Keynote Speaker

Name: Keynote Speaker
Uploaded: 2014-11-24
Duration: 1 h 9 min 2 s
Description: Jayson E. Street is an author of “Dissecting the hack: The F0rb1dd3n Network” from Syngress. Also creator of http://dissectingthehack.com He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life story can be found on

BSides Charleston · 20141:09:02651 viewsPublished 2014-11Watch on YouTube ↗

Speakers

Jayson E Street

Tags

StyleKeynote

About this talk

Jayson E. Street is an author of “Dissecting the hack: The F0rb1dd3n Network” from Syngress. Also creator of http://dissectingthehack.com He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street” *He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006.

Show transcript [en]

uh how's it going it's like uh i am not awake yet but uh i'm sure i will halfway through this talk um but uh let's start off with talk i always like to start with cats you tell what the theme is it's about traveling it's like also a good presentation to have cats in them uh the title of this talk is around the world in 80 cons uh basically uh what this talk is about it's uh it's one of the weirdest talks i've given because it started off where i was like oh this is what i'm going to talk about this this coming year and so then i started doing research on it and i'm like oh crap that's not what i

should talk about it's got to be this now and so it transitions so it's really a weird talk because it starts off here and then i go to here and then it brings us to over here so it's a really weird talk uh but i do have to there are a couple caveats and stuff you know one of the things that you have to know about me is that i alternate my talks every year it's like i'll do one year i'll do a technical talk an offensive talk well most people say my talks are offensive anyway but i mean like a social engineering physical compromise you know a more technical hacking talk and then the next year i'll do a rant or

something based on uh defense or blue team but mostly ranting so last year i did a talk on spear phishing and uh social engineering and physical compromise so we know what year this is right uh and and there's a couple warnings in this talk one for the very beginning that we need to get out of the way right now is my apology okay because this will run long okay it's just going to and i think it's adorable when the volunteers come up with the time signs that say time's up and stuff you know several times during it or they walk up to me it's just going to run long it's like uh my technical talks it's like and i feel

bad and it's not like i'm not saying that with pride i feel bad about it but i'm very passionate about this talk and i've never done it under an hour and stuff you know and i just keep going so i'm the guy who screwed up the schedule i'm that guy and i apologize in advance for that second of all a friend of mine who used to uh who still lives in south africa he came up to me after a version of this talk and he said jason i'm from a very conservative country and stuff you know so the only thing i could get from halfway through your talk is why is the angry man screaming at me and so i

just want you to understand it's like when i start getting screaming in a little wild episode i'm not screaming you know at you i'm screaming with you so we'll get that going and i think that's about it so those are the warnings also just another warning uh just right off the bat it's like i'm very cranky in the morning so it's like it might be a little bit more fire than usual so uh this is it's also this is the last talk of the year uh so i'm gonna just finish it up really quick uh one thing that you need to know about me quite simply is i love to travel i don't just love to travel i love to

explore that little picture at the taj mahal was taken last week it's like when i was in new delhi it's like i love to go out and see uh not just going to the conference and talking to the hackers but also seeing the culture seeing how what they're into what they're interested in what they're trying to do but then also i've spent like over 11 hours walking through the zidane district in beijing and stuff you know just a complete circle uh walking around and stuff you know just to see what i could see uh and then there was like a one time i was in cairo it's like i walked from the coptic area all the way up to the cairo tower it was

about seven hours it's like it was a great pizza hut on the nile river which was like really good and uh and just doing things like that just walking through not just seeing the tourist sites but walking through the streets seeing the city seeing the people and stuff people see what they're doing see what the culture is seeing how they're greeting people seeing how they they do things because i just like the culture uh so i thought you know what let me do a talk about my travels and about the different cultures in the world stuff you know and how i perceive them and that's the key thing about this whole talk the one thing that keeps it

all the way threaded together is the fact that it's based on perceptions mine i don't speak for anybody else just like russ rogers says i like tacos that means all hackers like tacos right no it's like you know it's like it's it i'm only going to speak on my perspective on my perceptions it's like in what i see it yours mileage may vary it's like oh we got a little microphone stand thing this is true get my hopes up what's up with that okay so we're gonna keep going is that one working now okay i i don't even try to pretend to be professional okay uh so let's get into the uh thing right here right off the

bat and one of the things i want to take off the table right now when i talk about hacking and i talk about uh global aspects of it one of the first things that everybody comes and starts talking about is freaking nation state it's like and global countries and they try to bring all that crap into it okay that's not me that's not what this is about so let's get this stuff out of the way right off the bat and stuff you know so you talk about nation states and stuff you know you always go back to those breach reports right like here's the verizon data breach report instead you know and i'm not trying to call

their baby ugly and stuff you know because i've gotten some twitter wars about this stuff you know i'm just saying this is some of the data all i tried to point out was that maybe this isn't everything that's out there it's like you look at the upper left hand corner this was the bridge report from 13 and if you'll notice there may be some areas that are you know under represented possibly just a little bit you know maybe just not like showing the whole picture there well they try to fix that you know their marketing team i'm sorry i mean the research team uh decided in 14 and say oh you know what when there's a breach in hoboken new

jersey all of usa oh there was a breach in wushi china all of china problem solved you know it's like it's now a more complete report except for even doing that creative reporting they still didn't get everything i'm sure there's i mean there's got to be like a couple computers in mongolia come on seriously it's like they've got wi-fi it's like they're very mobile people i know they've got some hot spots going around it's like you know so it's like they go and they do that they do this report and they try to show that they're trying to get more data and they're not the only ones it's like you've got trustwave right here upper left-hand corner from

