Represent! Defcon Groups, Hackerspaces, and You.
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 122 | |
| Author | ||
| License | CC Attribution 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/40618 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
DEF CON 1928 / 122
3
5
10
11
12
22
23
24
30
31
32
38
43
46
47
49
51
54
56
59
60
62
71
73
76
84
85
88
92
93
96
97
98
104
106
109
112
113
115
119
00:00
Dew pointGUI widgetGroup actionSlide ruleProjective planeHacker (term)Generic programmingInternet forumElectronic mailing listSpacetimeGoodness of fitQuicksortDependent and independent variablesSpreadsheetMereologyBitMultiplication signHecke operatorPoint (geometry)Coordinate systemElement (mathematics)WordE-bookVideo gameEmailDataflowAutonomic computingRight angleMeeting/Interview
05:00
Computer hardwareSpacetimeEvent horizonSoftwareBitOpen sourceMultiplication signReal numberProjective planeGroup actionHacker (term)Content (media)Process (computing)Figurate numberScheduling (computing)Lattice (order)Different (Kate Ryan album)Endliche ModelltheorieNumberPoint (geometry)CuboidOpen setSoftware crackingRepository (publishing)Right angleMeeting/Interview
10:00
Endliche ModelltheorieSet (mathematics)Content (media)TwitterMoment (mathematics)Service (economics)Arithmetic progressionBitDifferent (Kate Ryan album)Computer hardwareSpacetimeCASE <Informatik>FirmwareFreewareMultiplication signCellular automatonSoftwareReflektor <Informatik>Goodness of fitAreaMeeting/Interview
12:11
Sound effectEvent horizonSpacetimeRandomizationGroup actionProjective planeLattice (order)Hacker (term)Real numberBuildingMeeting/Interview
13:04
Multiplication signLevel (video gaming)RamificationInformation securityQuicksortPointer (computer programming)Real numberTelecommunicationRight angleGroup actionCohesion (computer science)SatelliteGoodness of fitEvent horizonSoftware testingServer (computing)Physical systemInstance (computer science)Chemical equationShared memoryBuildingPoint (geometry)EmailNumberComputer configurationWhiteboardHacker (term)Ideal (ethics)HypermediaSoftwareCollaborationismBlock (periodic table)FlagSpacetimeOpen setProjective planeConnected spaceVideo projectorState of matterNeuroinformatikWordBitWage labourMatrix (mathematics)Food energyElectric generatorAreaWeightLocal ringFerry CorstenSocial engineering (security)Electronic mailing listPhysical lawVirtual machineTouch typingFunctional (mathematics)ImplementationTemplate (C++)Internet forumExclusive orSmith chartObservational studyAsynchronous Transfer ModeWeb pageWebsiteClient (computing)TwitterDifferent (Kate Ryan album)FacebookLocal area networkGoogolMereologyChannel capacityPlastikkarteCoordinate systemType theoryProduct (business)System callRule of inferenceDependent and independent variablesTrailWave packetFamilyFitness functionHTTP cookieGame theoryLine (geometry)Inheritance (object-oriented programming)File formatRegular graphSoftware developerElement (mathematics)Elasticity (physics)Self-organizationSoftware development kitIntegrated development environmentDemoscenePatch (Unix)Open sourceOrder (biology)DampingSequelForm (programming)Term (mathematics)Computer hardwareSet (mathematics)Normal operatorAnalogyKey (cryptography)Lattice (order)Single-precision floating-point formatArmMetropolitan area networkProcess (computing)Reading (process)SummierbarkeitCore dumpJava appletComputer programmingMedical imagingResource allocationDevice driverVideo gameArithmetic meanMomentumCausalityCuboidFirmwareLimit (category theory)Figurate numberDigitizingRevision controlPerspective (visual)Fiber bundleException handlingData conversionCryptographySide channel attackData managementTheory of relativityFormal grammarComplete metric spaceOperator (mathematics)RandomizationRootkitMultiplicationNP-hard2 (number)SpywareRobotics
Transcript: English(auto-generated)
00:00
I'm going to turn this over to Converge, who's the DCG main point of contact for all of us. He's going to go through a little bit of a history. I'm going to try to keep up with him on the slides, so we'll see. I'm going to give you a warning that I'm not really a good public speaker, so if you could be a little bit less public, I think it'll work out better.
00:24
DEFCON Groups is kind of an interesting thing. It was an idea that started back on the forums back in, I think around 2000, late 2002, and it was formalized as an idea that was presented at DEFCON 11 back in 2003.
00:43
It's something that everyone thought was cool, and initially we had, what, 10, 13, a good bunch of groups that had formed up. I was one of the pox that started a group back in DC 207, back in Maine, and I found... Are you Mainers? Right on! Right on.
01:02
And proceeded to find absolutely no one in Maine that was a hacker. Yeah, so the goal was, personally, to find a group of people that I could meld with, sit down, work on projects with, and just have a really good time. And that didn't happen.
