August 9, 2022 • 31 mins
In this episode Global Bob (Brian Varner) talks about the history of Def Con and some of his favorite talks and villages to attend. He gives an overview of what Def Con is all about for those that have never heard or attended the annual conference in Las Vegas Nevada.
Transcripts are automatically generated.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Unknown (00:00):
All right. All right, here we go. You are jacked into
the Globalbob show. Episodenumber 20. We got the 67 caddy.
Deville fired up. We got theRochester Quadrajet carburetor,
(00:22):
all clean, and we are going tocruise the highways and byways
from Polk County, Florida out tosin. City, Nevada. That's right.
We're going to be cruising outto Las Vegas for DEF CON 30. And
I cannot wait. For those ofy'all that don't know DEF CON is
(00:47):
summer camp for hackers andnerds such as myself. Episode
number 20. Here we're going totalk about DEF CON, because I've
gotten that question quite a bitGlobalbob. What is this DEF CON?
What's it all about? And why doyou go and simply put, it is the
Superbowl, the biggest event?
The Daytona 500. TheIndianapolis 500 is the big show
(01:12):
for us security professionals.
I've had the distinct honor oftalking at one of the villages
at DEF CON, the voting village,one of the highlights of my
career. And so in this episode,we are going to talk about what
(01:34):
is DEF CON, how it got started.
And why do security experts suchas myself, and 30 plus 1000
People from intelligenceagencies all around the world.
And we're going to be able toexplain why we all go out there
once a year to hang out, learn alittle bit, teach a little bit
(01:57):
and make our connections. Ireally appreciate everybody that
tunes in every week had a littleaudio issue on the last episode,
but I think we got it all workedout now. Oh, man, I tell you,
it's a lot getting ready to goout there. You know, it's one of
those things. It's the date isthere. And you know, it's
(02:19):
common, but as always, lastminute stuff I need to get done.
And this trip was no exception.
Now, DEF CON is a conferencethat was founded by Jeff Moss,
also known as THE DARK TANGENT,he didn't really set out from
(02:44):
what I understand, to start aconference. And everything I'm
going to bestow upon you duringthis episode is a culmination of
some research I've donethroughout the years. Also, it's
some stories I've heard, andsome of the things that I've
experienced. So please do notuse this and cite it in your
(03:06):
research papers and youreditorials. This is just my
perspective on things. So whathappened in 1993? Well, Jeff,
wanted to throw a party for oneof his friends. And at the time,
Jeff was around 18 years old.
And true to DEF CON fashion,things did not go to plan. So
(03:30):
his buddy was a security fella.
And he was moving to Canada withhis dad from what I understand
he was getting his dad wasgetting a new job. And so Jeff
said, Hey, why don't we throw aparty in Las Vegas? Well,
(03:51):
hackers from all over the placeshowed up. And all probably
about 100 of them. Were there.
So all these hackers andsecurity folks kind of descended
on the Sands Hotel. And thesands since then has been
demolished. And if I had to saymaybe a little bit of that
(04:13):
demolishing happened from someof the attendees. So where did
DEF CON actually get its name?
Now reading from the DEF CONsite, this is new to me. I never
really asked where it got itsname from, but according to the
site, that at the time that thesecurity folks and hackers or
(04:37):
freak errs would get together.
Then they would do it in thesummer. And they called that
summer con because it was in thesummer. Now for those that don't
know con is just short forconference. And then in the
winter they had hoho con andthen a pump con during
Halloween. And according to thesite He did not want to
(04:59):
associate DEF CON or what wouldbecome DEF CON. With a time of
the year now I call it summercamp for hackers and nerds. But
he didn't want that. So when heset out to come up with a name,
he wanted to use def, which isdef, and it's number three on
(05:21):
the phone. And if you're in themilitary lingo, it says DEF CON
is short for defense condition.
So putting the two together, hecame up with DEF CON. Now, we
should note that DEF CON inmilitary terms is all ran
(05:42):
together. It's DEF CON, all oneword. But in this case, DEF CON
is actually two words. So wheneverybody got together for this
party, he got such greatfeedback that he decided to do
it the next year. So the firstyear there was about 100 people.
(06:04):
But word spread. And each year,more and more people began to
just descend on Las Vegas. Andby 1998, there were 2000 people
that showed up to tangentsannual event. Now we all know
that 1998 That was in the.com,boom, bust error. And then a lot
(06:29):
of us like myself, we were justgraduating high school and we
were going, you know into thecybersecurity profession. And it
was becoming very well defined.
So each year brought more andmore people. Now all the way up
to 2019. It's estimated that30,000 people attended DEF CON,
(06:50):
which is just amazing. I mean,when you go there, it's like a
conference ofmagnitude that you just cannot
describe. So if you're intomotorcycles, it would be Bike
Week down in Daytona are Sturgisand South Dakota. And like I
said, if you're into NASCAR,then it would be the Daytona
(07:13):
500. But the DEF CON in personconference went all the way up
until when do you think they didnot have it in person? That's
right. It was during COVID. Andthat was the first time and I
believe 27 years that theydidn't have it in person. Now
(07:36):
something you need to know aboutDEF CON, since it is a
underground conference, that upuntil a few years ago, the only
way to get in attendance of DEFCON was to pay cash at the door.
