 Title: The [REDACTED] Notes

[WEDNESDAY, 13:00]

This is the first post for what will be my coverage of DEFCON 26.

I know a lot of press reporters this year are trying to go the whole livestream route. Or Twitch. Or whatever cutting edge try hard nonsense is popular.

Taking a step back and doing some low-tech journalism. These notes will be real-time text-based free-to-read copy. Comments are disabled. Enjoy.

Message sent to my phone this morning included a reminder on my crap sense of direction.

“Flight takes off at 23:00 tonight. Don’t end up at the wrong airport, again.”

Sent to me, from me about two months ago. Set it up right after DEFCON confirmed press credentials.

Identify yourself as press. If hackers can spot a Fed, the can (and have, if DEFCON 15 was any clue) spot a reporter.

No point trying to hide when you’ve got a job to do. Not from hackers, not from the government. Especially considering that the current US administration turned “press” into a four letter word.

Fake news jokes aside, Feds are looking for reporters looking for Fed leakers looking for reporters. They’re getting good at looking. My advice is get good at hiding in plain sight.

[WEDNESDAY 16:00]

Made last-minute prep for coverage this year. I'm getting paid to write up a “Wonders of our brave new techno-dystopian future” article or some such nonsense. These notes will be a little less fluff.

Sent some emails out. Tweeted some #journorequest queries on anyone interested in meeting. Scheduled an interview for Saturday night at an off-site party. Some mansion rented by [REDACTED].

Had to pester, beg, bribe, threaten and spam I don’t know how many publications before I got one that wanted to back my freelance coverage, and I ended up with a sunshine and butterflies type.

The other pubs are balancing costs and risks. Scared to attract unwanted attention. Scared the Feds already put me, and by effect them, on a watch-list (according to the FOIA request I sent to the FBI, I am. But who isn’t these days?). They’re scared some NSA intelligence specialist will try to leak documents to me – implying you need to meet at a hacker convention to do that.

Nonsense, I told them. A scrub reporter getting arrested by the Feds just for being at DEFCON is about as likely to happen as DEFCON being cancelled. And readers have never been more interested in pushing back against government tech and surveillance.

It’s perfect timing for a story.
 
Last year was all about vunerabilities with voting equipment, to the big name publications anyway. I barely saw a single press badge outside of the voting machine hacking village. They were all jammed in there, swirling around like flies on trash. Headlines trended all over social media feed sites:

"Hackers break into voting booths with ease"
"Manufacturers of voting machine booths horrified about DEFCON"
"Voting machines totes pwned"

It threw the general citizenship (already incredulous about the elections) into a fit. Readers were shocked. Hackers weren’t.

The press almost missed everything else going down, including the Feds making an arrest two days after the con.

It wasn’t the first time an attendee had been snagged, but the timing was particular. Feds show up to recruit, to snoop around. Arrests are a bit worse than a faux pas.

This year’s got people wondering what the new normal is going to be. Lawyers on retainer? More disguises than normal? Another request that the Feds not attend?

[WEDNESDAY 20:00]

Arrived at the [REDACTED] airport with two hours to kill. Dinner was overpriced undercooked Chinese-American stir fry. The kiosk gave me a pair of chopsticks that easily void the entire point of the Transportation Security Administration.

TSA gave me an extra-once over full-body pat down. I opted out of the scanners. Couldn't tell if they were using back-scatter X-ray or millimeter wave scanners, but I’d take a few gropes and prods, some explosive residue detection testing and a few awkward questions over a blast of radiation.

Domestic flights out of [REDACTED] are still pretty straightforward. It's leaving the country (or trying to) that runs you into the mandatory biometric stuff. The ones that track everything from finger prints to facial data. Stored who knows where. Accessed by who knows which Fed security agencies.
And that’s if you’re lucky enough not to be roped into a travel ban.

While the TSA got to second base on me, the other soon-to-be flyers stood in line for the scanners. Single passengers. Couples. A highschool basketball team. Parents with faces that said "I hope my kid didn't pack something illegal again.”

