Did you know that an attacker can flood your house via the water dispenser on your connected refrigerator? Or that bluetooth enabled locks can be picked from ¼ of a mile away using radio frequencies? I didn’t either, until I attended this year’s DefCon 24, an annual hacking convention in Las Vegas.
While a hotel in Las Vegas full of 22,000 hackers sounds like it might not be a good idea, it’s just the opposite. The purpose of this conference is to bring together Internet security professionals from all over the world to help educate, inform and learn how to make the Internet a safer place for all. There’s much more to this conference that meets the eye. In addition to the normal educational talks, there were a lot of interactive events in the form of contests, live hacking, villages and more.
Part two in a series about our trip to DefCon, we will be exploring the emerging threats that came out of the conference, what we learned, and other things that surprised us while we were there.
Highlight on Personal Education in Cyber Security
A lot of the talks focused on protecting users via cyber security software, but there was also a huge emphasis on educating users. Your personal cyber security is a two-pronged approach. In this day and age, no matter what platform you use, including mobile devices, it is imperative that you use Internet security software such as Norton Security. However, not all threats are computer based. There are so many other tactics that attackers use to try to get at your personal info. They stalk social media sites, professional networking websites, try to fool you with phishing emails and even fraudulent phone calls. You can’t expect a computer program to protect you from other human beings, only you can do that. The best approach is to become familiar with the common tactics used in scams, smishing, social engineering and more. When it comes to the fight against cybercriminals, knowledge really is power.
We’ve put together a primer for you to become familiar with some of the more common threats out there:
Malware 101: What Is Malware?
How Can I Tell If I Have Malware and What Can I Do About It?
How To Protect Yourself From Phishing Scams
Sneaky Spammer Tactics and How To Avoid Them
What is Social Engineering?
The Importance of General Software Updates and Patches
How To Choose a Secure Password
How to Clean Up Your Online Digital Footprint
Cyber Security Top Tips for 2016
There were over 25 real-time contests going on during the convention, open to all, from novice to advanced hackers. These contests ranged from tasks such as cracking a password, planting a file on a machine, finding vulnerabilities in IoT devices, social engineering phone calls and more. The purpose of these contests were to try and get into the mindset of an attacker, in order to help professionals refine their skills by teaching them how the other side thinks and lives.
There was actually a mini-conference inside of DefCon aimed at children called R00tz Asylum(link is external). They may be young, but don’t be too quick to call them newbies. There were workshops, contests and talks all aimed at children, ranging from reverse engineering malware, hacking, social engineering, cryptography and more. All with a heavy focus on growing the next generation of cyber security professionals, and using their white hat hacker skills for good.
The purpose of the villages is two-fold. In the front of the rooms, they held talks, while in the back; there was real-time hacking occurring based on the village’s theme.
Crypto and Privacy Village
This village focused heavily on privacy, ranging from topics about personal online footprints to how companies can build better security into their products. In addition to a heavy focus on privacy for the user, there was also a presence of the Federal Trade Commission (FTC), the FBI and the Electronic Frontier Foundation (EFF) to help inform people how law enforcement is trying to get on top of cybercrime. The FTC was actually recruiting hackers there to help them figure out how to crack down on better security and privacy in commercial services and products.
Social Engineer Village
If you’re not familiar with social engineering, also known as “human hacking,” you should be. This is one of the more prevalent threats out there that Internet security software can’t protect you against. Social engineering relies on human-to-human interaction via phone calls, text messages, and even face to face interactions. One of the most fascinating parts of this village was the social engineering phone call competition. Contestants had to do reconnaissance on a specific company, and see how much sensitive information they could get about the company over the phone by using a fake persona.
This village was all about the Internet of Things, and just how secure they are. Contestants were hacking connected refrigerators, thermostats, routers, medical devices, and more. This event also hosted the very first router hacking competition, which led to the discovery of 15 new zero day vulnerabilities to be shared with the research community. There was also a huge focus on how manufacturers should be more security-centric on their devices. The FTC was also involved in this village, sharing their plans on how to get manufacturers to make better security improvements in IoT.
I think that the most amazing thing about this conference is knowing that there is a community of thousands of people, from all walks of life working 24/7 keeping you safe.