And when you think about this30,000 people showing up and
(07:57):
paying cash at the door. That'sa lot of cash that's been
acquired. And you can imagineone of the reasons why they
wanted to have cash at the doorsfor anonymity. And that's
really, really big at theconference, because you have
(08:19):
folks there that are inindustry. And just the mere fact
that they're attending certainvillages and conferences could
tip the adversary off thatthere's a weakness in their
systems. You have folks therefrom the FBI, NSA CIA.
(08:43):
And that's not me speculating,they actually have a program
there called spot the Fed.
Because, as we know, sometimesfederal agents stick out with
their haircuts and their fancyshoes and clothes. So that's
always been an annual eventcalled spot the Fed. But
however, so you paid your $200cash. This year, it's $360 cash.
(09:04):
And with the amount of peopleshowing up, it's just a lot of
cash. But the reason why they dothat is for anonymity. And
anybody that's ever been to DEFCON will know that taking
pictures at the conference ofpeople may get your butt
whooped. Or it could get yourcamera taken away from you and
(09:27):
destroyed. There's oneparticular talk that I attend,
it's actually a group of talks.
And I'll leave the talk name outof it. But they are very, very
clear that if you get caughtrecording something or getting
out your phone during a talkthat violators of the rule will
(09:52):
be violently violated. So theytake it pretty serious. But now
in the later years here at DEFCON you can actually you
purchase your tickets onlinewith a credit card. And the
first time I heard about that, Iwas like, Wow, that's crazy.
Because when we all go there, weall want to be part of the
community and just part of thepeople and anonymity. And we
(10:14):
don't necessarily want folks toknow who we are if we don't want
to. And so that's a littlechange in DEF CON. But when
COVID hit DEF CON, went intowhat they call Safe Mode, just
like your computer back in theday, remember, when your
computer had a virus, or it hadsome kind of malware on it, or
(10:36):
you messed up your driver, youcould hit that key combination,
and it would boot up in safemode. Matter of fact, some
Windows boxes wouldautomatically boot up in safe
mode, if it detected an error.
So for the first time, DEF CON28 was put in safe mode because
of COVID. Now if we talk aboutone of the the found stones of
(11:00):
DEF CON is being anonymous andbeing able to have a cloak of
anonymity, you just show up payyour cash. Now you can pay for
it ahead of time with a creditcard. And with DEF CON safe
mode, they put the contentonline. And so that was
(11:21):
something that I feel like thatkind of took away from it a
little bit, but I totallyunderstand it. I'm not. I mean,
we were in very unchartedterritories and times. So I was
very glad that they did do itthat way. But some people that
give their talks out there, theydon't want you to know who they
(11:44):
are, who they work for. And someof these people work for. I
mean, they're high profileindustries that they work for.
But when they go out there, theywant to just have the free flow
of information. And so they canchoose to have that cloak of
anonymity. And then DEF CON 29was after, you know, the COVID
(12:07):
years, I like to call it andthey did have in person
conference again, but you had tohave your vaccine card, and the
vaccine card was verified by athird party. And so I wonder I
want to find out whenever I getout there this year, what was it
(12:30):
like during 29? When people wereallowed to show up? The some of
the people that were going togive the more advanced talks? Or
maybe the gray area talks notshow up? Because one maybe they
don't believe in the vaccine ordidn't want to get vaccinated?
Or do they not show up becausethere's a chance that they could
(12:54):
get on mast. Now, in the pastreason why I say that anonymity
is important. There have beenpeople arrested by by the feds,
either on their way at DEF CON,or in the event of participating
in things outside of theconference. But in the area. As
(13:17):
far as I know, there has notbeen anybody that's been dragged
off stage by the fence. But itjust makes me wonder. So there's
a couple years there basicallythree years where maybe your
true identity could have beenunmasked either because of, you
know, having to present onlineor having to show the vaccine
(13:39):
card. But I guess the peoplethat pay on their credit card or
want to pay on their creditcard, they probably didn't care.
And they just showed up anyways,because they were not into
trying to mask their identity asmuch. So I've talked about two
things here so far that peoplemay say, Commander Bob, what are
(14:02):
you talking about? You mean totell me that the feds go to this
underground hacker conference.
And you tell me that violatorsthat tried to take pictures and
violate the rules get violentlyviolated? Well, I'm going to
give you a couple of real worldexamples. And 2007
(14:24):
TV show by the name of Datelinetried to secretly record hackers
admitting to illegal activity.
And when the crew was outed byfounder Jeff himself, one of the
reporters was heckled and chasedout of the conference. So yes,
they take this very seriously.
Now the thing with Dateline is,is that they could have applied
(14:47):
for a press pass, which isanother way to get a pass to to
DEF CON is to you know, havepress credentials. And if they
accept it, though, that you comein, but the thing is, is that
Dateline wanted to you No sirpetition Asli record secretly
record. And that's a that's abig no, no, that was in 2007.
(15:08):
Now, when I say the Feds go tothis conference, I mean, you
gotta realize some of thesefolks are doing illegal stuff.
Or maybe they're doing, youknow, things that are completely
legal, but the Feds want to keeptheir eye on him. I know that
whenever I was involved with theelection, hacking, and I was
(15:31):
invited to speak at the votingvillage, there were a lot of
Feds there, it was prettyinteresting that, you know, to
talk to them and tell them whatI discovered, and they were very
interested in they were over.
