Photos: Hacking at Defcon

In Las Vegas, more than 6,000 attendees party, compete over weekend at world's largest hacker convention.
By Bill Detwiler, Contributor
1 of 14 Bill Detwiler/ZDNET

Capture the Flag

Teams compete in Defcon's Capture the Flag game, organized by a group called Kenshoto. In this computer security war game, the goal is to attack rivals' networks while simultaneously defending one's own.

To participate, would-be entrants must score well in a prequalifying round by answering questions ranging from hacker trivia to computer forensics and Web server administration.

2 of 14 Bill Detwiler/ZDNET


What self-respecting hacker convention would not include a "Computer Controlled Weapons Development" competition? It's called DefconBots, and the task is to create a computer-controlled gun that can track stationary targets and shoot them from 10 feet away.

For safety's sake, no metal projectiles were allowed (that is, no firearms). Instead, competition participants used projectiles like plastic pellets. Servo motors driven by a laptop controlled the gun. To penalize a shotgun approach, the contest rules included targets painted black that yielded negative points if they were hit.

3 of 14 Bill Detwiler/ZDNET

Dunk tank

The Electronic Frontier Foundation organized a novel fundraiser at the Defcon convention: a dunk tank.

Isaac Levy, a member of the New York City BSD User Group (pictured in the dunk tank) said he volunteered for the job "totally to support the EFF." By late Saturday afternoon, after nearly two full days, the Electronic Frontier Foundation had raised about $2,000.

4 of 14 Bill Detwiler/ZDNET


A woman who gave her name as Michele volunteered to be dunked to support the Electronic Frontier Foundation. If conference attendees couldn't hit the target from about 25 feet away, they could pay $20 to walk up and push the lever to dunk their victim. Many did.

5 of 14 Bill Detwiler/ZDNET

Lost Boy

An electrical engineer and robotics expert named Ryan Clarke who goes by the alias "Lost Boy" (left) created a unique "Mystery Box Challenge" for this year's Defcon hacker convention.

Teams (with names like GrayHat Militia and Aquateen Hacking Force) were given a locked metal box wrapped with wires with a simple circuit built on a breadboard inside on Friday. The task was to be the first to open the box, decode a picture puzzle, analyze the circuit and figure out the magic word. It was, by the way, "1057," which can be read as "lost" spelled entirely in numerals.

6 of 14 Bill Detwiler/ZDNET

Clarke's puzzle

Clarke said he started working on this puzzle in January and finished it just in time for Defcon. Out of the 15 teams that entered the competition Friday, which started at 2 p.m. PST, three successfully finished by 6 p.m. that day.

"I tried to think of a way to get hardware involved at con," Lost Boy said. (The skeletal hand and fangs were just there for decoration.)

7 of 14 Bill Detwiler/ZDNET

Lock picking

Lock picking has long been a Defcon tradition, mostly because hackers view locks as just another security challenge. In this photograph, conference attendees try their skill at trying to pick a series of padlocks.

Also at the conference, attorney Marc Tobias warned that many pin tumbler locks are vulnerable to opening through technique called bumping (click here for PDF). It relies on obtaining a "bump key" that has all cuts at the maximum depth. By inserting that key and rapping it sharply, the lock can be opened.

"From a legal standpoint, from a risk standpoint, we've got a problem," Tobias said. He recommended, among others, Medeco high-security locks.

8 of 14 Bill Detwiler/ZDNET

Defcon badges

For a novel twist on the staid idea of a conference badge, Defcon organizers turned to Joe Grand (alias "Kingpin"). Grand designed a badge that was a circuit board with built-in LEDs and a holder for a battery. It was manufactured by E-Teknet, pictured in this photograph, and was intended to be difficult to forge.

Grand's creation used two light-emitting diodes, a switch and a Microchip PIC10F202 microprocessor. Of course, because thousands were distributed at a hacker convention, some attendees tried to hack their badges. One idea: Replace the badge's blue LEDs with infrared LEDs that could then be used to control televisions in Las Vegas bars and restaurants.

9 of 14 Bill Detwiler/ZDNET

External antenna

Any serious wireless hacker needs an external antenna to boost Wi-Fi signals. At Defcon this year, vendors were selling "WarDriving and Penetration Testing Cards and Kits" that would dramatically amplify a laptop's range.

10 of 14 Bill Detwiler/ZDNET

Pink underwear

This pair of pink undies asks for a username and password.

11 of 14 Bill Detwiler/ZDNET


A baseball cap for sale says "I READ YOUR EMAIL."

At a hacker convention, it might even be true. The "Wall of Sheep" is a Defcon project that sniffs out passwords and login data that are traveling over wireless connections. If it finds one, it'll display on a projector (though obfuscate your password just a little). Attendees are encouraged to use a wired connection instead--and encrypt everything, just in case.

12 of 14 Bill Detwiler/ZDNET

Meet the Feds

Among federal intelligence and police circles, Defcon has been known as a convenient location to nab hackers. For instance, Dmitry Sklyarov was arrested five years ago for alleged Digital Millennium Copyright Act, or DMCA, violations.

Now that relationship is thawing. This photograph shows military, law enforcement and even some senior government officials showing up at Defcon for a "meet the Feds" preview.

13 of 14 Bill Detwiler/ZDNET

An embarrassed sergeant

It's often easy to spot federal officers at a hacker convention because of their short haircuts and military demeanor. At Defcon, the conference organizers have made a sport of it, with awards going to people who are especially good at Fed spotting.

The woman in this photograph, who did not give her name, verified her suspicions about this Fed (center) through a truly novel mechanism. She told the audience she had sex with the suspected Fed and then, when he was asleep, went through his belongings. The slightly embarrassed man acknowledged that he is a master sergeant in the military.

14 of 14 Bill Detwiler/ZDNET

Dan Kaminsky

Dan Kaminsky of DoxPara Research cares so much about the concept of Net neutrality that he wrote a utility to find out whether an Internet service provider was playing fair.

The code, as Kaminsky described it during a speech at Defcon, looks at dropped packets to detect whether any funny business is going on.

"It is automatically able to tell the amount of bandwidth between any two points," Kaminsky said.

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes
Holiday lights in Central Park background

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes

21 Photos
Winter backgrounds for your next virtual meeting
Wooden lodge in pine forest with heavy snow reflection on Lake O'hara at Yoho national park

Related Galleries

Winter backgrounds for your next virtual meeting

21 Photos
Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes
3D Rendering Christmas interior

Related Galleries

Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes

21 Photos
Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza

26 Photos
A weekend with Google's Chrome OS Flex

Related Galleries

A weekend with Google's Chrome OS Flex

22 Photos
Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos