WEBVTT - The Def Con Story 0:00:04.160 --> 0:00:07.520 Get in texts with technology with tex Stuff from stuff 0:00:07.520 --> 0:00:14.120 works dot com. Hey there, and welcome to tex Stuff. 0:00:14.160 --> 0:00:17.480 I'm your host, senior writer, Jonathan Strickland. I worked for 0:00:17.560 --> 0:00:21.120 how stuff works dot com been recording text stuff since 0:00:21.280 --> 0:00:25.080 two thousand eight, and I cannot believe that I've gone 0:00:25.200 --> 0:00:29.480 that long without covering this next topic. I'm talking about 0:00:30.080 --> 0:00:33.680 def Con. It's a really interesting subject. I've touched on 0:00:33.720 --> 0:00:35.600 it once or twice in the past, and I've talked 0:00:35.600 --> 0:00:38.760 to people who have presented at def Con or attended 0:00:38.840 --> 0:00:42.400 def Con. I personally have never been to one, but 0:00:42.479 --> 0:00:44.479 I felt like now was the time. It would be 0:00:44.520 --> 0:00:46.400 really cool to take a look at a conference filled 0:00:46.440 --> 0:00:50.600 with people who know all about bypassing security and getting 0:00:50.640 --> 0:00:55.400 to all of your precious secrets. These are hackers and 0:00:55.480 --> 0:01:00.120 security experts who can identify vulnerabilities and weak implementations and 0:01:00.160 --> 0:01:03.200 then exploit them. It's a conference where if you're not careful, 0:01:03.560 --> 0:01:07.200 you'll be publicly mocked for your poor security protocols. And 0:01:07.240 --> 0:01:11.000 it's called def Con. Jeff Moss, who is a hacker 0:01:11.040 --> 0:01:14.600 who used the handle the dark Tangent, founded the conference 0:01:14.600 --> 0:01:19.720 back in Moss operates some bulletin board systems or bbs 0:01:19.840 --> 0:01:22.759 is back in the early nineties on Phyto networks, and 0:01:22.800 --> 0:01:25.520 you may have my brother has forgotten what these bbs 0:01:25.640 --> 0:01:28.360 is would like. Things changing so scoring nowadays and people 0:01:28.440 --> 0:01:30.760 quick to forget, So I thought maybe we should go 0:01:30.840 --> 0:01:33.040 back and talk about what the heck is a bulletin 0:01:33.080 --> 0:01:36.840 board system? What is phto net well, A bulletin board 0:01:36.880 --> 0:01:40.160 system is a pretty simple concept. You have a host 0:01:40.240 --> 0:01:44.200 computer running some special software, and that software sets aside 0:01:44.240 --> 0:01:48.320 certain assets for the bulletin board system or BBS, such 0:01:48.320 --> 0:01:53.600 as hard drive storage space and maybe uh filing system 0:01:53.640 --> 0:01:56.720 of some sort of navigation system, a user interface, if 0:01:56.720 --> 0:02:00.760 you will, and this would typically include this message board system. 0:02:00.760 --> 0:02:05.200 It allows participants to communicate with each other, typically asynchronously, 0:02:05.920 --> 0:02:07.920 which means that you could leave a message and then 0:02:07.960 --> 0:02:09.919 the next time someone checks in they could read their 0:02:09.919 --> 0:02:12.880 messages respond to them. The next time you check in 0:02:12.960 --> 0:02:16.520 you could see the responses, very similar to email um 0:02:16.800 --> 0:02:20.320 and many bbs is would only allow one person to 0:02:20.400 --> 0:02:23.200 connect to the bbs at a time because you actually 0:02:23.240 --> 0:02:26.680 were using dial up modems in those days. So you 0:02:27.000 --> 0:02:29.240 hook up a dial up modem to your computer, it 0:02:29.280 --> 0:02:33.160 would call out a number using the telephone system. The 0:02:33.280 --> 0:02:37.000 plain old telephone system or pots, if you will, and 0:02:37.360 --> 0:02:41.360 that would dial up the host computer's modem, which would 0:02:41.360 --> 0:02:45.200 then allow you to connect. And some would have the 0:02:45.200 --> 0:02:48.400 capacity for multiple connections, maybe up to three or so, 0:02:48.760 --> 0:02:51.000 but a lot were just single connections and you would 0:02:51.480 --> 0:02:53.560 be you would have to wait if someone was already 0:02:53.560 --> 0:02:54.959 on there, you get a busy signal and you'd have 0:02:55.000 --> 0:02:59.400 