01:23
So, I set off personally on my own venture across the country, and found myself in Portland, Oregon, where I did find a bunch of hackers, and we... Do we have 503 in the house? How many 503ers do we have in here? There's one. I know there's at least two of us.
01:44
And in Portland we had a pretty decent group that met and, you know, freaked out people at the coffee shop that we were at while we were drilling holes and shit and whatnot. But it kind of ebbed and flowed. People got busy, people worked, people had, you know, personal lives, and I worked. I had personal life-ish.
02:05
So, I moved up to Seattle, and I've been a part of the Seattle crew for, I don't know, a few years now. And the groups have existed for that time, and have really been doing things autonomously. But the question has always been, what are the other groups actually doing?
02:26
And it's still a question, what the heck are the groups actually doing? So, around the time I was starting to ask that question, I was starting to realize, and many other folks were starting to realize, that the DEFCON group's coordinator was MIA.
02:42
Which is kind of a problem if you're trying to coordinate something and the person who's doing it isn't there. Things go quiet. So groups aren't able to make updates, groups aren't able to say, hey, we're out here. Groups that disappear just disappear. And the list of groups that we had went completely out of sorts.
03:04
When I took it on, there were over 170 groups. Afterwards, I think we're down to about 90. Out of the 170, over 100 of them just didn't respond. They were just inactive. So, the 90 groups that we have now are strong, they're on a big ass email list, a nice big spreadsheet that I keep track of.
03:28
But the question still remains, now that we know who's out there, what do we do? And I think that's where the panel steps in today.
03:43
Okay, so we've got a group of point of contacts up here that are pretty diverse. I'm Ansh, I'm the point of contact for DC 503, out of Portland, Oregon. Right now, our membership is three. But we died back in 2007, and we're starting to grow again.
04:06
So we're starting to kind of ramp things back up again, we meet at a hackerspace, it's pretty cool. As I call your name, raise your hand so people know who you are. Black, he's DC 225. Word, that's all.
04:20
Anarchy Angel and Inji Haro, they're DC 414. Hey! Represent! We've got Isaac and Ian for DC 9723. Represent? Yeah!
04:41
We've got generic superhero and Londo from the Black Lodge. We've got Romer from the Unlocated Space. Drink, motherfucker. And we've got Converge, who's the DEFCON group keymaster.
05:00
And with that, kind of how we're going to run this panel is going to be an open kind of discussion. We're going to talk a little bit about how groups operate, what we're doing to kind of get them to grow, how hackerspaces work. We want you guys to participate, too. So I'm going to start off the discussion by asking these guys a couple questions,
05:22
and they'll go ahead and talk about what they want to talk about and answer, and banter back and forth. And if you guys have questions, please come up, use the microphone, ask a question, and we'll just kind of keep this as a rolling discussion. All right, here we go. Oh yeah, and these will play pictures of the various groups that we have up here as it goes.
05:45
So I think I'm going to start with Isaac. So you guys recently did an event called a Hackathon. Can you guys tell us a little bit about what you did and how it's helped your group, and a little bit about your group as well? Yeah, sure. So our DC is actually DC Israel, and we just started seven months ago,
06:11
and we had a lot of people coming and showing interest, but we couldn't figure how committed they are to the process. Basically what we're doing, our monthly meeting is mostly come,
06:22
have some lectures, volunteers, people talking, mingle, and go home. But we want more, we wanted to actually form a real community with real people that are willing to do more than just come and sit and learn, or set a question here and there. So the Hackathon idea is basically have people together,
06:41
hanged out in a place to do a project. So there isn't a predefined project, everybody can suggest any idea, and the thing is to find another person who has the same interest, whether it's hardware hacking, software hacking, or out-of-the-box hacking, and just sit together and do something and try to push forward,
07:02
try to find the time to do it, and then perhaps have a follow-up in our DevCon meetings, talk about it, raise more people to the project, and etc. So the first event that we had was two months ago, it was five hours. It was a great success, we had seven projects,
07:21
different projects, having from mobile botnet, up to hardware hacking, and etc. And now we're going to do another Hackathon, it's going to be a 24-hour event, and we're really excited about it, and we have a lot of people coming up, and we're trying to do more projects, and hopefully this time we'll have some open-source project announced,
07:43
and have something with a repository, so that will actually be a real step forward. Thank you. Alright, Romer, it's your turn. I know you like to hear yourself talk, can you tell us how unallocated space,
08:02
the hacker space that you attend, how their model's a little bit different than some others? Yeah, one of the things that we've done at Unallocated is, we actually don't have anything that's a member. There's no such thing as being a member of Unallocated, there's no such thing as a required dues at Unallocated. Our thought process is, if we have content
08:22
that people are actually going to want to come and see, and we pack our schedule, there's something on the schedule at least three to four days a week, and usually more than that, and we want to see, the thought being, if we've got all this stuff going on, people are actually going to come there and participate, and then want to actually donate money to the space to keep it going.
