Ransomware Detection, Defense, and Analysis
This is what world-famous hackers did in Vegas
I’m a conference veteran. I’ve been to a lot of them, on almost every continent. Tiny conferences, massive conferences. Public conference, private invite-only conferences. I have participated as an attendee, as a speaker, and as an organizer. Yet every single time I get to Las Vegas for DEF CON, I’m baffled at the sheer existence of this event. DEF CON, much like the CCC Congress in Germany, is just a very unique mixture of different streams within the hacker and security community. It’s a massive, wild biotope of hacker culture.
DEF CON just happened for the 26th time last week. Much has changed since Jeff Moss, better known by his handle “The Dark Tangent”, held the first DEF CON in in 1993. Around 100 participants visited that first edition, where as we are looking at more than 25’000 at DEFCON 26 in 2018. At this point in time, I think it’s safe to say that one could write a book about this conference, its anecdotes, unique quirks, and everything happening around it. To get a good impression on how DEF CON feels, I recommend DEFCON: The Documentary, a feature-length movie produced for DEF CON 20, showing various aspects of the event.
But let us talk about DEF CON 26 specifically. With the event happening mainly in Caesar’s Palace, with a couple of side-events taking place in the Flamingo, the conference has gained more space for its activities resulting in marginally shorter queues to get into talks and workshops. However, the focus here should be on “marginally”. Attending DEF CON is still directly correlating to waiting significant amounts of time to get a seat in a popular talk or to get to the storefront of one of the many vendors present in the vendor hall.
With so many people sharing the same space over a prolonged of period of time, tension and conflict can become a problem. DEF CON employs a team of volunteers called “goons” to enforce the various rules of the conference, including the recently reworked Code of Conduct. It is common knowledge that messing with the goons is a highly unproductive idea that will most likely get one ejected from the conference in an unpleasant way. Since DEF CON 25, the organizers also track – and publish – incidents in a transparency report. Harassment, in various forms, unfortunately still happens with a total of 11 cases being reported this year.
While this number is still too high, it is safe to say that DEF CON has been a positive and educational for the vast majority of its attendees. Which should not be a surprise: With four official tracks going on at the same time, as well as SkyTalks – an inofficial track mostly organized by DC303, the DEF CON group chapter in Denver, in addition to all the various villages, there was plenty of content to give everyone attending new ideas on how to further advance their own career in information security, be it professionally or as an hobbyist.
The Social Engineering Village featuring the Social Engineering Capture the Flag competition is one of my personal highlights. Sharing recordings would make it easy to illustrate the appeal of this event. However, since it’s illegal to record a conversation in Nevada without the consent of all parties involved, no recordings exist. But the concept is easy: Contestants get assigned a company and conduct extensive OSINT research on these companies to detect certain flags, such as OS and browser used, brand of phones used, etc. At the event itself, contestants are placed in a soundproofed booth and given 20 minutes to obtain the same flags using social engineering via phone. Even with some non-trivial experience in the field, it is still impressive to see different approaches in action, especially in such a high-pressure environment. It’s no surprise that the room was constantly packed with an enthusiastic audience listening to these conversations.
Another highlight of DEF CON 26 must be the Electronic Voting Village, a space dedicated to voting machines and electronical voting in general. The space garnered a lot of interest, not only due to controversy associated with the subject matter, but also because of the variety of hardware available for hands-on examination and tinkering. While the village was US-centric, it is noteworthy that a Swiss company, Swiss Post, announced and promoted their upcoming public intrusion test of their E-Voting solution. It is certainly a bold move to invite hackers from all over the world to attack a system so crucial – and hence a good one. The Electronic Voting village garnered quite a bit of media attention during the conference and was a genuinely educational experience to those who took the time to listen to the knowledgeable experts present explaining the various models of voting machines.
DEF CON is famously one of the conference that, in most years, have provided a variety of electronic badges to their attendees, at least those lucky enough to buy their badge before supplies run out. It is also well-known that badges come in a lot of different shapes and/or colors and are usually hackable in a variety of ways. This year, badges were able to connect to each other, changing each other’s behaviour and unlocking new features. It is fairly possible to spend a large chunk of time at DEFCON trying to solve all the badge challenges, which several people made their personal mission. Even with the official badges taken care of, badges play an increasingly larger role at the conference: Various 3rd party badges from a broad range of groups were worn proudly, sometimes to an extent that cannot be healthy to the neck of the respective wearer. The term #badgelife was coined to illustrate that particular obsession with collecting and showing off the various badges in the DEF CON ecosystem.
With DEF CON taking place in Las Vegas, in the middle of the Nevada desert, it embeds itself into a massive entertainment machine. The casinos that host and surround DEFCON, as well as BlackHat and BsidesLV, are massive revenue-driven entities. With the Las Vegas shooting incident, where an armed individual killed 50+ people from a room in Mandalay Bay, only being a year away, safety regulations have been increased by various hotels, partially to increase security, but mostly to limit liability on the part of hotels. This resulted in controversy this year, as hotel security performed intrusive searches of various hotel rooms at Caesar’s Palace without consent of their guests. Caesar’s management has yet to respond to various allegations of misconduct among their staff, but it is safe to assume that a lot of attendees will be looking into alternate accommodation for DEF CON 27.
On a panel, I was recently asked what I considered to be the key to a successful conference. My answer, given my background with hashdays and Area41, was: Content. Provide good talks and workshops and good people will attend. Yet, for a conference the size of DEF CON, this is only half the equation. It is not uncommon to see only a handful of talks, if at all, given all the other opportunities to network and to learn new things. In the end, DEF CON is less of a conference, than a platform to meet likeminded people from all over the world.
And with that, another DEF CON is in the books and, as Jeff mentioned in the closing ceremony, not a lot of time is left until preparations for the next edition will be in full effect. For an even bigger, even more diverse DEFCON 27.
Our experts will get in contact with you!
Our experts will get in contact with you!
Further articles available here