to try again later. Uh. Many BBSs would include simple 0:02:59.520 --> 0:03:03.079 games or drives where you could upload or download files 0:03:03.120 --> 0:03:06.960 at incredibly slow speeds. Imagine the Internet if it were 0:03:06.960 --> 0:03:09.079 limited to just the stuff that was on this one 0:03:09.080 --> 0:03:13.920 guy's computer across town. And you kind of get the idea. Now, 0:03:13.960 --> 0:03:15.880 because we're talking about the era of dialot modems, we're 0:03:15.880 --> 0:03:18.799 also talking about time when long distance calls were expensive 0:03:19.440 --> 0:03:21.720 and there was no free long distance in those days 0:03:22.040 --> 0:03:25.040 unless you were getting around the system. But we'll get 0:03:25.040 --> 0:03:29.280 into that. So you're spending money in order to connect 0:03:29.280 --> 0:03:32.280 to anything that's not within your area code. Typically most 0:03:32.280 --> 0:03:34.400 people would just stick to bbs is that we're in 0:03:34.680 --> 0:03:37.440 the area codes that were in the local dialing options 0:03:37.480 --> 0:03:40.080 that they had, and initially that was the only way 0:03:40.080 --> 0:03:43.560 you could check messages on other bbs is you could 0:03:44.000 --> 0:03:46.880 you'd have to call into that BBS. So if you 0:03:46.920 --> 0:03:49.720 have a friend who's three cities over and they're technically 0:03:49.720 --> 0:03:52.760 in long distance range and you want to check any 0:03:52.760 --> 0:03:56.200 messages they were leaving for you on the their local BBS, 0:03:56.560 --> 0:03:58.240 you had to call a long distance or they had 0:03:58.240 --> 0:04:01.240 to do the same for your low gold BBS. There 0:04:01.320 --> 0:04:04.880 wasn't really any inner connectivity in the early days, So 0:04:04.960 --> 0:04:07.480 if your BBS of choice was called I don't know, 0:04:07.560 --> 0:04:11.000 let's say it's moss Eisley Cantina, So yours is moss 0:04:11.040 --> 0:04:15.040 Eiseley Cantina, my BBS of choice is called the Raven, 0:04:15.680 --> 0:04:18.000 we wouldn't be able to leave messages for each other 0:04:18.120 --> 0:04:21.680 unless we were willing to visit the other person's favorite BBS, 0:04:21.760 --> 0:04:24.680 and thus we'd be unable to share our love of 0:04:24.680 --> 0:04:28.200 Harrison Ford, who obviously inspired the names of both of 0:04:28.240 --> 0:04:31.960 those bbs is and bonus points if you know what 0:04:32.160 --> 0:04:37.040 the Raven is. But either way, one of us or 0:04:37.120 --> 0:04:39.279 both of us would have to spend money on a 0:04:39.320 --> 0:04:42.400 long distance call if we wanted to drop a communication 0:04:42.480 --> 0:04:45.760 to the other. But then along came Fido net, and 0:04:45.839 --> 0:04:48.120 this was a network designed in the nineteen eighties to 0:04:48.200 --> 0:04:52.280 allow different BBS is to have exchanges between them. So 0:04:52.440 --> 0:04:56.480 if both the Moss Eiseley Cantina and the Raven connected 0:04:56.880 --> 0:05:00.479 through Fido Net, you could communicate between the two. You 0:05:00.520 --> 0:05:03.880 could leave a message for your friend over at In 0:05:03.920 --> 0:05:06.320 my case, you would leave a message on the Raven 0:05:06.360 --> 0:05:09.359 for me, and the message you left at Moss Eisley 0:05:09.440 --> 0:05:12.120 Cantina would be relayed to the Raven. I could read 0:05:12.160 --> 0:05:14.280 your message. I could then send a message to you 0:05:14.320 --> 0:05:16.640 and it would be relayed to Moss Eisley Cantina and 0:05:16.680 --> 0:05:19.400 you could read it there. So again, very much like email, 0:05:20.240 --> 0:05:23.640 BBS culture allowed people who otherwise would have had problems 0:05:23.680 --> 0:05:27.800 meeting up with folks who shared their similar interests like 0:05:28.480 --> 0:05:32.719 I don't know, let's say hacking, for example, and I 0:05:32.720 --> 0:05:36.000 should probably talk about what hacking actually is now. The 0:05:36.080 --> 0:05:40.320 popular definition of hacking is very narrow and misleading. It 0:05:40.360 --> 0:05:44.000 tends to focus on super negative stuff like breaking into 0:05:44.000 --> 0:05:47.440 secure systems in order to steal stuff or commit sabotage 0:05:48.600 --> 0:05:53.400 or install malware. You know, you're designing viruses and worms 0:05:53.400 --> 0:05:57.440 in order to be some sort of online menace to society. 