NSA Playset, 911 hacked and war cats: A wild ride at DEF CON 22

With one week until the eve of America's biggest and most controversial hacker conference, we've got a hotlist of explosive talks set to go off at DEF CON 22.
Written by Violet Blue, Contributor

Next week America's biggest hacker conference starts its yearly reign of controversy, and we've got a hotlist of DEF CON 22's most incendiary talks.

DEF CON returns to Las Vegas at the ripe age of 22 with four packed days of talks, expo, 303 Skytalks, panels, lockpicking, Queercon, social engineering sport, the Tamper Evident Village, Defcon Kids, and much more from August 7-10 at the Rio Hotel and Casino.

Featured competitions at DEF CON 22 include the Counterfeit Badge Contest, CTF: Capture the Flag (Legitimate Business Syndicate), EFF SOHO Router Hacking, SECTF for kids (Social Engineering Capture the Flag for kids) The DEFCON Darknet Project, Wall of Sheep -- Capture The Packet, and many more.

Similar to this year's Black Hat, DEF CON's 2014 controversy started before the conference did.

Black Hat's pre-announced headline-making talk about breaking Tor upset plenty of people, then was pulled from the schedule leaving a lot of unanswered questions in its wake.

DEF CON's seed of controversy was planted with the announcement of the NSA Playset in early June, a project that open sources NSA surveillance tools to the public, and is the center of presentations that have everyone talking.

Inspired by the NSA's ANT Catalog of spyware and surveillance tools, the collaborative NSA Playset project aims for easy, at-home creation of the NSA's spy-tools arsenal — silly names encouraged.

The NSA Playset was announced in a presentation at Hack In The Box Amsterdam in April by Michal Ossmann (founder of Great Scott Gadgets, known for the Throwing Star LAN Tap and HackRF). His talk NSA Playset slides are here (.pdf).

Four NSA Playset projects will be presented at this year's DEF CON.

These include "TWILIGHTVEGETABLE" (comprehensive GSM sniffing/attacks), RF Retroreflectors (radar eavesdropping technology for over-the-air surveillance), "SLOTSCREAMER" (DMA attacks),  and "DIY WAGONBED" (an open source hardware version of the NSA's hardware trojan).

DEF CON 22: Our top picks



Oh Bother, Cruising The Internet With Your Honeys, Creating Honeynets For Tracking Criminal Organizations (Terrence Gareau, Mike Thompson; 4pm)

This talk focuses on strategically placed honeypots that lure and trap criminals, allowing organizations to put that information to use improving network security.

Presenters Gareau and Thompson will outline how to use DDoS vulnerable services to develop a honeypot network that will extract valuable information from the Internet and produce a data feed that can be used to protect online assets with kibana, elasticsearch, logstash, and AMQP.


Measuring the IQ of your Threat Intelligence feeds (Alex Pinto, Kyle Maxwell; 11am)

Since the actual number of breaches and attacks worldwide is unknown, it's impossible to measure how good threat intelligence feeds really are. This presentation will consist of a data-driven analysis of a cross-section of threat intelligence feeds (both open-source and commercial) to measure their statistical bias, overlap, and representability of the unknown population of breaches worldwide.

We will provide an open-source tool for attendees to extract, normalize and export data from threat intelligence feeds to use in their internal projects and systems.

It will be pre-configured with current OSINT network feed and easily extensible for private or commercial feeds.

Hacking US (and UK, Australia, France, etc.) traffic control systems (Cesar Cerrudo; 1pm)

This presentation will explain how example traffic control devices were acquired, the research, the on-site testing demos (in Seattle, New York and Washington DC), vulnerabilities found and how they can be exploited, and sample attacks. Cerrudo adds, "after this presentation anyone will be able to hack these devices and mess traffic control systems since there is no patch available."

Dark Mail (Ladar Levison, Stephen Watt; 5pm)

Most attendees of this presentation will be familiar with the story of Lavabit's demise. After running through an overview of the Dark Internet Mail Environment, this talk will delve into the details, showcasing the new protocols: DMTP and DMAP.

