Last weekend the twelfth Hackers On Planet Earth conference, subtitled The Circle of HOPE was held at the Hotel Pennsylvania by 2600 Magazine. As with most years, I made my cross-country pilgrimage to New York City to attend. I flew out on Thursday morning with the eventual goal of making it to my hotel early enough that I could order in, relax a bit, and get to sleep early to shake the inevitable jet lag so I could be somewhat functional the next day. Modulo the usual difficulty in catching a ride from JFK, I made good time and accomplished a decent amount of war driving along the way. There isn't much to remark on until the next day...
Well, I'm finally back from Defcon 25 and writing up my notes while in the throes of con drop before too much of the experience fades from memory. Suffice it to say that I have opinions about last weekend, which I will attempt to write as concisely as I can. I don't like being negative about things because my experience is my own, and I much prefer that people have their own experiences and make up their own minds about things. However, I would be lying if I painted a rosy picture of my attendence of the largest hacker convention on the planet this year. I did not have a good time, I was not the only one, I learned just about nothing new, and it left me with very few fun (or even good) tales to regale people with. It also felt like the weekend flew by - three days came and went before I knew it, which is both a little disorienting and not actually a bad thing when looking at the thirty thousand foot view.
After a protracted period of getting ready, most of which involved fighting with trying to get my designated burner phone reactivated after sitting for a year in the box I was finally ready to hit the road. You can, in fact, purchase functional SIM cards for just about any cellular provider from eBay and buy a pre-paid plan. Upon arriving in Las Vegas and accepting the 106 degree punch in the face, I hailed a shuttle to my hotel and climbed aboard. This year, Vlad found us lodgings within easy walking distance of Caesar's Palace, where Defcon had moved to this year. I hauled my kit upstairs, ordered a pizza, and plopped myself down to read and relax for the first time in a couple of days.
I'd love to tell you how much fun I had at Defcon and give you detailed write-ups of all the talks I went to (taken from copious handwritten notes, of course), but I didn't make it to a single talk, and was able to visit only one village (the Biohacking Village) twice. Mind you, this was after waiting in line for roughly two hours and not getting into the talks I'd originally come to see. Not that the talks I wound up seeing weren't interesting, they were, but they weren't what I was trying to attend. In addition, the Biohacking Village (that I know of) and other village rooms (that I only heard about and thus cannot confirm firsthand) have made a practice of flushing the room (throwing everybody out) to prevent camping, so as to keep the lines moving and thus making sure that most everybody in line gets into something. The lines for just about every talk I saw were around the corner, sometimes two corners, and most of the way down the hallways. I didn't bother trying to get into the talks in the main tracks. Unsurprisingly, go ahead and laugh, I kept getting lost in the labyrinthine hallways of Caesar's Palace. Possibly much to your surprise, many people who actually have a sense of direction kept getting lost there, too. Some of the maps posted on the corners and at the infobooths gave incorrect directions to various locations. Many of the Goons I spoke to didn't know where things were, either. I don't blame them for it at all; a few admitted to me that they had no idea where anything was, either, so I don't feel alone in my frustration. I can't speak to how well organized Defcon was this year because I'm not in a position to know what was going on. What I do know is that Caesar's Palace is very difficult to navigate, and if I'd known how hard it would be I would have gone up a couple of days early specifically to sneak around and learn where everything was ahead of time.
Back from Defcon 25.
Dealt with multiple crises at home.
Didn't spend as much money as I usually do, which isn't a bad thing.
Spent quality time with some old friends. I hope I made a few new ones.
I have opinions. They'll have to wait until I get some sleep.
UPDATE - 20170902 - Typos, finding emergency exits.
So, after many years I've decided that it's my turn to write a first-timer's guide to Defcon. There are many like it, so I'll try to be as frank as I can about the topic. I'm going to try to write for people who've never been to Defcon before (but may have been to other hacker cons). I'm not going to lie or joke around (which some of the guides tend to do) and give as much personal advice as I can. I'm also going to try to not sound like your parents, because nobody likes to read stuff like that.
It's been said that it is a common thing for people to write about their OPSEC protocols for Defcon that they don't use any other time, with the implication that they aren't serious about their security or privacy any other time and are sitting ducks any other time. I would politely like to point out that not everybody has the same threat model: Defcon has one of the most hostile network environments on the planet, one which is not often found anywhere else. It is erroneous to assume that people who only talk about how they prepare for Defcon do not take the same kinds of precautions at any other time. What those people do may not be your business or anyone else's at any other time.
To that end, here are some of the security protocols that I use at Defcon, and happen to use at other times while I'm traveling, as well as some friendly advice to folks new to Defcon.
Here's to the sysadmins, who fight to keep everything up and running. And reboot printers along the way.
Here's to tier-1 tech support, who know the answers but are only allowed to recite from their scripts.
Here's to the pen testers, who keep plugging away.
Here's to desktop support, who occasionally see things they can never unsee.
Here's to the red team, who throw everything from Devo costumes to pork chops to ballroom gowns to the kitchen sink at the mission.
Here's to the hacktivists, who toil endlessly to make the world a better place.
Here's to the open source hackers, whose thankless tasks are labors of love.
Here's to the whistleblowers, who lay everything on the line to try to set things right.
Here's to the lawyers, who honestly answer the question "So, how much trouble could I get in if I did this?"
Here's to the reversers, who yank out their hair while asking the question "What the hell does this even mean?" over and over again.
Here's to the hackers who submit talks to DefCon every year but never get accepted. You keep trying, over and over again.
Here's to the people with the honest questions, who uncover horrors never before dreamed.
Here's to the newbies, who spend long hours punching away to learn arcane skills to satisfy their own curiosity.