08:43
We're a relatively young hacker space, we've only been around for less than a year at this point, nine months exactly, yeah. And so, from that standpoint, even though we've not required anyone to pay us, we've never had any problem meeting rent, we've never had any problem paying the bills,
09:00
people are actually coming in and saying, this is so cool, I actually want to give you money to help keep this thing running. So it's a little bit different model from what some of the other spaces are doing, and it's something we're trying to see if it's actually going to end up being a viable way to do these things. So to play devil's advocate on that, how do you pay the bills? Well, we don't have members, but we do have key holders.
09:21
There are six key holders now, or five? There's five. Five key holders right now, that basically, they've pledged that if something goes wrong and we can't get enough donations to keep the space going, they're going to pay for it. Hasn't come to that yet, but hopefully it never will, but yeah, that's how we keep it going at this point,
09:41
is if we, like this week, obviously, every person from unallocated is here, so we're not going to be getting any outside donations, so it's one of those things where we may run into a problem, we'll see. To kind of Romer's point, too, when we started our space, we kind of did the same thing.
10:00
We had a dedicated set of a few members that if things went sideways, we would just pick up and make sure it still happened so we would be there the next month and kind of make it work. And then we grew out of that model eventually, but it was what kept us going and moved us to the next step. And, I mean, you guys probably saw the same thing, and if you're sitting there and you're putting as much content as you can out there,
10:24
we get people that we have no idea how they even heard about these things that show up. I mean, you want me to keep going with that, or you want to go to somebody else? You keep going. I'll stop you when I want to stop you. Sounds good. I mean, one of the things we were actually just talking about outside when we were smoking is we do a lot of stuff through Twitter.
10:42
We just, you know, I'll say, hey, I want to do something. Let's go to Unallocated and do it. And people that live in our area will show up. An example being I got a free AT&T micro cell a while back, and I have excellent AT&T service in my house, so I had no reason to use it. So I just threw on Twitter, anybody want to hack this thing and see what we can do with it?
11:04
Like, 25 people showed up to play with it that night. One of the really cool things was, as I'm coming over to Unallocated that night, I was just doing a little bit of quick research, and I realized that it has a hardware kill switch in it. So if we opened the case, it was basically going to wipe the firmware.
11:22
But one of the guys that had saw my Twitter post said, I'm one of the participants in the Tamper Evident contest at DEF CON. I can get it open for you. And he did. So, you know, I mean, stuff like that that should really spur the moment, and really, you know, different and cool. And we had no idea what we were doing.
11:41
I didn't have any clue how we were going to start, so when we all showed up, it was just, hey, who thinks we should start with looking at the network traffic? So we plugged it in and activated and everything, and just went from there, and, you know, we made some progress. We didn't get as far as we wanted to yet, but I think those kind of activities that are a little bit different from the, hey, it's lock picking night,
12:02
are kind of cool for the spaces to have. Yeah, our scheduled events for ours eventually kind of picked up over time. It wasn't really the, it was something we initially kind of drew for, but it was kind of the weird stuff that happened ad hocly, where we're all sitting on IRC like, let's go build something real quick, and we end up building something just really random,
12:22
where we end up sitting at the space and going, hey, we're here. We've got some new gear coming in. You guys want to come over and mess with it. Also, to an effect, with our hackerspace, it's kind of uniquely tied to the DC group, whereas we kind of host it and keep it at our space once a month, once, twice a month, we do some events there.
12:41
And we've had random projects kind of just spur out of that. We participated in the Red Bull Challenge, and that kind of happened just out of one of those meetings. Just all of us kind of made a team real quick, and then all of a sudden, that became something that we worked on, and that space was the place that we hosted it. So, just something kind of added with that. Yeah, we wanted to do the Red Bull Challenge,
13:02
and you would think, since Ryan Clark, the guy that designed your badges, and is pretty decent with electronics, is one of the people that comes to Unallocated quite often, you would think we would have been able to get something together to get in. Yeah, we failed hard. Yeah. All right. Hey, Black. Yeah.
13:20
Can you tell us a little bit about your thoughts on group cohesion? I know you guys have been really successful with that. Can you give us some pointers? Yeah, so, going forward, trying to keep together, there's been a lot of issues with groups that fall apart. I mean, if you only meet once a month, and an individual misses, let's say, that one Tuesday, then they're really going to have less of an incentive
13:43
to show up again the following month. I mean, they'll be two months behind. It's real easy to fall off the map. So, what we've done is we've included social events outside of the ramifications of your typical infosec sort of style entries. Like, for instance, we do trivia as DCT25 on Tuesday nights at the local bar,
14:02
and we'll have turnouts as high as up to 30 people that may not be directly connected with the hackerspace or the group, but playing as a team, being up front, putting out that sort of advertisement helps game members, people who know nothing about DEF CON. I know Riddler came up to us one night as we were playing trivia and said, hey, do you guys actually go to DEF CON?