13. once again not the greatest representation but in their favor they've got pie because you know we all love pie so that's awesome it's like uh so they got that one and then in 14 once again they're trying to change the fact it's like showing up by how much they represent and how much data they've got they decide to invite everybody to a rave though i don't think i was cool enough to get into this one it's like because i mean that's exactly what it looks like to me it's like i think that little ball with the green thing is supposed to be the earth after a seismic shift of cataclysmic proportions uh but yeah that that's data there somewhere in

that and stuff you know so that's the report and that's how they try to show that data that's how they try to show like hey this is what's going on this is what's happening in the world one of the best sites though when you talk about breaches and you talk about attacks and stuff you know it's hackmageddon.com and one of the main reasons why i like hackmageddon.com is you know first thing again you know pie but second it's got the flags on on the little pie slices and let's face it we're in america the only time we know about other countries flags is when we're invading them right so it's refreshing to see that before it

happens so we actually get to see flags you know other than that so that's awesome so it's like but one of the best things about the site is this right here the disclaimer where the guy says again no need to repeat that data must be taken very carefully since they do refer only to the discovered attacks the so-called tip of the iceberg and hence do not pretend to be exhausted but only aim to provide a high level overview of the global cyber landscape that is such an awesome disclaimer that i'm gonna overlook the use of the word cyber in it okay it's just it's just that good because he's saying this is what i see

this is all that i see there's totally definitely more going on but this is my representation of what i've got and i thought that was very honest and i thought it was a very good site and he's got some really good data it's not all the data but it's something it gives us a facet of it more sites are more technical and they try to use their data that way this is uh digitalattackmap.com do you notice something going on here this isn't a screenshot from war games this is actually from the website and i saw this picture tweeted out all over the twitter sphere and i'm like wow that's really bad that looks like something bad's going

down there and stuff you know what are those guys up to and then i went to the site and i actually started looking through the site some more and i realized something that was going on here it was that they were trying to manipulate the message by using data and they were being totally obvious about it because look at here this is on may 9th but you go to june 7th oh that's a little bit different that tells a little bit of different story that's this story says china's just minding its own business hanging out and stuff you know what everybody else is just going all crazy and stuff and attacking right that's the that's what the story is

right that's what's really happening no i picked this screenshot because it fit my narrative so i can manipulate your emotions and help tell my story the only difference is i'm honest about it and also i in my honesty i also left a little bit more of the uh the legend down there in the lower left hand corner because if you notice the legend says when it's radiating outward like that that's an internal attack so that means all this stuff around the united states is internal that's us on usa on usa violence right there going on that's what's happening there but that's not what the story looks like but for some reason this picture didn't get tweeted out all over the

twittersphere because it didn't even narrative and stuff you know that doesn't sell firewalls and blinky lights right no so uh speaking of selling firewalls and blinky lights we got to mention you know the mandate report right i don't know at what point and stuff you know when uh richard baitlich was a young boy that china came over collectively and stole his lunch money but it hurt him really bad it's like i mean i really want to have like a teddy bear and stuff you know take it up to town security and just go hey just show me on the doll where did china touch your network it's okay you know it's like because this guy is just like

it's all about how horrible and stuff you know china is it's like it's like all there it's all collective and stuff you know and it's just all that data and i'm not it's not just for me i'm not just saying that that's just my perception of the problem it's like i did a google image search because i was doing this this powerpoint i was like i did a google image search for mandiant report i kid you not this was the first response that was the first image result so i may not be the only one and stuff you know they're saying that's a little bit skewered that's a little bit you know once again using number and data to

paint the picture that you want to show and so i i'm and i'm going to go so just for the sake of it just to get this out of the way just get the whole nation state story to bed and stuff you know let's just say this let's agree the chinese are bad right chinese are bad because they spy on their citizens they spy on other countries they infect other nations computers with malware they try to censor the press they try to suppress protesters you know and that's always awkward when i get to the slide and stuff you know because i go to beijing a lot and stuff you know and so you know i was like i've

had some yeah one time it's like at devcon there was like at least three people i know from from china that was just sitting there and the audience going like yes continue and i'm like okay it's like uh well let's go it's like we're gonna agree the chinese are bad because of these five things let's go through these five things right they they get to spy on their citizens you know that's not cool right no one wants that to happen oops but one of my favorite parts about all this stuff that's going on here is this lower right hand corner and stuff we finally figured out what the problem with apt is no one's apologizing see the cia does it

but they apologized afterwards so it's all cool it's all good you know it's like sorry oops my bad you know it's like we didn't mean to do that see so now every other nation state if you realize and say you know after you hack the government servers and stuff you know send an apology letter we're cool we're all good after that see so that's i think one of the biggest things that they're missing so uh what else do they do oh they spy on other countries yeah that's not cool spying on other countries like that i mean look look at merkel here how bad of a person or a country do you have to be to make a german look that sad

i mean seriously that's just not she got groped by george w she didn't look that bad he's stuff you know that's just sad right there and then look in the lower left hand corner italian magazine says u.s spies listen to the pope back and says unaware you spying on the pope and i don't care if you're atheist hindu buddhist whatever okay we gotta admit one important factor here okay this is a pretty cool pope okay i mean he dresses up as a regular priest and goes around vatican city at night feeding the homeless he's like the good guy batman he takes selfies i mean come on this is a pretty good pope now that other guy with the red shoes and the hat

he looks a little sketchy i could totally understand that okay but not this one this one's a good one let's keep this one right so it's like so it's like so they did that so that that's not cool but i mean at least you know you're thinking well you can't say nothing about infecting other countries with malware because that's an act of war and actually trying to implement you know changes into another country's uh control systems that would be horrible it's like one of the best things i liked about stuxnet more than anything else was the denial that has got to be one of the most legendary denials in history it's like the white house press guy going up there

going like how dare you accuse us of such a well-orchestrated totally masterful genius-like maneuver and stuff you know i mean how could you dare think that we were capable of such a masterful work of art that was done during that thing i mean that was just sublime it's like how could you accuse us of that it wasn't us you know it's like i loved it one of the best denials i've ever seen and stuff right it's like so you got that going on i i love i love when i get to this part and stuff you know i can always tell them where the feds are in the room by the way so it's like sorry guys it's

like um but what about elsa's to go to uh they tried to censor the press well that's horrible because you know we got the first amendment going for us right so that's always good uh look at the lower the upper left-hand corner right there the one with the tear gas going on they're tear gassing al jazeera al jazeera's had their offices bombed in syria the reporters are under arrest and stuff you know for reporting facts in egypt it's like right now being tortured and stuff you know and in prison in egypt and so luckily they were able to get the i would think that the press crew and stuff you know that was like said hey

sorry about all those other guys going on but don't worry you're not we're not sending you to syria we're not sending you to uh egypt just go over to missouri and stuff you know and film some stuff and protest it'll be totally fine and you know those reporters are going like crap you know it's like it's like i want to switch over to the egypt office it's like and don't worry the police officers were nice enough to confiscate i mean uh collect their equipment so it didn't get stolen or damaged so that was nice to the police for doing that and stuff you know i thought that was good and speaking of the police and their

helpfulness and stuff you know well not that guy who tries to shoot people and stuff you know because they have cameras uh let's talk about they try to suppress protesters that's some terrifying pictures right there and one of the key things that upsets me the most about these pictures and one that was the most disturbing is not the guys with the the ride guns there or the that's actually a police officer that's a police officer past that's not military and kabul or anything and stuff you know it's this guy right here in the center that is one of the most terrifying pictures i've seen because you do not see rage in his eyes he's not angry

he's not mad he's not vindictive that is an unprepared i don't know how trained terrified man panicking and stuff in a situation that he's not familiar with or is not comfortable with if he had rage he'd be more controlled this is the guy that was most likely if anything was going to shoot somebody and he's got a non-lethal shotgun would that have mattered if someone heard shots being fired wouldn't have mattered someone wasn't going to have a good day on that day it's like and that shows just how bad it gets it's like because that's not anger that's not vindictiveness that's just a human being panicking and in a situation that he doesn't know how to totally cope

with it's like but let's finish it up because if you noticed you know in my little funny way i'm trying to say basically we're all doing it you can't just say ex-country is bad because they do x things it's like okay is that one working now my arm's getting tired i'm tired and i need to hold pepsi so hold on all right there we go so what i'm basically trying to say is we're all doing it so so there we go okay here we go we're gonna get this done eventually should you hear me now can you hear me now does that help they're totally punky with the mic can you all hear me in the back i'm

going to scream louder i promise okay trust me as i get on through here i get even more ragey and louder so look at this look at this map this is the map of around the world all the control centers okay take a good look at it look at canada canada is attacking us when you got canadians going after you there's no hope for humanity people okay i mean i can just imagine those those guys and stuff you know it's like oh i'm sorry you've got a muscle 1466 i'm going to have to pull on your network i apologize you know i mean they did they they did apologize afterwards i mean those those guys were doing it before the cia

thought it was cool you know it's like so you gotta appreciate that but basically everybody's doing it if you say i'm trying to protect myself from this country because this country is doing bad things you're screwed because it's not just one country doing it it's everybody it's like including your own country you know the attacks coming from with inside the country you know it's like what's inside the house it's you gotta watch out for those things you can't just say it's one guy so i'm done talking about nation states and other governments screw those guys let's talk about culture let's talk about people so what i'm going to do is i'm going to tell show

two slides one slide i'm going to tell a story or an observation from when i was in that region and the next slide is i sent out an email a questionnaire to a lot of my friends from all over the world and i said hey please fill this out with all these questions and get them back to me so i can see what your perceptions are from your side of it from actually living there and being in that country tell me what you think and so that's what happened and this is also when the story started to change right here because let's start off with asia uh one of the things i used to like to talk about was um my

first experience uh in 2008 i first got my passport it was only in 2008. uh so of course you know naturally the very first place i decided to get to go uh was to beijing it's like to a hacking conference in china because why not right so i go there and i go to this conference and i see an eye-opening experience about what i thought was the issues and what wasn't and i usually talk about that experience but what i saw in july was even cooler because i invited dave kennedy to come over and speak to the beijing institute of technology uh i'm working with them creating a hacker exchange program and it's way scarier than it sounds and so

it's like and i had him come over and give a talk there and his reaction was awesome because he came over there at the very beginning thinking oh they're gonna like they're gonna take my laptop they're gonna take it apart or they're gonna have people spying on us people are gonna walk us around and stuff you know we're gonna be controlled about where we go and at the end of the time that was over when i'm sending them to the taking them to the airport to say goodbye he came to just like jason that's one of the best experiences i've ever had in my life it's like we took the subway we walked through ho hi lake it's like we got to

see the starbucks and stuff you know it's like we got to eat at pizza hut it's like we got to see exactly what the chinese culture was like we got to see what the people were like and he got to see that besides all the stuff that you say this is what it's like on the ground and it's amazing from what you see in the press to see what you're supposed to be reported and what we're supposed to fear to what's actually happening on the ground to the actual citizens the actual people that are just doing their day-to-day stuff so it was really great to watch that transition for him and stuff you know to see that

uh so let's go and talk about the uh for someone else's perception it's like uh this is gonna be really weird because this is really small font and this is really big training here well let's start reading this like what country do you currently live in and what country you spent most of your time in and more familiar with uh these aren't all the questions but these are like the top four questions i wanted to use to help fit my narrative so we're gonna use these questions he says i currently live in china i spend half and half between the u.s and china how did you find out about hacking i love this just a simple thought how can i get

unlimited game golden rice at the beginning that i can beat romance of three kingdoms which i think is awesome because i mean let's face it i play world of warcraft and i hate freaking going all those freaking quests collecting dragon eggs when i just need to freaking just you know go kill stuff right it's like who wants to do that so he was like yeah that's hard it's like i want to just have fun let's see if i can just hack the system and stuff you know and get my stuff all ready for me so you know there was honest answer i thought that was a good way to start learning to hack and your reading house hacking seemed uh

by the general public overall it still trends toward negative public lack of understanding even people accepted acting as a skill a method but most of people stay away from it and this is china you know the land of apt right it's like and this is one of the most nuanced answers that i got uh at the end is hacking the original scene is more for crime hacktivist nation state or other public media defines it it depends on official needs today it may be a crime next day it becomes national heroes someday it is a technical challenge like most of the places is a mixture some of criminals can be used for national interest cebu and

under certain control uh like giving them a list of 30 countries they can hack uh official security workers may conduct hacktivist or crime in his or her leisure time snowden uh some can be hired for overseas interest that is like one of the most nuanced answers that i've seen from this from these results it's like this is from uh from china and so i thought that was really good i thought that was a really a good response a really nuanced response um so let's go to the next one let's go to uh europe uh one of my favorite conferences in europe is a hack in paris and wheat to hack uh they they uh hack

in paris is like the black hat it's like on like tuesday through friday and then saturday is the new week to hack uh it is actually translated to night of hacks they start off at like 10 o'clock in the morning and they have talks and it's this huge hanger and stuff you know and euro disney yes euro disney it's like there's this huge hangar of like 2 000 hackers and they give talks up on stage up until around 7 p.m and then from 8 p.m till 8 a.m it is capture the flag wild wild west just teams from all over europe uh doing this challenge the ctf and then at the same time they're doing the ctf they've got