But I can tell you that the Fedof all Feds was at the
conference one year, and thiswas the chief hacker in charge,
(15:54):
his name, ready for it. Directorof the NSA, General Keith
Alexander, and he gave thekeynote address, and may not
tell you that was justabsolutely awesome, because here
you have an undergroundconference, where hackers and
(16:17):
Feds all come together and theyhave all this anonymity. And for
them to be able to book GeneralKeith Alexander in 2012. That
was just a ha ha moment where tome, you saw the convergence of
hey, during this time, we maychase each other all around the
(16:40):
highways and byways ofcyberspace, and through the
digital ocean. But for thismoment in time, once a year,
we're all going to get along.
And we'll speak at yourconference. And it's just to me,
that was just amazing. Now, onesubject that is near and dear to
(17:03):
my heart, it made its appearanceat DEF CON, and 2017. And that
was the voting village. Andfriend of mine, Harry was very
instrumental in putting that on.
And Harry invited me out totalk. And it was just a real.
Like I said, that was kind ofone of the cap stones of my
(17:24):
career. A lot of people, theyhave stuff that they look to
achieve. And to me, that was oneof them. And actually, in 2018,
the following year, the votingvillage actually received the
cybersecurity Excellence Award.
(17:44):
Now, I tell you, when you'reinvolved in something that
you're very passionate about,and then you're invited to talk
at a talk like that, orconference like that. It's just,
you know, I just cannot explainit. And now we're going to talk
more about the election nuancesas the podcast series matures.
(18:07):
But right now is not the time,but we will do a lot of talking
about voting machines, and whatI discovered and some of the
work I was able to do withHarry, and crew. But what I want
to draw attention to is just howthe voting village was something
that I was very happy to seebecome a village. DEF CON isn't
(18:31):
just a conference. It hasconferences inside of
conferences, and think of thesevillages as little Mini Cons.
And some of them like the votingvillage, there was an area where
there was official talks likewhat I gave, but then there's
areas of where people just bringin a bunch of voting machines
(18:52):
and say you got a special votingmachine. And you bring it in and
someone has another one thatthey got off eBay and you can
bring it to the voting village.
And people that are experts canplay with your machine and you
play with theirs. And it'sreally cool. But they also have
these villages. And some of theones that are the most notable
to me that I think's amazing, isthe bio hacking village. Now
(19:16):
that village is all abouthacking, biometrics, and other
bio systems. So if you wouldever like to have an RFID chip
implanted in your neck, well,you can go to the bio voting
Village and I'm sure somebodyhas has an RFID chip that they
would implanted into your neck.
(19:40):
And you can also experiment withhacking those devices that are
in the bio hacking genre. Someof the other ones that are big
deals at DEF CON is the carhacking village. And it's the
same thing bio hacking thevoting machine well and car
hacking. They bring realautomobiles, some of these
(20:01):
automobiles may be fromindustry, some automobiles may
be personally home. And don'tquote me on this. But I think a
time or two, there was a fewrental cars that were
automobiles that people weretrying to hack into. And they do
things like try to hack into theentertainment system to make it
(20:23):
do different things, actually,trying to hack into them
remotely. And so if that's youryour bag, then you can go to the
car hacking village and staythere during the whole
conference and not even go tothe other talks. Just go to
where your people are, and, andhang out and just make
(20:43):
connections make friends makeeverybody is just so nice. And
they're so passionate, andthey're willing to, to listen to
you and to have you demonstratewhat you know. But other ones
also include the industrialcontrol systems. Now, as you
guys know, I have actuallydeveloped a zero day exploit at
(21:04):
one time into an industrialcontrol system. And so that
little village is one that I'llhang out in some times, just
because I want to see where allpeople have done just since I
quit doing my research intothat. And I've already mentioned
the voting village, but alsocrypto and pot and privacy. So
(21:25):
if you're one of these peoplethat are into that, then you can
spend the whole conference withpeople that are just as
passionate about that subject asyou now two of my favorites. And
I want to say that probably thisone's the oldest, you know, a
little sub conference village.
And that's the lock pickingvillage. And all my Jesus, if
(21:45):
you can get by just one village,where are you saying, Hey,
I just want to go see what allthis is about. I'm not that
technical, but I want to beamazed, go to the lock picking
village and look around. Nowsome of us that are in industry,
we know that Medeco Ooh medica,no one can hack the Medeco key.
(22:10):
I've have a bunch of differentMedeco keys myself. But I
guarantee if you go to the lockpicking village, you will find
that one person or group ofpeople that are teaching each
other how to hack the Medecokey. And these folks are like
puzzle solvers. It's amazing thedexterity they have in their
fingers, and how they can justfeel for things and just make
(22:34):
these locks just pop open.
Probably quicker than if you hada key in your pocket. Because
you'd have to find the key thesefolks, they just know how to put
it in there and wiggle itaround. And next thing you know,
wildlife. So that lock pickingvillage is really cool. Now one
of my favorites. And this iswhere I if you guys want to run
into Globalbob Look for me, Iwill be at the sky talks. And
(22:58):
that is the what from whatpeople describe it. To me I know
what I think of it is that'swhere they are very, very, very
serious. There's no recordingdevices, some of some famous
people that I don't want tomention their names. They've
actually been hauled out ofthere by some guys that are in
(23:21):
girls that are a lot larger thansome of these people. I mean,
we're talking about some ofthese folks that are at the sky
talks. They are quite capable oftaking someone apart
systematically. I don't know ifthey could get them back
together. But there has beensome famous, at least one that I
(23:41):
know a very, very famousreporter that was escorted quite
sternly out the door when theytried to surreptitiously record
now sky talks, you're going togo in there. And one thing is
for sure, you're going to have aheck of a lot of fun. You may
see demonstrations that go offthe rails, you may see
(24:06):
demonstrations that you don'tunderstand what's going on. But
what's really cool is is thatfrom what people have described
it to me is that that's theoriginal DEF CON.