0:05:57.480 --> 0:06:00.200 But the basic definition of a hacker is just someone 0:06:00.200 --> 0:06:02.919 who wants to know how something works. They want to 0:06:03.040 --> 0:06:08.400 understand a system or a product or software or hardware. 0:06:08.440 --> 0:06:09.960 They just want to know how it works, and then 0:06:09.960 --> 0:06:12.359 how to make changes to it, how to tweak it 0:06:12.440 --> 0:06:14.719 so it does things it wasn't and just you know, 0:06:14.800 --> 0:06:18.000 expected to do it wasn't designed to do. You increase 0:06:18.120 --> 0:06:21.560 its utility by making it do other things, or maybe 0:06:21.560 --> 0:06:24.680 you do things better or often worse, but in an 0:06:24.800 --> 0:06:29.400 entertaining way. So they hack a system up and see 0:06:29.400 --> 0:06:31.680 what makes it tick, and then they put it back together. 0:06:31.920 --> 0:06:34.760 And sometimes they'll hack together code to accomplish something, and 0:06:34.760 --> 0:06:36.719 there's no requirement for that code to be in any 0:06:36.720 --> 0:06:40.359 way malicious or illegal. Hackers might make a program that 0:06:40.440 --> 0:06:43.760 lacks elegance or efficiency, but it gets the job done, 0:06:44.160 --> 0:06:46.000 and the same is true for hackers who work with 0:06:46.040 --> 0:06:49.880 physical gadgets as opposed to just code. They might make 0:06:49.960 --> 0:06:52.960 circuits that do nifty things, though it may be a 0:06:53.480 --> 0:06:59.000 primitive or particularly inelegant approach, refinement can come later. Hacking 0:06:59.080 --> 0:07:02.240 is just can I take this stuff and make it 0:07:02.279 --> 0:07:05.200 do what I wanted to do? So again, it could 0:07:05.200 --> 0:07:08.279 be hardware, it could be software, and there's also some 0:07:08.960 --> 0:07:13.560 social hacking as well. The ability to manipulate people into 0:07:13.640 --> 0:07:19.480 doing things, not necessarily maliciously, though frequently it is uh. 0:07:19.640 --> 0:07:22.280 Sometimes it's just meant as a way of seeing how 0:07:22.320 --> 0:07:25.680 people tick. That's really what hackers are interested in. So 0:07:25.800 --> 0:07:28.480 working for a company like how Stuff Works, we appeal 0:07:28.640 --> 0:07:31.960 to that same sort of sensibility, that sense of curiosity 0:07:32.000 --> 0:07:37.240 that wants to be uh satisfied by learning how the 0:07:37.280 --> 0:07:41.160 world works. Now back to Jeff Moss. He operated a 0:07:41.200 --> 0:07:44.400 few different bulletin board systems on Fido net, and his 0:07:44.440 --> 0:07:47.400 bulletin board systems were part of a larger network of 0:07:47.480 --> 0:07:51.000 people interested in hacking or freaking, which is sort of 0:07:51.040 --> 0:07:53.800 like the telephone system version of hacking. Now. I did 0:07:53.800 --> 0:07:56.800 a full episode about freaking years ago, and you can 0:07:56.880 --> 0:07:58.640 learn all about it, and also about some of the 0:07:58.680 --> 0:08:04.240 famous people who were freaks, like uh Wosniak so Wasniac 0:08:04.360 --> 0:08:06.800 being one of the co founders of Apple back in 0:08:06.880 --> 0:08:09.800 the seventies, was one of the phone freakers. You can 0:08:09.840 --> 0:08:13.400 also learn about Captain Crunch, who used a toy whistle 0:08:13.680 --> 0:08:18.080 found in cereal boxes to help hack the phone systems. 0:08:18.600 --> 0:08:21.400 These were people who were learning how those phone systems 0:08:21.440 --> 0:08:24.360 worked and then how to manipulate them. Whether it was 0:08:24.440 --> 0:08:26.960 to make long distance phone calls for free, or just 0:08:27.080 --> 0:08:30.200 to really figure out how all those network switches worked 0:08:30.360 --> 0:08:32.920 because it was interesting and not a lot of material 0:08:33.080 --> 0:08:38.959 was available publicly for people to look into. Uh Well, 0:08:39.360 --> 0:08:42.320 there were also people who were interested in just sharing information. 