workshops for lock picking and drones and vr and and hardware and 3d printing and just making just all these wonderful times to network and learn and just and socialize until sunday morning it's awesome it's like a distilled 24-hour defcon it's great it's like uh and but i do have one complaint and one of the creepiest moments of my life uh was because of knew it to hack because like i said you're a disney so there is nothing more creepier than being a guy like me and a black hoodie with sunglasses on with a big silver suitcase with all these hacker stickers on it and stuff you know waiting at the charles de gaulle airport by myself waiting for the disney shuttle

yeah it was not cool it's like there was this one little a couple years ago this little girl was trying to run up to me to see me and stuff you know and her dad just like grabbed her and was like pulled away and my first response was dude not even mad that was a good call bro i look pretty sketchy you know it's like i mean it was like totally so my only problem with knew it to hack is they need to get a dedicated shuttle from the airport because that is just a creepy moment so once you get to euro disney it's fine because you're among all the other 2000 guys in black

t-shirts and jeans but at that airport not so much so uh let's talk to a guy what country you're more familiar with he's currently i live in the uk eight years but i grew up in poland where i lived for 25. how did you find out about hacking from media stories told at the computer market exchange uh he says darn that sounds very old school says yes when a group called gumsy hack the nast main internet oregon poland and the only uh dot pl register at the time and then they followed on so i thought that was cool it's like that's a good way to learn it you've learned it from the media it's one of the few times where

i've actually seen me actually help people get into hacking in your region how is hacking scene by the general public in poland i guess it's mostly seen as completely illegal activity in the uk any wrongdoing with computers is called hacking and general public thrives on misguided media reports don't they it's like it's hacking your regency there's more for crime hackness nation state or other and poland is mostly crime hacktivism but there are reports of polish military ordering the creation of an offensive bot net which i'm sure is totally going to end well except for poland uh this came out via some leaked documents recently i.e a member of the public was bothered to read them from

the official government website so you know you've got to hate it when they you know find out those informations from the stuff that they published uh hacktivism is publicly visible but not much going on there's recently nation state we constantly get reminded that xyz is trying to attack us and now that we have elite cyber warriors volunteering from private sector to help spooks army develop offensive capabilities this is public knowledge after announcement by the government on national tv so in the uk it's all above and changing proportions once again and stuff you know it seems toward negative it's like it doesn't matter which region that i've seen yet and stuff you know it it seems towards

the negative well let's talk about the nation state uh and especially when you talk about the criminal aspect of it it's like it was really funny because i was in rousseff brazil and i was having a speaker dinner and i was talking to one of the hackers there and he was like yeah jason it's just it's not the same here in brazil man it's not that cool being a hacker here and stuff you know it's like hacking's not illegal so the girls don't think we're like edgy or outlaws or or anything and stuff you know they just think we're geeks and stuff you know they get money and it's like that's not cool and i mean how do you respond to i'm

sorry you haven't been arrested yet i mean keep going maybe you'll get jail time i mean how do you respond to that guy right so i was just like okay cool you know well good news is is that they brazil has recently enacted computer laws and stuff you know so now he's a criminal i guess right yay it's like so that was my experience and stuff you know in brazil with that one being stuck in my mind there uh but this guy's from brazil uh he found out about hacking from trying to get things done is that the hacker creta or what i'm trying to get something done i need to get how does this work how do i make it

happen because in your region how exactly you see the general public nowadays there's a mix of good and bad people sort of understand it back in the day early 90s internet wasn't quite widespread bbs's are stolen credentials the universities were the way to go all at the point in time unless you were doing something you wouldn't really be aware of hacking with online banking being implemented 96-97 bankers activities started increasing quickly in brazil bankers activities credit card fraud credit card theft and stealing from the actual bank accounts so uh they started getting aware when you know people started making money off of it attacking your regency is more for crime activists nation state or other

considering those that don't know anything about it and just see the stuff in the news mostly uh tied to crime and sometimes hacktivism in the corporate world a better understanding to ethical hacking you see a trend here i sent out this thing to all over the world this is not the cherry picked you know narrative of the responses i'm getting these are all consistently almost the same and this is when my talk started to change as well again for a second time it's like so uh let's talk about africa my only trip to africa was to egypt and yes i know a lot of friends especially in the middle east that jason egypt is part of the middle east it's not part of

africa but i needed uh i've only been to egypt it's on the continent it counts leave me alone it's called speaker you know uh what is that called uh prerogative there we go so uh so in cairo it was really cool about that was the conference the conference itself was really cool there first of all they were at a total disadvantage because they made me wear a suit and that makes me appear normal until you start interacting with me and you realize that's far from the truth so i feel sorry for those people right off the bat and stuff you know because they thought there and i helped swiftly disabuse them with that notion of me

being normal by doing rabbit errors when people ask me to take pictures with them and one of my favorite ones was a college student taking that picture you know that picture you take right in front of the the banner of the conference you're going that that i'm here picture you're not but i'm here yeah trust me everybody takes that picture it's like i take them all the time so you know it all it's always done it's like uh so uh he was taking that picture in his nice suit not knowing that there was a crazy american 20 feet behind him going like this totally photobombing him it was awesome i love that picture uh but what got me

there with the culture and stuff you know in egypt is how formal and just just so very just official and efficient the conference was with hackerson and i could not tell hackers versus government versus officials versus security people versus whatever at the conference but by golly when that conference was over and those ties started coming off and the jack i can start saying oh there's the hackers there's that guy there's that guy and we started having these awesome conversations once it was no longer an official event it's like it started becoming more relaxed more uh exchange more information exchange which is what i usually go for so uh this guy was like uh he's from

egypt he's like how did i find out about hacking and i love this answer this is the best answer i received through the whole all the summaries caught a virus in 2005 because a certain person downloaded a pirated game and it was backdoored wondered how those virus worms work learn some programming first by viewing sample virus sources and walk that road and walk the road and never went back awesome the guy was basically well i got pwned that's horrible wait how did that happen maybe i should research it taught himself learned went and developed and worked and got his skills up he's one of the best forensic analysts in egypt now and he started by just saying hey this