Way, right? I mean veryunderground, anything kind of
(24:27):
goes That's not, you know,illegal. And it's pretty cool. I
was there one time, and someonehad a cell phone and the cell
phone rang. And one of the folksthat run the village, they got
the cell phone and they put itin a jar of mayonnaise and they
(24:49):
gave it back to the person.
There's another time I was inthere that I saw a cell phone
get smashed with a sledgehammer.
And like I said, it's just areal cool talk. Now we I don't
know if those were plants ornot. But I went and try him. And
that's where I like to hang out.
Because I mean, I've seen someof the most amazing talks in
there, where people are justreally, really down in the
(25:13):
weeds, they're just there toshare the knowledge. They're not
there for the wow factor. And sothat's really a place that I
like to hang out. So to wrap itup, I just want everybody to
realize that there is a placewhere both security
professionals those that may ormay not be involved in illegal
(25:34):
activity, and federalgovernments from around the
world descend on Sin City to goto DEF CON. And if you ever go
out there, especially as big asDEF CON is now there's something
that goes on 24 hours a day. Andfor the whole life of the
(25:55):
conference, whether it's privateparties, whether it's the EFF,
the Electronic FrontierFoundation normally does a
really big party out there. Andthere's, you know, capture the
flags going on, there's greattechno music playing. I mean,
you got folks that are settingup fake cell sites. And one time
I was out there, they even setup their own real cellular site.
(26:20):
And they called themselves ninjaPatel, and you can make a phone
call. But just know when you goout there, just take it all in,
you can't see everything a lotof stuff is standing room only.
I mean, back in the day, therewas 100 people 2019 There's
30,000 plus people. And that'sjust from, you know, some people
go out, they don't actually gointo the conference, they're
(26:43):
just there in the hotels hangingout with their buds and stuff.
But it's just amazing to knowthat everybody can come together
during the summer, and have agood time. Now, when you are out
there, just note that you don'twant to use the ATM machines at
the conference. I mean, you'reat a place with 30,000 Plus
(27:05):
hackers, security professionals,chances are, there's probably
someone there that knowssomething about skimming.
There's all kinds of pranks thatgoes on. I mean, sometimes they
take over the TV system thereand, and just be mindful that
not everybody is there for theright intentions, and you got to
(27:30):
have your human firewall up. Asa matter of fact, you should
have your human firewall upanytime you travel. Because it's
during those times thatadversaries can do what they
call bump you which means to tryto get information from you try
to compromise you, especially ifyou're involved in federal
(27:52):
government. And I do know thatthere's some corporations and
agencies that actually givetheir employees DEF CON
training, which I think'samazing. And they basically go
over everything of Hey, makesure you keep a low profile.
Make sure you don't get to aknee abbreviated that you don't
(28:14):
know where you're at. Andsomething that one of my bosses
used to say all the time isdon't be the story. And that's
the moral of this story. Don'tbe the story. All right, we're
at the bottom of the half hour.
I would just like to thankeverybody that continues to tune
(28:37):
in to the Globalbob show. Youcan reach me at Globalbob show
on Twitter. So hit me up. Ifyou're out at DEF CON, send me a
DM through Twitter, I willrespond. And maybe we can meet
up. You can also email Globalbobshow@gmail.com. You can also
(29:00):
find us out on Facebook. So inGlobalbob Show news. We are now
on i m dB, which is really cool.
Can't believe it. You can go toIMDb and type in Globalbob show
and you will see my smilingface. And that's pretty cool.
Some of the things we're workingon I don't know yet. I haven't
(29:22):
made it up in my mind whetherI'm going to do it or not. But
we may be able to start aninternet radio station. And on
that station you will hear theglobal Bob Show from time to
time. But we will be playingmusic
(29:42):
good music I guess. I don't knowwhat the format would be. I'm
still kind of toiling around inmy head. Looking at licensing
the music so maybe we'll do somecool, you know, shows maybe
music sets like the hack two IfI like all kinds of music, from
(30:04):
techno music to country music80s Music, gangster rap, I just
like it all. I love music, and Ilove talking. So I'm going to
try to put the two together. Soif anybody has any ideas, send
them my way. As always, I'mlooking for folks that may want
(30:24):
to come on the show. We can do acouple different podcast around
whatever you're interested in. Idon't know. So reach out to me
and give me some ideas. Maybeyou just want to play stump the
chump with me where I just hangout. And you asked me rapid
fire, technical and politicalquestions, and I answered them.
(30:44):
So anyways, lots of good stuffhappening. Looking forward to
getting out to Vegas. And I willbe doing a show while I'm out
there. I'll probably do a wrapup show whenever I get back. So
everybody will be well educatedon what DEF CON is. And like one
(31:06):
of my bosses used to say, don'tbe the story and I promise about
the story. So until next time,
All right. All right, here we go. You are jacked into
the Globalbob show. Episodenumber 20. We got the 67 caddy.
