[00:02.810 --> 00:09.010]  Our next presentation is one of the people who's helping run the event and has been just doing
[00:09.010 --> 00:14.790]  key spec. He and Charmander are the ones who figured out how to bypass the slide presentation
[00:14.790 --> 00:22.770]  snafu and get it working. And that's Giglio. Giglio is going to talk to us about ham radios,
[00:22.770 --> 00:30.330]  not just for dinosaurs like me, why hackers need an amateur radio license. And I have to agree
[00:30.330 --> 00:35.130]  with him, despite the fact that I'm aging, I have to agree with him. Harry Biggs, or Giglio,
[00:35.130 --> 00:41.210]  is a forensics and threat analyst security engineer at MedImpact Healthcare Systems.
[00:41.310 --> 00:45.450]  Giglio has worked in the staffing, manufacturing, mortgage, and healthcare industries, each
[00:45.450 --> 00:50.630]  providing unique insights into how critical information needs to be protected. Giglio was
[00:50.630 --> 00:56.870]  fortunate to be on the team that hosted the 2020 DEFCON Groups VR event and is looking forward to
[00:56.870 --> 01:02.430]  the 2022 event as well as I am too. So here you go, Giglio, take it away.
[01:09.930 --> 01:12.450]  Hello, can you hear me okay?
[01:14.910 --> 01:23.010]  Perfect. Okay. So I gotta make sure I can see my slides without
[01:23.770 --> 01:32.070]  facing away from everybody. So the purpose of my talk is talk about ham radio. And for a lot of
[01:32.070 --> 01:40.810]  people, ham radio may conjure up images of, you know, old retired guys sit talking into a
[01:40.810 --> 01:46.870]  microphone, their buddies across the country, talking about the weather and different things.
[01:46.870 --> 01:54.170]  That's certainly a component. As time has gone by, it used to be all analog. There's lots of
[01:54.170 --> 02:00.370]  different frequency ranges and stuff. Also, there are things people are aware of, you know, big
[02:00.370 --> 02:07.050]  emergencies where things happen, infrastructure collapses. A lot of times ham radio operators
[02:07.550 --> 02:13.110]  are able to get information in and out of a place that doesn't have another way to do it.
[02:13.110 --> 02:17.690]  A lot of that's changed nowadays. I mean, we have satellites and satellite phones and that kind of
[02:17.690 --> 02:25.490]  stuff. So to some extent, there's a certain amount of, you know, legacy, I think, in some people's
[02:25.490 --> 02:35.070]  related to the ham radio, amateur radio world. You know, that could be valid. There's and I'm
[02:35.070 --> 02:40.690]  setting you up for where I'm going to take you. So hang in there. Don't get bored and run away
[02:40.690 --> 02:49.170]  because it isn't as bad as it sounds. There's other things, components of that ARIES. I'm a
[02:49.170 --> 02:54.950]  member of ARIES. It's the amateur radio emergency service. They coordinate with hospitals and things
[02:55.490 --> 03:02.230]  in different technology stacks in the event of an emergency. There's a tool called WinLink,
[03:02.230 --> 03:09.110]  which is a piece of software you run on your laptop. But behind it, there are forms, all kinds
[03:09.110 --> 03:14.150]  of forms. Think of a hospital, any kind of form they would need to fill out and send to somebody
[03:14.150 --> 03:20.750]  far away. There's all these forms that exist, different levels of technology. It's over RF,
[03:20.750 --> 03:29.150]  over the internet, etc. So there's definitely good stuff on the legacy ham radio side,
[03:29.150 --> 03:35.650]  if you will. But the thing that's really the kicker... now let me get to where I can hit the
[03:35.650 --> 03:41.270]  button. If I can do that with a microphone on my hand, how do you do that? Let's see.
[03:41.270 --> 03:55.930]  Okay. So here's the thing. If you're a hacker, and all of us in this room are hackers,
[03:55.930 --> 04:06.730]  we are usually, like X-Ray said, usually on the bleeding or hemorrhaging end of technology.
