X

DefCon Kids joins adult hacker conferences

Hacker offspring get their own DefCon as talks on critical infrastructure hacks run next door to social engineering contests for kids.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
3 min read
 
DefCon

LAS VEGAS--Hackers of all types will be making their annual pilgrimage to the Black Hat and DefCon security conferences this week, including children who will learn how to write ciphers, hack circuit boards, and pick locks.

This marks the first year for DefCon Kids, which targets children aged 8 to 16. The event will run alongside all of the regular DefCon security and hacking sessions and the fun events for the adults like Hacker Karaoke, Hacker Jeopardy, Mohawk-Con, and an alcoholic ice cream contest.

"DefCon is a very adult orientated conference, more of a party then your typical conference. There will be adult language, alcohol and there may be nudity," the Defcon Kids site says. "The DefCon Kids conference room will be situated in and around the adult DefCon, therefore you and your kids will be exposed to a wide assortment of people, lifestyles and philosophies. We are not trying to scare you off but please research past DefCon conferences and understand the environment that you are bringing your child into."

The presenters at DefCon Kids are respected experts in the community and the talks seem interesting, regardless of your age. One presenter, however, will be speaking to peers.

"CyFi is a 10-year-old hacker, artist, and athlete living in California," says her bio on the site. "She has spoken publicly numerous times, usually at art galleries as a member of 'The American Show,' an underground art collective based in San Francisco. CyFi's first gallery showing was when she was four. Last year she performed at the SF MOMA Museum in San Francisco. DEFCON Kids will be her first public vulnerability disclosure. CyFi has had her identity stolen twice. She really likes coffee, but her mom doesn't let her drink it."

One look at the sessions for Black Hat (which runs Wednesday and Thursday) and DefCon (which runs Friday, Saturday and Sunday) and it's clear the conferences haven't gone all soft. There are plenty of talks on mobile malware and hacking, hacking risks with medical devices and threats to automated stock trading systems. Other topics will be vulnerabilities posed by linking critical infrastructure systems to the Internet and corporate networks and security issues that arise from the use of controllers in car security systems and prisons and Web servers in heating and cooling systems and DVRs.

In his talk titled "Corporate Espionage for Dummies: The Hidden Threat of Embedded Web Servers," Michael Sutton, vice president of security research at Zscaler, will explain how corporations are exposing sensitive information through photocopiers and Voice-over-IP systems that can be discovered on the Internet through public Internet Protocol addresses. Hackers can remotely retrieve digital versions of documents duplicated on a photocopier and stored voicemails in VoIP backup systems, he said, adding that he found a host of other types of appliances accessible over the Internet that shouldn't be.

"People don't realize that these devices have a Web server," Sutton told CNET in a recent interview.

Another security conference will be happening in Las Vegas this Wednesday and Thursday. The event, called BSides, was created to offer the community a chance to hear talks that weren't accepted at Black Hat (although there are a few that overlap) and at lower cost.

For those attending any of the conferences, there are some security precautions that should be considered to keep preying eyes out of your devices:

  1. Disable WiFi and Bluetooth
  2. Try to connect to Web sites using https and use a virtual private network
  3. Use strong passwords
  4. Don't leave devices unguarded
  5. Be wary of the ATMs in the vicinity of the conference
More suggestions are here.