by Amanda Mork

How I Hacked DEF CON

Started in 1992 by the Dark Tangent, DEF CON is the world’s longest running and largest underground hacking conference. It’s held yearly in Las Vegas, Nevada every July.

The security industry is a $100B market. As the database of our entire world’s information goes online, software is the the fabric that connects it all. However, where there is software there are vulnerabilities.

In addition, where there are people, there are vulnerabilities. This is where I come in. I’m not a ‘hacker’, or an engineer, sys admin, or programmer. I am in communications. I’m a translator, a chameleon, and an advocate for people, projects and products that I feel are doing things differently.

I decided to go to DEF CON for the first time this year to put myself “in the room” and get a sense of the community, the people and their nuanced archetypes.

I wanted to hack the hackers. All it took was one $65 golf shirt from the Caesars’ Gift Shop and I navigated the entire conference for free.

Here’s how I did it:

1. Walked the perimeter to locate the entry and exit points

Thursday evening when I arrived, I scoped out Caesars. I walked in, located the conference registration, ran into a few friends and walked around to get the lay of the land. I saw where the big talks were going to be held, mapped out all the elevators, escalators and exits for rooms and hallways. Then, it was time to test my theory: could I walk around the entire conference without a badge?

As I was walking into one of the main elevator rooms I was asked once by a Caesars employee, “excuse me, ma’am, where is your badge?” I replied quickly and softly, “Oh, yes, so sorry. I’m looking for the information booth, it’s this way right?” She nodded, and I continued right past and into a different talk. I always like knowing how to quickly escape if needed.

2. First penetration test: asking for the conference program book

Thursday evening, I walked over to registration and told the lovely staff that I had misplaced the schedule book, could they give me another one? “Yes, no problem!” a volunteer mentioned as they handed one over to me. Great, now I have the schedule and an idea of how strict they are on badges, as well as how well-trained the volunteer staff was.

I always look for the elevators at hotel conferences since it’s always faster than taking the stairs or escalators. On the first day I walked right past registration and took the elevators up to the talks. It was low key, not many talks, so no hassle.

3. Camouflage

I was in need of a fresh shirt after my flight into Vegas and didn’t have time to check into my room at the Flamingo. Trying to find my way around DEF CON, I walked past the Caesars gift store. There it was…. the perfect shirt. A black v-neck Caesars golf shirt. It was professional enough to look official, but casual enough to make me look like a mid level employee. I purchased the shirt for $65, and combined with my black pants and dress shoes the look was complete.

The Caesars shirt was the perfect balance. It was enough to override the DEF CON “goons” since I assumed they were instructed to not mess with hotel staff. It was also perfect to pass by the Caesar’s staff since they were there to focus on maintaining order for the DEF CON attendees, not the hundreds of random Caesars staff members.

The Caesars’ golf shirt.

4. Walking with conviction

Wherever I went around the conference center, I walked confidently and with purpose at all times. Not too fast as if I were being chased, but not too slow to as if I was lost (even when I was), just enough to show that I had conviction. I wore a grey baseball hat and made a point not to make a lot of eye contact with attendees or look up to read names of rooms, I simply looked forward and continued on my mission. I also looked at my cat watch a lot.

Cat watch. This can also be used as a metro pass in Hong Kong.

5. Avoiding linecon

Talk on hacking digital voting booths.

Whenever I wanted to go see a talk, I would always locate additional doors to the room. I didn’t wait in a single line for the whole event. Instead I waited for the lines to start moving and joined at the right moment, waited 10 minutes for the talk to start, or simply waited for someone to leave the room after the event started and asked them to hold the door for me.

6. Hacking the Social Engineering Room

By Friday afternoon at 12:30 pm I had seamlessly enjoyed the morning talks and successfully walked around the conference for 4 hours completely undetected. I wanted to up the ante, so I figured I’d give the Social Engineering room a run for their money.

I snuck in the back door, past the line of course, and right into the back of the room. Attendees didn’t give me a second glance since I still looked like hotel staff. I walked in as they were doing a Q&A with the audience after someone just made a phone call in the soundproof room on stage.

Right as the Q&A with the audience was dwindling down… I saw my entrance. I made my way up the side of the room, standing with attention, and glancing diligently at my watch to give the impression of impatience. Then, I took my chance.

I walked right up to the stage technicians who were running the stage, bent down to their table and calmly said…

Me: “Hey guys, I just wanted to let you know that we are having a problem with the air conditioning in this room and we are going to have to evacuate the room as soon as possible.”

Technician 1: Looking slightly confused said calmly, “well ok, sure, we are just about to end for a lunch break. Do you think your team can wait 15 minutes?”

Me: “Well, you know, this is a union house so we really have to have everything super on time or else your conference will incur additional charges… but let me see what I can do. You said you break in 5–10 minutes?”

Technician 2: Looking a little suspicious, “Yes. Ok, so you need to evacuate the whole room? Can some of our staff remain in here?”

Me: “Yes sure that should be fine, but we really need to move quickly and evacuate everyone else in five minutes on the dot.”

Technician 1: “Got it, one second. Let me pull in someone quickly.”

Me: Seeing that they were pulling in the main organizers for the Social Engineering room… extended my hand to the organizer and said, “Hi, my name is Amanda. I don’t work for Caesars. I wanted to see if I could hack the conference and the social engineers!”

Event Organizer: She laughed, she loved it. “Yes! This is great. You nailed it.”

Technician 2: “We had a feeling you might be pulling one on us. But good work, If anyone gives you any problems, just tell them you are with us.”

I smiled, gave her my card and walked out. Mission accomplished.

This entire experience had me thinking. Social engineering is a form of security, but like ‘hacking” it sometimes gets a bad reputation. Let’s think about what applications these techniques can be used for beyond DEF CON.

Social engineering can be used for many things, not just hacking into events, but for many situations in life, even getting out of dangerous real-world situations.

Of course, there was an element of luck in this whole strategy since this was the first year the conference was held at Caesars. This means there is a learning curve for the hotel staff and the DEF CON volunteers.

When it comes to hacking, it’s better to be lucky than good.