LAS VEGAS – Braving triple-digit heat, mean hangovers and an incredibly hostile network, roughly 10,000 hackers, security experts, feds, spies and various other "computer enthusiasts" took over the Riviera last weekend for the world's largest hacking convention, DefCon.
This year there was no shortage of interesting developments, including a hacked ATM, hacked badges, hacked parking meters, hacked locks, hacked feds, hacked video cameras and more.
Wired.com and Threat Level covered the fun in depth. Read on for an illustrated look back at some of the highlights.
Above: The winner of the DefCon badge-hacking contest used an array of LEDs soldered into a baseball cap to thwart facial recognition systems. His plan, theoretically, was to use the cap to sneak into the room of Joe “Kingpin” Grand — the designer of DefCon’s badges — and steal the black über badges stored there.
Photo: Dave Bullock/Wired.com
This year, the DefCon badge wasn't the only electronic badge at the conference. Ninja Networks produced badges that granted access to its popular annual party.
Each of the more than 500 badges featured 10 segmented LED displays, four buttons and several microchips on the back. When powered on, the LEDs blinked random, scrambled letters that froze to form the words "NINJA PARTY" after 100 seconds. The badge came programmed with a game of Simon-Says, and users could alter random segments of the badge's memory through a keypad.
The badges were created by Amanda Wozniak (not shown), who designed the circuitry, and Brandon Creighton (right), who wrote the badge firmware.
Photos: Dave Bullock/Wired.com
Although it looks incredibly secure and high-tech, the Medeco NexGen padlock can be opened in about 10 seconds using a simple tool (second and third photos) and an even simpler technique.
Wired.com was given an exclusive demonstration of the vulnerability of the NexGen as well as the CLIQ shown below (fourth photo).
The CLIQ is an locking system designed to be opened exclusively with a special electro-mechanical key (lower left), but a design flaw allows it to be easily opened in just a few seconds using a mechanical key (right).
Photos: Dave Bullock/Wired.com
RFID hacker Chris Paget demonstrates his new hardware/software toolkit, which can read, store and clone any RFID chip. The kits will be available soon for $50.
Photo: Dave Bullock/Wired.com
An off-the-shelf RFID reader and webcam connected to a laptop caused quite a stir when they captured data from a federal agent.
Photo: Dave Bullock/Wired.com
If you're concerned about hackers cloning your RFID cards in your wallet, which you should be, you might consider upgrading to an RFID-blocking wallet, like these from DIFRwear.
Photo: Dave Bullock/Wired.com
One of the more embarrassing features of DefCon, at least for those caught in its trap, was the Wall of Sheep. If attendees used the DefCon wireless network without encryption, they ended up on the Wall. ALWAYS USE ENCRYPTION.
This means using HTTPS, VPN or other types of encrypted tunnels. That includes making sure your Twitter client uses SSL.
Photo: Dave Bullock/Wired.com
A critical part of the DefCon network infrastructure was the mobile bar. Good mixology skills provided the requisite balance between network-warrior-work and fun.
Photo: Dave Bullock/Wired.com
These Aruba wireless access points, like the ones that powered the DefCon network, are actually just dumb radios. All the encryption, and even much of the low-level wireless protocol communication, happened in the main Aruba rack located up in the ceiling.
Photo: Dave Bullock/Wired.com
One of the DefCon network administrators, David Bryan, brought a few creature comforts from his home in Minneapolis to while away the long hours manning the network – several varieties of home-brewed suds, which he packed in dry ice to keep cool.
Photo: Dave Bullock/Wired.com
Part of the DefCon Mystery Challenge involved a laser. Unfortunately, it was not mounted to a shark.
Photo: Dave Bullock/Wired.com
Hacking the DefCon badge was one of the official DefCon contests this year.
One team of contestants, who called themselves Optimized Tom Foolery, modified their badge with a Geiger counter-based random number generator with a wireless link. As the Geiger counter detected radiation, the badge used the sound ticks to generate random numbers, which were sent wirelessly via a Zigbee radio to a laptop. The number of random numbers generated varied depending on the amount of radiation detected by the Geiger counter. Random numbers are commonly used to create strong encryption, but are surprisingly difficult to produce.
Photos: Dave Bullock/Wired.com
Located in the vendor area at DefCon 17, a gray box with a green button beckons curious hackers with an LCD readout that says, "Push the Green Button."
When pressed, 30 seconds of video is recorded of whatever happens to be in front of the camera. The video is then uploaded to a website. To prevent videos of people holding up their iPhones with obscene photos (lemon party, in one instance) making it up onto the site, the videos required approval. Check out some of the non-lemon party videos on DCTV.
Photo: Dave Bullock/Wired.com
Hackers love picking locks. It's a fun, computer-related challenge that became part of hacker culture back when mainframe users at MIT had to pick the locks to the computer room at night to get more screen time.
A giant set of lock picks made this hacker the envy of his peers (above), one of whom was working hard to open an especially complicated lock (below).
Photos: Dave Bullock/Wired.com
Field-programmable gate arrays (sitting on top of the glass) allowed hackers to install software directly onto a processor, making it much faster than running it on top of an operating system. Hackers have employed FPGAs for breaking crypto, brute-force hacking and much more.
Photo: Dave Bullock/Wired.com
The DefCon security volunteers, known as security goons, consumed various types of nourishment to get them through the long hours. Tactical Bacon, a can of pre-cooked bacon, was one of the more interesting food items found in the DefCon security goon operation center.
Photo: Dave Bullock/Wired.com
