Here's what happens when 20,000 hackers invade Las Vegas for a week of hacking, booze, and debauchery

def con hacker conference
Paul Szoldra/Business Insider

The two biggest hacker conferences in the world take place during the same week every year in Las Vegas.

Advertisement

Referred to as "hacker summer camp," Black Hat USA and Def Con last week brought together hackers, information security professionals, and government agents.

This year, more than 22,000 people showed up to see talks, buy tools and T-shirts, and enjoy Sin City. They also crammed into various villages at Def Con to compete or learn things like lockpicking and safekeeping their online privacy.

Here's what went down.

Advertisement

My time in Vegas started at the Black Hat USA security conference, which was held at the Mandalay Bay Convention Center.

black hat hacker conference
Paul Szoldra/Business Insider
Advertisement

Attended by about 15,000 people this year, Black Hat features briefings, training, and networking opportunities for those in the information security community.

black hat hackers
Paul Szoldra/Business Insider

It draws mostly a professional crowd. There were plenty of "white hat" hackers on hand, who help companies keep out the bad guys, as well as those who work for the government.

black hat briefing
Paul Szoldra/Business Insider
Advertisement

But there are plenty of worthwhile talks to check out. I especially enjoyed a talk on the cyberwar aspects of the war in Ukraine, the science behind email phishing attacks, and whether it works for hackers to leave USB drives for some unwitting person to pick up and plug (it does).

black hat talks
Paul Szoldra/Business Insider

There was also a great talk by researchers at NCR Corporation, who revealed major vulnerabilities within the new chip credit cards, also known as EMV.

black hat payments talk
Paul Szoldra/Business Insider
Advertisement

And there were hundreds of vendors there trying to hawk products to companies that worry about being hacked.

blackhat floor
Paul Szoldra/Business Insider

By 5 p.m., most attendees of Black Hat were looking forward to the fun part: the parties.

black hat hacker conference
An attendee works on her computer during the Black Hat conference, Thursday, Aug. 6, 2015, in Las Vegas. The annual computer security conference draws thousands of hackers and security professionals to Las Vegas. AP Photo/John Locher
Advertisement

On my first day in town, that was Alice in Chains playing at the House of Blues. Hundreds of Black Hat attendees enjoyed a free (and awesome) concert courtesy of Cylance.

alice in chains
Paul Szoldra/Business Insider

The party's free booze meant a different ending from what I had in mind. The new friend I met before the concert got blackout drunk and I had to carry him around Vegas to get him back to his room. You know who you are, and you owe me.

vegas sign
Paul Szoldra/Business Insider
Advertisement

ZeroFox put on this big party in the Skyfall lounge. It was James Bond-themed.

skyfall lounge
Paul Szoldra/Business Insider

Which meant women painted gold.

goldfinger
Paul Szoldra/Business Insider
Advertisement

And "secret agent training" in one of the adjacent rooms.

skyfall bond
Paul Szoldra/Business Insider

Obviously, I got certified. My military skills still come in handy!

IMG_2968.JPG
Paul Szoldra/Business Insider
Advertisement

After three days of Black Hat, it was time to move over to Def Con 24, a very different conference. "Def Con is like a juggalo carnival," one grey hat hacker told me before I went. (A "grey hat" hacker plays both sides of the hacking world — sometimes helping companies and people protect themselves while other times causing mischief or doing illegal things.)

def con hacker conference
Paul Szoldra/Business Insider

Unlike Black Hat, there's no prior registration at Def Con. You have to just show up and get in line with $240 cash on hand. Press, vendors, and speakers line up in a different place than the paying attendees.

defconline
Paul Szoldra/Business Insider
Advertisement

With tens of thousands of people showing up, many attendees wait for hours in line to get their badges. They even call it "LineCon" since it's a great opportunity to get to know fellow hackers and ask what they like to do.

def con hacker conference badge
Paul Szoldra/Business Insider

The big event on Thursday night was historic. Darpa sponsored its Cyber Grand Challenge in which seven autonomous supercomputers went head-to-head in a hacking tournament.

darpa grand challenge
Paul Szoldra/Business Insider
Advertisement

The computers found bugs in software without any human control while also trying to hack their counterparts. "If we were to talk about something like this 15 years ago, we would have been talking about science fiction," said Visi, a hacker who was giving the play-by-play.

darpa cyber grand challenge
Paul Szoldra/Business Insider

The winning team was ForAllSecure with its system, Mayhem. For its efforts in developing computers that find bugs faster than some humans can even open a file, it took away $2 million.

darpa cgc
DARPA
Advertisement

Once Def Con officially kicked off, it was a race for some to get to talks, the contest areas, villages, or — the swag line. Some people waited for over three hours just for an official T-shirt, since many of the sizes would sell out in the coming days.

