DEF CON® is famous for its culture and subcultures—it provides something for everyone in the wide world of hacking. This year offered no shortage of characters, caricatures, professionals, “feds,” “goons,” and hackers. Between the villages, talks, demos, and car hacking station, three things were clear to us:
1. ANYONE can disrupt the tech that keeps us safe. The official theme on display centered around the phrase “We are living through a revolt against the future. The future will prevail.” The conference let attendees more deeply understand that there are ways to defeat many of the technologies that make our daily lives safer, more comfortable, and more connected with the world.
Many of the attacks showcased methods used by people of all skill levels, from a budding script kid to more advanced, seasoned hackers. Capture-the-flag (CTF) competition events enabled anyone to join in and circumvent hard-coded logic used by artificial intelligence (AI) or large language models (LLM), hack a notional communications satellite in orbit, or attack a virtual smart city infrastructure. Demos included:
- a real-time video and audio deepfake capability—that was surprisingly convincing,
- the latest exploits used to gain access to maritime vessels,
- how to hack into an industrial control system (ICS),
- how to attack IP-enabled cameras in common use worldwide,
- a step-by-step guide on how to hack into the Emergency Alert System (EAS) to broadcast fake warning messages and sirens throughout the United States.
2. With Social Engineering (SE) and Artificial Intelligence (AI) tools…PEOPLE are the creators. We delved into social engineering, learning about the art of deception, misdirection, and social attack vectors and all the subsequent implications for cyber security. Engaging talks and interactive workshops offered insights into the psychology and technology behind successful social engineering attacks and how to defend against them.
A youth competition and workshops where attendees could try their hands at cold calls and receive feedback from panel members and other SE professionals showed that this is still a personal game. Coupling this with artificial intelligence and cyber security, we learned that adversarial machine learning and other attributes of AI-powered security solutions are getting more powerful and easier to use.
For example, DEF CON® “goons” (volunteer event staff) distributed links and QR codes to practice LLM hacking from our mobile devices while we waited. Once inside, attendees competed in scaled challenges from beginner to advanced levels on assorted topics. Participants successfully convinced one LLM to return false output in the form of incorrect geographical coordinates for an entrance to the Appalachian Trail.
3. RECON plays a large role…in cyber security strategy. At the Recon Village, we explored the world of reconnaissance (RECON) and information gathering. Talks on open-source intelligence (OSINT) techniques, passive reconnaissance, and network mapping deepened our understanding of the crucial role reconnaissance plays in cybersecurity strategies.
Session topics ranged from OSINT tools and techniques to disinformation operations discussions. Dr. Patrick Warrant and Dr. Darren Linville, our partners at Clemson University, delivered separate talks on their research on how Russia and China execute their disinformation campaigns.
BONUS Takeaway: DEF CON® brings together brilliance. Networking with like-minded professionals provided a platform to exchange ideas, insights, and best practices in cyber security and technology. Hands-on sessions offered opportunities to interact with and hack LLMs, gaining firsthand experience on vulnerabilities and potential security concerns. We took away key insights and best practices for developing our own LLMs at 3GIMBALS. This practical application underscored the importance of robust cybersecurity measures and user education in AI domains.
DEF CON® 31 was a remarkable exploration of cyber, AI, and tech innovation. The event provided a well-organized platform to learn from experts, engage in hands-on experiences, and explore the current state–and future–of digital security, information operations, open-source methodologies, and beyond.