DEF CON


DEF CON is one of the world's largest and most notable hacker conventions, held annually in Las Vegas, Nevada. The first DEF CON took place in June 1993 and today many attendees at DEF CON include computer security professionals, journalists, lawyers, federal government employees, security researchers, students, and hackers with a general interest in software, computer architecture, hardware modification, conference badges, and anything else that can be "hacked". The event consists of several tracks of speakers about computer- and hacking-related subjects, as well as cyber-security challenges and competitions. Contests held during the event are extremely varied, and can range from creating the longest Wi-Fi connection to finding the most effective way to cool a beer in the Nevada heat.
Other contests, past and present, include lockpicking, robotics-related contests, art, slogan, coffee wars, scavenger hunt and Capture the Flag. Capture the Flag is perhaps the best known of these contests and is a hacking competition where teams of hackers attempt to attack and defend computers and networks using software and network structures. CTF has been emulated at other hacking conferences as well as in academic and military contexts.
Federal law enforcement agents from the FBI, DoD, United States Postal Inspection Service, DHS via us-cert.gov and other agencies regularly attend DEF CON.

History

DEF CON was founded in 1993 by Jeff Moss as a farewell party for his friend, a fellow hacker and member of "Platinum Net", a Fido protocol based hacking network from Canada. The party was planned for Las Vegas a few days before his friend was to leave the United States, because his father had accepted employment out of the country. However, his friend's father left early, taking his friend along, so Jeff was left alone with the entire party planned. Jeff decided to invite all his hacker friends to go to Las Vegas with him and have the party with them instead. Hacker friends from far and wide got together and laid the foundation for DEF CON, with roughly 100 people in attendance.
The term DEF CON comes from the movie WarGames, referencing the U.S. Armed Forces defense readiness condition. In the movie, Las Vegas was selected as a nuclear target, and since the event was being hosted in Las Vegas, it occurred to Jeff Moss to name the convention DEF CON. However, to a lesser extent, CON also stands for convention and DEF is taken from the letters on the number 3 on a telephone keypad, a reference to phreakers. Any variation of the spelling, other than "DEF CON", could be considered an infringement of the DEF CON brand. The official name of the conference includes a space in-between DEF and CON.
Though intended to be a one-time event, Moss received overwhelmingly positive feedback from attendees, and decided to host the event for a second year at their urging. The event's attendance nearly doubled the second year, and has enjoyed continued success. In 2019, an estimated 30,000 people attended DEF CON 27.
For DEF CON's 20th Anniversary, a film was commissioned entitled DEFCON: The Documentary. The film follows the four days of the conference, events and people, and covers history and philosophy behind DEF CON's success and unique experiences.
In January 2018, the DEF CON China Beta event was announced. The conference was held May 11-13, 2018 in Beijing, and marked DEF CON's first conference outside the United States. The second annual DEF CON China was canceled due to concerns related to COVID-19.
In 2020, due to safety concerns over COVID-19 the DEF CON 28 in-person Las Vegas event was cancelled and replaced with DEF CON Safe Mode, a virtual event planned for the same August 6-9 dates as DC 28.

Black Badge

The Black Badge is the highest award DEF CON gives to contest winners of certain events. Capture the flag winners sometimes earn these, as well as Hacker Jeopardy winners. The contests that are awarded Black Badges vary from year to year, and a Black Badge allows free entrance to DEF CON for life, potentially a value of thousands of dollars.
In April 2017, a DEF CON Black Badge was featured in an exhibit in the Smithsonian Institution's National Museum of American History entitled "Innovations in Defense: Artificial Intelligence and the Challenge of Cybersecurity". The badge belongs to ForAllSecure's Mayhem Cyber Reasoning System, the winner of the DARPA 2016 Cyber Grand Challenge at DEF CON 24 and the first non-human entity ever to earn a Black Badge.

Fundraising

Since DEF CON 11, fundraisers have been conducted for the Electronic Frontier Foundation. The first fundraiser was a dunk tank and was an "official" event. The EFF now has an event named "The Summit" hosted by the Vegas 2.0 crew that is an open event and fundraiser. DEF CON 18 hosted a new fundraiser called MohawkCon.

Trivia

Badges

A notable part of DEF CON is the conference badge, which identifies attendees and ensures attendees can access conference events and activities. The DEF CON badge has historically been notable because of its changing nature, sometimes being an electronic badge, with LED's, or sometimes being a non-electronic badge such as a CD. Conference badges often contain challenges or callbacks to hacker or other technology history, such as the usage of the Konami Code in the DEF CON 24 badge, or the DEF CON 25 badge reverting to the look of the DEF CON 1 badge. DEFCON Badges do not identify attendees by name, however the badges are used to differentiate attendees from others. One way of doing this has been to have different badges, a general conference attendee badge, a Staff member, Vendor, Speaker, Press, and other badges. In addition, individuals and organizations have begun creating their own badges in what has become known as badgelife. These badges may be purchased in many cases, or earned at the conference by completing challenges or events. Some badges may give the holder access to after hours events at the conference. In 2018 the evolution of this came with what was termed "shitty addon's" or SAO's. These were miniature PCB's that connected to the official and other badges that may extend functionality or were just collected.

