A DEF CON postscript: Said the FBI agent to the taxi driver

A DEF CON postscript: Said the FBI agent to the taxi driver

Summary: While attending America's high-profile hacking and security conferences, Black Hat and DEF CON, a Vegas taxi driver tells Violet Blue his FBI fares want to blind hackers to "teach them a lesson."

SHARE:
19

Suit and tie corporate security conference Black Hat blends into the t-shirts and tactical pants hackers of DEF CON with a lot of overlap. It's common for hackers to attend both Las Vegas conferences, though at Black Hat USA, they're called security researchers.

The conferences now occur back-to-back; Black Hat ends and DEF CON begins the next day. This year DEF CON was twice the size of Black Hat; an estimated 15,000 attendees to Black Hat's 7,000.

021

It was my first time attending Black Hat, but not my first DEF CON. Black Hat is at the opulent, yet strangely cheesy, Caesars Palace and heavily moneyed, with nary a visible tattoo in sight. DEF CON is at the seen-better-Vegas-times Rio and is a kaleidoscope of piercings and dyed hair.

Two days into DEF CON, there had been no noise in response to the pre-conference announcement that Feds were not welcome this year. In opposition, Black Hat had rolled out the red carpet for NSA Director General Alexander, and it was widely accepted as a matter of logic that there were undercover agents everywhere.

It made the atmosphere tight; moving around Caesars and talking with notorious hackers in its bars felt like warily navigating a compressed, noxious jewel box. Outside, the Internet was tearing itself apart over NSA spying allegations and revelations. Within Black Hat's gilded security conference cage, were the principal players.

But while the organization had warmly welcomed the NSA's front man to keynote on Day 1, Black Hat's attendees didn't all feel similarly and heckled him with shouts of "Bullshit!" and accusations of lying to Congress throughout his speech.

Despite this, most Black Hat attendees and vendors fell on the corporate and government side of the fence, even if the entire convention had an underlying feeling of this isn't the future we were promised.

I watched the conferences fade into each other as some of the people in suits began to put their piercings back in, and more than one security professional had their hair "fixed" back to candy colors the minute Black Hat's inaudible, but palpable bell rang for recess, and DEF CON began.

Outside heat during both conferences was steady, around 104 degrees during the day. On the last day of DEF CON, my exhausted partner and I loaded ourselves into a taxi to do our separate work; he for his company, and me for CBS Interactive.

Eric told the cab driver to take us to the Rio, conference entrance please. The driver began talking about the security conferences in town, and how he'd been driving 'them' all week.

The driver continued to talk about the week's clientele, the ones going to the conferences. "I hate those people," he told us.

I asked him, "Who?"

"The hackers. Awful people. Look at this. Look at this!" He held up a few one-dollar bills. "Even their money is grubby and filthy."

"You know what they did?" The taxi driver continued while he drove us to the Rio. I said, no, what did they do?

"They hacked Caesars. They got into the entertainment system and they made it so that everyone who was checked into Caesars got billed for one porno movie. Everyone in the hotel," he paused to look at us in the rearview mirror.

"Then when everyone went to check out they all had this charge on their bills."

I responded, "That's no fun."

He said, "But that's not it. So everyone checking out had these charges and had to refute them. And all these people missed their planes! Can you think what it cost to fix this?!"

We didn't say anything, but the driver quickly added, "I drove these FBI guys to the conference, you know? They have to go there and deal with these people."

I said, really? FBI guys? "Yeah, these guys told me they have to come here to recruit them, they have to go try and hire hackers." I asked, what did they look like? "Oh, like regular FBI, you know, with the high and tight, dressed nice. They said they had to recruit these people."

Hire them for what, I asked? "He said they just needed to hire them. But he said they didn't want to give them jobs. He said he'd rather catch them and teach them a lesson. He said he wanted to blind them."

I wasn't sure I'd heard the taxi driver. Eric said, "There are some really skilled blind hackers."

We were pulling up to the Rio, and began paying the fare. Our driver said "Huh, really? Anyway, he said he wanted to blind 'em. And you know what I said? I said you should cut their fingers off. That'll teach them a lesson. The FBI guys liked that one."

Out of the cab and into the thick wall of Vegas heat between us and DEF CON, I realized I had goosebumps on my arms. 

---

I think one of the differences between Black Hat and DEF CON is that each have a different relationship to their heroes. 

