Wednesday, November 5, 2014

Surveillance drones and Uncle Sam: Hackers take on all at DefCon 21


Around 15,000 hackers and security experts descended on Las Vegas for the twenty-first annual DefCon last week to discuss the latest and greatest exploits and vulnerabilities targeting seemingly anything and everything.
Sure, computers can be hacked. But what about telephones, televisions and even digital cameras? At DefCon, hackers learn how to wage attacks on just about everything and, just as importantly, how to prevent them.
“There was a session on how to hack into those self-driving cars. People hacking into ATMS, hacking into pacemakers, hacking into refrigerators. I don’t think there’s a limit to what some of these, with the creativity and the skills they have, I don’t think there’s any limit to what they can reverse engineers,” said Vince in the Bay, a podcaster and convicted cyber-criminal who attended his first DefCon this year.
But it’s not just breaking into boring systems and servers at DefCon, either. Zoz is an Australian computer scientist whose life revolves around robots. Sometimes he builds them, but at DefCon he discusses ways to break them. If there’s a system that can be tinkered or toyed with, at DefCon they’ll do it.
“This year I came to give a talk about hacking driverless vehicles, because I’m really into autonomous robots, I’m involved in autonomous robot competitions, and I felt like now we are on the cusp of shared use acceptance of driverless vehicles on the road, shared airspace with UAVs, and so it’s time to think about adversarial relationships and how we make these systems bulletproof,” Zoz told RT.
Zoz has been at DefCon as either an attendee or presenter going back to the 1990s, and this year a few thousand people packed a conference room to watch him show how drones and driverless cars alike can  be compromised with just a couple of tricks. Like almost everyone at DefCon, though, Zoz says he hacks for good — not for bad.
“The people here at DefCon are my people. They are people who are curious and want to learn. They come here to find out how things work and how they can use it best and make it sometimes make things do things that they weren’t supposed to do in a good way often, to improvise and adapt, and to learn from each other and show off what they’ve done.  So this is primarily a conference where people come to learn things and to engage in their curiosity, so that’s what I like about it so much. Because if you have something that you’re interested in, chances are there are people here who are going to be interested in it too,” he said.
In addition to hacking household appliances, UAVs and all sorts of other electronic gizmos and gadgets, security experts of all levels come to DefCon to discuss exploits and vulnerabilities for everything imaginable.
John Draper, also known as Captain Crunch, started compromising computer systems in the 1960s when he used a homemade device called a blue-box to make free phone calls around the world
The real reason behind my experimenting around with the system was to learn the system and understand how it works, much like today with how people are breaking into computers,” Draper told ABC News’ Sam Donaldson some 30 years ago.
Draper went on to show a few guys named Steve and Steve how to hack phones too, and eventually they moved on to make millions, then billions, off of their own endeavors. But while you won’t find the CEO of Apple Computers walking around DefCon in 100-degree heat, Draper still shows up to discuss his sordid past, where his sheer curiosity kept him usually close to trouble. He says he never wanted to hack for harm, though, and relied on hacks and exploits to explore systems that were still in their infancy—and to have a little fun.
“Back in the mid-70s, we found this number by accident, an 800 number, because we were scanning for numbers, and it went into the White House. It was the White House/CIA crisis hotline number,” Draper told RT.
“So we sat on that White House line for a while and learned that President Nixon’s name was Olympus, so a couple weeks later I wrote down that and we were at a party and so we called the White House number and we asked for Olympus. And a person who sure the hell sounded like Nixon came on the line and we said, ‘Sir, we have a national crisis on our hands. Sir, we are out of toilet paper.’ And we hung up! So we were the first people to prank Nixon!”
Of course, hacking phone lines and prank calling the president are child’s play compared to compromising drones and exploiting holes in household appliances. In one DefCon presentation, attendees learned how to hack hi-tech toys made for toddlers; in another, digital cameras. Perhaps the scariest hack of all, however, is one being done by Uncle Sam that’s compromising our personal conversations.
Chris Soghoian is the Principal Technologist and Senior Policy Analyst at the ACLU’s Speech, Privacy and Technology Project, and he spoke a number of times at DefCon this year about issues that aren’t of interest to only hackers. Civil libertarians like Soghoian have long assumed the government was getting communications from anyone they wanted, but only recent revelations made by NSA leaked Edward Snowden have uncovered the tip of that iceberg. Now, Soghoian says, he hopes people start to speak up.
“They’ve been doing this for a while, but they’ve kept it under wraps. And I think it’s time that we have public debate about whether law enforcement agencies should be in this business, whether we want local cops or the FBI to have the capability to hack into any computer, anyone’s smart phone. If cybersecurity is a national concern—which I think it should be—then I don’t really think these tools should be floating around. I think we should be prioritizing cybersecurity, and it’s just not a debate we’ve had,” Sogoihan said.
But just weeks after Snowden gave the world a glimpse at what the government is actually doing, that discussion is one that might finally be on the verge of making it mainstream.

No comments:

Post a Comment