>> Welcome to DEF CON. I'm Russ- Chief of Operations this year. Hi Russ. Thank you. We have lots for you. We have our wonderful speaker Goons. Is Jeff Moss in any of these seats? It's been a long time to get to 22. We'll let some other people talk about the theme and how we got to this and you can read about it in the program as well. Does everybody have the red glasses this year? I hear a lot of no’s and a lot yeses. If you don't you will want those. All the signs and programs and everything you will find some interesting stuff. So the kind of theme this year is disobey and that's what we're all doing. All right. Welcome to the conference. How many of you are new? Who has not been here before? Holy crap how did you make it 22 years and not realize this was here? I was drunk. I was trying to answer a call. So there's an active badge contest every year and there's one going right now and he's got a super secret phone number and he's gotten 30 calls in the last 5 minutes. So we're going to answer one if they call while we're on stage and you guys can taunt them appropriately. So yeah. I figured out when we ran out of badges that we had a lot more people than we expected. Surprise. We can't tell you how many badges we had. It was more than 100 obviously. Hey is there an echo up there on the top? I also wondered. Did you see the delay? It took a second for the sound to get up there. Hello? >>Hey Russ. >> Are you in the audience? Are you in the opening ceremonies? >> I'm right here. [Laughing]. >> The lights are killing me. I can't see who it is. So quick question for you. When did you find the number? >> Last night. >> So you were one of the hundreds of calls I got at about 3:00 this morning? >> I think it was 11:00. >> So these calls happened all night long last night. Anyway we'll talk ‑‑ >> It was a good idea. >> We'll talk more about it. Anyway give the guy a hand. [Applause]. >> All right so we have a lot of really cool stuff going on this weekend. I hope you guys will stay involved. Remember this Con is what you make of it. If you sit on your butt and don't do anything you are going to get a fat butt. If you go to talk and meet people and interact with contests, the organizers and that kind of stuff you learn a lot and leave here happy and the world will be peaceful and gummy bears from now on out. >> I love you Russ. >> I love you too. I will let this go. Look for some surprises. Is it today? Later tomorrow? We've got some stuff coming that's not in the program and it was unannounced and has caused our security goons no end of headaches but look for cool stuff. Make sure you move around and get to the contest areas. This is l0stboy. He made your badges. He loves you. Good night. >> Do the hands one more time for those that this is their first DEFCON. Even up top? Man that spot is killing me. Wow. How many of you from out of the country? Wow. Welcome. Give those guys a hand for traveling here. [Applause]. How many of you didn't understand that question? [Laughing]. >> Oh welcome you guys. Friday morning. For those of you who are new and unaware so we do like 101 and stuff like that on Thursday but today is the day we officially open the conference like Russ said for the past years it's been Russ and I doing the opening ceremonies. If you want to talk about that we can talk about that later. Welcome. We're glad to have you. Thank you to those of you who traveled. How many of you had a clue what to expect before you came here since we have so many newbs this year? Seriously knew what you were talking into? How many still have no clue what you're doing here? Yeah. That's how I feel too. So Joe Grand did the badge designs for the first 5 years we did electronic badges and then he went and was doing his TV show and Jeff stepped up and asked me to takeover doing badge design because of the work I had done on the mystery challenge. I would like to tell that story kind of to set the stage for what it is that's going on that might help explain to you guys. So it makes a little more sense and also as words of encouragement to try to get you involved in the conference whether it's through contests or talking to other people. My first DEF CON like many of you I came by myself. I didn't know anybody. And I competed in a contest and I actually wasn't going to say that but thank you for the comment and we're getting another phone call. But through that contest I actually met my lovely wife who is here in the front row today. [Applause]. So the prize in the contest may be companionship. Wait, does that advocate something that we shouldn't? Anyway so the mystery challenge was a contest and what we were trying to do is increase the participation in the badge challenge because every attendee gets the badge and the bar was set high so you had to spend most of your time doing this. In fact a lot of people came just to do that in the later years. So my first years we decided not to do an electronic badge because everybody came to expect it and we're trying to change things up. And the badge focus was the