The first night of Black Hat parties - all fairly corporate, though relaxed affairs with hackers of all stripes - I found myself at a VIP party talking to one of the key cogs in Black Hat's clockwork. This person told me they were absolutely, 100% convinced that there weren't any real 'black hats' at Black Hat. Not anymore. It was all sales, marketing and salespeople.

I politely disagreed, and suggested they go to different parties.

Black Hat is hacking scrubbed of its sense of wonder. And sadly, it mirrors the times we're in.

As the Internet turns itself inside out wrestling with new forms of censorship, gated communities, corporate hypocrisy, and government deceit, Black Hat's atmosphere is a response to our despair. 

It's not that the people I met and the strangers I talked to about working in the security industry are not nice, or weren't fun. It's that there was no moment where Black Hat contained a single moment of elevation, something I have felt at every hacking and security conference I have attended around the world. This is America's front-facing security conference, and it is devoid of optimism; it has no heroes.

Watching press try to describe Black Hat was watching a struggle to pick sides; Black Hat reflects the personal confusion, pervasive paranoia, and systemic unease the general public feels about life in the NSA spying era. But what's worse is watching press try to describe DEF CON, who, despite a framework of cynicism still has its sense of wonder about hacking, and in contrast, still has its heroes.

Buzzfeed's Justine Sharrock knew what side she was taking before she walked into DEF CON when she wrote Welcome To Def Con — You’ve Already Been Hacked: What happens when a civilian shows up at the world’s longest-running hacker conference? One victim shares her story.

In a comically poor effort at journalism, Sharrock takes a photo of DEF CON's Wall of Sheep and picks out an email address from the list. Sharrock also took a photo of the room, appending the caption "Def Con hackers trying to collect passwords for the wall."

Then Sharrock sent emails to the list she gathered until she hit pay dirt. A woman wrote back saying she's upset to be on the Wall; she is Sharrock's perfect "victim."

DEF CON's legendary Wall of Sheep is an ongoing demonstration of what happens when people log into email, websites, and all other services without using encryption. All passwords on the Wall are obscured, so no sensitive credentials other than an email address are publicly exposed. 

The Wall is meant as a public cautionary tale - and hackers are razzed forever if their name appears on the Wall during the conference. However, the organizers and participants - the people in Sharrock's photo of "hackers trying to collect passwords" - openly offer to teach people who end up on the Wall (or don't want to end up on the Wall) how to secure their devices.

The goal is education, serving as a reminder that this very thing happens every day in regular public spaces - but rather than good-natured tough love by DEF CON hackers, the usual version of this comes from people with malicious intent.

Buzzfeed's Sharrock may or may not fit that description - malicious intent. But articles like hers remind me of Black Hat's loss of wonder, in the shadow of a disillusioned hacker/government contractor; it is blunt and hopeless.

---

When I got home to San Francisco, I squeezed in a visit to my GP to let them know I would be traveling to Southeast Asia soon - to cover more hackers and hacking conferences.

As happens with more regularity when I talk to everyday people, and my job comes up I was asked, "What do you think of all this, with Snowden and the NSA? And, wait: aren't you still a sex writer?"

Yes, I told her, I'm still a sex writer. Writing about sex, if you really mean it, inevitably means writing about censorship, human rights, privacy, security, and how technology affects at-risk populations.

I told her that I was in the room when the NSA director had 'bullshit' shouted at him and was accused of lying to Congress. "What did he say? Did he ignore it?" No, he denied lying to Congress, and much of the room seemed to be on his side.

I told her that the room was packed to capacity and standing room only, with an overflow of 1500 people in a seperate room watching the live video feed. I said that this was important; people really care about this and they're upset that they may be being lied to. And before the keynote, a few cartons of eggs were confiscated from the audience, from people who most certainly felt that they had been lied to.

I told her that I thought that the Administration had made a huge mistake by endorsing these programs wholesale in their spin, that this would be impossible to undo, and that it cemented the mistrust people have for a government that has created its own secret court system, and no amount of claiming they'd stopped terrorists would earn the public's trust. What do you do when no one trusts you anymore? Why demonize the very people who could restore that trust?

At both security conferences, I explained, no single hacker or security professional was surprised in any way about Prism, or any of the allegations. What surprised them, I explained, was that the general public was surprised.