Deville fired up. We got theRochester Quadrajet carburetor,
(00:22):
all clean, and we are going tocruise the highways and byways
from Polk County, Florida out tosin. City, Nevada. That's right.
We're going to be cruising outto Las Vegas for DEF CON 30. And
I cannot wait. For those ofy'all that don't know DEF CON is
(00:47):
summer camp for hackers andnerds such as myself. Episode
number 20. Here we're going totalk about DEF CON, because I've
gotten that question quite a bitGlobalbob. What is this DEF CON?
What's it all about? And why doyou go and simply put, it is the
Superbowl, the biggest event?
The Daytona 500. TheIndianapolis 500 is the big show
(01:12):
for us security professionals.
I've had the distinct honor oftalking at one of the villages
at DEF CON, the voting village,one of the highlights of my
career. And so in this episode,we are going to talk about what
(01:34):
is DEF CON, how it got started.
And why do security experts suchas myself, and 30 plus 1000
People from intelligenceagencies all around the world.
And we're going to be able toexplain why we all go out there
once a year to hang out, learn alittle bit, teach a little bit
(01:57):
and make our connections. Ireally appreciate everybody that
tunes in every week had a littleaudio issue on the last episode,
but I think we got it all workedout now. Oh, man, I tell you,
it's a lot getting ready to goout there. You know, it's one of
those things. It's the date isthere. And you know, it's
(02:19):
common, but as always, lastminute stuff I need to get done.
And this trip was no exception.
Now, DEF CON is a conferencethat was founded by Jeff Moss,
also known as THE DARK TANGENT,he didn't really set out from
(02:44):
what I understand, to start aconference. And everything I'm
going to bestow upon you duringthis episode is a culmination of
some research I've donethroughout the years. Also, it's
some stories I've heard, andsome of the things that I've
experienced. So please do notuse this and cite it in your
(03:06):
research papers and youreditorials. This is just my
perspective on things. So whathappened in 1993? Well, Jeff,
wanted to throw a party for oneof his friends. And at the time,
Jeff was around 18 years old.
And true to DEF CON fashion,things did not go to plan. So
(03:30):
his buddy was a security fella.
And he was moving to Canada withhis dad from what I understand
he was getting his dad wasgetting a new job. And so Jeff
said, Hey, why don't we throw aparty in Las Vegas? Well,
(03:51):
hackers from all over the placeshowed up. And all probably
about 100 of them. Were there.
So all these hackers andsecurity folks kind of descended
on the Sands Hotel. And thesands since then has been
demolished. And if I had to saymaybe a little bit of that
(04:13):
demolishing happened from someof the attendees. So where did
DEF CON actually get its name?
Now reading from the DEF CONsite, this is new to me. I never
really asked where it got itsname from, but according to the
site, that at the time that thesecurity folks and hackers or
(04:37):
freak errs would get together.
Then they would do it in thesummer. And they called that
summer con because it was in thesummer. Now for those that don't
know con is just short forconference. And then in the
winter they had hoho con andthen a pump con during
Halloween. And according to thesite He did not want to
(04:59):
associate DEF CON or what wouldbecome DEF CON. With a time of
the year now I call it summercamp for hackers and nerds. But
he didn't want that. So when heset out to come up with a name,
he wanted to use def, which isdef, and it's number three on
(05:21):
the phone. And if you're in themilitary lingo, it says DEF CON
is short for defense condition.
So putting the two together, hecame up with DEF CON. Now, we
should note that DEF CON inmilitary terms is all ran
(05:42):
together. It's DEF CON, all oneword. But in this case, DEF CON
is actually two words. So wheneverybody got together for this
party, he got such greatfeedback that he decided to do
it the next year. So the firstyear there was about 100 people.
(06:04):
But word spread. And each year,more and more people began to
just descend on Las Vegas. Andby 1998, there were 2000 people
that showed up to tangentsannual event. Now we all know
that 1998 That was in the.com,boom, bust error. And then a lot
(06:29):
of us like myself, we were justgraduating high school and we
were going, you know into thecybersecurity profession. And it
was becoming very well defined.
So each year brought more andmore people. Now all the way up
to 2019. It's estimated that30,000 people attended DEF CON,
(06:50):
which is just amazing. I mean,when you go there, it's like a
conference ofmagnitude that you just cannot
describe. So if you're intomotorcycles, it would be Bike
Week down in Daytona are Sturgisand South Dakota. And like I
said, if you're into NASCAR,then it would be the Daytona
(07:13):
500. But the DEF CON in personconference went all the way up
until when do you think they didnot have it in person? That's
right. It was during COVID. Andthat was the first time and I
believe 27 years that theydidn't have it in person. Now
(07:36):
something you need to know aboutDEF CON, since it is a
underground conference, that upuntil a few years ago, the only
way to get in attendance of DEFCON was to pay cash at the door.
And when you think about this30,000 people showing up and
(07:57):
paying cash at the door. That'sa lot of cash that's been
acquired. And you can imagineone of the reasons why they
wanted to have cash at the doorsfor anonymity. And that's
really, really big at theconference, because you have
(08:19):
folks there that are inindustry. And just the mere fact
that they're attending certainvillages and conferences could
tip the adversary off thatthere's a weakness in their
systems. You have folks therefrom the FBI, NSA CIA.