stuff around it, the mathematic I cans, the social engineering and all rolled into one. The intention was everybody would have something they can do in the contest and it would cause them to find someone else with the complementary skills so it would increase communication between the attendees and I try to do that every year. I try to design things into the badge contest and challenge that forces you to interact with other people because some of us as you know have a certain personality type that may be less than favorable to social situations. Is that a nice way of saying that? As I speak in front of thousands. So for me it's all about the people. I have to sit down and the problem I face every year is most of you guys are way smarter than I am and I have to come up with something that's entertaining for you that's not ridiculously stupid simple so it keeps you intellectually entertained but also solvable in a finite time. So trying to solve the problems in the real world you're trying to make an unsolvable or unbreakable cypher. I'm trying to break one that smart people can look at and solve. So I have to introduce flaws into the systems that I design. And I found that it's actually the same process that we as hackers go through finding the flaws except I'm implanting them in the system instead of discovering them. It's kind of reverse engineering if that makes sense. So let's talk a little bit about this year. First of all, are any of the Parallax folks in the audience? Did any of you folks make it ‑‑ Ken can you stand up? [Applause]. Oh Chip is here. Chip stand up. So I don't know if you've all been watching the Twitter feeds. Those that haven't looked at the badge it's the Propellor chip from Parallax. They are near and dear to my heart. Chip is the creator. The grandparent of what you know as Arduino. Chip started that whole thing of taking the microcontroller and making it more accessible for the audience. A lot of people don't know thatch they've been birthed into the community. Those ‑‑ how many of you remember the basic stamp? Yeah. Give it a hand. [Applause]. So there was some answers ‑‑ there were some instances that happened. There was a badge design done prior to the one that you have and it used a different architecture and some things happened and I had to move to a different architecture with an incredibly insane time scale. So I called up Ken and said Ken can we make this happen and we turned this around in an insane time scale for production. And to make the real punch at the end we have talked to Chip and Parallax announced they open sourced the chip. They announced here and on the website. Right? So they have open sourced the Propellor chip on your badge and Chip is releasing code you can all download so you can emulate your badge and different things like that. [Applause]. So in addition to Ken is John in the audience? There's another name on the back of your badge which is John Williams. John was a co‑worker, a colleague when I was at Parallax and now those that read nuts and bolts magazine you see articles he has written. He's a dear friend and due to the time scale referencing back to I found my wife at DEF CON I was slated to be married one week after we started design on the batch this year. I called in a favor from John and we worked together along with the guys at Parallax and put this together. Because John and I worked on this together I put his name on it as well. He will be here in the hardware hacking village. So if you have questions and things like that many of the libraries that we use when we wrote the code for the badge are John’s; I extended Chip's serial object and things to add elements and we gave you all that code on the conference CD so you have it. All the software and tools for development for the architecture are free. So you can go and start messing around with your badge. So give those guys a hand. [Applause]. Because honestly it would not have happened this year without John and Parallax. It would not have happened. In addition to that if you want to see more interesting things you may have noticed there's a talk this year on the prop lane that's Russ and myself and other folks take the DEF CON 20 badge and you can use this year's badge to do encrypters with your badge. So to facilitate that everyone take your badge and look at the front. Look underneath the chip. You will notice there's a series of pads for those that are not familiar with the PCB lingo. Those are the parts that you would solder to. There's exposed copper pads but those that do design and familiar with these may wonder what the hell is that. So we took a circle pad and we basically split it in half with a trace in the middle. If you want to remove a part that's connected to the chip you take a razor blade and cut through the middle. There's a thin trace connecting the two halves of the circle so you hack the part off the board without desoldering the part. If you we want this part back you solder across those and bring it back again. But that gives you the ability to