Sunday, August 14, 2016

The hysterical hacking headlines of Def Con 24

The conference has a rocky relationship with reporters.

You might've noticed that your regular news outlets have way more hysterical, random-seeming and utterly terrifying articles about hacking this week. That's because hacking conference Def Con happened last weekend, where a fair number of journalists had the pee scared out of them and decided to share their irrational reactions with everyone.
This year's big American hacking conference was bursting at the seams. By 2 PM on Friday, Def Con had unexpectedly sold out of its 20,000 specialty badges and started selling paper badges. The sprawling event straddled both the Bally's and Paris casino hotels in Las Vegas, and packed enough attendees, speakers, staff and press under those combined electric skies to bring its double-wide causeways to a standstill.

Gallery: DEF CON 24 | 4 Photos

In years past, only outliers like me would be writing about going to Def Con, and all the various and sundry exploits, attacks, demonstrations, vendors, workshops and talks about all things hacking. That's because, until recently, journalists have been allowed at Def Con but have not exactly been welcomed.
This year it's safe to say that Def Con has become much more media friendly, for better and for worse. The conference has gotten friendlier to journalists only in the past couple of years, and last weekend journalists flooded the venue. But prior to this year, Def Con could best be described as flat-out hostile to the media -- especially major and mainstream news outlets.
This was heightened by an episode at Def Con 15, in 2007, when Dateline NBC associate producer and reporter Michelle Madigan acted ... like a "reporter." Thinking she'd do a shock piece on evil criminal hackers, she hid a camera in her bag to catch attendees confessing to felonies on video.
Def Con staff had actually spotted her bag with a hole in it and reached out to her several times to offer her press credentials. She was able to avoid them and was instead seen panning her bag around the "Capture the Flag" (CTF) room.
After that, she attended a talk by Def Con founder Jeff Moss. During the presentation, Moss announced a new game called "spot the undercover reporter." If one was spotted in the room, he or she would be invited up to the stage to be presented with press credentials. At which point Madigan bolted from the room and out of the Riviera Hotel and Casino, chased by a pack of (an estimated) 150 attendees -- plus other reporters and photographers, who recorded the whole mess.

While in the past taking photos was not allowed, this year not only did people take photos, but journos panned cameras across rooms -- exactly what NBC got chased out for doing.

This year my fellow journalists didn't do much better. Despite all the advisories not to use the conference WiFi on what's been described as "the world's most hostile network," one reporter paid the price for ignoring even his own outlet's guide and was hacked within 20 minutes. A pair of journalists tried to pass themselves off as "consultants" in hopes of getting hackers to talk, and failed. And pretty much all of them totally, completely freaked out about how everything is hackable, even though we've known this for decades.
Many journalists were attending a decades-old hacking conference for the very first time, and a good number of them were covering infosec for the first time, too. So while for some of us it just felt like the Walking Dead tryouts brought to you by DARPA, to the people writing your news it was a funhouse of horrors from which they may never recover.
When it came to differentiating between what was theoretical and what was real, most journalists really screwed up. Facts ran naked and unashamed away from the chaos, unchecked. The really important issues we should be warned about got lost in the miasma of what streamed out of the hacker panic clickbait factory.
And panicked it was. Glancing at "Your 'intimate personal massager' –cough – is spying on you," one might think that vibrators with cameras were watching your every move. Er, no. Rather than a Def Con talk revealing a conspiratorial surveillance state in your pants, the researchers' findings were actually about one "smart vibrator" company playing fast and loose with user data, an issue that truly needs to be addressed and fixed.
ReadWrite said "Future hackers might freeze you out til you pay up,"making a talk about connected thermostats sound like you could be frozen or fried in your home by malicious hackers at any moment. The Memo even assured us, "Gold-digging hackers will seize your smart home heating." In reality, this was a proof of concept showing that it's possible for skilled attackers to hack into a connected thermostat, but only if people actively download and transfer malware to their thermostats.

By the time you got to reading "Hackers Could Break Into Your Monitor To Spy on You and Manipulate Your Pixels," you were probably scared shitless, and understandably so. Plenty of journalists were ready to buy in to the irrational fears brought on by a lack of nuanced understanding about active threats and possibilities. The Ledger and PhysOrg concluded that the only way to stay safe is to turn off your computerThe Guardian literally gave up and told its readers "we're all screwed."

I won't blame you for associating Def Con with an urge to run for the hills and live in a shack without electricity, lined in tinfoil, just like your hats and Faraday pajamas. But ... but ... this conference and everything it has been trying to tell people has been going on for two decades.
It's definitely annoying to see my industry unable to separate the important talks and real issues from the hacker fluff, or miss the real point of these presentations and demos. But it's also really great to see hackers being taken seriously, finally, and being heard by people who can amplify their messages.


  1. Interesting blog and I really like your work and must appreciate for your work for the DEF CON 24 - Chris Rock.

    entertaining talk

  2. This is an awesome blog. I found this article very helpful. I bookmarked this website.Thanks for share keep it up!!

    How to Overthrow a Government