The best of Black Hat and Def Con 2013

It was a late night in May. Renderman, the computer hacker notorious for discovering that outdated air traffic control software could be used to reroute planes mid-flight, was feeling shitty. The stress of digging himself out of debt he’d accumulated during years of underemployment was compounded by the feeling of being trapped in a job he hated. He was forgetful and couldn’t focus on anything. “Depression has sapped my motivation and lust for life,” he later wrote. “I can't remember the last time I worked on a project ... it's like I'm a ghost in my own life. Just existing but with no form ... I’m most definitely not myself.”Feeling slightly buzzed after a few beers, he decided to speak out. “My name is Renderman and I suffer from depression,” he tweeted.

Within minutes, other hackers started responding.

Jason Scott, the well-known digital archivist with archive.org who has previously produced a documentary on bulletin board systems, has turned his attention to Def Con — the Vegas convention that now attracts thousands of hackers (and would-be hackers) each year. Def Con: The Documentary sits down with a number of individuals who've been involved with the event from the start, including "The Dark Tangent" himself, Def Con founder Jeff Moss.

Def Con is familiar territory for Scott, who is a longtime attendee and frequent speaker at the conference — and naturally, assembling the narrative of how the world's largest hacker convention got its start fits in well with his day job of preserving internet history.

"I haven't sensed this level of tension in the community since the crypto wars in the late '90s," said Jeff Moss, aka "The Dark Tangent," remembering when the US government nearly outlawed strong cryptography. He was addressing the audience at Black Hat, the computer security conference he founded almost two decades ago. The tension surrounded the speaker he was introducing: General Keith Alexander, director of the National Security Agency.

It was the second time Alexander’s presence caused a ruckus at a Las Vegas hacker convention. Last year, hecklers briefly taunted the general during his keynote address at Def Con, Moss' more casual computer security pow-wow. But following recent disclosures by Edward Snowden about the agency's massive spying apparatus, the NSA chief's presence provoked more unease among traditionally privacy-minded hackers. Moss had prepared for this. For the first time, citing the NSA leaks, he had asked federal agents not to attend Def Con.

About 1.4 million people in the US have a "top secret" security clearance. But what happens when an attractive man or woman friends them on Facebook, asking for career advice and wondering what they’re working on?

Jordan Harbinger, a dating coach based in Los Angeles, wanted to give a talk at the hacker convention Def Con. He was in his living room chatting with two clients who happen to work for a massive defense corporation that contracts with the US military when the pair started blabbing about their top secret projects. That gave Harbinger an idea for an experiment in social engineering, the dark art of influencing people to act against their own interest: what would it take for a defense contractor to reveal classified information to a total stranger?

Unless you're one of its many evangelists, you probably still don't own any Bitcoins, the math-based digital currency that's all the rage among hackers, free market libertarians, and crypto-anarchists alike. A group of tinkerers at the Def Con hacking conference in Las Vegas is trying to fix that with a suitcase vending machine that eats your old-fashioned metal coins and spits out digital ones.

Friday evening, a hacker called Garbage was milling around outside of the Rio convention center showing off the invention to fellow Bitcoin enthusiasts. "Most people know about Bitcoin, but they don't have it," he said, hailing from Kalamazoo, Michigan with his group TwoSixNine, which built the device for around $250 using a Raspberry Pi microcomputer and a portable 4G modem. Plugged into a wall outside the hacker convention, it takes in your spare change through a metal coin slot, checks the current exchange rate on Bitcoin trading post Mt. Gox, and prints out a QR code on receipt paper, which contains the cryptographic hash you can use to redeem your digital gold nugget.

If you're a fly-by-night computer hacker who prefers IRC to Instagram and goes by your handle instead of your real name, a company like Facebook is basically The Man. But the social network is back at Def Con, the long-running hacker convention that draws 15,000 attendees to the Las Vegas desert every summer, for the seventh year in a row. Other internet companies tend to gravitate toward the corporate sister conference Black Hat, maybe sending a small number of employees to Def Con. But Facebook actually hosts events, sponsors parties, and makes major announcements here.

"I think we do a different kind of engagement at conferences like this than a lot of the other companies," said chief security officer Joe Sullivan. When he started working at Facebook in 2009, the company was still so young that Def Con was actually one of its larger expenses. "It's partially for networking, partially for recruiting, partially for just learning and catching up on what's going on."

"Is your organization Edward Snowden-proof?"

That's the kind of line cybersecurity software makers have been pushing in the months since contractor Edward Snowden published internal data from the National Security Agency. Snowden's leaks were damaging to the government, but the private sector also took the lesson to heart. Most large companies have some kind of sensitive data, and Snowden is their worst nightmare: the high-level techie gone rogue.

In a timely appearance, National Security Agency director General Keith Alexander took the stage today at the Black Hat security conference in Las Vegas hoping to "put the facts on the table" about recent revelations regarding his agency's various surveillance programs.

"This is perhaps one of the biggest issues facing our country today," said Alexander, claiming that he would "answer every question to the fullest extent possible." But the talk served largely as an overview of what we've already learned about the NSA's programs following disclosures from Edward Snowden. Alexander defended the agency by repeating that the metadata program which collects the phone records of all Verizon customers does not collect the content of communications, and that only 35 NSA analysts are allowed to run queries against the database.

Thousands of computer hackers are heading to Las Vegas this week for Black Hat and Def Con, back-to-back information security conventions where attendees are warned not to send passwords over Wi-Fi or use the ATMs due to a surge in digital mischief-making.

It’s traditional for these skilled programmers to unveil their greatest exploits at the conventions, prompting a wave of press attention as seemingly-secure parts of our daily lives are turned against their users. Here’s how to hack an iPhone within one minute of plugging it in to a tampered charger. Here’s how to "trivially" gain access to surveillance cameras in homes, banks, prisons, and military facilities.