• Jennifer Grannick - Attorney at Law - A review of several major computer crime cases from the past year or two.  [At this point, I'm thinking Salgado, Kashpureff and one other]  This review will describe the hack (in relatively non-technical terms), what laws applied to criminalize the hack, how the hacker got caught, the prosecution that ensued, and the result of that prosecution.  Through these case studies, audience members should be able learn what not to do, and why.

 

 

Jennifer Stisa Granick is a criminal defense attorney in San Francisco, California.  She defends people charged with computer-related crimes, as well as other offenses.  Jennifer has been published in Wired and the magazine for the National Association of Criminal Defense Lawyers.
 

• Bruce Schneier - Author of Applied Cryptography - Tradecraft on Public Networks.  Dead drops, semaphores, cut outs, telltales...the tools of spying.  In a world of continuous communications and ubiquitous eavesdropping, is there any hope for covert communications?  Learn about some old tricks of the trade, and some new ones. 

Bruce Schneier is president of Counterpane Systems, the author of Applied Cryptography, and the inventor the Blowfish algorithm.  He serves on the board of the International Association for Cryptologic Research and the Electronic Privacy Information Center.  He is a contributing editor to Dr. Dobb's Journal, and a frequent writer and lecturer on cryptography.
 

• Ian Goldberg, ISAAC Research Group, UC Berkeley - Cryptanalysis of the GSM Identification Algorithm. 

About 80 million digital cell phones worldwide implement the Global System for Mobile communications (GSM) protocols. Recently it was announced that COMP128, the cryptographic algorithm that protects the "identity key" in the majority of these phones, was extremely weak, thus allowing GSM phones to be "cloned".  In this talk, we will examine how COMP128 is used in the GSM protocol, describe the algorithm itself, and demonstrate how to break it.  We will also discuss the implications this result has for the security of of the voice privacy features of GSM.

Ian Goldberg is a Graduate Student Researcher and founding member of the Internet Security, Applications, Authentication and Cryptography (ISAAC) research group at UC Berkeley.  His research areas include cryptography, security, privacy systems, and digital cash.
 

• Peter Shipley - An overview of a 2 year effort in massive multi-modem wardialing. 
Security problems occur when obvious security problems are overlooked.  One commonly overlooked problem is alternative access methods to a corporate Intranet from an external machine. Many if not most companies are overlooking their secondary vulnerabilities surrounding alternate methods of  network access.

Mr. Shipley will present research covering an overview of a 2 year effort in massive multi-modem wardialing.  His findings will include some personal observations and the results obtained from scanning the San Francisco bay area.  When Mr. Shipley started this project he noted that there were no published research references to wardialing or documented statistical results of the types of equipment and computer networks commonly found on the POTS (Plain old telephone system) network.  Mr. Shipley decided to change that through his research.

Mr. Shipley Is an independent consultant in the San Francisco Bay Area with nearly thirteen years experience in the Computer Security field. Mr. Shipley is one of the few individuals who is well known and respected in the professional world as well as the underground and hacker community. He has extensive experience in system and network security as well as programming and project design. Past and current clients include TRW, DHL, Claris, USPS, Wells Fargo, and KPMG.  In the past Mr. Shipley has designed Intranet banking applications for Wells Fargo, Firewall design and testing for WWW server configuration and design for DHL.  Mr. Shipley's specialties are third party penetration testing and firewall review, computer risk assessment, and security training.  Mr. Shipley also performs post intrusion analysis as well as expert witness testimony.   Mr. Shipley is currently concentrating his efforts on completing several research projects.
 

• Lorenzo Valeri - Why are we talking about Information Warfare?  Lorenzo will try to assess the reasons of the growing fame of information warfare subject. The world is changing but not that much. He will speak at continuity and changes in information warfare in relation to military and strategic thinking. Most of the ideas developed in relation to information warfare have been thought at the beginning of this century. Moreover, there is the problem of intelligence requirements for performing information warfare. The main argument of his speech can be that what has changed is the TIME and SPEED factors but not the strategic and military thinking behind.

Mr. Valeri is a researcher in the information warfare programme of the International Centre for Security Analysis, which is part of the Department of War Studies, King's College London. He is also a PhD candidate at the Department of War Studies at King's College. His research interests are information security policies, the impact of the Internet and other online services on military and strategic thinking and, in general, non-military threats to national and international security and stability.
 

