A computer security conference is a convention for individuals involved in computer security . They generally serve as meeting places for system and network administrators , hackers , and computer security experts. Common activities at hacker conventions may include:
41-488: The Chaos Communication Congress is an annual hacker conference organized by the Chaos Computer Club . The congress features a variety of lectures and workshops on technical and political issues related to security, cryptography , privacy and online freedom of speech . It has taken place regularly at the end of the year since 1984, with the current date and duration (27–30 December) established in 2005. It
82-484: A FidoNet protocol based hacking network from Canada . The party was planned for Las Vegas a few days before his friend was to leave the United States, because his father had accepted employment out of the country. However, his friend's father left early, taking his friend along, so Jeff was left alone with the entire party planned. Jeff decided to invite all his hacker friends to go to Las Vegas with him and have
123-461: A bug in the game ( privilege dropping and forking were inverted), allowing them to have such a massive lead that they spent most of the CTF playing Guitar Hero . In 2009, it was announced that "Diutinus Defense Technology Corp" (DDTEK) would be the new organisers, but nobody knew who they were. It was revealed at the end of the game that the team playing as sk3wl0fr00t was the organizer. "Hacking
164-439: A hacker con , is a convention for hackers . These serve as meeting places for phreakers , hackers , and security professionals. The actual events, time-spans, and details of various themes of these conventions not only depends on the specific convention attended but also its perceived reputation. Typically the actual details of any given convention are couched in mild secrecy due to the legality of certain panels, as well as
205-708: A DEF CON Black Badge was featured in an exhibit in the Smithsonian Institution 's National Museum of American History entitled "Innovations in Defense: Artificial Intelligence and the Challenge of Cybersecurity". The badge belongs to ForAllSecure's Mayhem Cyber Reasoning System, the winner of the DARPA 2016 Cyber Grand Challenge at DEF CON 24 and the first non-human entity ever to earn a Black Badge. The first instance of
246-401: A general conference attendee (HUMAN) badge, a Staff member (GOON), Vendor, Speaker, Press, and other badges. In addition, individuals and organizations have begun creating their own badges in what has become known as badgelife. These badges may be purchased in many cases, or earned at the conference by completing challenges or events. Some badges may give the holder access to after hours events at
287-399: A general interest in software , computer architecture , hardware modification, conference badges, and anything else that can be "hacked". The event consists of several tracks of speakers about computer and hacking-related subjects, as well as cyber-security challenges and competitions (known as hacking wargames ). Contests held during the event are extremely varied and can range from creating
328-579: A non-electronic badge such as a vinyl record . Conference badges often contain challenges or callbacks to hacker or other technology history, such as the usage of the Konami Code in the DEF CON 24 badge, or the DEF CON 25 badge reverting to the look of the DEF CON 1 badge. DEF CON Badges do not (generally) identify attendees by name; however, the badges are used to differentiate attendees from others. One way of doing this has been to have different badges,
369-472: A second year at their urging. The event's attendance nearly doubled the second year, and has enjoyed continued success. In 2019, an estimated 30,000 people attended DEF CON 27. For DEF CON's 20th Anniversary, a film was commissioned entitled DEF CON: The Documentary . The film follows the four days of the conference, events and people (attendees and staff), and covers history and philosophy behind DEF CON's success and unique experiences. In January 2018,
410-697: Is considered one of the largest events of its kind, alongside DEF CON in Las Vegas. The congress is held in Germany. It started in 1984 in Hamburg , moved to Berlin in 1998, and back to Hamburg in 2012, having exceeded the capacity of the Berlin venue with more than 4500 attendees. Since then, it attracts an increasing number of people: around 6600 attendees in 2012, over 13 000 in 2015, and more than 15 000 in 2017. From 2017 to 2019 it has taken place at
