I spent the week with over 20,000 hackers in Las Vegas -- Here's what I saw

DEFCON is one of the largest hacker conferences in the world. Held for four days every August in Last Vegas, DEFCON is now in it’s 23rd year and is bigger (and scarier) than ever.

Now boosting an attendence of over 20,000, I decided to venture out and see what all the fuss was about. Needless to say, I was not disappointed.

One last farewell to the NYC skyline from Newark International Airport.

Darien Acosta

Here's a partial view of the Grand Canyon from my flight.

Darien Acosta

During the conference, special keycards are provided at participating hotels.

In preparation for DEFCON, the hotel provides special 'If you see something, say something' training for their staff.

This is the main conference area for panel talks. This gigantic space will be divided into three separate tracks.

Darien Acosta

But first, attendees line up at 5am to purchase admission badges. DEFCON operates on a cash only basis (to prevent credit card fraud) and there is no pre-registration.

Darien Acosta
Badges are $230, so with 20,000 attendees, the con organisers will carefully process around $4.6 million dollars over 3 days. This makes for long lines. (I waited 90 minutes... this experience is affectionately known as LINECON)

The line's integrity is maintained by lovely folks called Goons - DEFCON's volunteer security force.

(Instagram) A photo posted by @monsieurharry on Aug 6, 2015 at 5:05pm PDT

This is the admissions package. Contents include a vinyl record badge, a newspaper schedule, stickers and various CDs.

(Instagram) A photo posted by @rbrigby on Aug 6, 2015 at 10:36am PDT

The badges aka vinyl records are worn around the neck using lanyards. This makes all conferences goers look like Flavour Flav from the hip hop group Public Enemy.

Luckily Flavour Flav approves.

Defcon banner art by official convention artist - Mar Williams

Darien Acosta

Defcon hotel floor sticker art - also by Mar Williams

Darien Acosta

One of the cafes located near the Paris Casino was designated for exclusive use by DEFCON attendees.

Darien Acosta

This is a typical line experience when attending scheduled talks. DEFCON is so massive that a single individual can only attend a minute fraction of the available track talks, skytalks, village talks, contests and workshops... not to mention any of the secret invite-only gatherings.

Darien Acosta

This is the 'Medical Devices: Pwnage and Honeypots' talk given by Scott Erven & Mark Collao. When I arrived, only standing room remained.

Darien Acosta

At the talk I learned that many of General Electric's medical devices feature remote access capabilities that use default factory passwords such as 'bigguy.'

Darien Acosta
According to the speakers, GE claims this is not a real security problem because default passwords can be changed... however the speakers argue that according to existing licence agreements, if a medical provider changes the password, then the device is no longer eligible for troubleshooting.... something akin to voiding the warranty. Default passwords are problematic because it can allow any knowledgeable patient to alter their morphine drip or an outside hacker to change the radiation setting on CT machines, exposing patients to harmful levels of radiation without a medical tech or doctor's knowledge. There is little precedent for dealing with these new problems.

This is the DEFCON Contest Area, located in Bally's Event Center.

Darien Acosta

The Contest Area is home to the Packet Village, Car Hacking Village, Data Village, Capture the Flag, Open CTF, Mohawk-Con and a music stage.

Darien Acosta

Here's a guy inspecting a semi-disassembled SUV located in the Car Hacking Village.

Darien Acosta

Hackers could learn a lot about vulnerabilities in vehicles in the village.

Darien Acosta

Some SUV parts.

Darien Acosta

Someone removed and mounted the dashboard from a sedan.

A look inside the stripped car.

Darien Acosta
Darien Acosta
Darien Acosta
Darien Acosta

A Tesla Model S was also present at the car hacking village, but mostly for show.

Darien Acosta

Karaoke at the Car Hacking Village. Singing 'Gary Numan - Cars.'

Darien Acosta
♪ Here in my car, I feel safest of all, I can lock all my doors, It's the only way to live ♪

Capture The Flag is a hacking tournament comprised of 20 teams of 8 who qualify in order to participate. The competition arguably attracts some of best hackers in the world.

Darien Acosta

There is also an OpenCTF event, where anyone can participate.

Darien Acosta

Folks participating in the OpenCTF contest.

