Paranoia and break dance battles: My first crazy hacker fest

From discovering a real-life line hack to spinning on my head, my first visit to the Black Hat and Defcon security conferences was wild.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
6 min read

The scene at one of the hacking villages during Defcon.

Defcon 25

The line stretched deep into the casino at Caesar's Palace, past the blackjack dealers, clanging slot machines and craps tables.

Vacationing families, bachelorette parties and packs of bros looked in confusion as they navigated around the massive clump of people queued at the escalators. Their flashing badges featuring Bender from "Futurama" as Hunter S. Thompson or the tin-foiled fedoras didn't offer any answers.

It was the line to get into Defcon on its opening morning -- where hackers, security experts, researchers and federal agents in disguise were waiting for what many in the community call "Hacker Summer Camp."

Defcon is the second of two Las Vegas conferences -- the first being Black Hat earlier in the week -- that offers people in the information security community a chance to share updates on the latest hacks and ways to stop them. It's steadily become one of the marquee places where hackers reveal the latest exploits they've discovered, allowing security officials to patch their network before any malicious attacks break out. As a result, it's fostered an important relationship between two sides of the same coin.

But I still needed to get in. The line was crawling like a dial-up connection, and I overheard chatter from someone else also suffering in impatience: "Do you feel like a penguin right now? We're literally waddling to move."

Then, in the distance, there was a flow of motion heading away from the escalator. I thought they had given up, but I later found out through Twitter that people discovered there was a second, empty escalator in the back if you just cut through the pool area.

For a conference dedicated to finding vulnerabilities and loopholes, it shouldn't have been a surprise that hackers would find a physical end-around to getting inside. It's just one of the lessons I learned at my first hacker convention.

'Wall of Sheep'


The Wall of Sheep, where names and redacted passwords get posted if your information gets hacked.

Defcon 25

At the largest gathering of hackers in the world, I needed to be on my toes about any devices that I had without the latest security patches.

I knew about the dreaded Wall of Sheep at Defcon, a list of names and redacted passwords projected on the wall in a dark room at the Packet Hacking Village in Caesar's Palace, where anybody who was stupid enough to log into an insecure Wi-Fi network and an unencrypted website could have their information made public to the world.

People warned me about getting hacked so frequently that I would constantly check my phone to make sure the Wi-Fi wasn't accidentally turned on.

But Black Hat was the kick-off conference that week, and it wasn't the scary hacker hangout I imagined.

Everywhere you walked, some company was trying to sell you with marketing buzzwords on why their "endpoint security is the artificial intelligence solution for risk management that your hybrid enterprise needs" -- it all became corporate white noise.

The floor looked like any other tech convention I had been to, with huddles of booths set up with silly gimmicks to grab your attention. One company offered a raffle to win a Nintendo Switch if you'd stop by and listen to why their security is the best. Another had a replica moon rover and an astronaut. I saw a magician demonstrating a trick and before the big finish told the crowd, "you have to promise me you'll stay after!"

If you wanted anything of value -- and weren't looking to get a new security system for your network -- you needed to be upstairs, where all the briefings were. That's where I saw the talks on how a vulnerable Wi-Fi network could crash your iPhone, and cheap phones that were sending data without your permission.

Surprise dance battle

But it's Las Vegas, so of course there are the parties.

Rapid7, a security company, gained a reputation for its Black Hat party, which was at the Hakkasan nightclub at the MGM Grand this year. The crowd quickly filled up -- with an open bar, how couldn't it?

Somebody in line who had been before told me Rapid7 had Xbox One stations for people to play at the party last year. When I walked in, I saw four arcade cabinets of a racing game near one of the bars.

When I saw a circle forming around someone break dancing, yeah, I thought, it's time to throw down.

My rule is that I don't break-dance at parties unless someone else does it first, so when this engineer from Monterey, California, was doing babymills (here's an example) on the floor, I quickly made my way through the crowd.

After a couple of spins on my head, my phone flew out of my pocket, and someone was kind enough to hand it back to me before I walked off. I checked it, momentarily worried that it had been compromised. It wasn't (I think).  

The thumping music and dancing felt less like hacker central and more like a regular night of clubbing. My paranoia was starting to fade away.

Choose your village


People trying to break into devices at the Hardware Hacking village.

Defcon 25

If Black Hat was all corporate, Defcon was the exact opposite.

There were no booths selling anything, only "villages," or different rooms spread around based on themes.

The Voter Hacking Village had voting machines sprawled around a conference room, and hackers packed in taking a look inside and outside the devices for ways to break into the technology.

When I stopped by the lockpicking area, there was a small pillar with several locks on it, surrounded by people practicing their skills using small, metal picks. Across from that was a round table with somebody giving lessons to beginners.

Elsewhere, there was a mohawk cutting station set up. I must have seen at least 20 mohawks that day and finally found the source. The cyberpunk look was strong at Defcon, with hackers looking to make a unique statement with their haircut (in this case, the proceeds from the shave went to the Electronic Freedom Foundation).

Like Black Hat, Defcon also had panels where experts talk about exploits they had discovered, or taking a look back at hacker history. A lot of people at those talks were employees making sure their company wouldn't get "owned."

On the way to a discussion about bypassing Android password managers, I met someone from Google who declined to give me his name, but said he was heading to the panel to make sure there wasn't anything alarming his company needed to watch out for.

When things quieted down and I was near a Marvel vs. Capcom arcade machine, I chatted with a federal contractor for the Department of Defense. He was here to make sure another Edward Snowden-like leak couldn't happen again. He clammed up when I mentioned I was a reporter.

Federal agents are at Defcon so frequently that it's become a game for attendees called "Spot the Feds." It's a long Defcon tradition, and the FBI even made a note of it in their files from 2000.

Vigilance or paranoia?

While waiting for my flight home at Las Vegas McCarren Airport, I heard a weird call over the intercom.

"Will an Alfred with an iPhone who arrived by Lyft please call the front desk on the service phone?"

Those were all things that applied to me, and after leaving Defcon, I thought somebody was making a last-minute effort to trick me before I left. I took the bait, and on the other line I heard, "Hey this is your Lyft driver, Bret. You left your iPhone in my car."

I told him that was impossible because I had my phone in my hand while I was talking to him.

"Yeah, you don't sound like the Alfred I had in my car."

Apparently, Alfreds with iPhones taking Lyfts to the airport at this time are a lot more common than I thought.

I may not be paranoid anymore, but a lot more I'm vigilant now. 

iHate: CNET looks at how intolerance is taking over the internet.

It's ComplicatedThis is dating in the age of apps. Having fun yet? These stories get to the heart of the matter.