Category: Defcon

Jul 13 2015

A $200 privacy device has been killed, and no one knows why

A security researcher has abruptly cancelled next month's scheduled unveiling of a privacy device designed to mask Internet users' physical locations. It's a move that has both disappointed privacy advocates and aroused suspicions.

Ben Caudill, a researcher with Rhino Security Labs, took the unusual step of saying he no longer plans to release the software or hardware schematics for his so-called ProxyHam box. He said the devices already created have been destroyed. Caudill has offered no explanation for the killing of the project, but he has reportedly ruled out both intellectual property disputes and Federal Communications Commission licensing concerns.

That has left some people to speculate a secret government subpoena known as a National Security Letter is at play in the decision to kill the project. That speculation seems unlikely because NSLs are a very specific legal process typically served on e-mail providers, phone companies, or the like for specific information, Electronic Frontier Foundation General Counsel and Deputy Executive Director Kurt Opsahl said.

Read 5 remaining paragraphs | Comments

May 24 2014

US may block visas for Chinese hackers attending DefCon, Black Hat

On Saturday, an unnamed “senior administration official” told Reuters that the US government is considering using visa restrictions to keep Chinese hackers from attending DefCon and Black Hat, two major hacking conferences that take place in August in Las Vegas.

The move would be “part of a broad effort to curb Chinese cyber espionage,” Reuters reported. The news comes after five members of the Chinese military were indicted by the US on Monday for allegedly hacking into US companies and stealing trade secrets. It was the first time ever that the US has formally accused another government of hacking.

Jeff Moss, founder of both the DefCon and Black Hat conferences, and Chris Wysopal, a member of the Black Hat board that reviews presentations, were both skeptical of the move. Wysopal noted that Black Hat talks are taped and sold after the conference, and preventing Chinese hackers from being physically there would not appreciably affect China's hacking abilities. "It seems symbolic to me," Wysopal told Reuters of the move. Several Chinese nationals are booked to speak at the Black Hat conference, although none are booked to speak at DefCon.

Read 3 remaining paragraphs | Comments

Jul 11 2013

For first time ever, feds asked to sit out DefCon hacker conference

Since its founding in 1992, DefCon has been a venue where anarchists, geeks, and employees of three-letter federal agencies became unlikely comrades under a live-and-let-live credo that placed the love of computer tinkering above almost everything else. No more. As tensions mount over the broad and indiscriminate spying of Americans and foreigners by the National Security Agency, DefCon organizers are asking feds to sit out this year's hacker conference.

"For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory," Jeff Moss, aka The Dark Tangent, wrote in a blog post published Wednesday night. "Our community operates in the spirit of openness, verified trust, and mutual respect."

He continued:

Read 5 remaining paragraphs | Comments


Jul 27 2012

NSA Chief Tells Hackers His Agency Doesn’t Create Dossiers on All Americans

Gen. Keith Alexander, head of the NSA and U.S. Cyber Command appearing at the 2012 DefCon hacker conference in Las Vegas on Friday. Photo: Kim Zetter/Wired

LAS VEGAS — NSA chief Gen. Keith Alexander, appearing for the first time at the DefCon hacker conference, told the crowd of hackers and security professionals that his agency “absolutely” does not maintain files on Americans.

Responding to a question from DefCon founder Jeff Moss asking “does the NSA really keep a file on everyone?,” Alexander replied, “No, we don’t. Absolutely no. And anybody who would tell you that we’re keeping files or dossiers on the American people knows that’s not true.”

Alexander went on to say that the NSA’s job was foreign intelligence, not domestic and that the agency is constantly monitored in everything it does.

“We get oversight by Congress, both intel committees and their congressional members and their staffs,” he continued, “so everything we do is auditable by them, by the FISA court … and by the administration. And everything we do is accountable to them…. We are overseen by everybody. And I will tell you that those who would want to weave the story that we have millions or hundreds of millions of dossiers on people is absolutely false.”

Unstated in both Moss’s question and Alexander’s answer, however, is whether the NSA monitors and collects the communications of millions of Americans en masse, something that is very different from keeping a “file” on individual Americans.

Alexander did touch on the collection of data in his answer, but denied that this involved Americans. Under the FISA Amendment Act, he said, the NSA is authorized “to collect foreign targets — think of terrorists — outside the United States.

“And that law allows us to use some of our infrastructure to do that. We may, incidentally, in targeting a bad guy, hit on somebody from a good guy. [But] we have requirements from the FISA court and the attorney general to minimize that, which means nobody else can see it unless there’s a crime that’s been committed…. And so from my perspective, the people who would say that we’re [targeting Americans] should know better.”

Alexander is likely referring to recently published comments by former NSA officials, who told author James Bamford that the NSA’s future $2 billion data center being built in Utah will be used to store “all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital ‘pocket litter.’”

According to one unnamed former NSA official, “Everybody’s a target; everybody with communication is a target.”

Dressed casually in blue jeans and a t-shirt, Alexander was deferential to the packed auditorium of hackers and security professionals, telling them that DefCon was “the world’s best cyber community,” and appealed to the audience for help in solving some of the problems of the internet.

“In this room … is the talent our nation needs to secure cyberspace,” he told the audience. “You folks understand cybersecurity. You know that we can protect the networks and have civil liberties and privacy, and you can help us get there.”

In discussing the need to develop better methods to protect networks from intrusions, Alexander said, “Some of you . . . can help us show the world that you can actually do intrusion detection and prevention systems and ensure civil liberties and privacy. Showing that to the world is absolutely important because we can do both and we need to do both.”