wasn't cool how did it happen let me go and try to find out and learn let me use my curiosity in your region how is hacking seen by the general public hacking is generally viewed as hacking people's facebook and yahoo camps how sad is that people they still use ahu that's just sad okay sorry but so hacking the regency is more for crime hacking this nation state or other most view it as a crime you know about hacktivism let that sink in for a second i was there a month before taha square this summary was sent out last year hackers are responsible for arab spring hackers the ones that got the internet going out to them creating the dns

entries and stuff you know trying to get tor going trying to get the the word out to what was going on there hacktivists did that and now to this day still they still see this crime

let's uh talk about the middle east now it's like i go to uh i go to there every once in a while and stuff you know and uh break into places and do bad things but also we have some friends there and it was on one of these times where i was actually uh with a friend we were in beirut lebanon at this coffee shop and my friend's friend uh was like he pulled up his laptop he said hey you wanna see something really cool i'm like sure it's like you know sure show me something cool it's like so i thought there's gonna be some new lol cat pictures or something right and he opens it up and

it's the interface command interface for the national telecom system and i was like cool he's like yeah i'm admin on it nice for the last four years oh it's like and i was like and so my question was like so do you have uh so you get free internet now you got free phone it's like are you listening to other people's calls it's like are you a little mini nsa looks like what do you do he's like no i mean the look on his face was just like why would you even think that and he's like no i don't do anything with i just have admin rights i just i just it up every once in a while and stuff

you know just to make sure i'm still admin on it that's all i'm like okay it's like it is like the wild wild west out there it's like i mean there's no concept of just the hacking that it's just more exploration just to see what you can do and wireless there it's like uh it's it's the internet there's is totally different so let's talk to a guy from lebanon it's like he found out about hacking through bbs and the mrc you know windows user in your region house hacking scene by the general public there is a huge lack of awareness also lack of exposure to more evolved countries hacking wise and just recent high-speed connections made it

difficult for young people to grow up with good access to that culture there are no landlines in lebanon hardly any it's like if you're in you carry your internet in your pocket with the 4g or 3g hotspot it's like that's where mostly all their internet comes from is through mobile units uh it's hacking your region scene is more for crime hacks nation state or other again the lack of awareness results in people just hearing about hacking on the news and since media just reports on cyber criminals that is the way they see hackers in general once again i like the way he's he worded that it's carefully worded that since media just reports on cyber

criminals because that's who they are it's like but that's what the perception sees is people sees hackers in general so let's talk about the us it's like everybody know bruce potter it's like from shmukan g-dad it's like i i love i love bruce because he's like one of the only persons that i will go and give non-consensual awkward hugs to because he runs the farthest and stuff you know it's harder to catch them so i make sure it's worth it uh and so uh and this is uh that one was actually taken to schmuck on a couple years ago uh one of the conferences i like to talk about in america is there there is there are a

lot of great conferences here it's like i mean you're at one of them right now it's like but defcon derbycon shmukon are like to me like the main points of my family reunion uh but defcon of course meeting the defcon fanboy it's like i have to say uh ten years ago i wouldn't be here right now speaking to you if it wasn't for defcon if it wasn't for a fact of the conference not giving me a chance because trust me i totally screwed up my first chance i was a total dweeb noob it was horrible it's like they gave me a second chance it's like and that's what made all the difference it's like they're giving me

that second chance to actually show what i can do what what what i'm capable of and creating a network of friends and family that i still know and keep to to this day i i talk more and know more about what's going on with most of my hacker friends from around the world that i know what's going on with my family in houston and stuff you know which always makes thanksgiving awkward which is next week so which i fly back to so uh but yeah that's my family it's like and this is my family this is my culture and stuff you know and that's why i talk about this and this is why i'm passionate

about it is i don't just see it as a community so um what country we're familiar with usa america uh how did you find out about hacking uh first experienced it when my roommate was talking smack an aol chat room i always talk with aol uh hacker changed my screen saying with your neatly scroll you've been hacked which is the surest way of figuring it out as soon as the mouse stopped moving in your region how is hacking seen by the general public negative for the most part we are demonized and publicized as criminals it's hacking the region seen as more for crime hackers nation state or other crime through the public's eyes this was not my talk

my talk was supposed to be about how malaysians really like hacker spaces and they create hacker spaces and in 3d printing and trying to make things and do makers spaces it's like my talk was supposed to be about how the germans are into encryption and privacy rights my talk was supposed to be about the brazilians and the cars my talk was supposed to be about the diversity of this culture the diversity this community but instead i found one uniting thread that united all of us were seen as criminals and i'm not happy about that and you shouldn't be either because this is who we come from these are hackers we are artists creators and inventors

alan turing on the left the godfather of cryptography saved thousands upon thousands upon thousands of lives during world war ii helping break the enigma machine after the war his social lifestyle led him to castration and then suicide that was the thanks for his service from his country nikolai tesla the godfather of open source we are befriend of so many of his inventions and discoveries because of the simple fact he didn't want to make a profit on it so corporations wouldn't back them so they gave that to freaking edison screw that dude it's like but that's tesla his reward the greatest love in his life was a pigeon he's a nurse back to health in central park the maid found him two days

after he died in his hotel room alone that was his reward ada lovelace the first computer programmer you know this whole women in tech debate you know uh hacker feminist barbie and stuff you know let me put this whole debate to rest real quick okay women started this industry they led us into it done into discussion her life story ostracized by her family until she died from the treatment of cancer not the cancer itself and yes i could talk about grace hopper you know or i could talk about leonardo da vinci because those were uber hackers but they actually did pretty well you know leonardo da vinci was surrounded by friends and family a prince gave him a

mansion to retire in it's like he died with relatives next to his bed he was very well loved and respected even to this day grace hopper had a destroyer named after her it's like rear admiral and stuff you know it's like one of the most uh decorated and commendated woman and stuff you know created the whole thing about debugging and stuff you know by finding a mod to the computer her life was totally freaking rocking it's like and that doesn't fit my narrative and i'm trying to manipulate your emotions okay once again you know i'm honest so uh so let's not talk about those guys let's just enter on these other guys right because that's the way