Workshops

Workshops are dedicated classes on various topics related to information security and related topics. Historical workshops have been held on topics such as Digital Forensics investigation, hacking IoT devices, playing with RFID, and attacking smart devices.

Villages

Villages are dedicated spaces arranged around a specific topic. Villages may be considered mini conferences within the con, with many holding their own independent talks as well as hands-on activities such as CTF's, or labs. Some villages include the IoT Village, Recon, Biohacking, lockpicking, and the well known Social Engineering and vote hacking villages. In 2018 the vote hacking village gained media attention due to concerns about US election systems security vulnerabilities.

Use of handles

Attendees at DEF CON and other Hacker conferences often utilize an alias or "handle" at conferences. This is in keeping with the hacker community's desire for anonymity. Some known handles include DEF CON founder Jeff Moss's handle of "Dark Tangent". A notable event at DEF CON is DEF CON 101 which starts off the con and may offer the opportunity for an individual to come up on stage and be assigned a handle by a number of members of the community.

Cons within DEF CON

DEF CON has its own cultural underground which results in individuals wanting to create their own meetups or "cons" within DEF CON. These may be actual formal meetups or may be informal. Well known cons are:
DEF CON Groups are worldwide, local chapters of hackers, thinkers, makers and others. DEF CON Groups were started as a splinter off of the meetup groups because of concerns over politicization. Local DEF CON groups are formed and are posted online. DEF CON Groups are usually identified by the area code of the area where they are located in the US, and by other numbers when outside of the US. Examples include DC801 and DC201. DEF CON Groups may seek permission to make a logo that includes the official DEF CON logo with approval.

Relationship to other hacker cons

DEF CON is considered the "world's largest" hacker con. It is also considered one of the core conferences, with organizers and attendees using it as a model for other conferences.

Notable incidents

High-profile issues which have garnered significant media attention.
YearDescription
1999On July 10, 1999, the Cult of the Dead Cow hacker collective released Back Orifice 2000 at DEF CON 7, in what was, at the time, the largest presentation in DEF CON history.
2001On July 16, 2001, Russian programmer Dmitry Sklyarov was arrested the day after DEF CON for writing software to decrypt Adobe's e-book format.
2005On July 31, 2005, Cisco used legal threats to suppress Mike Lynn from presenting at DEF CON about flaws he had found in the Cisco IOS used on routers.
2007In August 2007, Michelle Madigan, a reporter for Dateline NBC, attempted to secretly record hackers admitting to crimes at the convention. After being outed by DEF CON founder Jeff Moss during an assembly, she was heckled and chased out of the convention by attendees for her use of covert audio and video recording equipment. DEF CON staff tried to get Madigan to obtain a press pass before the outing happened.A DEF CON source at NBC had tipped off organizers to Madigan's plans.
2008MIT students Zack Anderson, R.J. Ryan and Alessandro Chiesa were to present a session entitled "The Anatomy of a Subway Hack: Breaking Crypto RFIDS and Magstripes of Ticketing Systems." The presentation description included the phrase "Want free subway rides for life?" and promised to focus on the Boston T subway. However, the Massachusetts Bay Transit Authority sued the students and MIT in United States District Court in Massachusetts on August 8, claiming that the students violated the Computer Fraud and Abuse Act by delivering information to conference attendees that could be used to defraud the MBTA of transit fares. The court issued a temporary restraining order prohibiting the students from disclosing the material for a period of ten days, despite the fact the material had already been disseminated to DEF CON attendees at the start of the show.
In 2008's contest "Race to Zero," contestants submitted a version of given malware which was required to be undetectable by all of the antivirus engines in each round. The contest concept attracted much negative attention.
2009WIRED reported that an ATM kiosk was positioned in the conference center of the Riviera Hotel Casino capturing data from an unknown number of hackers attending the DEF CON hacker conference.
2011Security company HBGary Federal used legal threats to prevent former CEO Aaron Barr from attending a panel discussion at the conference.
2012The director of the National Security Agency, Keith B. Alexander, gave the keynote speech. During the question and answers session, the first question for Alexander, fielded by Jeff Moss, was "Does the NSA really keep a file on everyone, and if so, how can I see mine?" Alexander replied "Our job is foreign intelligence" and that "Those who would want to weave the story that we have millions or hundreds of millions of dossiers on people, is absolutely false…From my perspective, this is absolute nonsense." On March 12, 2013, during a United States Senate Select Committee on Intelligence hearing, Senator Ron Wyden quoted the 2012 DEF CON keynote speech and asked Director of National Intelligence James Clapper if the U.S. conducted domestic surveillance; Clapper made statements saying that there was no intentional domestic surveillance. In June 2013, NSA surveillance programs which collected data on US citizens, such as PRISM, had been exposed. Andy Greenberg of Forbes said that NSA officials, including Alexander, in the years 2012 and 2013 "publicly denied–often with carefully hedged words–participating in the kind of snooping on Americans that has since become nearly undeniable."
2013On July 11, 2013, Jeff Moss posted a statement, located on the DEF CON blog, titled "Feds, We Need Some Time Apart." It stated that "I think it would be best for everyone involved if the feds call a ‘time-out’ and not attend DEF CON this year." This was the first time in the organization's history that it had asked federal authorities not to attend. Actor Will Smith visited the convention to study the DEF CON culture for an upcoming movie role.
2016On August 4, 2016, DEF CON and DARPA co-hosted the 2016 Cyber Grand Challenge, a first-of-its-kind all-machine hacking tournament. Competing teams had to create a bot capable of handling all aspects of offense and defense with complete autonomy. Seven finalists competed for a US$2M grand prize.
The winner of the Cyber Grand Challenge was "Mayhem", an AI created by of Pittsburgh, Pennsylvania. Mayhem then went on to participate in the previously humans-only DEF CON Capture the Flag Contest, where it finished in last place, despite pulling ahead of human teams often in a contest for which it was not specifically designed.
2017At the "Voting Machine Village" event, dozens of voting machines brought to the conference were breached.
In September 2017, the Voting Machine Village produced "" summarizing its findings. The findings were publicly released at an event sponsored by the Atlantic Council and the paper went on to win an O'Reilly Defender Research Award.
Marcus Hutchins, better known online by his handle MalwareTech, the 23-year-old British security researcher who was credited with stopping the WannaCry outbreak was arrested by the FBI at the airport preparing to leave the country after attending DEF CON over his alleged involvement with the Kronos banking trojan.
2018In March of 2018, the DEF CON Voting Machine Hacking Village was awarded a Cybersecurity Excellence Award. The award cites both the spurring of a national dialog around securing the US election system and the release of the nation's first cybersecurity election plan.
2020The DEF CON in-person conference itself was cancelled