I noticed a few people with their phones out. Cameras at the ready for that viral shot of an agent violating someone's personal space.

Social media apps giving access to viral fame in exchange for personal information and metadata. Moral outrage seems to be one of the only forms of recourse that has results.

No scandal recorded this time around.
Everyone did the centipede shuffle. Shoes off. Legs spread. Hands up. The rush to scoop up handfuls of junk which was just emptied from pockets.

Passengers aren’t dumb, they’re tired. They know it's the illusion of safety. They know it's one more step forward for government mass surveillance. They know it's wrong. They also know better than to waste time complaining.

My bag this year, aside from clothes and such, consisted of bare minimum goodies. Brick phone. Smart Phone (Which is where these posts are coming from). Burner laptop. TSA-approved multi-tool (they grudgingly allowed it through). Reporter’s notebook. Ink pens.

Pen and paper don't run out of batteries, but smart phones contain almost every journalism tool needed. Audio recorder. Camera. Notepad. Contact list. Calendar. Google. Then again, the Feds can’t turn my analog pen and paper into a listening device without it being pretty obvious.

Consumer, hacker or reporter, the fear of having your device roofied with government spyware is all too real. The fear of a phone or computer getting taken by the TSA to some back room and returned a few moments later.
Hell I've seen infographics by human rights freelancers on the fastest way to rip out an SD card and swallow it. Not much use at the airport though.

[THURSDAY 00:30]

Logged into the plane's wifi to post. Took forever to get 10,000 feet in the air.

Chatted a bit with the passenger sitting next to me. Working mother of two. She wasn't headed to the conference, but she was extremely interested in politics and technology. Gave her pre-teen kids brick phones as starters. Always a good sign for a parent.

What used to be a mass of uniformed plebs has turned into an ocean of citizens hell-bent on taking the reins back on their lives. They're reading the terms of that agreement now, oh yes. And they aren't pleased.

[THURSDAY 04:00]

Landed. Got out of the airport. Walked to the store. Loaded up on necessities. Took a rideshare to the hotel.

Driver was an elderly man, does cabbing at night because he hates watching TV and likes to make a bit on the side to pad retirement. Told me stories about the gangsters who originally opened the casinos. Told me about some of the other DEFCON people coming in since early this week. Said he used to do coding in the Navy decades upon decades ago. Said coding now is foreign to him because it's been so long.
The hotel ground floor had automated check in, but it was shut down just like every-other time I had attended. Had to wait in line for three hours. The concierge was young. Kid looked like the evening had aged him about 20 years. Probably never needed to check people in like this before. Used to the machines doing all the work.
Human-to-human check-ins. Was hotel management that scared about the conference after all this time? Last year the postal carrier printing shops enacted last-minute rules banning USB sticks and emails with attachments for the duration of the week. Paranoia is better than complacency I guess.

[THURSDAY 10:00]

Day 1. Ocean of humans to wade through into a press room I expected to find packed, but wasn't.

Goon handed me the badge after scratching my name off a short list. I gazed into the rectangular, rubbery symbol, trying to figure out if there was some sort of a crypto challenge. Cryptography - my weakest link. Likely just a badge (seemed to be the case last few times as well).

Villages were still setting up. Some more ready than others.

Bumped into a couple of telepresence robots. So attendees were taking steps after all.

Vendor room was already a mass of human bodies - mostly younger crowd wearing various types of masks and makeup to throw off facial recognition software.

[THURSDAY 17:00]

Met up with contacts from back home.

DC [REDACTED] has a wide spectrum of people. Oil and gas industry IT guys. Some medical tech infosec specialists. They keep me at arm’s length, which is only proper. Though it never hurts to bounce story ideas off them.

One of them asked if I had already noted the few bots rolling around. Asked if I had tried to interview one yet. Said they wondered how long before they’ll get replaced with lifelike bidpedal android proxies like that crap sci-fi movie.

They asked what I was working on, I asked them the same.