remove components from the board electrically and you have break outs of all of the IO's on the side so you can use this as a development platform or as something to mess around with. So we tried to facilitate giving you something at the caverns after you go home is in a useable form and those that have not programmed a microprogrammer before, you are ready to go. You're welcome. [Applause]. Those of you that are new, there are elements of cryptography in linguistics embedded throughout the conference. You may have noticed strange symbols and marking on your lanyard. We're trying to involve all aspects of the conference in the badge. I'm trying to draw more people in because we don't have moments like we used to anymore because things like Google. Now people have instant gratification and instant solutions to problems. I think magic is ruined in the world because of the internet which is sad and I'm trying to bring it back through the stuff I do. A kid if he wants to know how magic is done he looks it up on Google. And that kind of magic and mystery is stuff I enjoy. That's why my first contest was called mystery challenge. So we're very, very happy to have all of you here. This is DEF CON 22. We've going going for 22 years and the only way this conference goes is from people like you. We're appreciative to have those that traveled from so far. I said this in my 101 talk. No one in this conference is unapproachable. If they are they're a Dick and we don't want them here. So...  [Applause]. I mean I was just like you guys and look I'm ‑‑ I'm way not as smart ‑‑ see the grammar there. I did that on purpose for my mother who is in the front row. Say hi mom. [Applause]. Okay. Now to answer a question I've gotten both from email and Twitter for the past days, the next question is how do I get involved in things like doing the badge challenge. Find a group of people marking codes on the floor or people looking at the back of their lanyard. I put it on the part behind your neck for a reason. Because it encourages you to talk to somebody because you can't casually walk by and see what they have on their lanyard. It's actually an inconvenience to take it off. So it fosters a temporal buffer for communication. That's why it's annoyingly on the back of your neck instead of easily on the side. Please come up and say hi. I can't give you anymore information without spoiling stages of the badge challenge. I have embedded in the contest means of finding hints and things like that. Next year I hope to do some more interesting stuff. I'm going to clear it with Russ and Jeff. I have big plans for next year and I'm trying to build off this year. So I'm very humbled when I come to DEF CON every year because people complement me and say we love the stuff you're doing and it still dumb founds me the stupid stuff I do is found entertaining by you guys so thank you. Thank you for ‑‑ [Applause]. We were hoping Jeff might make it but is that going to happen Russ? Do you know if Jeff is going to make it at all? >> Hello. [Inaudible]. >>Hello? [random sounds] Hello? Oh they skipped it. I want to see what they put. Hey, Jeff is here. You made it. Everybody the reason we're here, Jeff Moss. [Applause]. >> So we totally did not plan that. I'm walking down there and I see my name. I was like I better hurry the fuck up. Thanks for coming. So I don't know what they've said so I don't want to contradict them. No I just want to thank everybody for coming and point out a couple things we try to do every year and I'm not sure if Russ covered it. But one of the big challenges doing a show like this is ‑‑ what do we do with everybody? And it turns out we don't really have to figure that out. You guys are smart enough to figure it out yourself. We just have to give you opportunities and you'll do whatever you want. So this year we've tried doing things like the privacy and crypto village. I'm trying to come up with new villages. Split you up so you can meet people that are like minded. Maybe you want to chill out and meet other people. How do you do that? We have a hardware hacking and we already have WiFi. Well, maybe now there's people that want to do defense. Let's try to grow the forensic side of the business. Okay we'll do the giant wall of sheep village because those guys wanted to step up and try it.  it was like unleashing… like a tidal wave. We can give you your own space. Great we already built a village. Like a village. You look at that and they go crazy. Oh we're going to need like 19 projectors. That's like a third of all the projectors for the whole conference. No we really need 19 projectors. So I find this community you give them an inch and they take a mile and invent really cool stuff so I'm thinking like this one small thing and they come up with this whole universe. And that's what so awesome about this community is because it's exceeded my imagination every year. I mean every year shit happens that we would never have conceived of that you guys are like oh yeah of course I have to connect the pony express