I told her about the FBI and the cab driver. I told her that inside the hacker communities, like DEF CON, are a whole bunch of people with strange gifts, strangely gifted to find flaws in systems, a whole bunch of people just trying to live their lives. People with elevated talents for finding what's wrong with technology, and solving it, but all being shoved into misunderstood categories and never knowing if they are breaking the law or not, and sometimes facing death in jail for these abilities under outdated laws enforced by people who have no accurate understanding of the technology at hand.

I explained to her how frustrated hackers are of finding major security issues that put people at risk, and being ignored by companies or the government, or receiving a wall of silence, or being threatened with prosecution. I told her about the DEF CON documentary, and how hackers were saying that it was the thing to show outsiders for understanding, and that there were a million kids running around DEF CON with hats that read "GEEK" on them, and that being able to see all these people find and forge community was one of the highest honors of my life.

I told her that I thought the whole thing meant that the world needs hackers more than ever.

My doctor said she was going to torrent DEFCON: The Documentary that evening.

I told her I'd come see her again before I go to Serbia next month.

--- 

See more photos and read much more about the activities, outrageous parties and more mischief at DEF CON 21 in:

Topics: Security, Government US

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

19 comments
Log in or register to join the discussion
  • Just like guns....

    Good or bad, necessary evils....
    Should we kill the Bill of Rights or disconnect the masses?
    partman1969@...
    • Is free speech unlimited?

      You believe that the use of the Internet is covered under the First Amendment. Sure. But it is also covered under the Constitution (see below for the relevant snippet). Could control of the Internet be covered under Congress's right to control the Post Office? And what about the "Piracies and Felonies" part? And definitely consider the "Commerce with foreign Nations, and among the several States" part.


      "The Congress shall have Power ...
      ...
      To regulate Commerce with foreign Nations, and among the several States, and with the Indian Tribes;
      ...
      To coin Money, regulate the Value thereof, and of foreign Coin, and fix the Standard of Weights and Measures;
      To provide for the Punishment of counterfeiting the Securities and current Coin of the United States;
      To establish Post Offices and post Roads;
      To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries;
      To constitute Tribunals inferior to the supreme Court;
      To define and punish Piracies and Felonies committed on the high Seas, and Offences against the Law of Nations;
      ..."
      saucymugwump
      • Errata

        "Congress' right"
        saucymugwump
      • Read it as it was meant

        not as you would have it mean.
        Iman Oldgeek
  • Serbia

    I hope you don't think Serbia is in Southeast Asia.

    You'll get on the wrong plane if you do.
    kb@...
  • We've All Been Hacked

    Yes, good point, we have all been hacked by our own government. And to a greater degree than Cold War communist governments ever dreamed. George Orwell was right, too.

    Interesting article, thanks.
    reed-white
  • ZDNet's saving grace

    Thank you for an interesting and enlightening article Violet. I've gotten pretty jaded with many of the articles I find here and this one was a refreshing change from some of the "articles for articles sake" that rehash the same old argument, or invent ridiculous new ones simply to provide content. While there was nothing earth shaking or ground breaking here, it was at least an entertaining read.
    Huckleseed
  • Well

    The govt is bullsht in general. hackers are a necessity.
    Jimster480
  • Hackers are not beneficial to society

    Many of the hacker types are upset at the NSA because their true identities might be revealed. If you read Brian Krebs, you know that it is common for this crowd to steal from companies in the USA, yet decry any attempt to shut down the anonymous currency services they use to launder their loot. Also from Krebs, these same hacker types believe that the government should not crack down on child porn purveyors, with one recently declaring that "Child porn should not be illegal to view to start with, this is a witch hunt. They should use these exploits against real criminals hurting kids." And we have one here who wrote "hackers are a necessity." Sure, for criminal activities.
    saucymugwump
    • You are ignorant...

      if you believe what you just wrote. I especially like how you painted all hackers with the same brush. You might want to educate yourself a bit before posting such ignorant garbage.
      kstap
      • Hackers who live in glass houses should not throw stones

        First, I wrote:
        - "Many of the hacker types" not "all hackers"
        - "it is common for this crowd" not "everyone in this crowd"

        So, contrary to your illiterate remarks, I never claimed that all hackers are scum.

        Second, you are the ignorant one because you do not read Krebs On Security. Many hackers openly claim that child porn should be legalized, regardless of its effect on children. Many hackers openly claim that the USA has no business cracking down on cyber-thieves and the anonymous payment systems they use because they believe they have the right to commit such crimes. One hacker "swatted" Krebs, causing the police to surround his house and arrest him; another sent white powder, quite possibly illegal drugs, in a attempt to cause him to be arrested. If one of my friends told me that he thinks child porn should not be a crime, he would not be my friend anymore. You, on the other hand, believe that child porn advocates are just normal folks. What do you think that makes you?
        saucymugwump
        • Just some thoughts

          Ignorant for not reading "Krebs"?? You have certainly latched onto my leg and are are applying force on it in the opposite direction of my body!

