What Can Hacker Conventions Teach Us?
DEF CON Hacker Convention took place last month, bringing to the table many new Workshops and Villages in which attendees can sit down and hack things. The most notable and written about Village this year was the new Voting Village – A new area of DEF CON where you can take a crack at cracking an election machine.
“Break things, just try to pace yourself,” said Matt Blaze, a security researcher who co-organized this year’s Voting Village – And break things they did. Everyone crowded around the election machines available, ripping apart the plastic cases and looking at the boards. 90 minutes after the doors opened, the WINvote voting machine running the out-of-support Windows XP was compromised and DEF CON Attendees had complete, remote control of the Operating System.
Some of the work didn’t even involve breaking the machine apart or hitting it with exploits – One of the groups was able to use Google to search for the passwords to unlock Administrative Functions on the device. Having access to the manual from Diebold really helps if passwords are not changed from their defaults.
While this year’s event was a success, the event organizers are already hard at work planning for DEF CON 26 – hoping that by next year they will have a full end-to-end simulation of a voting network to find and report weaknesses. By the end of the event however, no one had successfully gained access to the system wirelessly as all successful attacks required physical access – and since it is unlikely that an election attacker would be carrying their screw driver into the booth, the event organizers and attendees are looking forward to the network simulation at DEF CON 26.
This is the first event of its kind as, up until 2016, the Digital Millennium Copyright Act (DMCA) made these efforts illegal. An exemption by the Librarian of Congress now allows good-faith efforts meant to find vulnerabilities, allowing an event such as this to be organized.
With an estimated attendance of 25 thousand people at this year’s DEF CON it’s definitely becoming a more popular topic of discussion. The things I saw and learned at DEF CON 25 feel like they will only be matched by next year’s convention. Attending events like DEF Con allow our engineers to learn more about cyber security and the new way hackers are working. to learn more or discuss cyber security contact Thrive today!