• Se7en - Hacking the Travel Industry.  Learn how to get permanently upgraded to First Class flying status, be upgraded to luxury hotel suite,  be admitted to airport V.I.P. lounges, get your luggage from baggage claim before anyone else does, have hotels pay for your girlfriend's airfare to come visit you at Defcon, be provided with limousines and bodyguards, take home lonely flight attendant babes, nd much, much more, all for free, by learning and using se7en's mad social engineering skillz.
  

• Super Dave, of the DoC - Copyright vs. Freedom of Speech. As policy and the economics of a world wide economy force us to attempt an information based economy, the manufactured concept of Intellectual Property becomes paramount.  Our preeminent corporations have shifted from GM and Ford to Disney and Microsoft; our government struggles to develop and globally enforce laws to protect the profitability of IP.  These laws are intrinsically at odds with the free and unfettered exchange of ideas which is central to the validity of democracy.  But IP law is built on a weak legal and moral foundation, and it is far from clear that an IP based economy is viable.

David Gessel spent his childhood hammering steel in front of a coal-fired forge as a blacksmith's apprentice for seven years. He then went to MIT to get a degree in physics where he focused on robotics and precision engineering. Switching coasts, David joined Apple's Advanced Technology Group and worked on various things including pen-based computers, LCD technology, and digital cameras.  After ATG, David worked at Interval Research Corp, researching rapid design/prototyping technologies for mechanical systems.  David is now CTO of Spinner, Inc., a startup developing QTVR technology; VP of Engineering for Nebucon, Inc., a startup developing secure Internet services for small businesses; and contracts mechanical design services bicostally.
 

• Ira Winkler, Author of Corporate Espionage - As I have often said, most hackers display skills that can be picked up by a monkey in a few hours.  Hacking is mindless the way the clear majority of hackers seem to be practicing it.  In this presentation, you will learn tasks that require real technical skills and abilities.  Not only will this provide you with more of a challenge, it will provide you with real marketable skills.  If you "really" want to challenge your abilities and stay out of jail, you won't want to miss this session.  Otherwise go play with the other Tools Kiddies.
  

• Prof. Feedlebom - If you have ever been slightly interested in operating your own micropower radio station, this is it.  Why to, How to, and how to not get caught. Will also discuss the potential of _legal_ micropower radio in the future.  Kind-of a how-to, kind-of a demo, kind-of a "let's make the FCC real nervous" kind a thing. 

Prof. Feedlebom and Technopagan have operated The Voice of Mercury and the Desert Crossing Radio broadcasts for the last four years.  They are also responsible for strange radio emissions that have been heard in the Los Angeles area on 104.7 MHz.
 

• Dr. Byte - Dr. Byte will give a technical presentation on The security of wireless technology.  Included in this talk include overviews of:* wireless networks, protocols, systems, and access mediums such as AMPS, GSM, FDMA, TDMA, CDMA, CDPD, 802.11, Mobile-IP, and Ad-Hoc Networks * current IP security technology (IPSEC) in IPv4 and IPv6* overview of areas of research and exploration of security in wireless technologies.

Dr. Byte is a Ph.D. candidate in Computer Engineering and an instructor of Computer Engineering at a major university.  He received his B.S. and M.S. in Computer Engineering in 1994 and 1997 respectively.  For his M.S.,  he worked with a real time bit error rate simulator, and developed a next generation real time hardware system for bit error rate simulations.  He has developed a 16 bit RISC microprocessor in VHDL in a Field Programmable Gate Array (FPGA) able to run compiled 'C' code.   His research interests include security over wireless networks, in particular ad-hoc networks using IPv6.  He has co-authored 3 papers on IEEE 802.11 and IPv6.

Dan Veeneman, Writer & communications consultant. - Several low earth orbiting satellite systems are already in orbit, and commercial service is just around the corner.  Global wireless voice and data services will be available from handheld terminals. Dan Veeneman will bring us up to date on existing and future systems and answer questions from the audience.