Darien Acosta

This is the FTC RoboKiller contest table. A $50,000 contest challenging programmers to create software to help consumers identify and kill illegal robocalls.

Darien Acosta

Salvador Grec presenting his talk 'Creating REAL Threat Intelligence With Evernote' in the Packet Hacking Village.

Darien Acosta

The epicentre of the Packet Hacking Village.

Darien Acosta

The infamous Wall of Sheep is intended to shame conference goers who exhibit poor computer security practices. For example, connecting to the WiFi network and logging into an unencrypted website will get you added to this list.

Darien Acosta

Now over to the Emerging Technology Threats table.

Darien Acosta

This a SCADA system. Variations of these systems are used to monitor and control factory equipment, power plants, water treatment facilities, etc.

Darien Acosta

All about Open Access 4.0

Darien Acosta

Not 100% sure, but this looks like security keypad terminal connected to an Open Access 4.0 board.

Darien Acosta

Mike Ryan & Richo Healey drink with the DEFCON Goons during their 'Hacking Electric Skateboards' talk.

Darien Acosta

Mike Ryan & Richo Healey are able to hack (take command) of various skateboard models by jamming radio signals and broadcasting their own signals.

Darien Acosta

At DEFCON's Vendor Area, a wide variety of items can be legally purchased.

Darien Acosta

Here's the Hak5 table. The giant pineapple advertises the infamous WiFi pineapple device which broadcasts a WiFi honeypot (trap) that can be used for penetration testing (hacking).

Darien Acosta

Hak5 also sells the Lan Turtle (a usb device which opens backdoors for hackers wishing to connect to a network remotely) and the Rubber Ducky USB key (which can be used to capture all text entered on a keyboard and more). Prices are reasonable.

Darien Acosta

Lockpick sets are also for sale. Caveat Emptor: Possession of lockpicks may be considered burglary tools in several U.S. States.

Darien Acosta

Free Internet = Giant antennas that can allow you to connect to your neighbour's open WiFi access point down the street.

Darien Acosta

Vinyl stickers for decorating laptops.

Darien Acosta

Books for sale.

Darien Acosta
Darien Acosta

HACKERS FOR CHARITY is a non-profit organisation solving technology challenges for various non-profits and provides food, equipment, job training and computer education to the world's poorest citizens.

Darien Acosta

Meanwhile, back at the Casino, someone set up a rouge WiFi access point which was promptly removed by Goons and Casino security.

This DARPA server contains over 1,000 Xeon processors and runs software which algorithmically scans software for weak points and patches on the fly. This is probably the very early stages of an Artificial Intelligence that is capable of attacking and defending computer networks autonomously.

Darien Acosta
William Gibson fans should immediately think of I.C.E.

The DARPA Cyber Grand Challenge is a $3.7 million prize competition that 'seeks to create automatic defensive systems capable of reasoning about flaws, formulating patches and deploying them on a network in real time.'

Darien Acosta
Darien Acosta

You can read more about the DARPA Cyber Grand Challenge here.

Here's a view of the 'Chillout Room' - a place to relax, eat, drink and chat with fellow attendees while listening to Chillout music.

Darien Acosta

At the ICS Village, there are Industrial Control System devices available for tinkering.

(Instagram) A photo posted by Kaizen Towfiq (@kaizentowfiq) on Aug 9, 2015 at 9:44am PDT

FYI, this is not actually a centrifuge for nuclear enrichment.

Some examples of controls that can be breached.

Darien Acosta

During one of the ICS talks, someone caused a drum barrel to violently collapse under the pressure of a vacuum, providing a perfect demonstration of the potential real world consequences of ICS tinkering.

In the IoT Village, I learned about the various ways that many Internet of Things devices can be hacked.

Darien Acosta

At the BioHacking village I learned about the MinION - a $1,000 usb device by Nanopore Technologies which is used to sequence DNA.

Darien Acosta

At night, attendees can retreat to the 26th floor for musical entertainment at DEFCON's Black and White Ball.

Darien Acosta

The view from the party.

Darien Acosta

Or attend any of the many private parties. As in life, every attendee at DEFCON chooses their own adventure.

Darien Acosta
FYI: You may have to social engineer or bribe your way in.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.