14:22
And we're like, yeah, have a seat. And we have that Tuesday night. Well, we get together on Saturdays, and then we do the infosec stuff. Then we have the regular meets. We meet roughly about, I'd say, three to five times a month, just keeping it going. No specific projects. Like, we get together, kind of figure out what the hell we're going to do.
14:42
Are we going to smash a stack? Are we going to build something, play with an Arduino? You know, just sit around and kind of come up with stuff. But ultimately, I think the infosec box that Hackerspace has put themselves in limits their ability to bring about the true meaning of hacking to the community.
15:03
Like, we're not just here to make a good rootkit, although we do. We make fine rootkits. We're here to make our community a better place. If we want to get together and, you know, feed the hungry on a Saturday to do some community outreach,
15:21
that not only establishes us in the community, drives participation, but it also promotes group cohesion. So there are things that are side channels to your main purpose, that help support you, perpetuate you, and gain momentum in your cause. You know, it's one of those things that you really have to look for. Not everybody's going to have the same interests.
15:42
And, you know, that ad hoc style that Black Lodge does is great. And that fits into the mold of kind of what we do. You know, everybody gets together and says, hey, you know, what inefficiencies can we remove today from our lives, from our communities, from this box?
16:00
How can we open it without it wiping the firmware? It's a challenge, you know, across all facets of life. So we kind of extend the meaning of hacking to outside of the traditional ramifications. And keeping with that MIT train club style definition of hacking, and applying that to your life and community,
16:22
really enhances the impact that we have as hackers. It gives us not only a positive image in the media, which we're fighting negative images every day, but we actually make real differences. And with that, you know, I think other groups have somewhat Black Lodge. I know for a fact has a good amount of ad hoc style get-togethers.
16:45
And they support 206, but they're not necessarily 206. The core members of 225, we have 10 members here at this DEF CON, but we have 59 members total. You know, you have to have those perpetual members,
17:01
those people who are key holders, those people who are drivers, those people who continually impact the group and their environment every day that they exist. You have to be gung ho for it. And you can't sit and be introverted, and you know, break the ice distro every Saturday.
17:21
You know, it's one of those things that you really have to look forward to. If you're trying to get a group started, or you're dealing with those first lulls in participation or group management, if you can have an outside event, something that is completely non-infosec related, to cohes the group in between those times you meet, you'll really move forward.
17:41
That's really how you get it. I think that's an awesome point. I mean, we do a ton of non-security related, non-hacking related stuff. Cryptos, stand up for a second. Cryptos is one of the key holders in Allocated. If you look at the back of his shirt, it's Teach Learn Party. We put party right on there. That keyhole for you, yeah. But it's one of the things,
18:00
we do a lot of parties. Cryptos organizes a LAN party once monthly or twice monthly now. Once a month. And basically, he throws out to the mailing list, hey, what games do you want to play? He sets the whole thing up. We're not doing anything except for playing games and drinking beer those nights, okay? I mean, it's one of those things that it brings a lot of people in. Okay, I don't understand about hacking,
18:21
but I know how to play the shit out of some half-life. I mean, they'll sit down and they'll come and they actually start to talk the conversations, continue, and they're like, oh, that's something I'd be interested in, and it does bring new people. That's a great point. So, Black, when you were talking Trivio, are you just talking Trivial Pursuit or something low speed? No, so rather than most implementations of Trivia,
18:42
and this is an aside, we don't do the digital sort of Hooters version, play with a little device, although that would kind of be fun to target. We play Random Ash Trivia, is what it's called, rat trivia, where a human sits up front and we play against all the groups in the spar. And what it does is it really gives a personal,
19:01
localized level to a gainful knowledge perspective. Who can think on their feet? Hacking's not about a razor-like knowledge about something. It's a general understanding of how the system works. Knowing how to manipulate it is the next step. For instance, Riddler just one day set out and said,
19:21
what the fuck is this smashing the stack stuff? What is this assembly? And he had a point and he had a target. And I think we sat at my house and he sat and annotated the assembly, and we were just drinking beer, bullshitting. I think we just got together to drink beer. And it ended up with him having a fairly good understanding of assembly,
19:41
how the stack works. And he went into it not knowing really anything about it. A very intimidating subject to somebody. And he came out of it as an individual. I think he's reading an IDA Pro book right now as I talk. Way to go. No, but it, yeah. It emits the point. Take the book away, motherfucker.
20:00
Well, no, no. And those community events are kind of what's necessary, too, that are outside the standard. Like, OK, we do do pen test days where we invite people over to build a box and smash the crap out of it. One of our members here, Don, he actually built one of the nice VM servers for us to attack. But one of our other events that's really fun is we have someone over here named Lise
20:21
who organizes a gaming night where it's all retro arcades. So one floor of our hackerspace is a retro arcade and downstairs is a different set of games. And it's just kind of cool to get everyone together and do that. But I think when you were talking, a couple of points came to mind in terms of hackerspace formation.