Dan Veeneman has served in various management and technical positions in the computer industry since 1980. He has developed financial programs for the banking, investment and real estate industries, as well as software for a variety of companies including A.C. Nielsen, McDonalds, Reuters and Baxter-Travenol. Dan has installed and supported many local and wide area networks, including a nation-wide data delivery network. He also has experience supporting Internet connectivity, including Motorola's world-wide Network Information Center. Dan has provided data security and encryption services for a number of government and civilian clients, encompassing video and data delivered over telephone, satellite and the Internet. He also edits a quarterly newsletter concerning cryptography. Dan holds an engineering degree from Northwestern University. Dan also writes a monthly column for Monitoring Times magazine called PCS Front Line.
 

• Panel Discussion - Securing Distributed Systems.
Members include Brian Martin, Gale Katz, Ira Winkler, Route, Ejovi Nuwere, Mudge, Alhambra and Anthony Eufemio.
 
• Trask - Hacking the Big Iron - Security Issues in Large Unix Environments. I will be using the Sun Ultra Enterprise 10000 and IBM SP/2 as examples of how some of the newer, bigger unix systems (which are increasingly being used for jobs previously performed by mainframes) present some interesting challenges in the area of system security.  As you may know, the Ultra Enterprise 10000 is a SMP system that can be configured with up to 64 processors, which may then be partitioned into a maximum of 8 independent partitions. The SP/2, on the other hand, is an MPP architecture that can be configured with up to 64 8-way SMP nodes.  These two architectures are different in almost every way, however both are extremely fast, and both have some security concerns not present in more traditional unix systems. What I have found is that the security problems are surprisingly similar between the two types of machines.

By failing to consider all aspects of security when implementing the system management tools provided with these computers, the vendors are selling million-dollar-plus products that are less secure than typical end-user workstations. I contend that as unix offerings start providing mainframe class computing power, they need to also look towards providing mainframe class security.

Trask dropped out of high school about a month prior to graduation. After working at Wendy's, Wal-Mart and Texaco for a few months each, he decided that he would rather be a Unix sysadmin. He lives in 602 with his beautiful fiancé (mgd) and is currently employed by American Express, where he gets to play with all sorts of expensive toys.
 

• Morgan Wright - The best social engineers understand behavioral analysis, and how to use it.The police have been using it for years to obtain confessions from homicides to simple misdemeanors. Have you ever wondered why someone would confess to homicide when they know they will go to prison for the rest of their life?  Why is non-verbal behavior more accurate than verbal behavior? How do proxemics affect an interview? How do you obtain information from someone unwilling to give it to you? The art of interview and interrogation relies more on understanding human behavior than on cliché techniques from your favorite cop shows. A sole source study of the Reid Technique of Interview/Interrogation funded by the NSA revealed that a properly trained interviewer, analyzing both verbal and non-verbal behavior, and supplied with the case facts, can correctly assess truthful or deceptive behavior 96% of the time. Find out how these techniques are used to SE the opposition, regardless of which side of the fence you're on. 

Morgan Wright is a former law enforcement officer with 15 years experience.  He is court qualified as an expert in computer crime, and interview and interrogation. He is a regular instructor for the International Association of Computer Investigative Specialists (www.cops.org) in the areas of computer crime. He has also taught interview/interrogation techniques nationally for Reid and Associates (www.reid.com) to the FBI, Secret Service, NSA, and many state and local agencies. Part of his training has included extensive work in the area of criminal personality profiling and behavioral analysis interviews. He works in the private sector conducting internet investigations for software piracy, copyright and trademark infringement, economic and corporate espionage investigations, and with intellectual property law firms in the area of electronic discovery. In addition he has conducted over 200 undercover internet investigations, and has been asked to provide training to the FBI and RCMP on undercover internet investigative techniques.
 

• Richard Thieme, Thiemeworks, Inc. - The More Things Change The More They Don't: Soft Destruction and the Ancient Wisdom of Hacking.  What works? What does it take to be an expert? To know how to see desirable goal states just before they become visible?  Instead of hoping the doors you blow open have something inside besides a smiling Fed? DefCon has everything you need, right here right now, if you know how to use it. The ancient wisdom lives here but you have to know what it looks like. Hacking is the serious exploration of complex systems. It's not about using somebody else's tools or the latest equipment. Hacking is about knowing how to know how to hack. This talk gives you meta-rules, not rules. It's the truth about why the ancient wisdom of real hacking still applies.