Hackers and reporters (the investigative kind at least) have a lot of similarities. We're both watchdogs, but society likes us the way kids like puppies. We're fun until we crap on something. Even Google's autocomplete function has fills the queries "Reporters are ____" and "Hackers are ____" with similar insults.

FRIDAY [00:00]

Midnight. Walked through I don’t know how many rooms. DEFCON expanded into an extra hotel this year. Correlation or causation in regards to the current climate of demand for cyber-themed counter-culture?
Didn’t spot any Feds, aside from the ones giving talks. Those are like the casino’s CCTV cameras perched on the beams and ceiling; there for your viewing pleasure. The real surveillance is as invisible as radiation. And just as hard to detect.

Speaking of casinos, they’re getting their act together. More concierges stood downstairs this morning. I did manage to spot a few security guys with the tell-tale flesh-colored earpieces.

As high-tech as the public sector has gotten with keeping an eye on you (and everything you do), the private sector, casinos? Still the vanguard.

[FRIDAY 10:00]

Day 2. Skipped eating. Work to do.

Sun was really coming down something fierce across the strip today. Spotted some jokers offering cardboard sheets which they had "hacked" by crafting them into personal fans. Said they would only accept BTC (0.0005 per fan) or precious metal bullion.
Vegas is a dry heat. It's a blessing in disguise. 

People who complain about the 110 degree Fahrenheit temperature have never been to [REDACTED]. We have humidity so thick you could swim through the air as easy as walk.
No word from [REDACTED]. 

[FRIDAY 19:00]

Got a side interview in with a telepresence bot. Turned out it was someone I crossed paths with at an industry security event way back when. Of course they were using a telebot to be lazy, not careful. Said they were glad they didn't have to go through an airport or wear a tie. I know the feeling.
Asked some anecdotal questions about how Industrial Control System (ICS) security is now that it's been a few years. 

He said, same stuff different day. IT and OT butting heads. Financial officers not convinced they need to invest in cybersecurity.
First year at DEFCON I went just for the ICS info. Wanted to write about the security (or lack of) for refineries back in [REDACTED]. Turns out loads of sites still use Windows XP. They also have a fixation for industrial IoT. Or at least they did. I heard some had wised-up, not without a little coaxing from the Feds and the latest recommendations from the Toxic Substances Control Act (TSCA).
ICS security in a nutshell: It’s a bad idea to give a fluid catalytic converter the ability to chat with a break room coffee machine.

Got a tweet DM from a burner account. I'm supposed to interview [REDACTED] at the mansion party on Saturday still, but this was a good side story. I'll use it for the freelance piece.

[FRIDAY 23:00]

Breakfast consisted of a 25 cent ramen cup cooked with the single-serving coffee pot in the hotel room. Scarfed it down. No time for a sit down meal. Not this year. Not any year.
Spent most of the day people-watching. Watching the teens running around with their facial-recognition-disrupting makeup and masks. 

Watched the old dogs catching up with each other. Watched the Goons put out fires. Watched for Feds.

Found a room party on the way to the elevator hosted by DC [REDACTED] from [REDACTED]. Pretty chill. Free drinks. Sold. Custom badges were everywhere, per usual. Someone in the corner had a Commodore 64 out, trying to showcase how to give it internet connectivity. Not sure if they were doing it for a laugh or not.

[SATURDAY 00:45]

Back in room. Managed to not get swept up by any hivemind late-night cyberpunk shenanigans.

Overheard a lot of keywords being repeated Friday morning. "Digital Imperative" and the like. The pressure for companies and consumers to get up-to-date. The risks. The rewards. The uncertainty.

Did my cigarette trick on some people on the balcony. Stood out there holding an opened pack in my hand until someone asked for a smoke. Gave them one. Started up a convo.
Cigarettes are little walkways that bridge the gap between strangers. If you have a pack of cigarettes, you have 20 friends in your pocket.

I don't recommend tobacco use, but smokers have a global, unspoken bond. They watch each-others’ backs. Hackers who smoke? Thick as thieves. 

Heard good comments regarding interactions, networking, the like.