hacking you seemed my question is when did we become the villain in the story when did this happen 200 years ago we were inventors and creators and artists and now we're seen as this what happened 40 years ago let's look at some criminals from just 40 years ago some actual cyber criminals some computer criminals let's look at these guys these criminals actually gained uh they somehow got access to an administrator password they stole it and used it to steal the company's internal accounting file alan doesn't go into details about how they got the password they were hoping to decrypt the file to get one of the free accounts but they got caught and the company booted them

what was their punishment what was bill gates punishment for that that criminal got his access revoked his free access revoked and our punishment was we got vista but you know it's like that's how that worked that's how these criminals worked now if you want to see some real criminals we're talking some these guys straight up hood these thugs and stuff you know we're dealing blue boxes out of the back of their car and stuff on the street corner they were slinging that tech to anybody that wanted to pay for it that was used to actually officially defraud a company for the profits that they deserved for the services they were providing these criminals hated telephone

companies so much that i'm presenting on an ipad right now you know how many people are tweeting right now with their iphone about how much steve jobs hated telephones there you go that's what happened to these criminals just 40 years ago what happened four years ago in 2010 another young man who'd already founded a multi-million dollar company he already made his money broke into a utility closet at mit he hooked up a laptop to the campus network and downloaded four million academic journal articles most of them in the public domain they were already free from a paid archive to which he had a actual subscription to he was arrested indicted twice on multiple counts of fraud and a

trial that would have begun in april could have faced 15 years in federal prison and a 1 million dollar fine his name was aaron schwartz and the government handed them to death period that's how the criminals are treated now that's not acceptable let's look at some sentencing i'm not going to talk about who was right or who was wrong i'm talking about numbers jeremy hammond 10 years for hacking weave got 10 years for hacking he got overturned because finally someone realized new stuff you know doing automated you know earl transversals and stuff you know really wasn't a crime you know the whole wget is not a crime thing max ray butler 13 years for hacking

roman vega 18 years for hacking albert gonzalez 20 years for hacking justified or not let's look at some contrast may look richmond one year for rape he is already out and still on the high school football team uh trip uh jared uh becker one year for involuntary manslaughter of a firefighter doing his job trent mays two years for rape seth hornberger three to six years from voluntary manslaughter got a good lawyer to plead down jessica foreign five years for murder of a 23 month old toddler she was babysitting him bashed his head in i tell people if you want to commit a computer crime you better have a dead body next to you so you'll get a lighter

sentence and that would be funny if it wasn't so true and i had a guy come up to me and talk to me after a conference he said jason you know one of the problems is is that it's it's not this stuff it's just that we're used to murder we've had thousands of years to get used to people killing each other and raping each other and assaulting each other it's like juries are familiar with that we know that stuff but computers are scary computers are new we're not familiar with that and i thought about that it's like how incredibly sadly true that statement is it's like and we we we keep it going right we like to be the mysterious figures

guess what people it's like you be that mysterious figure but people but juries are made up of people and what people don't understand they fear and what they fear they try to destroy so good luck with that that's how that is and that's the situation that we're at now and how do they get those symbols of fear how do they become so mysterious how do we become these the shadowy figures of doom these guys look at these guys right here it looks like the freaking ass ghoul coming after me i want to throw a ring at it every time i see the picture it's like seriously frodo it's like and then look at all these other

pictures i mean how horrible is that i i tell you i lit i have a computer room that's got its own separate air conditioner okay that room is nice and cold it has never been so cold and stuff you know that i needed the hoodie and the ski mask at the same time okay this has never has happened and i know people some say that's like well they use they wear the ski mask and stuff you know so the webcam won't be turned on and they can see them so dude you're probably working in linux webcam doesn't work anyway give that up okay it's like that's just the way that is so it's like so this is what but one of

the things once again we don't like the public demonizing us this way we don't have to press representing this way unless we're the ones helping with that image and so you know i told miko i love miko he's a great guy but i told him it's like i had to put him in here to make fun of him because those other three guys are probably massage and they scare me so we'll just stick with making fun of mikko and stuff you know because they actually perpetuate this because remember i'll tell you a secret guys in high school i wasn't one of the cool kids i know that's hard to believe junior high i really wasn't one of the

cool kids it's like element okay i was never one of the cool kids ever but now we get to feel that way we try to live up to that hype because we want to be seen as the cool kids now we want to be seen as that mysterious figure they're using it against us sometimes though we can have a good counterpoint that's what i love about the hacker creativity because this guy chris j actually decided for halloween he was giving out candy on his doorstep dressed as a hacker and stuff you know a stock photo had the ski mask on the computer his raspberry pi was running kismet actual kismet at the doorstep as he was giving out candy

i thought that was awesome a nice college representation of the booth was actually is your network safe from ski mask so i thought and hackers are really good at responding it's like we're good at trying to respond so you know maybe not as much as proactive as we should be which is part of the problem but we can respond if we need to one of my favorite uh responses is from this article right here uh glenn beck criticizes watchdogs for promoting hacking what the heck is wrong with us what the heck is wrong with him and i just got finished from saying this in like san antonio texas and stuff you know the rest of the red state but i

still stand by this statement to this day being on the wrong side of glenn beck is being on the right side of history my personal opinion so it's like so i i just said it's like this is just overblown saying and fear-mongering but that was my response well here's another response which i think won the internet for this day was johnny bravo actually tweeted out i hear watchdogs teaches you how to hack going to expense for educational training purposes and submit for cssp creds once again that is one of the best responses i've seen it's like hackers know how to respond it's like give us give us a time we'll respond to it because we need to respond more we need

to interact more a perfect example is sterling rig's jerk off uh this is sterling riggs jerkoff i get to call him that because we're friends and this is what he wrote and i'm trying to say in his voice so you understand he says i don't know how i feel about this derby con happening at the hyatt downtown it's a convention for computer hackers sessions include password cracking hacker war games and a lot picking pavilion thoughts well it's the internet there were thoughts right never read the comments people it's just one of those things here are some of the comments greg trotman the lmpd and fbi should break the convention arrested people are doing the training they were

in training you idiot it's like michelle perry richard is scary she was scared there's four exclamation points freaking darcy fraser so terrified she could only use an emoticon it's like connie never i bet no arrest more like employment opportunities some really good ones thank you for asking jimmy smith wow that's insane did you read the rest of the comments jenny it's like sean goodman what about classes on mugging car theft and whatever witty else thing he had to say brendan newton wrote sean that's next week's lol she's the funny one of the group amber nicole sizzle i think it's stupid you didn't capitalize i i think you're stupid amber and jensen knows about them all