to the blimp and drift it over the pool and get the porn star's phone number. I mean that's what you do. Right? It's like, yeah I guess so. Yeah I was going to do that… later. I haven't gotten around to that yet. So then this year we also have the temper evident village turned into a village and now we've expanded that this year there's a badge counterfeiting contest. And so I'll give you history there. It was every year people tried to counterfeit these badges and every year we would try to make it harder or a little different. So part of the reason we didn't tell people what we were doing is we wanted to make it hard for the counterfeiters. Well, they’ve gotten REALLY good! If you gotten to the point you can counterfeit it, if you can do that you should probably just be allowed in. Isn't that the right mentality? [Applause]. Yeah. So we're like well we don't want mass production that's against the spirit but if you yourself can do a run off that's so awesome that gets past everybody you probably spent most the con your room so you should probably show off how cool and how you did it. I would love to get a talk together and have them talk about the challenges of the badge and how they got around it so we can learn. Finally one of the guys came forward and said that's me. I was the guy. So now one of the guys is running the badge counterfeit ing contest. We had Ryan on the phone and Ryan designs the badges. So he was like well how did you get around the flame mark on the titanium. Oh well that was lemon juice and an oven at 400 degrees. Yeah but that had a unique twist. Yeah but you rub a thing in a linear direction and spin it. So it's really awesome. You think you're inventing the super technique to defend and they come up with an awesome attack with lemon juice and a gummy bear. So... So this year that's a contest. That's a thing. I want to give people the creative outlet. So I want more ideas. This year I was doing this media server every year and I want to make this awesome media server and you guys are going to download everything. Then I realized if you plugged in and tried to download everything you would be here for 5 days. You just can't download fast enough. And talking to a friend he was like that's an interesting engineering problem. How do you move that much data to this many people if they want it? I don't know but I probably need like ‑‑ so now I have ridiculous hard drives with like RAID 10 with dual 10 gigabit networks bonded. That's still not going to work. I'll buy hard drive duplicators. Nothing beats anything but a fed ex truck of hard drives. So now we have 6 of these dupers that do 11 at a time and you can check in the morning and at the end you will have a copy of all the Con video I can find and it's in beta still and I'm realizing that's not fast enough either. It takes 11 hours to dupe one 4TB drive. >> [Off mic] >> I thought it was going to be 3 drives now I got basically everything to fit on 2 drives and the queues are filled up and we're done. That was like $15,000 of hard drive dupers and it's done. We're full. So next year we'll do a disk duplication village. [Applause]. Because I realize I'll go broke trying to do any one thing for everybody. We just can't afford it at what we charge but if you guys bring all YOUR hard drive duping equipment... See how that works? That's really good. So this is how things happen. So I just ‑‑ I don't want to redo everything they said but this is the spirit of DEF CON and I want everybody to feel open and involved and take a chance and start something up and I'm just really excited that everybody is here and sitting paying attention to what I'm saying and actually caring. So that's really cool. And don't be intimidated by the Vader. This is a friendly Vader. So the only other thing is there's always a little controversy. This year you might have noticed the TOR talk was pulled. Other than that, there's not too many talks that have been pulled. This is something I want to ask you. Who here by show of hands or applause does this feel to you like the top of the DotCom bubble a little bit? You know the energy, the opportunities, everybody's got something going O everybody's got full employment if you want it. It's starting to feel like the DotCom. Let's do something with it before it explodes in the next couple years. >> [Off mic] >> Thirty to 40 percent is new. Yeah. >> [Off mic] >> No. I don't want to call them out because they might be embarrassed. Who here this is the first time to DEF CON? Okay. How did you hear about us? Raise your hand if it was a friend, word of mouth kind of thing. And who here because of our advertisement in time magazine? So that's how we've grown. There's no money for advertising. >> [Off mic] >> You'll deposit the money with me after the Nigerian Price gives it to you. So that's how we grew, word of mouth. Turns out that's the most valuable advertising there is in the industry and also the thing that's free. So I'm all for that. Because we can't compete against the marketing of an RSA, nor would