Long day tomorrow. Mansion party with [REDCATED]. Strap in, deep breath.

[SATURDAY 09:00]

Took some notes down to the bar on the ground floor. Got orange juice for breakfast. Bartender was a male chatty Cathy. Saw my badge.

"So are you one of the . . . hackers . . . ?" he asked, the way a parent would greet trick or treaters on Halloween.

"Nope," I said. "Just the fourth estate."

"Is that a hacker group?" he asked.

"They call journalism the fourth estate," I said. “First estate is the clergy. Second is nobility. Third are commoners. Now, also, we have the fifth estate."

"What, hacking?" They asked, less patronizing this time.

"Information from hacking," I said. "Web-based outlier news reporting not published by professional organizations. Information obtained illegally.”

 "Ah," he said, giving me a wink. "Ok."

I finished my orange juice as quickly as possible.

[SATURDAY 10:00]

Went back to the room to shower. Found a note and a USB stick slipped under the door to my hotel room. No one in the hallway, or elevator.
Didn’t even want to touch the USB. Letter said it was from [REDACTED]. Said the USB had directions to the mansion party. Letter was signed with a full name instead of just a handle so I did the usual. Googled it. LinkedIn. Every social media site. Nothing. Fake name of course. Play stupid games, win stupid prizes.

Hell I even looked it up on the Public Access to Court Electronic Records (PACER). Wanted to see if the Feds had filed anything in the local district courts yet.

It's not hard for the Feds to get a warrant and it's not hard for a lawyer (or a reporter, or hell a hacker for that matter) to look one up. The worry signal is whether the Feds BOTHER to get a warrant anymore. Routine monitoring, without a warrant, is slowly turning into the standard. A policy of randomly sniffing through emails, text messages, listening in just to be on the safe side.

Trying to catch the Feds breaching the scope of a warrant is tricky enough. If they don't file for one in the first place it's hard mode.
Nothing on PACER. Which equally meant nothing.

I looked at the USB. It was like a stick of dynamite with a bad fuse. No telling when it would go off. Hell I didn’t even want the thing in my hotel room.

[SATURDAY 13:00]

Got a rideshare to the mansion.

Got mansion directions from the USB.

Got the USB plugged into the concierge terminal downstairs. Honestly the concierge really should have known better.

Mansion is well away from the strip. As far as the directions went.

[SATURDAY 17:00]

Met up with [REDACTED] from the [REDACTED] at the mansion. Turns out I knew him from DC [REDACTED]. Mansion party is nothing atypical thus far. Burgers on the grill. Pool party (no bubbles).

[REDACTED] told me to stick around after it starts to wind down. Interview then.

[SATURDAY 19:00]

Party is rather packed for a close-knit group of hackers. The [REDACTED] filled bedrooms full of computer parts, and half-opened drones and other such gadgets.

Some of the hackers workng on the drones told me they hadn't even bothered hitting up DEFCON. Didn't want the trouble, they said. Didn't mention whether it was trouble with crowds or with Feds.

[SATURDAY 20:30]

Found out why the [REDACTED] aren't attending DEFCON in person. They're working on a [REDACTED] to [REDACTED][REDACTED] which could mean [REDACTED][REDACTED] [REDACTED][REDACTED][REDACTED][REDACTED].

[REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED]
[REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED]

[REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED]
[REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED]

[REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED]
[REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED][REDACTED]

This is going to be a real story. I also need to get the hell out of here. 

[SATURDAY 20:31]

Too late. 

Feds are here looking for [REDACTED]. Are they keeping up with my feed? Should have guessed after finding out about the [REDACTED] going on in the room. Hi feds. Didn't know a scrub reporter like me was on the radar. 

Also didn't get that interview with [REDACTED] but it looks like you guys are going to ask me a few questions. Stuck mydelf in a broom closet if you're curious. 

I see you're detaining everyone here. Probably going to confiscate my phone and notebook. Well, have fun trying to scrub the notes off the net. Streisand effect for the win.

Just let me hit the upload button real quick and I'll be right out.