Entertainment references

Each conference venue and date has been extracted from the DC archives for easy reference.
DCHotelDaysYearAttendance
DEF CON 30TBAAugust 11–142022TBA
DEF CON 29TBAAugust 5–82021TBA
DEF CON 28N/A DEF CON IS CANCELLED
Planned: Caesars Forum, Harrah's, Linq, and Flamingo
August 6–92020TBA
DEF CON 27Paris Hotel, Bally's Hotel, Planet Hollywood, and FlamingoAugust 8–112019~30,000
DEF CON China 1.0751 D-ParkMay 31–June 22019TBA
DEF CON 26Caesars Palace and FlamingoAugust 9–12201828,000
DEF CON China βKuntai Hotel May 11–132018N/A
DEF CON 25Caesars PalaceJuly 27–30201725,000
DEF CON 24Paris Hotel and Bally's HotelAugust 4–7201622,000
DEF CON 23Paris Hotel and Bally's HotelAugust 6–9201516,000+
DEF CON 22Rio Hotel & CasinoAugust 7–10201416,000
DEF CON 21Rio Hotel & CasinoAugust 1–4201312,000
DEF CON 20Rio Hotel & CasinoJuly 26–292012N/A
DEF CON 19Rio Hotel & CasinoAugust 4–72011N/A
DEF CON 18Riviera Hotel & CasinoJuly 30 – August 12010N/A
DEF CON 17Riviera Hotel & CasinoJuly 30 – August 22009N/A
DEF CON 16Riviera Hotel & CasinoAugust 8–1020088,000
DEF CON 15Riviera Hotel & CasinoAugust 3–52007N/A
DEF CON 14Riviera Hotel & CasinoAugust 4–62006N/A
DEF CON 13Alexis Park ResortJuly 29–312005N/A
DEF CON 12Alexis Park ResortJuly 30 – August 12004N/A
DEF CON 11Alexis Park ResortAugust 1–32003N/A
DEF CON 10Alexis Park ResortAugust 2–42002N/A
DEF CON 9Alexis Park ResortJuly 13–152001N/A
DEF CON 8Alexis Park ResortJuly 28–302000N/A
DEF CON 7Alexis Park ResortJuly 9–111999N/A
DEF CON 6Plaza Hotel & CasinoJuly 31 – August 21998N/A
DEF CON 5Aladdin Hotel & CasinoJuly 11–131997N/A
DEF CON 4Monte Carlo Resort and CasinoJuly 26–281996N/A
DEF CON 3Tropicana Resort & CasinoAugust 4–61995N/A
DEF CON 2Sahara Hotel and CasinoJuly 22–241994200
DEF CON 1Sands Hotel and CasinoJune 9–111993100