20:42
Now, for a couple of years now, we've had talks where we had hackerspaces and kind of what people have done with their hackerspaces and the basic cookie cutter template. And then have you guys felt the need to have to start that way? Or have you, for the hackerspaces and groups that are new,
21:01
have you felt the need to kind of fit that mold? Or did you just kind of do it randomly when you approached it? Yeah, so like, for instance, Wait a second. I want to interrupt you because I wouldn't get a chance for Anarchy Angel and Jiharo to speak because that's a great question for them to answer. Then you can answer. Well actually, to expand a little bit on what he said,
21:22
we also try, we have planned, to expand a little bit on what he said, we also have planned events, but through research and just getting online, I was able to find there were lots of other social and community groups that are,
21:41
I guess you could call tech related. We have a Linux user group in Milwaukee. There's regular Reddit meetings and there's MilSec meetings, all different kinds of other meetings, and I kind of encourage our members to hijack those meetings if they can. You know, just go there and represent DC414. And that keeps us together.
22:01
That way we get outside of our, you know, outside of our usual mold and kind of go out there and party it up a little bit with the other groups. But, yeah, we kind of went for a randomized... Well, we're pretty small.
22:21
We got like maybe eight to ten regular members right now. And we're only about six months old after it kind of died out. But to get it going, it's not difficult. I mean, as Black said, you need to be there. Persistence is the key. Our first three meetings, we were the only guys there.
22:43
Yeah, so I mean, you just show up at the place, you get the word out, you get your communication channels open, you know, IRC, HTTP, mailing lists, social networking and all that, and people will find you. I know Vlad was just searching, you know, he's in the security biz, and one of our members,
23:01
he's attending DEFCON this year, so he Googles DEFCON Milwaukee, and, you know, he finds our site, and he shows up, and, you know, he's a great asset. And you just got to know, you know, you find these really smart guys, and you find those core members, and you recognize their skills, and you just kind of start brainstorming from there,
23:22
and everything starts to grow. Yeah, I also found it's good to try to cater to their skills. Like, we've had a guy who was strictly a Java programmer, so I personally went out and tried to find, you know, educate myself as much on Java as I could
23:41
so that he would, you know, feel more at home when he came to meetings. We have a guy who's a locksmith genius. I mean, the guy is just unbelievable, and I went beyond that and tried to learn as much about it as I could so that I would be able to converse with him
24:00
and keep him interested in the group. It's more than just, you know, doing what you want to do. You have to realize that the group is carried on the backs of your members, you know, so you definitely have to try to keep them as happy as possible. At least I've found that. Yeah, you've got to come up to the mic. So, yeah.
24:22
I just wanted to say something about the community outreach thing because we're fairly new to DCTL7. We just kind of restarted back in October. We're a long way from a hacker space, but one of the things we're looking at is that Poland has a really strong art community. There's a lot of industrial artists that don't have spaces, so we're actually looking at getting space
24:41
from a studio that already has this type of setup where it's just a big open space or something like that where we can actually bring some of the industrial artists into it who need access to machines and other things that they may not have access to. People are doing metalsmithing in their bedrooms or something like that. So I don't know if you guys have thought about that at all either, or try to get into something completely not related to technology.
25:02
Oh, oh, completely. To add to that, we have one of our members who actually studies lapidary, which is watchmaking. It has a whole bench that's just completely made just for that, and it has nothing to do with it. He kind of makes some cool steampunk watches and jewelry and stuff like that. It's kind of neat.
25:23
With that, going back to what you had asked earlier about the templated sort of hack space, a lot of people have this idea that they have to go get these laser etching, laser cutters, just like this shopping list, when in reality they only need whatever they need
25:41
to achieve their purpose. If you really want to make 303 badges, sure, you need a CNC machine, you need some laser etchers, you need to go through the steps, but you procure those as you need them. Going with your artist question real quick, I really don't have much to say about the artistry thing,
26:00
but I can give you an analog. For instance, we like to break into things. Our idea is we have about one and a half million dollars with the hardware that was donated to us through a corporation, and we're going to create an elastic computing environment where members of our Def Con group and others connected to our DartNet can make a request saying, look, I need an XP SP3 machine with these patches
26:21
in order to break. Maybe these groups don't have those resources, but maybe we can offer those resources to give the sort of elasticity to the groups to be able to provide those machines. If you have a CNC machine and there's another group that says, man, I need to cut this or do this, maybe you can lease space to them,
26:40
make these resources known to other groups. We are much greater than just the sum of our parts. When we communicate, we achieve way more. And remember that, you know, it's something that's the point here. Hackers aren't the people you read about. They're the people you drink with. That is the pure point of all of this.
27:02
And with that, I'll go ahead and defer to the guy with the mic. One real quick question. Would any of your groups be interested in resources like that? Anyone? I was gonna ask, how many... That's an easy answer. How many group point of contacts do we have in the room right now?
