DefCon Chronicles: The Crazy Big Hall of Contests, Demos and Seminars

Ralph Losey. Published September 2, 2023.

Photo by Ralph of daughter in front of the Cat Eyes electronic mural in a corner of the usually dark Crazy Big Hall.

A big draw at every DefCon is the Crazy Big Hall of Hacker Demonstrations and Contests. This year was no exception. There were hundreds of demo presentations and contests put on by many Villages. DefCon Chronicles: The Thirty-Two Villages of DefCon. Most, except for the big olympic size one, which had pre-event qualification rounds, were open to anyone at DefCon. The Hacker Olympics – ‘Capture The Flag’ Games with 1,828 Competing Teams. Some were funny, like the tinfoil hat contest, but most were serious. They ranged from hacks and counter-hacks of Satellites, Voting Machines, Cars, Airplanes, Trains, Industrial Control Systems of all kinds, Drones, Refrigerators, Vacuum Cleaners, you name it. Hackers of all kinds were drawn to it. They wanted to learn and compete to grow and test their skills.

Digital Art of Goth Style Hacker by Ralph.

Twenty-four thousand hackers played in the contests and hands-on demos of the latest electronics, and some nostalgia tech too, like pay-phones, old video game operating systems, soldering and even lock-picking. As a lawyer, I’m still wondering why that is so popular, but I almost bought a lock-pick set myself because the mechanisms and shiny tools look so intriguing.

This is the seventh Chronicle in the DefCon Chronicles series. It began with Where Tech Elites, Aliens and Dogs Collide – Series Opener. The second chronicle is Hackers Response to President Biden’s Unprecedented Request to Come to DefCon to Hack the World for Fun and Profit. The third is my Village of special interest, described in Sven Cattell’s AI Village, ‘Hack the Future’ Pentest and His Unique Vision of Deep Learning and Cybersecurity. The fourth was The Hacker Olympics – ‘Capture The Flag’ Games with 1,828 Competing Teams. The fifth Chronicle provided a quick overview of all thirty-two of the Villages, with a close-up of the Red Team Village, DefCon Chronicles: The Thirty-Two Villages of DefCon. The sixth blog on the event was a heart-felt one for us, DefCon Chronicles: My Dad’s Personal Story and the WWII Origin of Hackers.

My ex-Navy Dad would not have liked the looks of many at DefCon, but he would always put appearances aside *to teach a thing or two* to anyone truly interested in his tech skills. Image by Ralph.

Some of the Villages and Contests in the Crazy Big Room

Some of the other larger groups with contests, called Villages, include: Car Hacking Village, ICS Village (Industrial Control Systems), Aerospace Village, Biohacking Village and the Voting Machine Village. The Car Hacking village has a good short video orientation.

DefCon 31 video interview of Car Hacking Village representative.

The bottom line to all of this is that Tesla and other computers on wheels need to be very conscientious on security. Many non-life threatening vulnerabilities have already been found and were demonstrated and more dangerous hacks are rumored to exist, but were not taught. The instructors in the Car Hacking Village urged responsible hacking and noted the life and death dangers of misuse. Kind of doubt that will discourage Putin and his friends, so be careful. I am sure that Putin and other hostile governments snuck some of their hacker spies and operatives into DefCon 31.

There were many cars and hacks taught. Plus, as the video mentioned, they had “open hacking” on some cars and you could just plug in your own computer and look around the computer systems. My daughter, who was co-press with me at DefCon 31, was inspired to be car showroom girl. This was one of the new Teslas that hackers were invited to experiment on. She wondered if she could social engineer her way into driving off with this one.

Ralph photo of his daughter next to a new Telsa.

Another big draw was the Hack a Satellite exhibits and instructions. I only had time to video tape their cool sign, one of the best.

Hack a Satellite display video by Ralph.

Here is another DefCon 31 video on hacking common household appliances. So many are connected online these day to form a vast Internet of Things. I recommend you watch the entire video. The manufacturers are not even trying to be secure. Most are vulnerable. Many even have easily accessible passwords and are otherwise a cinch to take over. Such negligence. The Putin agents walking around were all smiles. Electrocuted by toaster malfunction, yet another way for Putin’s enemies to have a fatal accident. Wake up world! Cybersecurity must be job number one.

DefCon 31 Video Team interview in the Internet of Things area.

ICS Village display with enhancements by Ralph.

One major Village at DefCon is very aware of the danger of faulty code and sloppy security procedures, ICS Village. It provided many seminars and competitions in Industrial Control Systems, including such things as ports, ships, trains, electric and water utilities, waste water, manufacturing, building management, etc. These are the prime targets for an enemy intent on crippling the country. Take at look at the excellent video ICS put out of their DefCon 31 efforts.

A number of other companies had events and demos like GE and the IOT Village, but for them, I’ll just share photos of a few that caught my attention. The companies with a presence at DefCon 31 at least demonstrate some awareness, a “wokeness,” of the significant dangers of security vulnerabilities. They at least know of the problems. The companies not present at DefCon are the real problem, they do not even know what they don’t know. Many of their products are full of zero day time bombs.

Red Team Hackers image by Ralph, as always, by using his AI paintbrushes.

What follows are some pictures I took of the companies and industries at DefCon 31 in the Crazy Big Hall. Not complete, of course, that would requires hundreds of photos, and naturally I added some AI enhancements to most of my photos.

SpaceX was at DefCon showing their space suits. Ralph photo of display with enhancements. No one inside the suit and yes, it does look asleep.

Lockheed Martin has been a leader in cybersecurity for years. It is an obvious target for all enemy states.

Airplane Autopilots are obvious targets. Losey photo with enhancements of one of the many air hack displays.

Tin Foil Hat Winner, Defcon photo with enhancements by Ralph.

Conclusion

Security should be priority for all companies. How loud do consumers and hackers have to shout before tech companies realize that security is the best way to maximize sales. What do you think your sales will be like under Putin, or a Putin puppet or Mafia don: Pretty nice company you have here. Hate to see something bad happen to it. Better make a monthly donation. Think long term about security and democracy. Build in protection as part of initial design. Buyers now want that, not the constant threat of criminal attacks. Do we have to make Secure by Design a legal requirement? See: DefCon Chronicles: Hackers Response to President Biden’s Unprecedented Request to Come to DefCon to Hack the World for Fun and Profit. That may be the only viable solution.

Wake up Tech Cos., consumers are Angry! They want their Tech Toys to be Safe. Image by Ralph.

Look at Apple’s success with sales that make security and quality a priority. They are never first to market. They do not just throw together junk and defective software, so they can be fast and first. Yet most tech companies have that antiquated mindset, including most of the junk AI plug-ins hitting the market now. Wake up tech bros. Don’t force your customers to pay ransom money to criminals. Hire hackers to find and fix your errors. No more zero day surprises. Pay big bug bounties to the good guys instead.

Better yet, hire hackers for initial architecture design, including things like using the RUST programming language. Dump the 50 year old ‘C’ language. Redo any software that uses it and other antiquated code. Think about security from the beginning of product design, not just as a last minute add-on. That is still what most companies do. Don’t make it, fake it and wait for users to break it. Putin and other criminals like him love that kind of lazy greed.