 

 

Richard Thieme is a business consultant, writer, and professional speaker focused on the human dimension of technology and the work place. His creative use of the Internet to reach global markets has earned accolades around the world.  "Thieme knows whereof he speaks," wrote the Honolulu Advertiser. He is "a prominent American techno-philosopher" according to LAN Magazine (Australia), "a keen observer of hacker attitudes and behaviors" according to Le Monde (Paris), "one of the most creative minds of the digital generation" according to the editors of Digital Delirium, and "an online pundit of hacker culture" according to the L A Times.

Thieme's articles are published around the world and translated into German, Chinese, Japanese and Indonesian. His weekly column, "Islands in the Clickstream," is published by the Business Times of Singapore, Convergence (Toronto), and South Africa Computer Magazine as well as distributed to subscribers in 52 countries.  Recent clients include:  Arthur Andersen; Strong Capital Management; System Planning Corporation; UOP; Wisconsin Power and Light; Firstar Bank; Northwestern Mutual Life Insurance Co.; W. H. Brady Company; Allstate Insurance; Intelligent Marketing; and the FBI.
 

• Gregory Gilliss (of the DoC)

Gregory survived growing up in New York City where he learned how to program computers using punch cards and paper tape.  After graduating from Clemson University with a Computer Science degree, he developed an extensive consulting business.  Greg currently is VP of Software Development at Energy Interactive of Berkeley.
 
• Jeff Thompson, Product Area Manager for Argus Systems Group, Inc. - Developing a 32 bit operating system.  Jeff Thompson is a Product Area Manager for Argus Systems Group, Inc. with extensive experience in low level operating systems development, trusted operating systems, network development, and security architecture design, development, and reviews.

 

 

Mr. Thompson will be presenting on the design and development of his personal operating system, which is being developed for the hacker community. The OS, while egotistically being called JeffOS, will be released under the name GuildOS in honor of its roots.
 

• John Q. Newman, Author of - How not to be located when on the run.

 
• Marc Briceno, Director of the Smartcard Developer Association - Smartcard Hacking for Beginners.

Smartcards are a marvelous tool for the security software developer. Their small form factor and tamper resistant, though not tamper proof, packaging allows for numerous applications, such as secure key storage and encryption. Unfortunately, many software developers still consider smartcards difficult to work with. No doubt largely due to the fact that vendors have so far failed to provide sufficient information and development tools.

We will introduce SCARD, a free, cross-platform smartcard development, analysis, and integration tool. No longer does the smartcard-curious individual have to learn obscure low level smartcard commands. If you know how to use a UNIX shell or Windows NT, you can use smartcards.

There will be a demonstration of several cryptographic, electronic cash, and GSM cards. The audience is encouraged to submit any smartcards in their possession for analysis.

Marc Briceno is the Director of the Smartcard Developer Association <http://www.scard.org>, the only vendor-independent smartcard industry association. The SDA's member base is comprised of smartcard and security experts in Europe, Asia, the Americas, and Australia. The SDA distributes universal smartcard analysis and integration tools to software developers worldwide.

Mr. Briceno coordinated the efforts leading to the discovery and break of COMP128 <http://www.scard.org/press/19980413-01/>, the GSM digital cellular telephony authentication cipher. Mr. Briceno is a senior advisor on digital telephony issues to an international development effort engaged in designing low cost phone encryption devices and a consultant to memory chip forensic data analysis teams at several major universities.
 

• Austin Hill, President of Zero-Knowledge Systems Inc., a leading developer of Internet privacy solutions for businesses and consumers.  Zero-Knowledge Systems will release the first complete Internet privacy utility for consumers in September 1998.   Using full strength, fully exportable encryption technology developed by some of the worlds leading cryptographers this product allows Internet users to become completely anonymous on the Internet, using digital pseudonyms and public key cryptography to establish and authenticate digital identities.  The Zero-Knowledge Systems development team includes Ian Goldberg who achieved international recognition for his part in breaking the Netscape encryption scheme as well as the development team of the Archie Internet protocol.  Forrester Research has estimated that 9 million people will have purchased an Internet privacy solution by the year 2000.   There are currently very few Internet privacy tools on the market making this one of the highest growth areas of Internet business.

Previous to starting Zero-Knowledge Systems, Mr. Hill was the Chief Technology Officer for TotalNet Inc., which was one of the 3 largest Internet Providers in Canada.  This company was sold in March 1997 to MPACT Immedia which is Canada's largest E-Commerce company.
 