27:22
I'm one, too. I think as a takeaway item to add to that kind of sentiment is as hackerspace and group owners, I know a lot of us are, and members, we need to do a better job of kind of maybe reaching out to those other hackerspaces and groups and creating those connections, whatever they may be.
27:43
Maybe it's a cool darknet between hackerspaces where you're sharing data or creating these cool little local networks for yourself. Or maybe it's that you're in the same city and one shop has a laser cutter and can work out a situation where you're working with that group to share those resources. We should be pulling those resources where and how we can.
28:01
To add to that, I would say, don't be afraid to go outside the technical realm. Try to find other area groups that just have the same sort of mentality or main goals that are outside of computer security. We sought out the Candlelight Collective in our area,
28:21
which is, I guess I would say, a space for punk rockers to hang out at, but they basically have the same F the Man feel that our group has to it. We communicate with them even though they're not, they're completely outside the security realm.
28:41
There's a lot of talk about shared resources, liking the Smash thing, which is cool. I love doing it too. There's a fine line when you have resources of being a legitimate organization in the lives of the public and still doing cool security resources, security research, whatever you want to do. How do you walk that line? How do you manage your risk for that? Yeah, so let's say we had a darknet
29:02
between every single DEFCON group here and the auspice that someone could exfiltrate data through that darknet on a viable production target that would violate law, definitely is a consideration and a concern. So while we may espouse the ideas that yes, we do need to connect,
29:21
we definitely have the finer details of the allocation of resources and what type of rules that we can apply. For that, I will defer to the EFF for further comment, but if you have anything regarding, consider this a call for papers. If you have an idea, if you have a mitigation of that risk in mind, please respond to it.
29:43
I know there's a question and answer after this. I'm sorry, I won't be able to be part of, but do not stop from emailing the list with a, hey, here's how we do it. Ideally, we trust one another. I mean, we can have two networks, one for the communication of viable resources,
30:01
attack resources and others, and we can have a hygiene network that has no public access available. Yeah, I mean, at the risk of worrying about selling with exclusivity or anything, I mean, it would be very easy for us and Black Lodge to work together because the members of your place and our folks, we've known each other for years,
30:21
so we can start to build those personal relationships in the network that way, too. You know, I mean, it's not as quick, but it's definitely something that can be done. Okay, I absolutely know Londo is not gonna do anything to screw me over, so we can work with them on this. Right, but it's not that we can trust every single member that we have because that trust is built up over time,
30:41
so I mean, it's just something you have to, I think deferring to the EFF on that one and deferring to Common Sense is another thing. I mean, Tor has a great implementation for exit node protection. I don't know if you've ever run an exit node from Tor, but you get this nifty little email from EFF saying, while people may be doing illegal things through your client, that machine
31:01
needs to be sandboxed outside of an accessible area of your network. No one has ever been prosecuted for running a Tor exit node. Keep that in mind at all times, that that is the number one reason why you should all go get a Mohawk and donate to the EFF. I mean, to be realistic with it, this is why we donate to the EFF
31:20
because we have real risks that directly affect the implementation of a cohesive DEF CON group organization as well as a community as a whole. We do have ways to mitigate that, so I mean, mind you, money is one way you can show support of it and building on trusted relationships
31:40
is definitely another. I think it's important to note that while we want to mitigate the risk, you shouldn't be doing it through a whole bunch of legalese in your membership documents. I know some hackerspaces like to put in clauses in your membership so that they own everything you do in there
32:03
or you're not allowed to do illegal hacking. So don't put a leash on it. Don't put a leash on the people in your organization just because you want to mitigate a little bit of your risk. I mean, you have resources like the EFF, and I just felt like it was important to note.
32:20
But on the other hand, the hackerspaces tend to run as small organizations and in some ways to get nonprofit status actually form formal organizations, and because of that, they need bylaws. They need to be concerned with legality. Have you guys addressed that at all? Well, once you move past a certain size
32:41
where it's not the little group club anymore and you move past the kind of eight members and you start to get real businesses that you're renting space from, and now you're inviting more people from the community who may not be a part of your space, who may not be a part of your regular group of friends. You need to consider yourself a business and start to treat things a certain way.
33:02
So it gets a little sketchy. Of course, you can definitely overdo it. We went a little overboard at first, and then we backed down a little bit to what seems to be the right level. It's a tricky thing. You have to look at it, and honestly, small business courses are really helping that. So if you've never taken one of those, it doesn't hurt.
33:21
Well, you can... When it comes to lodge, rather, hackerspace rules and obligations and legalese that's getting in the way, you can always protest and vote by not attending. I mean, hackerspaces that are collaborative efforts between groups or within groups,
33:41
we're not dickbags. Well, yeah, I'm speaking for us, not everybody. But people like coming to a group that they feel a support network for, that they feel is expanding their knowledge and giving them a free and open space to work.