451-659: Is in keeping with the hacker community's desire for anonymity. Some known handles include DEF CON founder Jeff Moss ' handle of " Dark Tangent ". A notable event at DEF CON is DEF CON 101 which starts off the conference and may offer the opportunity for an individual to come up on stage and be assigned a handle by a number of members of the community. A notable part of DEF CON is the conference badge, which identifies attendees and ensures attendees can access conference events and activities. The DEF CON badge has historically been notable because of its changing nature, sometimes being an electronic badge ( PCB ), with LEDs , or sometimes being
SECTION 10
#1732802496885492-463: Is the evolution of the conference badge. While many conferences use a fairly standard paper/plastic badge to identify attendees by name, many hacker con's have evolved to use more non-traditional badges, such as electronic PCB's with LED's, LCD screens, and can include wifi and advanced, often hidden functionality, to include games, that do not identify the individual, sometimes promoting a group identity or regional/local group affiliation. This has spurred
533-698: The Atlantic Council and the paper went on to win an O'Reilly Defender Research Award. Marcus Hutchins , better known online by his handle MalwareTech , the 23-year-old British security researcher who was credited with stopping the WannaCry outbreak was arrested by the FBI at the airport preparing to leave the country after attending DEF CON over his alleged involvement with the Kronos banking trojan . Each conference venue and date has been extracted from
574-600: The Electronic Frontier Foundation (EFF). The first fundraiser was a dunk tank and was an "official" event. The EFF now has an event named "The Summit" hosted by the Vegas 2.0 crew that is an open event and fundraiser. DEF CON 18 (2010) hosted a new fundraiser called MohawkCon. Within DEF CON there are many contests and events which range from, Capture the Flag, Hacker Jeopardy, Scavenger Hunt, Capture
615-484: The FBI , DoD , United States Postal Inspection Service , DHS (via CISA ) and other agencies regularly attend DEF CON. Some have considered DEF CON to be the "world's largest" hacker conference given its attendee size and the number of other conferences modeling themselves after it. DEF CON was founded in 1993, by then 18-year-old Jeff Moss as a farewell party for his friend, a fellow hacker and member of "Platinum Net",
656-589: The Trade Fair Grounds in Leipzig , since the Hamburg venue was closed for renovation in 2017 and the existing space was not enough for the growing congress. The congress moved back to Hamburg in 2023, after the renovation of CCH was finished. A large range of speakers are featured. The event is organized by volunteers called Chaos Angels . The non-members entry fee for four days was € 100 in 2016, and
697-491: The 15th edition of the CTF was done in partnership with the DARPA , as part of its Cyber Grand Challenge program, where teams wrote autonomous systems to play the game without any human interaction. In 2017, the Legitimate Business Syndicate came up with their very own CPU architecture called cLEMENCy: a middle-endian with 9 bits bytes CPU . With its specifications released only 24 hours before
738-893: The Cyber Grand Challenge was "Mayhem", an AI created by ForAllSecure of Pittsburgh, Pennsylvania. Mayhem then went on to participate in the previously humans-only DEF CON Capture the Flag Contest, where it finished in last place, despite pulling ahead of human teams often in a contest for which it was not specifically designed. In September 2017, the Voting Machine Village produced " DEF CON 25 Voting Machine Hacking Village: Report on Cyber Vulnerabilities in US Election Equipment, Databases and Infrastructure " summarizing its findings. The findings were publicly released at an event sponsored by
779-463: The DEF CON CTF was held in 1996, at the 4th DEF CON, and has been held since then every year. It's one of the few CTF in the attack/defense format. The prize of the winning team is a couple of black badges. In 1996, the first DEF CON CTF was organized, with a couple of servers for participants to hack, and judges to decide if a machine has been hacked, and award points accordingly. In 2002,
820-542: The DEF CON China Beta event was announced. The conference was held May 11–13, 2018 in Beijing, and marked DEF CON's first conference outside the United States. The second annual DEF CON China was canceled due to concerns related to COVID-19 . In 2020, due to safety concerns over COVID-19 the DEF CON 28 in-person Las Vegas event was cancelled and replaced with DEF CON Safe Mode, a virtual event planned for
861-489: The Packet, Crash and Compile, and Hackfortress to name a few. The Black Badge is the highest award DEF CON gives to contest winners of certain events. Capture the flag (CTF) winners sometimes earn these, as well as Hacker Jeopardy winners. The contests that are awarded Black Badges vary from year to year, and a Black Badge allows free entrance to DEF CON for life, potentially a value of thousands of dollars. In April 2017,