0:08:42.480 --> 0:08:45.360 They had access to information that they thought other people 0:08:45.400 --> 0:08:47.880 needed access to, and so they would use bolton board 0:08:47.880 --> 0:08:52.520 systems to disseminate that information to other folks. His BBS is, 0:08:52.800 --> 0:08:55.559 that is, Jeff Mosses BBS is connected to other systems 0:08:55.600 --> 0:08:59.760 located around the world through this network. Now, Mosses bb 0:09:00.080 --> 0:09:02.360 as were popular and he started to function as sort 0:09:02.400 --> 0:09:06.439 of the centralized hub for many of these other BBS platforms, 0:09:06.800 --> 0:09:11.719 including platforms like hacknet, freak Net, and platinum Net. There 0:09:11.720 --> 0:09:16.320 were eleven in total that used his BBS as sort 0:09:16.320 --> 0:09:21.160 of a connecting point, and platinum Net out of Canada 0:09:21.400 --> 0:09:25.680 had a request for moss or more specifically, the administrator 0:09:25.960 --> 0:09:28.880 of the BBS platinum Net, which was located in Canada, 0:09:29.440 --> 0:09:32.560 was asking moss for a favor. The operator of that 0:09:32.640 --> 0:09:36.160 BBS was going to go offline because quote his dad 0:09:36.200 --> 0:09:38.960 got a better job in the quote. So this was 0:09:39.040 --> 0:09:42.440 someone who is fairly young. One can presume living with 0:09:42.520 --> 0:09:46.160 his dad and that he was soon going to lose 0:09:46.480 --> 0:09:49.720 access to the computer they were using, the phone line 0:09:49.720 --> 0:09:53.760 they were using because they were going to relocate. And 0:09:53.800 --> 0:09:55.640 this is where we remember there were a lot of 0:09:55.720 --> 0:09:58.760 young folks really interested in the way computers and complicated 0:09:58.800 --> 0:10:01.640 systems worked, and the operator of Platinum Net was hoping 0:10:01.679 --> 0:10:05.480 that Jeff Moss would be able to organize a big bash, 0:10:05.640 --> 0:10:09.000 a big going away party for Platinum Net. Because Jeff 0:10:09.040 --> 0:10:12.199 Moss again was operating this sort of centralized hub and 0:10:12.480 --> 0:10:15.560 Moss was in the United States, whereas this guy was 0:10:15.600 --> 0:10:22.479 in Canada. So most of the members of these networks 0:10:22.520 --> 0:10:25.040 that we're using these bbs is happened to be in 0:10:25.120 --> 0:10:27.959 the US. That's why Platinum Net really wanted Jeff Moss 0:10:28.000 --> 0:10:30.840 to organize this, because he wanted as many of his 0:10:30.920 --> 0:10:32.679 friends to be able to go as possible, and it 0:10:32.720 --> 0:10:35.560 would be difficult to organize a party in the United 0:10:35.559 --> 0:10:40.000 States while you are actually in Canada. Now, Moss had 0:10:40.000 --> 0:10:42.400 talked to Platinum nets administrator. And by the way, the 0:10:42.440 --> 0:10:44.720 reason why I'm not using any names here is because 0:10:45.040 --> 0:10:47.800 Moss himself says he forgot the name of the kid 0:10:48.520 --> 0:10:51.880 from so many years ago. He's forgot what the kid's 0:10:51.920 --> 0:10:54.320 name was. So Moss decided that the best place to 0:10:54.400 --> 0:10:57.880 locate the party would be Las Vegas, Nevada, for a 0:10:57.880 --> 0:11:00.600 couple of different reasons. For one, he had never been 0:11:00.640 --> 0:11:03.360 to Vegas, so he was kind of curious. He's like, 0:11:03.360 --> 0:11:05.400 why don't we have the party in Vegas? And he 0:11:05.440 --> 0:11:08.400 felt that the party if it fell apart, if it 0:11:08.440 --> 0:11:11.360 was a bust and no one showed up, worst case scenario, 0:11:11.679 --> 0:11:14.559 he'd be sitting by a pool drinking a Pinia Colada 0:11:14.640 --> 0:11:17.520 in Las Vegas, Nevada. So he saw it as a 0:11:17.520 --> 0:11:22.000 win win, and that's when things took a turn. So 0:11:22.280 --> 0:11:28.040 platinum Net disappeared, the administrator that is of the BBS disappeared, 0:11:28.080 --> 0:11:32.480 the BBS itself went offline. Apparently his father took the 0:11:32.640 --> 0:11:36.760 job earlier than was expected, and Platinum Net went dark. 0:11:37.360 --> 0:11:40.400 So Moss had already begun preparations for this great, big 0:11:40.440 --> 0:11:43.240 party in Las Vegas, and people were already expecting a 0:11:43.240 --> 0:11:46.800 big shin dig. So Moss was left, as he said, 0:11:47.559 --> 0:11:53.040 holding the bag. He decided that instead of canceling it 0:11:53.320 --> 0:11:56.360 or making excuses, he would actually turn it up a notch. 