we want to. We have these debates should we change this part of the CON? You know, if they don't want to come they won't show up. It's like if we don't want them to be here or they don't want to be here that's fine. I can go and uninvite and say hey feds take a year off because I don't have like a marketing engine or P & L that says I have to get as many people on the planet here. No, it's like I need the right kind of people here. I need people who want to be here to be here not that have been ordered by their boss to show up. So a lot of times it's like that might not be corporate friendly and the other half of us say you know what we're a hacking conference, we don't really care. So that has given us so much freedom to do what we kind of want to do and look at how many people respond to that. How many of you by show of hands are happy that we've never ‑‑ we just don't take sponsorship dollars ever. You don't see an advertisement anywhere. [Applause]. So like that would be really great if I had all the money from the sponsors but then you get these problems like I really want to speak and I just gave you $40,000. It's like well sorry guys you don't get to speak. I don't want ‑‑ >> [Off mic] >> You don't have anything to say. [Laughing]. So we can avoid all these problems. And I think people respond to it because you just want to be here and you don't want to worry about like what's the hidden agenda. I want you to worry about his agenda and his agenda and connectivities. I would love for to you tell me if you respond to that or if that was the thing of the 90's or 2000's. Everybody has sponsorships now so what's the big deal? I think there are things about the show that you like and I want to know is there something new you would like to see. You know? So we always try to adapt and the show is a reflection of the people who come so sometimes when you hear complaints like man I wish it was like it was 10 years ago. I do too. But don't you want more people to know what we're doing? Don't you want more people to be involved and excited? It's more of a ‑‑ if you're excited and engaged it's a win. It's not how many people are here it's how many of the right people that get it are here. You know? Because that's sort of our mission. So I don't get too worried about the numbers ‑‑ there's plenty of shows to go to but this happens to be the one we run and we're focused to get the right people. I'm amazed you got up some early, I got up a little later than you. Maybe I was up a little later too. I'm not sure. But I know there's no sleep till Brooklyn tonight. I mean we're ‑‑ >> By the way ‑‑ yeah, please. [Applause]. One more time thank you Jeff. Twenty‑two years. Thank you. [Applause]. And I can tell you in working with Jeff he's not just blowing smoke. He really does take your feedback to heart and and thinks about it and stresses over it. If you do have legit feedback, this is not one of those where you go to /dev/null with your emails and all that. He really does go through the comments. >> The reason you see all this text at the bottom of the screen is we give away all of our content for free as fast as we can and sometimes it takes a while. A professor in the one of the UC California systems says is it okay if I use these 5 videos I use them for teaching. I said sure you can take it for whatever you want. The attribution, the trademark on the content is not for commercial use. So it's copyright free except the commercial use is prohibited. However I say that. He said that's great but in California next year I can't show to my students anything without subtitles. New law in California. I said that sucks. All my content is no longer going to be available? If California does it everybody else does it and now teachers across the country and our countries aren't going to use DEF CON talks. That's no fun. And so I better figure out how to get text. And that runs into this huge adventure how to get subtitling. So that's time consuming and expensive. But it is so cool because now it's translated on YouTube into other languages. You find people in Japan and Mexico translating it into Spanish and Portuguese and so all of a sudden now we're reaching a global audience just because one professor said it's going to be a problem for me next year. So that's the cool ‑‑ [Applause]. >> Questions? What do you want to ask? This is the time. Do it. >> [Off mic] >> So why was the TOR talk cancelled? I don't think I want to say anything you didn't read in the newspaper. Nobody has actually talked to those guys. They're like totally quiet. But the rumor mill or in the intelligence committee they say the RUMINT was there was a break down in communication between them and the University and and somehow they got ahead of themselves and didn't follow all the publication guidelines of the University and that created drama internally. It wasn't the NSA bringing down the hammer like it was reported in some newspaper. It was great drama and headlines to read but from what I can tell that's not what happened. Half of the