It will also highlight the schemes used by these protocols to provide "automagical encryption" and illustrate the mechanisms which have been developed to protect against advanced threats. "To close the talk, we will provide a public demonstration of the reference implementation – showing the Volcano client and Magma server in action."

Panel - Diversity in Information Security (Jennifer Imhoff-Dousharm, Sandy “Mouse” Clark, Kristin Paget, Jolly, Vyrus, Scott Martin; 5pm)

Diversity is a hot and challenging topic in every sector of tech industry and across tech culture. This panel promises an open, frank discussion about diversity in hacking and security and conversation that spans race, age, ability, the gender spectrum and includes all orientations. 


Mass Scanning the Internet: Tips, Tricks, Results (Robert Graham, Paul McMillan, Dan Tentler; 10am)

This talk will discuss how to do it, such as how to get an ISP that will allow scanning, tools to do the scanning (such as 'masscan'), tools to process results, and dealing with abuse complaints. "We Internet, such as all the SCADA/ICS systems we've found. We've only scratched the surface -- the Dark Internet of Things is waiting for more things to be discovered."

Hacking 911: Adventures in Disruption, Destruction, and Death (Christian “quaddi” Dameff, Jeff “r3plicant”, Peter Hefley; 10am) 

This panel reviews the archaic nature of the 911 dispatch system and its failure to evolve with a cellular world, the problems that continue to plague smaller towns without the resources of large urban centers, how the mischief of swatting and phreaking can quickly transform into the mayhem of cyberwarfare, and the medical devastation that arises in a world without 911.

Hack All The Things: 20 Devices in 45 Minutes (CJ Heres, Amir Etemadieh, Mike Baker, Hans Nielsen; 10am)

This presentation will feature exploits for over 20 devices including but not limited to TVs, baby monitors, media streamers, network cameras, home automation devices, and VoIP gateways. "Gain root on your devices, run unsigned kernels; it’s your hardware, it’s internet connected, and it’s horribly insecure."

We will also be following last year’s tradition of handing out free hardware to assist the community in rooting their devices.

This year we will have a select number of eMMC adapters for presentation attendees.

Masquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring (Ryan Lackey, Marc Rogers, The Grugq; 2pm)

While simple network tunneling such as Tor or a VPN can keep the contents of communications confidential, under active network monitoring or a restrictive IDS such tunnels are red flags which can subject the user to extreme scrutiny. Format-Transforming Encryption (FTE) can be used to tunnel traffic within otherwise innocuous protocols, keeping both the contents and existence of the sensitive traffic hidden.

We present Masquerade: a system which combines FTE and host OS profile selection to allow the user to emulate a user-selected operating system and application-set in network traffic and settings, evading both automated detection and frustrating after-the-fact analysis.

Learn how to control every room at a luxury hotel remotely: the dangers of insecure home automation deployment (Jesus Molina; 4pm)

The St. Regis ShenZhen, a gorgeous luxury hotel occupying the top 28 floors of a 100 story skyscraper, offers guests a unique feature: a room remote control in the form of an IPAD2.

The IPAD2 controls the lighting, temperature, music, do not disturb light, TV, even the blinds and other miscellaneous room actions. However, the deployment of the home automation protocol contained several fatal flaws that allow an arbitrary attacker to control virtually every appliance in the hotel remotely.


Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog (Gene Bransfield; 10am)

Bransfield explains his work hacking a GPS cat tracking collar for potentially nefarious purposes. The collar contained a GPS device and a cellular component to track a cat's movements. "All you need now is a WiFi sniffing device and you'd have a War Kitteh." Similarly, the DoS Dog is what happens when one loads a doggie backpack with different equipment (e.g. a Pineapple) to create a Denial of Service Dog.

Deconstructing the Circuit Board Sandwich: Effective Techniques for PCB Reverse Engineering(Joe Grand; 1pm)

A lot of people have been waiting for Grand to release this information. In this presentation, Joe examines a variety of inexpensive, home-based solutions and state-of-the-art technologies that can facilitate PCB reverse engineering through solder mask removal, delayering, and non-destructive imaging. The work is based on Joe's Research and Analysis of PCB Deconstruction Techniques project performed as part of DARPA's Cyber Fast Track program.


Editorial standards