SECTION 20
#1732802496885902-462: The area code of the area where they are located in the US, and by other numbers when outside of the US e.g., DC801, DC201. DEF CON Groups may seek permission to make a logo that includes the official DEF CON logo with approval. Following are a list of high-profile issues which have garnered significant media attention. In 2008's contest "Race to Zero," contestants submitted a version of given malware which
943-456: The beginning of the CTF, it was designed with the explicit goals of both surprising the teams, and leveling the playing field by breaking all their tools. DEF CON Groups are worldwide, local chapters of hackers, thinkers, makers and others. DEF CON Groups were started as a splinter off of the 2600 meetup groups because of concerns over politicization. Local DEF CON groups are formed and are posted online. DEF CON Groups are usually identified by
984-430: The company Immunix took part in the game under the moniker "immunex", to benchmark the security of their Linux-based operating system, with modifications including StackGuard , FormatGuard , OpenWall 's non-executable stack , SubDomain (the ancestor of AppArmor ), ... Confident in their defense capabilities, they even opened access to their servers to other teams, and even spent some time taunting them. The team got
1025-592: The conference. In 2018, the evolution of this came with what was termed "shitty addon's" or SAOs. These were miniature (usually) PCBs that connected to the official and other badges that may extend functionality or were just collected. Villages are dedicated spaces arranged around a specific topic. Villages may be considered mini conferences within the con, with many holding their own independent talks as well as hands-on activities such as CTFs, or labs. Some villages include Aerospace Village, Car Hacking Village, IoT Village, Recon, Biohacking , lockpicking , ham radio , and
1066-613: The congress also hosted the annual German Lockpicking Championships. 2005 was the first year the Congress lasted four days instead of three and lacked the German Lockpicking Championships. 2020 was the first year where the Congress did not take place at a physical location due to the COVID-19 pandemic , giving way to the first Remote Chaos Experience (rC3). The Chaos Computer Club announced to return to
1107-403: The convention DEF CON. However, to a lesser extent, CON also stands for convention and DEF is taken from the letters on the number 3 on a telephone keypad , a reference to phreakers . The official name of the conference includes a space in-between DEF and CON. Though intended to be a one-time event, Moss received overwhelmingly positive feedback from attendees, and decided to host the event for
1148-492: The creation of so-called "badgelife" where different individuals and organizations (such as local hacker groups) may design, create, and sell or otherwise distribute a separate badge attendees wear in addition to their conference badge. These badges may be purchased, but some may have to be earned by completing a challenge at the conference. One of the rarest and most desirable badges is the DefCon Black Badge . While
1189-681: The longest Wi-Fi connection to finding the most effective way to cool a beer in the Nevada heat. Other contests, past and present, include lockpicking , robotics-related contests , art, slogan, coffee wars, scavenger hunt , and Capture the Flag . Capture the Flag (CTF) is perhaps the best known of these contests and is a hacking competition where teams of hackers attempt to attack and defend computers and networks using software and network structures. CTF has been emulated at other hacking conferences as well as in academic and military contexts (as red team exercises). Federal law enforcement agents from
1230-804: The now newly renovated Congress Center Hamburg for the 37th edition of the Chaos Communication Congress. The announcement confirms the usual date of 27-30 December, notably omitting the year it will be held. On 18 October 2022, they confirmed that the congress will indeed not be held in 2022. On 6 October 2023, the CCC announced that 37C3 will take place again on the usual dates in 2023. Computer security conference General security conferences might be held by non-profit/not-for-profit/for-profit professional associations, individuals or informal group of individuals, or by security product vendor companies. A hacker conference , also known as
1271-423: The party with them instead. Hacker friends from far and wide got together and laid the foundation for DEF CON, with roughly 100 people in attendance. The term DEF CON comes from the movie WarGames , referencing the U.S. Armed Forces defense readiness condition ( DEF CON) . In the movie, Las Vegas was selected as a nuclear target, and since the event was being hosted in Las Vegas, it occurred to Jeff Moss to name
