Mr. Worst Case Scenario is Digital Trends’ paranoid, squinty-gazed, perpetually on-edge security correspondent. And he’s prepared for anything to go wrong, dammit. This week, he’ll slither out of his underground bunker in Montana, don his tinfoil hat and attend DefCon 2013 in Las Vegas.
Kick the tires and light the fires – we’re heading on a trip to hell. That’s right, your fearless author is on a bullet train to Las Vegas for the 21st annual hacker conference known as DefCon, and while there I plan to unmask the horsemen of the apocalypse. I’d ask you to wish me luck, but luck is just another unsecured network to these people.
This isn’t some wuss conference where industry hacks schmooze it up over plates of chicken alfredo – it’s a force of damn nature.
As you might imagine, this is not a safe place. Even down time between the exchange of potentially catastrophic ideas is filled with pranks on unsuspecting tourists, like at the very first DefCon, when the Sands casino computer system was nearly “nuked” by attending hackers. Or there was the time another casino had its entire elevator bank taken over, wreaking havoc on defenseless senior citizens who were just trying to get to the slots. At DefCon 19, a group of Anonymous pranksters claim to have manhandled the CDMA and 4G networks to carry out some good ol’ mass exploitation. This year, the stakes are even higher.
Since its inception, DefCon served as an unholy “neutral ground,” where black hat hackers and U.S. government employees from certain three-letter agencies could learn from (and recruit) each other without anyone drawing guns or SQL injections. But this year, the game has changed, thanks to whistleblower Edward Snowden, whose “revelations” about NSA domestic spying have caused a riff between the feds and the hackers. That is to say, the feds have been uninvited, for their own safety.
“When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship,” wrote DefCon founder Jeff “Dark Tangent” Moss. “Therefore, I think it would be best for everyone involved if the feds call a ‘time-out’ and not attend DefCon this year.”
The way I see it, this plays out in two ways: 1. The feds do sit this year out, and fail to discover what these cyber-hooligans are up to, which results in the monumental ass kicking of some critical infrastructure networks; or 2. They don’t sit it out, and instead round up all the DefCon attendees into cages and haul us all off to the Utah desert for in-depth interrogations. Either way, my month at Captain Rick’s Survival Camp is going to pay for itself.
Even without mass incarcerations, this year’s DefCon promises a range of revelations that could turn even a hardened badass like myself into an agoraphobic wreck. Here’s a quick rundown of just a few keynotes scheduled this week:
- I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell: Do you know what a femtocell is? Too bad, because these guys do, and after this talk, they’ll basically be a mini version of the NSA.
- Phantom Network Surveillance UAV / Drone: Security consultant Ricky Hill has come up with the bright idea of teaching an auditorium full of hackers how to fly military-grade mini-drones to snoop on your Wi-Fi and snag pictures of your daughter sunbathing in the back yard.
- The Secret Life of SIM Cards: We hear nobody should worry about SIM card hacks. Riiiiiiiiiiiight.
- Home Invasion 2.0 – Attacking Network-Controlled Consumer Devices: Proof that “the Internet of things” is actually “the Internet of holy shit we are all screwed.”
- Adventures in Automotive Networks and Control Units: “Adventures” sound nice. Too bad it involves a hacker hijacking your car’s computer system and driving top speed into a tree.
- Hacking Driverless Vehicles: Much more straightforward than that “adventures” nonsense – I like that. Too bad this one also involves hurtling to your death in a 3,000-pound gasoline-filled contraption.
- The Ninjaneers: Getting started in Building Your Own Robots for World Domination: I shit you not, that is the title of this speech.
To be clear, this is just a tiny sample of the cybersecurity horrors on offer at DefCon. There will no doubt be even worse ones, and I will find them.
This year marks my foray into the pits of DefCon. Not wanting to go in unarmed, I sought out a long-time veteran for some advice. According to my source on the inside – who will remain nameless to protect his/her safety – nobody is safe from the wicked hijinks that take place at DefCon, unless you take precautions. “You should be careful with any network-enabled electronics you bring,” he/she told me. “Assume anything on the network down there could get hacked.”
This year’s DefCon promises a range of revelations that could turn even a hardened badass like myself into an agoraphobic wreck.
Mr. Worst Case Scenario going to DefCon is like a suburban dad going to Costco. This is the one place in the world where all the worst-case scenarios in the world go to kick back. I’m heading there, dear reader, so that you don’t have to. I will find the horsemen of the apocalypse, learn their secrets, and report back. That is my mission.
Over and out.