 

• The Normal sounding text announcement.  This includes information not on this page!  Complete details are in this announcement.  Please spread this one all over the place. (06-12-98)
• The more Professional sounding announcement is available in Office 95, 97 and .PDF format (06-18-98) - Thanks Dan!
• If you want a much more expensive and professional conference to attend (As cover for really attending DEF CON 6.0) check out the Black Hat Briefings conference.
• The initial Call for Papers announcement.  Not to be updated. 

Use some of the available logos people have been kind enough to create for the convention that are on this page.  Please DO NOT USE the sponsor logos if you are not an official sponsor.

Ride & Hotel Room Sharing





• Rage-303 and Colorado is up to speed with the first ride sharing page!  The 303 Colorado sharing page is here.  A special thanks to the 303 crew that donated all the excellent technical books for the give away last year. 
• Enigma's 4th Annual California Car Caravan for DEF CON 6.0 is up and running!  Check it out.  The Voice of Mercury lives!
• Boogah187 has set up an Orange County California Ride share page.  This page is different than Enigmas OC page.  Hey, competition is a good thing.
• The 604/250 Area Code (British Columbia, Canada) 2600 chapter welcomes you to share ride, room, and board to DEFCON and back. Hosers Kick Ass. No NT people.
• Email TuxedoMask@Cyberdude.com if you are interested in his ride caravan to Defcon from Phoenix and surrounding cities in the 602.
• BroncBuster is in effect with the First Annual Northern California Ride Sharing page!  I've had a lot of guys from Scaramento, Chico and around where I live all talked to me about setting it up and driving, rather then flying, to DefCon this year. Well I took the risk and I'm taking the wheel on trying to organize it.
• The Seattle area 206 ride sharing page is being done by Jack T.Dragon.  Good site.
• The Alberta (403) Area Code ride sharing page welcomes all Nearby Canadian (or American) Neighbors to join us, on our trek to DefCON, sharing rides, rooms, and Canadian Propaganda.  Both NT & Unix are cool, Let's have some fun!

• The Plaza Hotel is at the end of the Freemont Street "Experience"
• Thinking of taking a trip to Area51?  Check out UFOMind.
• The TDYC's DEF CON homepage with links to other resources, their ride list, and more.
• Flea's DEF CON resource page with what to bring and not to bring, hotel info, etc.
• SysFail's DEF CON Planning page. System Failure's list of who will be there from 408, 541, 619, 916, 909, etc.
• Radio Scanner frequency list by Clay Irving for Nevada.
• A list of local pubs and nightlife in Las Vegas.
• Find events, buy show tickets and find out what is up at LasVegas.com.

• The Official Defcon Shoot page. We're going a shootin' again, and here is where you'll find the specifics.  It's slated for Saturday afternoon.  Be awake!
• Rev. Krusty is organizing the Who Are You, any ways? A Social Engineering Competition for DEF CON 6.0 happeinging Friday night.
• System Failure is going to host another scavenger hunt that Friday. It's going to be a little tougher than last year. Game sheets will be at our table, no time limit, and its preferred people work in groups. There will be prizes.
• J-Dog has created a simple page for the tattoo/piercing that will occour at DC6... if you want to get something pierced/tattooed at DC6, do it with the group, as we will get some serious group discounts on all piercing/tattooing.
• Several companies will be recruiting at DEF CON 6.0  They will have announcements in the program, and  hospitality rooms for those interested in an informal interview Saturday night.  If you think you are interested bring a resume.  Currently there are two head hunting companies, Argus Systems and Secure Computing Corporation signed up.
• The Black and White Ball.  New Rule:  No one allowed into the Black & White hall with out dressing up one way or the other.  You can always hang out in the main hall if you don't like it!  I have learned from last year, and have refined the Black & White ball for this year.  For the last two years at DEF CON there has been a sort of unspoken Saturday night dress up event.  People have worn everything from party dresses and Tuxedoes to AJ's ultra pimp Swank outfit with tiger print kilt.  Wear your cool stuff Saturday night, be it gothic, PVC vinyl, or Yakuza looking black MIBs.  No prizes, just your chance to be the uber-bustah pimp.  Live DJ action, a cash bar and some cooling out to be had by all.
• Pirate Radio will be on a micro-broadcast station to be announced.  Rumor has it that the FCC will be there with a DF "Fox Hunt" van attempting to bust people, so be on the look out and stay mobile!  In the past there has been conference updates, party announcements, interviews and cool music mixes streaming from the unknown location of Radio Defcon.  Please record your show and I'll put it online after the con!
• Live DJ action. in the hall Friday.  Low volume cool-out music to work by as well as some great guest DJs including the London Priate Radio crew, DJ Donovan from LA, and a cameo spin job from Lockheed and the DHP crew.
• Cult of the Dead Cow will be up to no good again.  Last year it was an anniversary world domination party with the divinity of the bovinity + drinks from Lady Carolyn.  What will it be this time?!?!  The release of the Microsoft Back Orfice Tool!  Read about it here, and cower in their presence!@#
• PHRACK Magazine will be sponsoring some give aways and stuff to be announced.
• As usual there will the the Give Aways happening throughout the speaking, and at random intervals to keep you guessing.  If you have anytihng functional and interesting you want to give away, please bring it!