(08:43):
And that's not me speculating,they actually have a program
there called spot the Fed.
Because, as we know, sometimesfederal agents stick out with
their haircuts and their fancyshoes and clothes. So that's
always been an annual eventcalled spot the Fed. But
however, so you paid your $200cash. This year, it's $360 cash.
(09:04):
And with the amount of peopleshowing up, it's just a lot of
cash. But the reason why they dothat is for anonymity. And
anybody that's ever been to DEFCON will know that taking
pictures at the conference ofpeople may get your butt
whooped. Or it could get yourcamera taken away from you and
(09:27):
destroyed. There's oneparticular talk that I attend,
it's actually a group of talks.
And I'll leave the talk name outof it. But they are very, very
clear that if you get caughtrecording something or getting
out your phone during a talkthat violators of the rule will
(09:52):
be violently violated. So theytake it pretty serious. But now
in the later years here at DEFCON you can actually you
purchase your tickets onlinewith a credit card. And the
first time I heard about that, Iwas like, Wow, that's crazy.
Because when we all go there, weall want to be part of the
community and just part of thepeople and anonymity. And we
(10:14):
don't necessarily want folks toknow who we are if we don't want
to. And so that's a littlechange in DEF CON. But when
COVID hit DEF CON, went intowhat they call Safe Mode, just
like your computer back in theday, remember, when your
computer had a virus, or it hadsome kind of malware on it, or
(10:36):
you messed up your driver, youcould hit that key combination,
and it would boot up in safemode. Matter of fact, some
Windows boxes wouldautomatically boot up in safe
mode, if it detected an error.
So for the first time, DEF CON28 was put in safe mode because
of COVID. Now if we talk aboutone of the the found stones of
(11:00):
DEF CON is being anonymous andbeing able to have a cloak of
anonymity, you just show up payyour cash. Now you can pay for
it ahead of time with a creditcard. And with DEF CON safe
mode, they put the contentonline. And so that was
(11:21):
something that I feel like thatkind of took away from it a
little bit, but I totallyunderstand it. I'm not. I mean,
we were in very unchartedterritories and times. So I was
very glad that they did do itthat way. But some people that
give their talks out there, theydon't want you to know who they
(11:44):
are, who they work for. And someof these people work for. I
mean, they're high profileindustries that they work for.
But when they go out there, theywant to just have the free flow
of information. And so they canchoose to have that cloak of
anonymity. And then DEF CON 29was after, you know, the COVID
(12:07):
years, I like to call it andthey did have in person
conference again, but you had tohave your vaccine card, and the
vaccine card was verified by athird party. And so I wonder I
want to find out whenever I getout there this year, what was it
(12:30):
like during 29? When people wereallowed to show up? The some of
the people that were going togive the more advanced talks? Or
maybe the gray area talks notshow up? Because one maybe they
don't believe in the vaccine ordidn't want to get vaccinated?
Or do they not show up becausethere's a chance that they could
(12:54):
get on mast. Now, in the pastreason why I say that anonymity
is important. There have beenpeople arrested by by the feds,
either on their way at DEF CON,or in the event of participating
in things outside of theconference. But in the area. As
(13:17):
far as I know, there has notbeen anybody that's been dragged
off stage by the fence. But itjust makes me wonder. So there's
a couple years there basicallythree years where maybe your
true identity could have beenunmasked either because of, you
know, having to present onlineor having to show the vaccine
(13:39):
card. But I guess the peoplethat pay on their credit card or
want to pay on their creditcard, they probably didn't care.
And they just showed up anyways,because they were not into
trying to mask their identity asmuch. So I've talked about two
things here so far that peoplemay say, Commander Bob, what are
(14:02):
you talking about? You mean totell me that the feds go to this
underground hacker conference.
And you tell me that violatorsthat tried to take pictures and
violate the rules get violentlyviolated? Well, I'm going to
give you a couple of real worldexamples. And 2007
(14:24):
TV show by the name of Datelinetried to secretly record hackers
admitting to illegal activity.
And when the crew was outed byfounder Jeff himself, one of the
reporters was heckled and chasedout of the conference. So yes,
they take this very seriously.
Now the thing with Dateline is,is that they could have applied
(14:47):
for a press pass, which isanother way to get a pass to to
DEF CON is to you know, havepress credentials. And if they
accept it, though, that you comein, but the thing is, is that
Dateline wanted to you No sirpetition Asli record secretly
record. And that's a that's abig no, no, that was in 2007.
(15:08):
Now, when I say the Feds go tothis conference, I mean, you
gotta realize some of thesefolks are doing illegal stuff.
Or maybe they're doing, youknow, things that are completely
legal, but the Feds want to keeptheir eye on him. I know that
whenever I was involved with theelection, hacking, and I was
(15:31):
invited to speak at the votingvillage, there were a lot of
Feds there, it was prettyinteresting that, you know, to
talk to them and tell them whatI discovered, and they were very
interested in they were over.
But I can tell you that the Fedof all Feds was at the
conference one year, and thiswas the chief hacker in charge,
(15:54):
his name, ready for it. Directorof the NSA, General Keith
Alexander, and he gave thekeynote address, and may not
tell you that was justabsolutely awesome, because here
you have an undergroundconference, where hackers and
(16:17):
Feds all come together and theyhave all this anonymity. And for
them to be able to book GeneralKeith Alexander in 2012. That
was just a ha ha moment where tome, you saw the convergence of
hey, during this time, we maychase each other all around the
(16:40):
highways and byways ofcyberspace, and through the
digital ocean. But for thismoment in time, once a year,
we're all going to get along.
