X
Tech

A DEF CON postscript: Said the FBI agent to the taxi driver

While attending America's high-profile hacking and security conferences, Black Hat and DEF CON, a Vegas taxi driver tells Violet Blue his FBI fares want to blind hackers to "teach them a lesson."
Written by Violet Blue, Contributor

Suit and tie corporate security conference Black Hat blends into the t-shirts and tactical pants hackers of DEF CON with a lot of overlap. It's common for hackers to attend both Las Vegas conferences, though at Black Hat USA, they're called security researchers.

The conferences now occur back-to-back; Black Hat ends and DEF CON begins the next day. This year DEF CON was twice the size of Black Hat; an estimated 15,000 attendees to Black Hat's 7,000.

021

It was my first time attending Black Hat, but not my first DEF CON. Black Hat is at the opulent, yet strangely cheesy, Caesars Palace and heavily moneyed, with nary a visible tattoo in sight. DEF CON is at the seen-better-Vegas-times Rio and is a kaleidoscope of piercings and dyed hair.

Two days into DEF CON, there had been no noise in response to the pre-conference announcement that Feds were not welcome this year. In opposition, Black Hat had rolled out the red carpet for NSA Director General Alexander, and it was widely accepted as a matter of logic that there were undercover agents everywhere.

It made the atmosphere tight; moving around Caesars and talking with notorious hackers in its bars felt like warily navigating a compressed, noxious jewel box. Outside, the Internet was tearing itself apart over NSA spying allegations and revelations. Within Black Hat's gilded security conference cage, were the principal players.

But while the organization had warmly welcomed the NSA's front man to keynote on Day 1, Black Hat's attendees didn't all feel similarly and heckled him with shouts of "Bullshit!" and accusations of lying to Congress throughout his speech.

Despite this, most Black Hat attendees and vendors fell on the corporate and government side of the fence, even if the entire convention had an underlying feeling of this isn't the future we were promised.

I watched the conferences fade into each other as some of the people in suits began to put their piercings back in, and more than one security professional had their hair "fixed" back to candy colors the minute Black Hat's inaudible, but palpable bell rang for recess, and DEF CON began.

Outside heat during both conferences was steady, around 104 degrees during the day. On the last day of DEF CON, my exhausted partner and I loaded ourselves into a taxi to do our separate work; he for his company, and me for CBS Interactive.

Eric told the cab driver to take us to the Rio, conference entrance please. The driver began talking about the security conferences in town, and how he'd been driving 'them' all week.

The driver continued to talk about the week's clientele, the ones going to the conferences. "I hate those people," he told us.

I asked him, "Who?"

"The hackers. Awful people. Look at this. Look at this!" He held up a few one-dollar bills. "Even their money is grubby and filthy."

"You know what they did?" The taxi driver continued while he drove us to the Rio. I said, no, what did they do?

"They hacked Caesars. They got into the entertainment system and they made it so that everyone who was checked into Caesars got billed for one porno movie. Everyone in the hotel," he paused to look at us in the rearview mirror.

"Then when everyone went to check out they all had this charge on their bills."

I responded, "That's no fun."

He said, "But that's not it. So everyone checking out had these charges and had to refute them. And all these people missed their planes! Can you think what it cost to fix this?!"

We didn't say anything, but the driver quickly added, "I drove these FBI guys to the conference, you know? They have to go there and deal with these people."

I said, really? FBI guys? "Yeah, these guys told me they have to come here to recruit them, they have to go try and hire hackers." I asked, what did they look like? "Oh, like regular FBI, you know, with the high and tight, dressed nice. They said they had to recruit these people."

Hire them for what, I asked? "He said they just needed to hire them. But he said they didn't want to give them jobs. He said he'd rather catch them and teach them a lesson. He said he wanted to blind them."

I wasn't sure I'd heard the taxi driver. Eric said, "There are some really skilled blind hackers."

We were pulling up to the Rio, and began paying the fare. Our driver said "Huh, really? Anyway, he said he wanted to blind 'em. And you know what I said? I said you should cut their fingers off. That'll teach them a lesson. The FBI guys liked that one."

Out of the cab and into the thick wall of Vegas heat between us and DEF CON, I realized I had goosebumps on my arms. 

---

I think one of the differences between Black Hat and DEF CON is that each have a different relationship to their heroes. 

The first night of Black Hat parties - all fairly corporate, though relaxed affairs with hackers of all stripes - I found myself at a VIP party talking to one of the key cogs in Black Hat's clockwork. This person told me they were absolutely, 100% convinced that there weren't any real 'black hats' at Black Hat. Not anymore. It was all sales, marketing and salespeople.

I politely disagreed, and suggested they go to different parties.

Black Hat is hacking scrubbed of its sense of wonder. And sadly, it mirrors the times we're in.

As the Internet turns itself inside out wrestling with new forms of censorship, gated communities, corporate hypocrisy, and government deceit, Black Hat's atmosphere is a response to our despair. 