Chaos Communication Congress - Misplaced Pages Continue
1312-561: The protocol and different implementations for both the server and the client. DEF CON#Black Badge DEF CON (also written as DEFCON, Defcon, or DC ) is a hacker convention held annually in Las Vegas , Nevada . The first DEF CON took place in June 1993 and today many attendees at DEF CON include computer security professionals, journalists , lawyers, federal government employees, security researchers, students, and hackers with
1353-512: The same August 6–9 dates as DC 28. In 2021, DEF CON 29 was held on August 5–8 in-person in Las Vegas and virtually (via Twitch and Discord ). In-person attendees were required to wear masks in conference areas and to show proof of COVID-19 vaccination. Attendees with verified vaccine records (verified by a 3rd party) were given a wristband which was required for entry into the conference areas. Attendees at DEF CON and other Hacker conferences often utilize an alias or "handle" at conferences. This
1394-464: The second place, and all their services deployed on their Immunix stack were never compromised. It was also the first year the contest had an organiser-provided services infrastructure connected to a real-time scoreboard. In 2003, the game had become so popular that a qualification round was introduced, with the previous winner automatically qualified. In 2008, the Sk3wl of Root team took advantage of
1435-477: The top hacker contest seemed like a fun way to introduce ourselves to CTF organization. The yells of "bullshit" from CTF teams during the DEF CON 17 awards ceremony were very gratifying." said vulc@n, a member of DDTEK, on the topic. In 2011, the team "lollerskaters dropping from roflcopters" used a 0day in FreeBSD (namely CVE-2011-4062 ) to escape jails , causing havoc in the game's infrastructure. In 2016,
1476-433: The use of the badges are traditionally associated with DefCon, their use has spread to other conferences. Pixelflut is a common activity at hacker events. It is a protocol for software to draw a canvas . Usually this is done in a client-server architecture with multiple clients who send individual pixels and the server displays. The clients then overwrite each others images on the same server. There are various variants of
1517-728: The well known Social Engineering and vote hacking villages. In 2018 the vote hacking village gained media attention due to concerns about US election systems security vulnerabilities. DEF CON has its own cultural underground which results in individuals wanting to create their own meetups or "cons" within DEF CON. These may be actual formal meetups or may be informal. Well known cons are: Workshops are dedicated classes on various topics related to information security and related topics. Historical workshops have been held on topics such as Digital Forensics investigation, hacking IoT devices, playing with RFID , fuzzing and attacking smart devices. Since DEF CON 11, fundraisers have been conducted for
1558-518: The willingness of attendees to explain themselves to law enforcement and less computer-savvy individuals (see hacker definition controversy ). Common topics include wardriving , lockpicking , corporate and network security, personal rights and freedoms, new technologies, as well as general 'geek' motifs. Some may also have contests and general collaborative events such as hackathons . One facet of Hacker conferences that tends to differentiate many "HackerCons" from general computer security conferences,
1599-419: Was no intentional domestic surveillance. In June 2013, NSA surveillance programs which collected data on US citizens, such as PRISM , had been exposed. Andy Greenberg of Forbes said that NSA officials, including Alexander, in the years 2012 and 2013 "publicly denied–often with carefully hedged words–participating in the kind of snooping on Americans that has since become nearly undeniable." The winner of
1640-524: Was raised to €120 in 2018 to include a public transport ticket for the Leipzig area. An important part of the congress are the assemblies , semi-open spaces with clusters of tables and internet connections for groups and individuals to collaborate and socialize in projects, workshops and hands-on talks. These assembly spaces, introduced at the 2012 meeting, combine the hack center project space and distributed group spaces of former years. From 1997 to 2004
1681-440: Was required to be undetectable by all of the antivirus engines in each round. The contest concept attracted much negative attention. On March 12, 2013, during a United States Senate Select Committee on Intelligence hearing, Senator Ron Wyden quoted the 2012 DEF CON keynote speech and asked Director of National Intelligence James Clapper if the U.S. conducted domestic surveillance; Clapper made statements saying that there