34:01
If you're locking all your shit down and people don't want to come to share ideas, they just want to come to leech. You can have a group that will go on with three members, and those three guys will keep paying their dues, and no one wants to go and hang out with the dickbag clan. And then those people,
34:22
everybody that wants to create a collaborative, like an open space, there's nothing stopping you from starting another hackerspace. Along those lines, you really don't want to fragment your hackers scene too much in your local area, but there's nothing stopping you from having multiple death con groups or hackerspaces.
34:41
You've got to always avoid the drama llama, but people that are holding back the sharing of knowledge definitely need to be shut down, in my mind. But there's also not just in the group that you belong to or the group that you're thinking about doing,
35:00
there's other groups that were up here. If we can have more of a global, connected, collaborative sharing of ideas, and the reason we're having the panel give you the thoughts to go out and spread and mutate and make your cool shit in your own time. Okay, let's take some questions. We've got some waiting.
35:21
Just as a quick comment to that, there are a number of lawyers who attend Def Con every year, and if you get to the point where it matters, talk to the groups. I know a couple of them, some other people here. Just go through the network, you'll find somebody. A lot of the time, if you get nonprofit status,
35:41
don't sweat it. You're a disconnected entity. It's the group, it's not you, unless you're the guy who went and messed up somebody's system. This will vary state to state, but in the state of Maine, if I'm volunteering for somebody, I volunteer at a railroad museum every now and then. If I'm driving the train, the thing jumps off the tracks,
36:01
and 20 people die as a volunteer in that capacity, I can't be civilly sued. There are a lot of different state protections when you're in the nonprofit world, as opposed to being Google. If you're concerned about it, speak to a lawyer, but you shouldn't have to have your members signing two-page, three-page, 15-page documents.
36:21
You've gone the wrong way if you get there. I agree. If you have legalese to limit your liability as a group to an individual's action, you definitely have segmented yourself from the path you should have taken. The way federal laws work are a little bit different, and if people talk state to state, we're talking about more or less interstate communications.
36:45
When you look to the federal laws, they're more reactionary. If you do have a nonprofit that's associated in performing a function, and an individual acts badly, the group is not going to be liable. But ultimately, you should honestly defer to the EFF. The same way Tor exit nodes are operated
37:01
would directly affect the way your exit nodes are operated within your own VPN. That law is the same. I'm not a lawyer. Like I said, you should ask the EFF, and I agree completely with his point of if you have a disclaimer that reiterates federal law, you're going the wrong way. But if it's your bylaws saying,
37:21
dude, if you act and ask, you're going to get kicked out, well, I mean, that's appropriate. But you shouldn't even have to write those. If you have to write those, you're still doing it wrong. From the community aspect, I'm with i3 Detroit founding member,
37:40
and we've had a really positive experience with the high school robotics clubs, especially with high school's continually shrinking budgets, and we've actually, unfortunately, one of them completely lost their funding. Have you guys had good experiences with bringing in high schoolers, and we've been running for about two years now, and it's really awesome that we're now seeing this generation of high schoolers
38:02
who are now 18, you know, going off to college and coming back in the summer, and they're our next generation of membership. So rather than being a dick to the little kids, like, it's really benefiting us to just basically deal with a couple of broken drill bits here and there and, you know, We deal with that with members
38:20
that aren't in high school. Yeah, like, yeah. No, specifically on your point, I think we should shove it down even lower. DEFCON Kids. Point, right? I have a 10-year-old daughter, Sparkle. She created the first DEFCON Kids group, DCT25 Kids. She gets in Ruby, JavaScript, PHP, MySQL.
38:41
She enjoys social engineering. She writes RPGs, and she is 10. She participates on the MIT Scratch forums as part of the IDE, Open Source Development Project. The premise is, really, who the fuck cares
39:00
if they break something? It's nothing you can't fix or replace. What we have to do is train the generation coming up. Listen, we don't naturally perpetuate. I mean, this is not something that goes on, I mean, you know, without being pushed. Forget high schoolers. I want LEGO Mindstorm kits in the kindergarten classrooms.
39:21
I mean, we're not playing here. I mean, we have generations of kids that are going to be growing up in an ever-evolving environment of threats, of areas that they can create, and we have to propagate those interests from the get-go. We have to actually inform them, sit down, take the time, and say, okay, let's play with this Arduino board. Let's turn a motor.
39:41
Let me show you how this operates. Let me show you how this... I mean, you know, whatever the kit is, whatever the method is, you cannot be afraid to show children and to show the earlier generations how to protect themselves, how to build, and how to create. If we deny that, I know a lot of people have diverse opinions on DEF CON kids, but if we deny the ability of our earliest generations
40:01
at their prime points with their aptitude set on hacking or evolving, you know, our community, then we are doing ourselves a disservice. And as much as people don't like kids running around DEF CON, I mean, it is our social scene, you know. You have to remember that there are already kid games, you know.