seriously i thought the targeted facebook ads on this thread would be for pitchforks and fire but guess what happened instead iron geek adrian crenshaw he saw this and so he tweeted out to all those lonely hackers in the airport waiting to go home from derby county hey guys y'all should check out this thread and comment on it and stuff you know and and add your stuff and we're hackers we love to comment right and so that's exactly what we did and and yes i have to be once again i have to be honest there was some trolling a little bit of trolling okay 90 okay we'll go to 90 of the comments though we're educational

we're informative we're trying to teach the people in there that were fearing us what we were about trying to show the people no this is what it was done we're trying to learn about these vulnerabilities we're trying to learn about these things so we can better defend you and protect you we're doing this because we need to try to protect the internet we need to try to protect your systems and if you're not if you don't know where the threats are how can you fix them so sterling riggs jerkoff did the only responsible thing a journalist can do when it no longer fits his narrative and the story no longer goes to what he wants to say

he deleted the whole thread those are the only three screenshots of it in existence because it's gone now because it didn't fit his story hackers weren't being scary enough for him hackers weren't being anti-social enough for him hackers weren't being criminal enough for him and guess what you're a hypocrite and so am i and i'm not going to talk about your hypocrisy i'm going to talk about my hypocrisy because i love making fun of the mcdonald's hot coffee lady does everybody know about the mcdonald's hot coffee lady she's the reason why coffee cups say coffee is hot don't drink shampoo toothpaste doesn't go in the eye she's that lady what up with her man she's a laughing stock she freaking gets

a little bitty burn and we all have to pay for it mcdonald's had to pay 2.9 million for this greedy lady that's an awesome story to tell for funniness except for one problem it's not true this is the mcdonald's coffee lady she got third degree burns over 15 percent of her body requiring skin grafts to repair the damage because mcdonald's served the coffee at 180 degrees to 190 degrees fahrenheit this list of people in pink were also people admitted to the emergency room for the same kind of damage she went to mcdonald's fixed me it's like you know pay for my emergency bills pay for my bills not pay me money pay for my bills

mcdonald's reply at first was here's 800 no fries with that so she sued him the jury awarded her 2.9 million dollars that is not a number that they just came up out of the air that is two days of coffee sales just coffee sales no happy meals just coffee seals for two days at mcdonald's she's not even received five hundred 500 000 of that so we're hypocrites because i loved making fun of this lady because the press told me that it was okay to make fun of her the press told me this is what the story was and i believed it and i didn't go any further into it and she didn't have a voice to say it

was different here's one that makes the hackers a little upset because what about these guys the police defending against police hating hackers why would they ever get that image of us hating them right except for that they're fascist and stuff you know and they're trampling our rights and they're trying to shoot us all the time besides that you know it's like why would they think that well guess what hypocrites here's some police officers they don't look so deadly they don't look so bad they look like they're actually there to uh what's that what's that protect and serve maybe they got that job because they wanted to help people maybe they got that job because they

wanted to actually be these people and that's what they're there for but but you're saying but they all posed for these pictures they all knew these pictures were being taken what happens when you see them when they don't know that they're being taken let's show some pictures of when they don't know when they're being photographed like when they're buying titty shoes for a homeless man when they're carrying the groceries for a paraplegic and stuff home for them when they see a lady in her family in the rain and they put her in the back of the police car so she won't be wet it's like when they go and find out that a guy who was delivering

pizza for his job and stuff was in a car accident they delivered the last pizza for him they didn't pose for these pictures they didn't want these pictures taken they didn't know they were being taken they were doing their job they were doing what they were called to do helping others that gentleman right there in the middle the last thing he did on this planet was feed that child walked out of that restaurant and was killed not because of who he was but because of what he was because that's part of his job to take that bullet so a normal citizen wouldn't those are police officers there are over 800 000 police officers in this country

you show me a pool of 800 000 doctors and you show me that they're all good you show me an 800 000 pool of firefighters and you show me they're all good you show me a pool of 80 lawyers and you show me that they're all good the problem with the police is that we're hiring humans and until you stop hiring humans that's you're going to keep having that nobody's perfect well then you got robocop and that's a whole other talk it's like but there you go that's what you have to worry about it's like we're just as hypocritical because we see the press now we see the story and the narrative that police officers are just fascist not

understanding that is a small representation a very small microchasm of the general thousands and thousands and hundreds of thousands of police officers are going about their business not making it to the news because they're saving people's lives and they're doing their job and they're not doing it for credit they're doing it because that's what they were called for so if you don't want the press to see you as a as a criminal stop trying to see every police officer as a fascist because the press is doing the same thing to them that they're doing to us so now we know that there's a problem what do we do about it how do we go about fixing it

it's like well guess what this isn't a talk of doom and gloom and stuff you know and trying to reclaim the word hacker there's a talk about saying we're already doing it you've got jay coons you've got jobs you've got bill gardner uh evan booth you got dan kaminsky krebs on security one of the best reporters on uh information security and hacking and stuff you know is out there and then you got dave kennedy you may have all seen dave kennedy on fox news and cnbc and fox news testifying before congress and then on fox news and then uh on uh well katie couric show and then fox news it's like whenever i see him in real life and he

doesn't have a fox chiron going underneath him it's like it just amazes me it's like you know so uh but i mean they're actually one of the things i like about it it's not because that they're reporting that they're out there it's because dave says i'm a hacker and i'm here to protect you i'm here to help we're from the internet we're here to help right it's like that's always good that's always reassuring right it's like that's what i like about these guys they claim i know it's like and i think that's adorable okay it's like uh but that's that's what's so awesome about this is that you're trying to do it because trust me my question though

isn't like oh kudos to these guys kudos to these guys for spreading the word they're doing a great job we're good why not you why aren't you out there helping why aren't you talking to your local press your local newspaper your local television show local writers and getting the proper right information out there saying hey i do hacking so you know i do security this is what this topic is about you can do that that's not trying to you know fame mongering or trying to get your name out that's trying to help your community get better educated that's what you should be doing because if you don't do that guys like this will i'm not sure if you're familiar with