defcon floor
Paul Szoldra/Business Insider

 

 

 

And most — if they were smart — turned off Wi-Fi and Bluetooth, or at a minimum used a VPN while surfing the net. Otherwise they might have ended up on the "Wall of Sheep" featuring unencrypted web traffic being sniffed in real time, such as usernames, passwords, and other info.

defcon wall of sheep
Paul Szoldra/Business Insider
Advertisement

I attended quite a few talks while I was there, including one by Ladar Levison, the founder of the Lavabit encrypted email service. He talked about his case, in which the government demanded he turn over encryption keys so it could read Edward Snowden's emails. He shut down the service and fought on.

ladar levinson defcon
Paul Szoldra/Business Insider
Advertisement

There was also some somewhat frightening research about how one could defeat Tesla's various sensors. "Normally the car will move. However, we jam the sensor and it moves," Chen Yan said. "It hit me," he added, to audience laughter.

defcon tesla hacks
Paul Szoldra/Business Insider

One talk claiming to expose "critical flaws" in airline navigational aids, radar, and the Traffic Collision Avoidance System was mysteriously canceled at the last minute. The (unconfirmed) rumor going around was that the government hit the speaker, Sebastian Westerhold, with a cease-and-desist. Neither Def Con nor Westerhold responded to an email for comment.

defcon jeopardy
Paul Szoldra/Business Insider
Advertisement

Hackers kept busy in between talks.

 

Many attendees skip the talks, since they'll show up online later. The big draw of Def Con is the stuff you don't see at other conferences, like hacking tournaments, scavenger hunts, and villages that teach lockpicking or social engineering.

def con hacker conference
Paul Szoldra/Business Insider
Advertisement

But attending the talks is great for meeting some of the world's smartest people. "The vast majority of attendees are feds and white-hat hackers. If you're a criminal, you don't go where all the feds and good guys are going," Moss told InformationWeek in 2007. During the closing ceremonies for example, I sat across from ...

defcon hacking
Paul Szoldra/Business Insider

Source: InformationWeek

... this guy. That's Rob Joyce, the chief of the NSA's Tailored Access Operations — the top hacker unit of the US government. Unfortunately he left the room before I could grab a photo with him and tell everyone "I spotted the Fed" — another contest Def Con runs as a fun game of cat and mouse between government agents and hackers attending.

rob joyce nsa
USENIX Enigma Conference
Advertisement

Over in the lockpick village, experts from The Open Organization of Lockpickers were teaching amateurs like me the basics of defeating locks.

def con hacker conference
Paul Szoldra/Business Insider

And they brought plenty to practice on.

handcuffs
Paul Szoldra/Business Insider
Advertisement

The social-engineering village was also a big hit, as usual. Unfortunately it does not allow recording or photos of any kind, but here's what happens: They put a hacker in a soundproof room as the audience watches the person capture "flags" of information from people over the phone, like the operating system they use or whether they use antivirus software. The SE Village is just a game at Def Con, but the method is a common one hackers use.

defcon hacker
Paul Szoldra/Business Insider

At the Internet of Things village, hackers were busy testing a slew of "smart" devices for vulnerabilities. The organizers said at the end of it all they had uncovered more than 40 issues that would be disclosed to the device manufacturers.

IoT village
Paul Szoldra/Business Insider
Advertisement

Beyond all that, Def Con was also a vibrant marketplace where people could buy T-shirts, books, and hacker tools.

def con hacker conference
Paul Szoldra/Business Insider

Or older computers to play with.

def con hacker conference
Paul Szoldra/Business Insider
Advertisement

I also attended "Hacker Jeopardy," where teams win points not only for getting questions right but also for the amount of beer they can drink. The scantily clad women serving the beer and racy categories caused some controversy this year, with some complaining the event was overtly sexist.

hacker jeopardy
Paul Szoldra/Business Insider

Source: Twitter

Advertisement

The conference is overwhelmingly male, though this year it hosted its first "TiaraCon," a conference within the conference to help women advance in cybersecurity. Still, some female attendees complained of harassment that was ignored by Def Con volunteers (called "Goons"), which founder Jeff Moss said was "unacceptable."

defcon lounge
Paul Szoldra/Business Insider

Source: Twitter

Though the event wrapped up last week, the conference organizers have already said next year's edition — the 25th anniversary — is leaving the Paris and Bally's hotels for the larger Caesars Palace.

las vegas strip
Paul Szoldra/Business Insider
Advertisement

And with all the talks, contests, and parties that surround it, I'd say attending Def Con is $240 well spent.

defcon
Paul Szoldra/Business Insider
Cybersecurity
Advertisement
Close icon Two crossed lines that form an 'X'. It indicates a way to close an interaction, or dismiss a notification.