40:21
There are already kids who know how to social engineer. And if you have kids, I would rather your kid know how to detect someone social engineering them than be victim or subject to it. And it goes along the lines, this is what we are here for, playing something. Plus, you can't knock the feeling you get
40:43
when you teach someone, like kids and stuff like that, how to lock pick for the first time. And you see their face when they bust open that lock. And then you look at the person who is in their 20s and 30s, next to them, sitting there frustrated, like they can't even believe what just happened next to them. And you see their parents absolutely in fear of what you just did.
41:03
But it is also very cool to, you know, teach people who haven't seen all this stuff my failures and my mistakes and go, hey, look, this is how you can do it a different way. And guess what I learned from it. So it's somewhat selfish in that respect, but it's a good kind of selfish. Even if you're just doing something stupid,
41:22
like showing a kid how to punch out Funkytown or Mario Brothers on DTMF tones, you can teach them DTMF. Just teach them how to solder it, and then that way you have free labor when you need a giant LED matrix system. It's really nice. And I would agree that getting the younger generation involved
41:41
is really important, but as far as schools goes, I don't know if it's just me, but I happen to get chased off of every school I go to and try to talk to them about deaf colleagues. Maybe I'm just ugly, I don't know, but I've had bad experiences with school or I guess government institutions in general when it comes to D.C. 414.
42:03
So... I think it's the mustache actually. It might be, yeah, it's the stash. It scares people, I guess. Can you repeat that? Because he couldn't understand you. It's hard to hear up here. The reverb's pretty badly. Who?
42:21
What? Tell them who you want to repeat what. Yeah, um... Energy Angel? Yeah, the guy leaning back who just spoke. Um... What was... Speak this way. Basically what I was saying was I've had bad experiences with going to schools
42:44
getting the word out about D.C. 414. I wasn't sure if it was just because I was ugly or my mustache, but I get run off of all the schools I've ever been to to try to talk about getting kids to come to D.C. 414. It's just...
43:00
I don't know if it's our area. Maybe other people in other states have had better success, but just in our schools, they hear the word hacker and I don't know, it turns them off or even computer security seems to... People, at least in our state, are timid around it. I don't know why, but... Well, there's some balance that you have to have
43:21
because at the lodge, we do have some like 21 and up, we have some adult oriented events or you know, with the issue with kids... You need to rephrase that a little bit. Well, what? Events with alcohol versus events where no alcohol is there. Yeah. We have open space for people to come by
43:41
and check out the place. During normal operation hours, we do barbecues almost every weekend. People can come out and enjoy, talk about projects they're working at home, maybe something they want to get the group involved with and get community effort, but also we have private stuff.
44:01
Private, like after hours movie nights where there's drinking involved. We took a page out of the book of the 23B guys where we have a projector on the other block of buildings in the industrial space. So we're on the parking lot, but there's this balance that you have to have between... There is some stuff that's going to go on
44:21
that isn't kid friendly or have something that... Granted, you know, there's a lot to say about how you're going to present yourself to adults versus how you're going to present yourself or what options you're going to present to kids. It's mainly about education. I mean, if the public knew exactly what hacking actually
44:41
originated as, and if you exhibited those ideals in your day-to-day above the board activities under your group label, we wouldn't be fighting much of the way that we're fighting the wars we are now in the media. The issue comes when you begin to label private activities amongst groups of individuals that would normally gather under your group flag outside of the group.
45:01
Maybe those things don't need to be put on the front page of the American press. You know, you have to continue. How can someone dislike your hacking group when you're feeding the hungry? Yeah, so we're actually running out of time here, so I'm going to kind of wrap you up. I'm sorry, I don't mean to interrupt you, but
45:20
all right. We're going to have a Q&A session right after this, so you guys want to join us. I have one question to wrap up because I asked how many point of contacts we had in here for Converge, and I'm going to put you on the spot. What can we do as group point of contacts to help you as
45:41
the coordinator? Well, moving forward, we're going to be adding a lot. Probably the heart of the problem that we've had with all of the groups currently, well, aside from not knowing where they are or who they are is communication. Like, we really don't have a dialogue going on between the groups, and we're going to
46:01
fix that. So we're going to be firing up Twitter accounts, Google Plus accounts, Facebook accounts. We're going to be setting up an IRC server, maybe, like I heard discussion of that. Coming in the near future, probably later this year, we're going to be launching a DefCon groups website that is
46:21
just for DefCon groups. It's going to have a forum just for DefCon groups that's active. It's focused, and we want groups to interact. We want groups to send us what they're doing that's cool. If you want to be featured and show a cool project or even a dumb project that was just fun,
46:41
like, be in touch with me. Be in touch with the other groups through those means, and we'll get it out there, and we'll start seeing what we're doing, and we'll start showing other people what we're doing. Maybe they'll get interested, too. DCgroups at DefCon.org
47:02
Give me an email or hit me up online. Are you actually looking for a list of active groups? It's on the website. Alright, with that, I think we're going to wrap up and move over to
47:20
QA. What QA room are we in? Pavilion number four, so it's going to be down the hall, and we'll see you guys there.
Recommendations
Series of 20 media