It's not that the people I met and the strangers I talked to about working in the security industry are not nice, or weren't fun. It's that there was no moment where Black Hat contained a single moment of elevation, something I have felt at every hacking and security conference I have attended around the world. This is America's front-facing security conference, and it is devoid of optimism; it has no heroes.

Watching press try to describe Black Hat was watching a struggle to pick sides; Black Hat reflects the personal confusion, pervasive paranoia, and systemic unease the general public feels about life in the NSA spying era. But what's worse is watching press try to describe DEF CON, who, despite a framework of cynicism still has its sense of wonder about hacking, and in contrast, still has its heroes.

Buzzfeed's Justine Sharrock knew what side she was taking before she walked into DEF CON when she wrote Welcome To Def Con — You’ve Already Been Hacked: What happens when a civilian shows up at the world’s longest-running hacker conference? One victim shares her story.

In a comically poor effort at journalism, Sharrock takes a photo of DEF CON's Wall of Sheep and picks out an email address from the list. Sharrock also took a photo of the room, appending the caption "Def Con hackers trying to collect passwords for the wall."

Then Sharrock sent emails to the list she gathered until she hit pay dirt. A woman wrote back saying she's upset to be on the Wall; she is Sharrock's perfect "victim."

DEF CON's legendary Wall of Sheep is an ongoing demonstration of what happens when people log into email, websites, and all other services without using encryption. All passwords on the Wall are obscured, so no sensitive credentials other than an email address are publicly exposed. 

The Wall is meant as a public cautionary tale - and hackers are razzed forever if their name appears on the Wall during the conference. However, the organizers and participants - the people in Sharrock's photo of "hackers trying to collect passwords" - openly offer to teach people who end up on the Wall (or don't want to end up on the Wall) how to secure their devices.

The goal is education, serving as a reminder that this very thing happens every day in regular public spaces - but rather than good-natured tough love by DEF CON hackers, the usual version of this comes from people with malicious intent.

Buzzfeed's Sharrock may or may not fit that description - malicious intent. But articles like hers remind me of Black Hat's loss of wonder, in the shadow of a disillusioned hacker/government contractor; it is blunt and hopeless.

---

When I got home to San Francisco, I squeezed in a visit to my GP to let them know I would be traveling to Southeast Asia soon - to cover more hackers and hacking conferences.

As happens with more regularity when I talk to everyday people, and my job comes up I was asked, "What do you think of all this, with Snowden and the NSA? And, wait: aren't you still a sex writer?"

Yes, I told her, I'm still a sex writer. Writing about sex, if you really mean it, inevitably means writing about censorship, human rights, privacy, security, and how technology affects at-risk populations.

I told her that I was in the room when the NSA director had 'bullshit' shouted at him and was accused of lying to Congress. "What did he say? Did he ignore it?" No, he denied lying to Congress, and much of the room seemed to be on his side.

I told her that the room was packed to capacity and standing room only, with an overflow of 1500 people in a seperate room watching the live video feed. I said that this was important; people really care about this and they're upset that they may be being lied to. And before the keynote, a few cartons of eggs were confiscated from the audience, from people who most certainly felt that they had been lied to.

I told her that I thought that the Administration had made a huge mistake by endorsing these programs wholesale in their spin, that this would be impossible to undo, and that it cemented the mistrust people have for a government that has created its own secret court system, and no amount of claiming they'd stopped terrorists would earn the public's trust. What do you do when no one trusts you anymore? Why demonize the very people who could restore that trust?

At both security conferences, I explained, no single hacker or security professional was surprised in any way about Prism, or any of the allegations. What surprised them, I explained, was that the general public was surprised.

I told her about the FBI and the cab driver. I told her that inside the hacker communities, like DEF CON, are a whole bunch of people with strange gifts, strangely gifted to find flaws in systems, a whole bunch of people just trying to live their lives. People with elevated talents for finding what's wrong with technology, and solving it, but all being shoved into misunderstood categories and never knowing if they are breaking the law or not, and sometimes facing death in jail for these abilities under outdated laws enforced by people who have no accurate understanding of the technology at hand.

I explained to her how frustrated hackers are of finding major security issues that put people at risk, and being ignored by companies or the government, or receiving a wall of silence, or being threatened with prosecution. I told her about the DEF CON documentary, and how hackers were saying that it was the thing to show outsiders for understanding, and that there were a million kids running around DEF CON with hats that read "GEEK" on them, and that being able to see all these people find and forge community was one of the highest honors of my life.

I told her that I thought the whole thing meant that the world needs hackers more than ever.

My doctor said she was going to torrent DEFCON: The Documentary that evening.

I told her I'd come see her again before I go to Serbia next month.

--- 

See more photos and read much more about the activities, outrageous parties and more mischief at DEF CON 21 in:

Editorial standards