0:11:56.559 --> 0:12:01.079 He decided to invite everyone across the eleven networks that 0:12:01.120 --> 0:12:04.960 were connected to his BBS, and then he got on 0:12:05.040 --> 0:12:08.080 I r C also known as Internet Relay Chat and 0:12:08.160 --> 0:12:12.720 posted to Pound hack and Pound freak or if you prefer, 0:12:12.840 --> 0:12:16.280 hashtag hack and hashtag freak in these days, and those 0:12:16.280 --> 0:12:19.480 are chat rooms. IRC uses the hashtag or pound symbol 0:12:19.520 --> 0:12:22.360 to designate different chat rooms. Back in the day, there 0:12:22.400 --> 0:12:25.520 was only one hack chat room and only one freak 0:12:25.640 --> 0:12:28.720 chat room, and he posted about the party there. Essentially, 0:12:29.240 --> 0:12:33.520 he was opening it up to everybody. He also says 0:12:33.600 --> 0:12:36.000 that he sent faxes out to tons of different people 0:12:36.040 --> 0:12:41.959 and organizations, including law enforcement agencies, agencies like the FBI 0:12:42.040 --> 0:12:44.640 and the Secret Service, and he said, we're gonna have 0:12:44.679 --> 0:12:47.480 a big hacking conference in Las Vegas. Now. Later on, 0:12:47.520 --> 0:12:49.720 he said he knew information about the gathering was gonna 0:12:49.720 --> 0:12:52.199 get out anyway. It was going to become public, so 0:12:52.400 --> 0:12:54.360 he might as well get in front of it and 0:12:54.440 --> 0:12:57.000 let people know ahead of time, rather than make it 0:12:57.040 --> 0:12:59.440 seem like he's trying to be secretive and that perhaps 0:12:59.520 --> 0:13:01.320 these people are up to no good. He wanted to 0:13:01.360 --> 0:13:02.839 get in front of that and say no, no, no, 0:13:03.559 --> 0:13:06.839 we're getting together to have a party. Yes, we're all folks. 0:13:06.800 --> 0:13:11.480 Who are interested in information security, but we're not clandestinely 0:13:11.559 --> 0:13:15.520 trying to take down the government or something. And now 0:13:15.520 --> 0:13:18.640 he had to call the party something, and he was 0:13:18.720 --> 0:13:22.360 thinking about different names and ultimately decided upon def Con 0:13:23.200 --> 0:13:26.840 D E, F C O N. Now, in military speak, 0:13:27.280 --> 0:13:31.439 def con as an acronym stands for defense readiness condition, 0:13:31.520 --> 0:13:34.640 and it's generally followed by a number. And here's how 0:13:34.640 --> 0:13:37.480 the scale breaks down. If you've ever heard about def 0:13:37.480 --> 0:13:40.000 con followed by number, this is what it means. Def 0:13:40.080 --> 0:13:45.000 Con five is normal peacetime readiness, meaning you are not 0:13:45.240 --> 0:13:48.080 on high alert in any way, shape or form. Def 0:13:48.160 --> 0:13:53.160 Con four is normal increased intelligence and strengthened security measures, 0:13:53.720 --> 0:13:57.360 so not quite as laid back as normal peacetime readiness. 0:13:57.640 --> 0:14:01.079 Def Con three is an increase in four readiness above 0:14:01.280 --> 0:14:07.120 normal readiness, so you've got perhaps some various military units 0:14:07.160 --> 0:14:12.920 and equipment on standby. Def Con two is further increase 0:14:12.960 --> 0:14:17.120 in force readiness, but less than maximum readiness, so somewhere 0:14:17.160 --> 0:14:20.360 in between being a little more ready than usual and 0:14:20.440 --> 0:14:25.080 being totally ready. Def Con one is maximum force readiness. 