gregory evans he's the world's number one hacker or the one number one hacker full of number two as far as i'm concerned it's like because if you're not then you've got these other guys just spreading the information stuff you know for profit and that doesn't help anybody but them so i decided to create this site it's called ironing it's like all it's basically doing is giving you information and resources to help you become a message out there to help you better educate people to get better information to help spread the word of what hacking is and what the security threats are and i had a just recently i just uh when i came back from

this one conference i started some people arguing on twitter one of the biggest responses to me was wow jason 1990s called they want their uh debate back he's like oh why are you fighting this hopeless war about hackers screw you okay because i don't choose a fight because it's easy i don't choose a fight because i think it's winnable i choose a fight because it's right and that's what we should do we don't give up because this word is gone we don't give up because that's the way the press is reporting it we keep going because it's going to actually win in our favor if we keep up the fight instead of giving up and losing and

adding more facebook likes and trying to get enough retweets to make change happen that's not going to work you see people attacking josh corman and i am the calvary and i don't just agree with everything that he says but by god at least he's trying to do something about it at least he's trying to help out people at least he's trying to help create this community what are you doing besides creating parody accounts and attacking people online get out there and do something or shut up and let someone else do the work that's what we need to think about it's like this word is not gone this word this war is not over it is until everybody starts giving up

and thinking that it's okay to be seen as a criminal i'm sorry this is what we do blood code one of the biggest blood drives in nevada state history done by hackers be the match at defcon for marrow donors done at defcon hackers trying to help save lives thomas wilhelm has saved a life by donating bone marrow what are some of those parody accounts i've done to change something johnny long hacker changing uganda creating a job employment opportunities creating hope in that place and he's a hacker his whole thing is hackers for charity which is great to explain on a t-shirt and stuff you know once like how dare you hack charities you know it's always a good conversation

starter trust me it's like so it's like he's out there doing good works and when i talk about global i mean global what about this guy in the middle china eagle i know some of you intel guys know who that guy is but he know what else he does he's the johnny long of china he goes throughout western china and puts in computer systems for rural schools trying to help them get onto the internet help to educate them he hates criminals he hates carters he puts them in jail for china it's like because he's a patriot and i love the reaction like people are going wait wait you can be a patriot in another country

they have those is that cool you know it's like they do he's a great upstanding citizen a great person he's just you know playing for the other team i guess right but you still have to respect that because our community is not based on boundaries our community is not based on geopolitical ties or race or creed or sexuality our community is based on what we have in common what unites us and that's that human curiosity that human curiosity and drive to want to do something different and want to make something happen that's who we are that's what our community should be about not by the weird stupid things about imaginary lines on a planet here's some other hackers

dual core educating the masses through his music you got eddie the yeti with his art saying i'm a hacker i break into buildings for a living but look at all the cool art dudes and he doesn't just do regular art he uses organic ink and materials and stuff he hacks art it's like he uses soy sauce and all these other mediums and stuff to create as art fabs once again she hatched the machine she has sewing machines to create different patterns to create qr codes and she creates a human genome on a on a scarf it's pretty awesome it's like that's a hacker and you got hacker strip in india it's like a freaking flood flood selling fraudulent

tour box and stuff you know on kickstarter gets over 50 000 in less than a week they're asking for 10 000 on indigo to create a graphic novel to help educate people and teach people about hacking through cartoon forms they haven't even gotten to three thousand dollars yet because people want the fraud box because that makes them feel better it's like so this is what the people these are hackers out here doing what they do and we have to do that because trust me if we don't who's going to because we've got people like this out there hackers are breeding i know it's a you know a funny thought and scary thought but we're actually creating offspring

okay and do you really want your child to be in the world and stuff you know where when you when they tell their schoolmate that my dad's a hacker my uh my mom's a hacker and they say well hackers stole my dad's credit cards a hacker stole my mom's email do you want to live like that do you want your children to be able to see that and that's wrong and that's on us because one of the biggest problems we have is we like to think we're special this thing says future hacker wrong born hacker we were all born with that curiosity we were all born with that innate ability to say what if it's like i am

sorry to tell you you are not a special snowflake in this special snowflake blizzard people hacking is part of who we are it's in our dna it's just what we do and until you stop trying to be that special one and making those people feel like they're not because they don't do hacking and instead start educating them and telling them you're just as a hacker as i am you just don't do something with it the way i do it you do it this way or you try to do it this way it's like you're still just as much as a hacker they're still going to see us as the odd ones they're still going to see us as the outsider

and that's something that we need to change because these are hackers it's like look this is how it starts it's like this young lady in the lower left-hand corner's grandfather has parkinson's so what did she do she created a cup he could hold and drink without having to spilling it it's done so much as being mass produced now for all parkinson's patients this uh this boy up here in the upper uh corner and stuff you know grandfather has alzheimer's so he created a revolutionary product for them it's like uh right here is reuben paul eight years old presenting in new delhi at a conference getting shell through metasploit and set on cali linux and stuff you know on a

windows 8 machine he's already developed apps that are available on the app store it's like that's what he's doing hacking is who we are it's as soon as we're uh able to go out and start we started social engineering when we were in diapers right we've all social engineered hey if i cry more i get more that works right we were born with this ability so now that we know it now that we see other people doing it why can't we change it why is it a hopeless cause why is it a unwinnable war it's not if we don't give up it's not if we just keep the voice going keep the conversation going not the

screaming which i do a lot of not the tweeting not the liking but the communication create the conversations keep them going and i know that's hard for us because you know we don't like to actually interact with humans because they're scary and you know all fleshy and stuff right it's like but we have to we have to reach outside of this echo chamber this is a great talk to give to you because you all agree more or less with what i say and stuff you know about the image but i've some of the best talks i've given were to intelligence and security analysts in san antonio was given to a bunch of bankers and stuff you know on the west coast

giving it to the people outside of this group outside of this community and showing them what hackers really are letting them get upset with some of the stuff that i said but it created a dialogue and he created great conversations where they got to see what hacking is really about and how i see how hacking is because once again this was my perceptions my perspective and i also put that quote in there for wendy because she's cool and i wanted to make her happy that being done that being said going totally over it's not as over as i thought it would be i'm done

Keynote Speaker

Related talks