And we'll speak at yourconference. And it's just to me,
that was just amazing. Now, onesubject that is near and dear to
(17:03):
my heart, it made its appearanceat DEF CON, and 2017. And that
was the voting village. Andfriend of mine, Harry was very
instrumental in putting that on.
And Harry invited me out totalk. And it was just a real.
Like I said, that was kind ofone of the cap stones of my
(17:24):
career. A lot of people, theyhave stuff that they look to
achieve. And to me, that was oneof them. And actually, in 2018,
the following year, the votingvillage actually received the
cybersecurity Excellence Award.
(17:44):
Now, I tell you, when you'reinvolved in something that
you're very passionate about,and then you're invited to talk
at a talk like that, orconference like that. It's just,
you know, I just cannot explainit. And now we're going to talk
more about the election nuancesas the podcast series matures.
(18:07):
But right now is not the time,but we will do a lot of talking
about voting machines, and whatI discovered and some of the
work I was able to do withHarry, and crew. But what I want
to draw attention to is just howthe voting village was something
that I was very happy to seebecome a village. DEF CON isn't
(18:31):
just a conference. It hasconferences inside of
conferences, and think of thesevillages as little Mini Cons.
And some of them like the votingvillage, there was an area where
there was official talks likewhat I gave, but then there's
areas of where people just bringin a bunch of voting machines
(18:52):
and say you got a special votingmachine. And you bring it in and
someone has another one thatthey got off eBay and you can
bring it to the voting village.
And people that are experts canplay with your machine and you
play with theirs. And it'sreally cool. But they also have
these villages. And some of theones that are the most notable
to me that I think's amazing, isthe bio hacking village. Now
(19:16):
that village is all abouthacking, biometrics, and other
bio systems. So if you wouldever like to have an RFID chip
implanted in your neck, well,you can go to the bio voting
Village and I'm sure somebodyhas has an RFID chip that they
would implanted into your neck.
(19:40):
And you can also experiment withhacking those devices that are
in the bio hacking genre. Someof the other ones that are big
deals at DEF CON is the carhacking village. And it's the
same thing bio hacking thevoting machine well and car
hacking. They bring realautomobiles, some of these
(20:01):
automobiles may be fromindustry, some automobiles may
be personally home. And don'tquote me on this. But I think a
time or two, there was a fewrental cars that were
automobiles that people weretrying to hack into. And they do
things like try to hack into theentertainment system to make it
(20:23):
do different things, actually,trying to hack into them
remotely. And so if that's youryour bag, then you can go to the
car hacking village and staythere during the whole
conference and not even go tothe other talks. Just go to
where your people are, and, andhang out and just make
(20:43):
connections make friends makeeverybody is just so nice. And
they're so passionate, andthey're willing to, to listen to
you and to have you demonstratewhat you know. But other ones
also include the industrialcontrol systems. Now, as you
guys know, I have actuallydeveloped a zero day exploit at
(21:04):
one time into an industrialcontrol system. And so that
little village is one that I'llhang out in some times, just
because I want to see where allpeople have done just since I
quit doing my research intothat. And I've already mentioned
the voting village, but alsocrypto and pot and privacy. So
(21:25):
if you're one of these peoplethat are into that, then you can
spend the whole conference withpeople that are just as
passionate about that subject asyou now two of my favorites. And
I want to say that probably thisone's the oldest, you know, a
little sub conference village.
And that's the lock pickingvillage. And all my Jesus, if
(21:45):
you can get by just one village,where are you saying, Hey,
I just want to go see what allthis is about. I'm not that
technical, but I want to beamazed, go to the lock picking
village and look around. Nowsome of us that are in industry,
we know that Medeco Ooh medica,no one can hack the Medeco key.
(22:10):
I've have a bunch of differentMedeco keys myself. But I
guarantee if you go to the lockpicking village, you will find
that one person or group ofpeople that are teaching each
other how to hack the Medecokey. And these folks are like
puzzle solvers. It's amazing thedexterity they have in their
fingers, and how they can justfeel for things and just make
(22:34):
these locks just pop open.
Probably quicker than if you hada key in your pocket. Because
you'd have to find the key thesefolks, they just know how to put
it in there and wiggle itaround. And next thing you know,
wildlife. So that lock pickingvillage is really cool. Now one
of my favorites. And this iswhere I if you guys want to run
into Globalbob Look for me, Iwill be at the sky talks. And
(22:58):
that is the what from whatpeople describe it. To me I know
what I think of it is that'swhere they are very, very, very
serious. There's no recordingdevices, some of some famous
people that I don't want tomention their names. They've
actually been hauled out ofthere by some guys that are in
(23:21):
girls that are a lot larger thansome of these people. I mean,
we're talking about some ofthese folks that are at the sky
talks. They are quite capable oftaking someone apart
systematically. I don't know ifthey could get them back
together. But there has beensome famous, at least one that I
(23:41):
know a very, very famousreporter that was escorted quite
sternly out the door when theytried to surreptitiously record
now sky talks, you're going togo in there. And one thing is
for sure, you're going to have aheck of a lot of fun. You may
see demonstrations that go offthe rails, you may see
(24:06):
demonstrations that you don'tunderstand what's going on. But
what's really cool is is thatfrom what people have described
it to me is that that's theoriginal DEF CON.