          Cracking down on anonymous payment processors. That's certainly a conundrum, but I can't see why it's a priority for law enforcement. There's arguably a TON more money in real tax havens throughout the world, why pursue the menial transfers of your average folks? Liberty Reserve was huge in burgeoning markets, and likely less than half of its traffic was for "illegal (in the US)" purposes.

          The damage any individual can do, or even a group of individuals, can never truly stand up to the damage corporations are capable of. The government really has no business in the lives of individuals, mainly because they almost always chose to attack those who are already disenfranchised, and who have committed victimless crimes. (see US drug war)

          As good an investigator as Krebs can be, you have to admit he's a douche. Not to mention he blows cyberheisting and CC skimming way out of proportion, to an absurd degree.

          Regarding the porn . . .
          There's a difference between decriminalization of possession of something, and supporting the production of something.

          The evidence is out there, someone per-disposed toward sexual thoughts about children can often find regulation through child porn. Rather than committing actual heinous acts against physical children, they get off to audio/visual stimuli.

          Is it ideal? Hell no, but on one side you have a group of people who weren't involved in the crime of abusing a child, and who don't profit from it at all. But you also have people who do abuse children and who profit from it. Certainly they've committed a crime. But the folks who download it and get off to it? I don't really see why that's a criminal activity, in fact this sort of pornography wasn't illegal until fairly recent human history.

          Also, if we follow the logic of the law as it's applied to every other industry, we should encourage "sharing" of child pornography. What better way to bankrupt an industry than to pirate them into oblivion!?
          juchmis
          • Some Points...

            And then you are way off the mark to convince anyone that you are a standup guy.
            Points..The damage any individual can do, or even a group of individuals, can never truly stand up to the damage corporations are capable of.. so if they clean out some poor slob trying to hold on to his home and feed his family, that is ok because the hacker was an individual?
            Sharing porn is ok? Like Pedophiles are happy just looking at pictures.. they inevitably escallate, maybe only to peeping and not the level of physical abuse.. but you want them peeking in on your children?
            I can agree that the "Watchers" need to be watched, that someone needs to stand up for the average joe/Jane, but if they want to be a hero, running off to Russia is not the way to do it. Be man enough to stand up for what you do.
            Putertechn
  • Bad spelling, Freudian slip, or intentional?

    "Ceasers Palace" and "Ceasers" throughout.
    Vesicant
  • Caesar's Palace...

    just sayin'. Not Ceaser's.
    Iman Oldgeek
  • I think I love you

    Really great, important article that touched my heart, thank you. ZDNet has become so banal but you redeem it a up few pegs.
    primartcloud
  • Thanks for the report...

    ...And I like that your doctor said she would torrent the DEFCON film - sign o' the times!
    BristleKRS
  • Blinding? Cutting off Fingers?

    Maybe this is the seed of a uniquely American equivalent of Sharia Law? Or Vegas Law; I have heard stories of dealers who cheated the house being punished by the Mob by having their hands broken so they could no longer deal cards. First offense, that is; second offense was feeding the coyotes.
    jallan32
  • The Elephant In the Room

    From my time in public service I noticed two things about public employees. One they take their jobs very seriously, and Two funding take precedence over everything else.

    Any intelligent, hard working public official can honestly and passionately extol the benefits of their function and provide a laundry list of reasons why they should be funded. The reason for this is what I'm calling, "The Elephant in the Room", and specifically that is public officials from the highest levels down make funding their top priority.

    If day-to-day meetings where observed by the public they would see the above two priorities in action.

    Most of the government officials I've met work diligently to do a good job at completing their sworn duties. But the one thing I've never seen is any of them try to do is work themselves out of a job. In fact what I've observed is just the opposite. Public officials that I've known like to be given more responsibility (more oversight if you will).

    So when General Alexander told congress, “There is no doubt in my mind that we will lose capabilities because of this,” and “Our security is jeopardized. We are less secure than two weeks ago.”

    He's not referring to the loss of State secrets by the exposure of PRISM as much as the loss of funding due to public opinion moving congress to react by cutting funding.
    Pronounce