Have you ever heard of DEF CON? Well you may have seen it in the news lately. DEF CON is one of the largest hacker conferences in the world hosted annually in Las Vegas, NV. The type of people that attend DEF CON are cybersecurity professionals, federal government employees, lawyers, journalists, hackers of all kinds, and anybody that has an interest in the vulnerabilities of the technology that we use every day. A couple weekends ago I was in Las Vegas for DEF CON as a part of my internship.
Last weekend was my first time in Las Vegas and it was definitely an experience. Las Vegas is an incredibly elaborate city; I was expecting a great deal of extravagance, but I was met with an order of magnitude more than I could have imagined. The architecture and furnishings were ornate and tacky, there were slot machines everywhere, and inside even some of the fanciest buildings was a rank smell of cigarettes. On top of that, the weather was 100+ degrees (Fahrenheit) throughout and it wasn’t dry heat like many people had assured me it would be. I was born in and spent over half of my life in tropical climates, but this heat was of a special sort. The buildings were forced to blast their air conditioners to a point where it actually became uncomfortably cold inside. Las Vegas wasn’t all bad though. I was told to expect the food to be really expensive and bad, but the dinner I had with some colleagues was indeed the former and certainly not the latter.
The event is segmented into different “villages” that are themed around different technologies. I had the pleasure of helping facilitate the Voting Machine Hacking Village which was devoted to playing around with some voting machines used in precincts across the United States. Among the available machines were the AccuVote TSX, AVC Edge, iVotronic, and a couple ImageCast models; many of which have well documented vulnerabilities by academics and industry professionals. The TSX and ImageCast machines were hacked with an unsettling level of ease but all vulnerabilities were physical in nature (i.e. the hacker(s) would need minutes alone operating on the machine to successfully “own” it). At the end of the Voting Village, no “white hat” (good guy) hacker managed to compromise the Voter Registration Database which would have allowed them to view and change sensitive individual voter information. Someone did manage to get close, though.
DEF CON was certainly my favourite part of my internship because it was a high-profile event and I got to be a part of something that was of undoubtable national significance. I also got to meet some interesting people and leave Vegas knowing I have no business returning there… unless it’s for DEF CON.