0:14:25.120 --> 0:14:29.640 You are ready to go to war at a moment's notice. Now, 0:14:29.680 --> 0:14:32.200 Moss like the term def con partly because it was 0:14:32.240 --> 0:14:36.840 in a film called War Games starring Matthew Broderick. Highly 0:14:36.840 --> 0:14:38.440 recommend that movie, by the way, It's one of my 0:14:38.480 --> 0:14:41.480 favorites from the eighties. In that movie, Broderick plays a 0:14:41.560 --> 0:14:46.440 young hacker who uncovers some interesting games that, unbeknownst to him, 0:14:46.480 --> 0:14:50.280 are controlled by a supercomputer called Whopper w O p 0:14:50.520 --> 0:14:54.440 R that stands for War Operation Planned Response, and that 0:14:54.480 --> 0:14:59.240 particular supercomputer belonged to the North American Aerospace Defense Command 0:14:59.560 --> 0:15:02.720 also known as NORAD, and it turns out that the 0:15:02.800 --> 0:15:05.400 supercomputer runs on a program that was designed by an 0:15:05.400 --> 0:15:11.600 eccentric programmer named Stephen Falcon. Now, Broderick's character, whose name 0:15:11.680 --> 0:15:15.120 is David Lightman, has no idea that he's accessed a 0:15:15.160 --> 0:15:19.280 defense computer. He was actually doing what he called war dialing. 0:15:19.360 --> 0:15:22.120 In in old days, people called demon dialing, which is 0:15:22.160 --> 0:15:25.960 where you would set up your computer's phone modem to 0:15:26.120 --> 0:15:29.520 just automatically dial a list of phone numbers, and your 0:15:29.560 --> 0:15:32.280 goal is to see if any of those phone numbers 0:15:32.680 --> 0:15:35.760 match up with another computer hooked up to a modem 0:15:36.000 --> 0:15:39.240 so that you can get access to that computer. In 0:15:39.320 --> 0:15:42.560 the movie, what Lightman is trying to do is he's 0:15:42.600 --> 0:15:45.240 heard about a computer game company, and he wants to 0:15:45.280 --> 0:15:48.280 play the games that that computer game company is making 0:15:48.320 --> 0:15:50.480 before they come out. He wants to play them and 0:15:50.520 --> 0:15:54.400 test them and find out they're worthwhile. So he said 0:15:54.480 --> 0:15:57.040 this list of numbers. Why he doesn't know is that 0:15:57.120 --> 0:16:00.280 his computer is actually called into a defense computer, not 0:16:00.520 --> 0:16:04.840 a gaming companies computer. He just thinks he's playing games. 0:16:04.840 --> 0:16:08.120 So he launches a game called Thermonuclear War, it's really 0:16:08.160 --> 0:16:11.560 a thermonuclear war simulator, and tries to decide where he'll 0:16:11.600 --> 0:16:14.160 attack first, and he decides cheekily that he's going to 0:16:14.240 --> 0:16:17.640 attack Las Vegas, Nevada. So Moss, who was living in 0:16:17.680 --> 0:16:20.680 Seattle at the time, uh the same place that David 0:16:20.760 --> 0:16:24.080 Lightman was supposed to be from, decides he's gonna hold 0:16:24.080 --> 0:16:26.440 a party in Las Vegas, and inspired by war games, 0:16:26.440 --> 0:16:29.120 he calls it def Con. He also mentioned that the 0:16:29.240 --> 0:16:33.000 letters D E F correspond to the phone key number three. 0:16:33.520 --> 0:16:37.640 So in the old text days, each number on a 0:16:37.720 --> 0:16:41.240 phone was related to three letters, and the number three 0:16:41.640 --> 0:16:44.880 was related to the letters D E n F. So 0:16:44.920 --> 0:16:47.120 that was where the phone freakers out in the audience. 0:16:47.720 --> 0:16:50.760 And at that first def Con Moss accepted cash only 0:16:50.840 --> 0:16:53.520 that is true today. By the way, it is a 0:16:53.600 --> 0:16:57.320 cash only experience, and about a hundred people showed up. 0:16:57.840 --> 0:17:01.120 They had a few speakers talk about various programming projects 0:17:01.120 --> 0:17:05.000 and concepts and information security. Moss says that everyone seemed 0:17:05.040 --> 0:17:09.200 to enjoy themselves, and afterwards he was completely exhausted and 0:17:09.240 --> 0:17:12.000 decided to go hibernate for a while. But then he 0:17:12.040 --> 0:17:15.480 started getting messages from people about how to improve the 0:17:15.520 --> 0:17:19.120 event for the next year, and a lot of requests about, hey, 0:17:19.200 --> 0:17:21.399 are you going to do this next year? And according 0:17:21.400 --> 0:17:23.080 to Moss, that was the first time he had ever 0:17:23.119 --> 0:17:26.280 considered making it an annual event. It was originally just 0:17:26.359 --> 0:17:28.760 gonna be this one time going away party. Remember it 0:17:28.760 --> 0:17:31.640 was originally going to be for Platinum Net, but Platinum 0:17:31.640 --> 0:17:33.920 Net had already gone away, and so he decided, well, 0:17:33.960 --> 0:17:37.040 I guess, I guess we can make it an annual party. 