FRIDAY July 31st:

10:00 -           The conference doors open!
12:00 -           DJs start to kick in with live music.
                     Super Quake-athon
14:00 -           Capture the Flag network starts up.  People will also be dropping IDS systems, firewalls, wierd machines, etc. into this network to see what happens.

18:00 - 18:45  Lockpicking demonstration in the main speaking hall by Gurney Halleck.
18:55 - 19:55  Mystery speaker!
20:00 - 21:30  The "Who are you anyway?" Social engineering contest. In the speaking hall.
22:00 - 23:59  First Round of Hacker Jeopardy in the main speaking hall.

SATURDAY August 1st:
 
 

10:00 - 10:50 Richard Thieme - The More Things Change The More They Don't:Soft Destruction and the Ancient Wisdom of Hacking.
11:00 - 11:50 Bruce Schneier - Trade craft on Public Networks.
12:00 - 12:50 Ian Goldberg - Cryptanalysis of the GSM Identification Algorithm.
13:00 - 13:50 Jennifer Grannick - A review of several major computer crime cases from the past year or two.
14:00 - 14:50 Lorenzo Valeri - Why are we talking about Information Warfare?
15:00 - 15:50 Ira Winkler, Tasks that require real technical skills and abilities.
16:00 - 16:50 The Cult of the Dead Cow - Introducing Back Orfice for NT.
17:00 - 17:50 Winn Schwartau - Introducing the Time Based Security model and applying military strategies to network and infra structural securities.  A/K/A Humbug.
18:00 - 18:30 Austin Hill and Ian Goldberg - Explaining the concepts behind ZKS's anonymous network cloud, Q&A session.
18:40 - 19:40 John Q. Newman - The lastest in paper tripping, false identity, and how to REALLY not be found.

19:30 - 21:00  The Black and White Ball in the speaking hall with live DJ action.
21:00 - 21:30  The TCP/IP Drinking Game in the main speaking hall.
22:00 - 23:59  Final Rounds of Hacker Jeopardy in the main speaking hall.

SUNDAY August 2nd:
 
 

Track A 10:00 - 10:50 Dan Veeneman - LEO systems, Iridium, and a satellite hacking update.
Track B 10:00 - 10:50 Jeff Thompson - Developing a 32 bit operating system.

Track A 11:00 - 11:50 Dr. Byte - Technical presentation on The security of wireless technology.
Track B 11:00 - 11:50 Morgan Wright - The best social engineers understand behavioral analysis, and how to use it.

Track A 12:00 - 12:50 Peter Shipley - An overview of a 2 year effort in massive multi-modem wardialing.
Track B 12:00 - 12:50 Prof. Feedlebom - Operating your own micro power radio station.

Track A 13:00 - 13:50 Se7en - Hacking the Travel Industry.
Track B 13:00 - 13:50 Trask - Hacking the Big Iron, Security Issues in Large Unix Environments.

Track A 14:00 - 14:50 Panel Discussion - Securing Distributed Systems.
Track B 14:00 - 14:50 Gregory Gilliss - 

Track A 15:00 - 15:50 Super Dave, of the DoC - Copyright vs. Freedom of Speech.
Track B 15:00 - 15:50 Marc Briceno - Smartcard Hacking for Beginners.