network traffic, and of course to credit card companies as well.  Look at your credit card receipt - all it includes is where you buy gas, food, clothes, coffee, what you do for fun, and where you go to hang out - in short, a financial life story.  Is this necessarily a bad thing?  No, but it is something to be aware of.  Living in a fishbowl is not the way we think of our lives right now, but for most people it should be.  There is a great deal that can be done with this information, but fortunately most of us will never be targeted.

That was the final aspect of DEFCON.  There is a huge amount of vulnerability out there.  Yet vulnerability alone does not create risk.  You need to factor in probability as well.  Thankfully, most of humanity is pretty decent.  The average person won’t walk off with your bicycle just because they know they can get away with it.   Most of us won’t be targeted by identity thieves - unless we get unlucky.   Your front door isn’t going to be picked, bumped, or otherwise bypassed anytime soon.  Just locking it stops most crimes of opportunity.  Knowledge of vulnerability isn’t meant to be scary, it is meant to be enlightening.  Once you understand what the vulnerabilities actually are, you can better asses your overall risk and make informed choices.  And that is what really happens at DEFCON - spreading knowledge.

The Realist is an Air Force Academy graduate, holding a master’s degree in Unconventional Warfare from the American Military University, and a co-founder of The PULSE Review.

  • melissa
    Oh thank you, gentle writer!
  • Susan
    Excellent article. I would like to find out more about how to protect my personal information. (I'll stay away from the DEFCON Network) Are there other information sources which my computer and my less-than-stellar computer skills can manage?
  • I went to the DEFCOM link up there (http://www.defcon.org/html/links/dc-faq/dc-faq.html) - officially DEFCOM is just about the coolest convention I've ever heard of.

    "Is there a network at DEFCON?

    Yes. It would be fair to describe the network as ‘hostile’. It has been described as ‘the worlds most hostile network’, but such descriptions are just attempts at flattery. It is recommended that if you want to connect to the DEFCON network pretend that you are sharing out your entire hard drive to 5,000 hackers. You may want to bring a ‘clean’ computer that you don't mind being infected/hacked/etc. It is considered very poor form to attempt to DoS the network; while the DEFCON staff may not do anything about such attempts it is reasonable to assume that ‘peer justice’ may be meted out. If you're unhappy about the possible risks associated with connecting to DEFCON networks there are a couple of options: refrain from computer use for a few days or connect using another network elsewhere in Vegas (another hotel or something)."
blog comments powered by Disqus