0:17:38.480 --> 0:17:40.600 Well they decided to hold it again the next year, 0:17:41.320 --> 0:17:44.480 and according to Moss, it was about twice the size 0:17:44.720 --> 0:17:47.000 of the year before, and then the third year they 0:17:47.080 --> 0:17:51.280 held it it increased in size again. And shenanigans would 0:17:51.320 --> 0:17:53.760 happen at these parties. For example, you might get into 0:17:53.800 --> 0:17:57.000 a building's elevator and discover that someone had rewired all 0:17:57.040 --> 0:17:59.320 the buttons, so they go to different floors than what 0:17:59.440 --> 0:18:02.280 you pushed. You might push floor three and end up 0:18:02.280 --> 0:18:05.520 on floor twelve, or you might see folks lugging around 0:18:05.560 --> 0:18:09.400 an enormous satellite up link dish for reasons that they 0:18:09.560 --> 0:18:12.920 wouldn't be willing to explain. But Moss says the tone 0:18:12.960 --> 0:18:16.359 of the conference really began to change around this time too. 0:18:16.680 --> 0:18:19.960 The Internet was starting to take off and information security 0:18:20.040 --> 0:18:24.199 was transitioning from something that people were interested in as 0:18:24.240 --> 0:18:28.120 a personal passion into a legitimate career, and Moss says 0:18:28.160 --> 0:18:30.280 that the years between def Con four, which would have 0:18:30.320 --> 0:18:33.920 been and when the bubble burst in two thousand one, 0:18:34.000 --> 0:18:36.120 the tone of the show had turned into one centered 0:18:36.160 --> 0:18:40.000 around money and commerce and less about the geeky technical 0:18:40.080 --> 0:18:42.399 details of how to get around problems or to ensure 0:18:42.440 --> 0:18:45.520 your own Internet security. We've got a lot more to 0:18:45.560 --> 0:18:49.239 talk about with def Con, including how it works and 0:18:49.280 --> 0:18:52.440 what goes on there, but first let's take a quick 0:18:52.480 --> 0:19:02.159 break to thank our sponsor. So pretty soon Defcon was 0:19:02.200 --> 0:19:04.800 just way too big for any one person to carry off, 0:19:04.840 --> 0:19:09.159 and so Moss depended upon a growing staff of volunteers. 0:19:09.600 --> 0:19:14.400 They're affectionately referred to as goons, their departments within the goons, 0:19:14.560 --> 0:19:17.240 such as people who maintain the network connections for def 0:19:17.280 --> 0:19:21.480 Con or folks who act as points of information or security. 0:19:21.600 --> 0:19:24.640 The goons typically wear an identifiable element, like a red 0:19:24.680 --> 0:19:26.800 shirt to let people know they are part of the 0:19:26.880 --> 0:19:31.520 volunteer staff. Moss says that the year before the bubble bursts, 0:19:31.520 --> 0:19:33.800 so in around two thousand, the show had swelled up 0:19:33.840 --> 0:19:38.040 to seven thousand attendees, and according to Moss, only about 0:19:38.160 --> 0:19:41.879 half of those folks really seemed to belong there, like 0:19:41.920 --> 0:19:44.160 they seemed to be the actual geeky people who were 0:19:44.200 --> 0:19:47.439 interested in learning how this stuff worked and playing with 0:19:47.520 --> 0:19:50.400 it and exploring it and breaking it and fixing it, 0:19:50.680 --> 0:19:53.680 and the other half didn't really seem to be those folks. 0:19:53.720 --> 0:19:59.400 They seem to be more people interested in commodity, commodifying security, 0:19:59.440 --> 0:20:03.800 making money, and and making deals. After the bubble bursts, 0:20:03.800 --> 0:20:06.959 the attendants dropped closer to five thousands, So some of 0:20:06.960 --> 0:20:10.240 those people that you might refer to as posers or 0:20:10.280 --> 0:20:13.199 just people who didn't belong at def Con sorry to 0:20:13.680 --> 0:20:17.280 not go anymore, because everyone was pretty much freaking out 0:20:17.280 --> 0:20:20.359 about whether or not tech would even be profitable anymore. 