stuff is fiction if you read about it. >> How many of you didn't come because DEF CON was canceled? >>I want to comment on that. It's a long running tradition that DEF CON is canceled.. If you put on your red glasses and look at the Welcome Banner, it actually says DEF CON is canceled as you're walking into DEF CON. So some of you may have seen a tweet that went out of a resignation letter from Jeff. It was well written and people said I will miss Jeff. All have to say is, Read the freaking domain. Since when do we put anything out on dot WS site? Really? That kind of thing we take it in strides and encourage it. Jeff was talking about no sponsorship and not worrying about the numbers. We try to talk people out of coming to the conference to make them think it is canceled through legitimate channels. That's just how we play here. >> You have any other questions? The question was registration faster please? I'm sorry about that. I don't know what happened. I mean DEF CON 20 our 20th anniversary we knew there would be a lot of people. We knew there were going to be lines but not hopefully too long. Since there every year we add registration staff and normally there's a surge on Thursday and it goes for a while then people come over and people drive in from LA and Friday people get off work and there's patterns to when people show up. Not yesterday. Everybody showed up in the same 4 hours. Like where did you come from? Black Hat is still running. There's 7,000 people down the street. >> They human DDOSed us. >> Yeah, a human DDOS. [applause] >>So in theory, you guys have owned DEFCON. >>Sorry about that but something changed this year and now your pattern is everybody all at once start at the beginning. >> [Off mic] >> We have more ‑‑ we love them. We call them the reg‑grannies. There's a contingent of people in the Vegas area looking for work and they're nice and retired so we hire a batch of them every year that hand out the badges. They're really cool to work with and every year we increase and increase and increase and now we physically have ran out of space to add them. Ha ha. Registration village. But you have to have a badge to get in. So the badge situation you don't care because you have a badge but for everybody that doesn't ‑‑ we're not making more badges just because it's a big giant pain to get ‑‑ everything is done in quantity and you get lead times and everything so we can't just do another small run of badges. If we wanted to do them again we would have to do them in the thousands. I over estimated. There's a reason why we have over a thousand DEF CON 20 badges laying around. Because people were saying you're going to have 15,000 people. I bet you will have 20,000 people. We were terrified. So we went out and bought a sh- ton of badges. Like at one point I'll say the number but I had $68,000 of badges left over. I'm like, huh, what am I going to do with those? Give them away or get universities to hack on them. We gave some away to hacking spaces and did whatever we could with them but not a bad situation this year to be able to give away badges we have laying in inventory that have the same processor to do the exact same thing and that was not by design. No that was by design. Yeah. Yeah. Yeah it is. That's just how it works. So the problem is somebody on Twitter said that sucks. How can't you can't manage this. It's like we stress out for so long. But did you notice you paid cash? We don't do preregistration for a reason. We don't want to be an attractive target to subpoenas. So how do I order the right number of badges? And if you can figure that out it's sort of like the Net Flix challenge. If you can optimize my movie rentals by a percent it's worth a lot of money because I have not enough badges or thousands too many. Take bit coins? Yeah, you fuckers are going to hack that stuff. Then I'm going to be broke then the day after I'm broke, you will be rich. And it's going to be like... So... Anyway... So yeah it's not like we're just asleep at the wheel. There's some hard problems left like how to get you all the content, how to get you all registered but we're working on it. Everybody is pretty forgiving. When you explaining I try to be transparent about everything. You don't need to know about the background drama like why that screen not as wide as it should be. But I try to be really ‑‑ but I try to be as transparent as possible and I think people respond to that so that's one of our ‑‑ that's one of the things at DEF CON. We figure you're adult enough to make your own decision so we will tell what you it is and if you don't like come up with a different conclusion and good for you. So we want to close it out get ready for the next talk and everything but I want to really, really ‑‑ I'm not shiting you. I really am happy you're here and want to welcome you and if you have any questions just ask. Because people love teaching and that's where we're about so cool. Have a good time. Come to the parties tonight and come to the movie screenings. Thanks a lot. [Applause].