Way, right? I mean veryunderground, anything kind of
(24:27):
goes That's not, you know,illegal. And it's pretty cool. I
was there one time, and someonehad a cell phone and the cell
phone rang. And one of the folksthat run the village, they got
the cell phone and they put itin a jar of mayonnaise and they
(24:49):
gave it back to the person.
There's another time I was inthere that I saw a cell phone
get smashed with a sledgehammer.
And like I said, it's just areal cool talk. Now we I don't
know if those were plants ornot. But I went and try him. And
that's where I like to hang out.
Because I mean, I've seen someof the most amazing talks in
there, where people are justreally, really down in the
(25:13):
weeds, they're just there toshare the knowledge. They're not
there for the wow factor. And sothat's really a place that I
like to hang out. So to wrap itup, I just want everybody to
realize that there is a placewhere both security
professionals those that may ormay not be involved in illegal
(25:34):
activity, and federalgovernments from around the
world descend on Sin City to goto DEF CON. And if you ever go
out there, especially as big asDEF CON is now there's something
that goes on 24 hours a day. Andfor the whole life of the
(25:55):
conference, whether it's privateparties, whether it's the EFF,
the Electronic FrontierFoundation normally does a
really big party out there. Andthere's, you know, capture the
flags going on, there's greattechno music playing. I mean,
you got folks that are settingup fake cell sites. And one time
I was out there, they even setup their own real cellular site.
(26:20):
And they called themselves ninjaPatel, and you can make a phone
call. But just know when you goout there, just take it all in,
you can't see everything a lotof stuff is standing room only.
I mean, back in the day, therewas 100 people 2019 There's
30,000 plus people. And that'sjust from, you know, some people
go out, they don't actually gointo the conference, they're
(26:43):
just there in the hotels hangingout with their buds and stuff.
But it's just amazing to knowthat everybody can come together
during the summer, and have agood time. Now, when you are out
there, just note that you don'twant to use the ATM machines at
the conference. I mean, you'reat a place with 30,000 Plus
(27:05):
hackers, security professionals,chances are, there's probably
someone there that knowssomething about skimming.
There's all kinds of pranks thatgoes on. I mean, sometimes they
take over the TV system thereand, and just be mindful that
not everybody is there for theright intentions, and you got to
(27:30):
have your human firewall up. Asa matter of fact, you should
have your human firewall upanytime you travel. Because it's
during those times thatadversaries can do what they
call bump you which means to tryto get information from you try
to compromise you, especially ifyou're involved in federal
(27:52):
government. And I do know thatthere's some corporations and
agencies that actually givetheir employees DEF CON
training, which I think'samazing. And they basically go
over everything of Hey, makesure you keep a low profile.
Make sure you don't get to aknee abbreviated that you don't
(28:14):
know where you're at. Andsomething that one of my bosses
used to say all the time isdon't be the story. And that's
the moral of this story. Don'tbe the story. All right, we're
at the bottom of the half hour.
I would just like to thankeverybody that continues to tune
(28:37):
in to the Globalbob show. Youcan reach me at Globalbob show
on Twitter. So hit me up. Ifyou're out at DEF CON, send me a
DM through Twitter, I willrespond. And maybe we can meet
up. You can also email Globalbobshow@gmail.com. You can also
(29:00):
find us out on Facebook. So inGlobalbob Show news. We are now
on i m dB, which is really cool.
Can't believe it. You can go toIMDb and type in Globalbob show
and you will see my smilingface. And that's pretty cool.
Some of the things we're workingon I don't know yet. I haven't
(29:22):
made it up in my mind whetherI'm going to do it or not. But
we may be able to start aninternet radio station. And on
that station you will hear theglobal Bob Show from time to
time. But we will be playingmusic
(29:42):
good music I guess. I don't knowwhat the format would be. I'm
still kind of toiling around inmy head. Looking at licensing
the music so maybe we'll do somecool, you know, shows maybe
music sets like the hack two IfI like all kinds of music, from
(30:04):
techno music to country music80s Music, gangster rap, I just
like it all. I love music, and Ilove talking. So I'm going to
try to put the two together. Soif anybody has any ideas, send
them my way. As always, I'mlooking for folks that may want
(30:24):
to come on the show. We can do acouple different podcast around
whatever you're interested in. Idon't know. So reach out to me
and give me some ideas. Maybeyou just want to play stump the
chump with me where I just hangout. And you asked me rapid
fire, technical and politicalquestions, and I answered them.
(30:44):
So anyways, lots of good stuffhappening. Looking forward to
getting out to Vegas. And I willbe doing a show while I'm out
there. I'll probably do a wrapup show whenever I get back. So
everybody will be well educatedon what DEF CON is. And like one
(31:06):
of my bosses used to say, don'tbe the story and I promise about
the story. So until next time,
Popular Podcasts
NFL Daily with Gregg Rosenthal
Gregg Rosenthal and a rotating crew of elite NFL Media co-hosts, including Patrick Claybon, Colleen Wolfe, Steve Wyche, Nick Shook and Jourdan Rodrigue of The Athletic get you caught up daily on all the NFL news and analysis you need to be smarter and funnier than your friends.
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com