0:20:20.440 --> 0:20:24.520 Especially in the dot com space. By def Con twenty 0:20:24.560 --> 0:20:26.760 in two thousand twelve, the numbers had increased up to 0:20:26.840 --> 0:20:30.960 fifteen thousand, and by then it was a lot of 0:20:30.960 --> 0:20:33.680 the legit folks who were really interested in info SEC 0:20:33.760 --> 0:20:37.040 and not just hangers on. The venue for the conference 0:20:37.040 --> 0:20:39.080 has changed a few times too. For several years, the 0:20:39.119 --> 0:20:42.679 con took place at Alexis Park, which I've actually stayed 0:20:42.720 --> 0:20:45.680 at on a trip to c e S. Alexis Park 0:20:45.760 --> 0:20:48.639 in Las Vegas is a former apartment complex and it 0:20:48.680 --> 0:20:51.480 doesn't have a casino. That was the reason I stayed there. 0:20:51.840 --> 0:20:54.359 I was thinking, if there's no casino, I don't have 0:20:54.440 --> 0:20:57.119 to walk through this enormous casino to get to an 0:20:57.200 --> 0:20:59.359 elevator to get up to my room. I can skip 0:20:59.400 --> 0:21:03.679 all that. Because casinos are notoriously labyrinthian and difficult to 0:21:03.720 --> 0:21:06.360 get through. They don't want you to make they don't 0:21:06.359 --> 0:21:08.359 want it to be easy for you to get out right. 0:21:09.160 --> 0:21:11.200 Uh So I thought, oh, Alexis Park, it doesn't have 0:21:11.200 --> 0:21:13.199 a casino, I'll do that. I did not realize that 0:21:13.200 --> 0:21:17.080 it was a bunch of apartment buildings separate from each other, 0:21:17.119 --> 0:21:19.560 and I was booked in a room that was like 0:21:19.600 --> 0:21:22.680 five apartment buildings back from the entrance, so it meant 0:21:22.720 --> 0:21:25.760 walking I don't know, maybe half a mile to get 0:21:25.760 --> 0:21:28.480 to my room. Uh, so I didn't save any time 0:21:28.520 --> 0:21:31.320 in the long run. Well, Alexis Park was where they 0:21:31.359 --> 0:21:35.720 had several def cons in the early years, and it 0:21:35.840 --> 0:21:39.800 was a very popular place. Uh. It has several pools 0:21:39.840 --> 0:21:43.199 and lots of open spaces, and apparently a ton of 0:21:43.240 --> 0:21:46.560 shenanigans happened in and around those spots during the Alexis 0:21:46.600 --> 0:21:49.920 Park years. The pool parties, in particular, were the stuff 0:21:50.000 --> 0:21:54.840 of legend and sometimes of law enforcement. The hotel even 0:21:54.880 --> 0:21:57.920 printed up sheets that explained how much it would cost 0:21:57.960 --> 0:22:01.000 to replace stuff in your room. So if you wanted 0:22:01.040 --> 0:22:03.800 to trash your room, you could, but you'd have to 0:22:03.840 --> 0:22:05.840 pay for it. But you would know right up front 0:22:05.840 --> 0:22:08.440 how much you had to pay. And actually the hackers 0:22:08.480 --> 0:22:11.280 like this. They liked the idea that, oh, well, if 0:22:11.320 --> 0:22:13.639 we destroy this television, it's gonna be two hundred bucks. 0:22:13.680 --> 0:22:15.720 But I got two hundred bucks, so let's go ahead 0:22:15.720 --> 0:22:18.680 and do it. And it was funny because Alexis Park 0:22:18.720 --> 0:22:20.560 management was totally cool with this. Is said, well, if 0:22:20.560 --> 0:22:22.840 you pay your build and that's fine because we'll just 0:22:22.920 --> 0:22:26.120 replace it. So it was an interesting experience and an 0:22:26.119 --> 0:22:29.840 interesting relationship between Alexis Park and the hackers, and everyone 0:22:30.080 --> 0:22:35.320 seemed to really dig that. But it got to the 0:22:35.320 --> 0:22:38.520 point where Alexis Park just could not handle Defcon. It 0:22:38.560 --> 0:22:42.560 wasn't big enough. The convention had grown so large that 0:22:42.640 --> 0:22:46.600 they needed to have space that had better meeting facilities. 0:22:46.640 --> 0:22:49.119 The rooms weren't large enough to hold the crowds that 0:22:49.160 --> 0:22:53.240 were coming in, and so they eventually moved out of 0:22:53.240 --> 0:22:55.600 Alexis Park. Now, there are a lot of people who 0:22:55.640 --> 0:22:58.639