[04:06.730 --> 04:12.130]  The cool thing is, if you think about it, we've talked about people doing shenanigans
[04:12.130 --> 04:18.530]  with different things, how you want to be limitable, so that you can experiment, you can
[04:18.530 --> 04:25.390]  do things, you're not playing with things that you shouldn't be playing with, and then are hoping
[04:25.390 --> 04:32.370]  that nobody catches you in it. Well, if you think about it, if you want to experiment with radio
[04:32.370 --> 04:40.310]  frequency, and the higher bands there, so hopefully this slide is readable, but there's
[04:40.850 --> 04:45.650]  there's these different bands over on the right hand side, different gigahertz ranges of things,
[04:45.650 --> 04:53.570]  you head up into microwaves, there's all kinds of digital communication modes now that didn't
[04:53.570 --> 05:00.130]  used to be the case. And guess what? All it takes to do it legally is to get your amateur radio
[05:00.130 --> 05:05.810]  license, make sure you stay in your lane, meaning stay in the bands that are allocated
[05:06.750 --> 05:13.190]  for amateur radio use, and you're golden. As long as you don't fry your neighbor's TV set
[05:13.190 --> 05:19.330]  or something, and there are rules and things you learn about maximum effective radiated power,
[05:19.330 --> 05:25.250]  and how much does it transmit through skin, ionizing versus non-ionizing radiation,
[05:25.250 --> 05:30.010]  all these kinds of things. And so that you know what's safe, you know, you don't put a 1500 watt
[05:30.010 --> 05:36.350]  antenna right next to your neighbor's house, that kind of stuff. Most of it is pretty common sense,
[05:36.350 --> 05:42.490]  tiny bit of math, it's pretty easy. And so then now you have access to all these frequencies.
[05:42.830 --> 05:49.290]  And now you may say, okay, cool, but you know, what am I going to do there? So the other part
[05:49.290 --> 05:57.830]  of it is, there are folks, one group is the Open Research Institute. And the person, let me back up
[05:57.830 --> 06:05.190]  here, because I got there. The person that's the co-founder and CEO of the Open Research Institute
[06:05.190 --> 06:13.910]  is Michelle Thompson, is also a DC 858 member, also a ham radio operator. And their purpose is
[06:13.910 --> 06:23.030]  to introduce technology. It's been research, right? One of the challenges, even a newer,
[06:23.710 --> 06:30.970]  newer, newer technology, let's say for amateur radio, where a lot of it is driven by the vendor,
[06:30.970 --> 06:37.590]  right? You've got Yesu, you've got Kenwood, you've got all these different manufacturers, they make
[06:39.850 --> 06:45.930]  it, they build code that goes with it, which is a thing that takes, you know, audio data, let's say,
[06:45.930 --> 06:54.030]  or digital data and turns it into a stream that you can analog transmit over airwaves. And then
[06:54.030 --> 06:59.910]  they wrap that into something that you can't use it unless you buy the licensing from them. You have
[06:59.910 --> 07:09.090]  to use that and go down that road. So what Michelle's Open Research Institute here is a way
[07:09.090 --> 07:16.390]  to make things open. And so, you know, open source, that kind of a thing. So everybody has access to
[07:16.390 --> 07:23.630]  the codec, or everybody has access to plans on how to make something, or whatever the project is.
[07:23.630 --> 07:30.130]  One of the other really cool things, down here on the regulatory tab, it says work
[07:30.130 --> 07:38.430]  covers ITAR, air debris mitigation, and more. Now, I'm, you know, I'm not the wizard here. But
[07:38.430 --> 07:53.610]  ITAR, as I understand it, is a international governing body on things that are considered,
[07:54.150 --> 07:59.290]  through pivotal work that Michelle and the ORI group did, they were able to get
[07:59.290 --> 08:05.770]  things related to what we're talking about here, classified as non...
[08:07.950 --> 08:13.110]  Hey, hang on. Hey Giglio, when you turn your head, I think you're trying to wait for your mic.
[08:14.490 --> 08:19.250]  So I thought as soon as I picked up the mic, I had megaphone for life.
[08:20.330 --> 08:25.990]  Let me see. I thought you might be pulling it away from your head physically. No,
[08:25.990 --> 08:31.090]  no, I'm wearing a headset. How's that? Is that any better? I believe you dropped the mic when you
[08:31.090 --> 08:37.390]  changed the slides earlier. It fell on the floor. Yeah, no, agreed. Hopefully so, but I don't need
[08:37.390 --> 08:47.550]  to hold the mic, right? Am I still okay? You need to hold the mic. Okay, excellent. So then I
[08:48.830 --> 08:53.350]  will hold the mic and then try to see if I can go next. So how much did you guys miss with me
[08:53.350 --> 09:01.610]  talking to the wall there? How far should I back up? We can hear you. It's just difficult to hear.
[09:01.610 --> 09:09.970]  So we can hear it all. It's not as loud and there is... Okay, it's better now. Open host tools
[09:10.570 --> 09:17.090]  and the third one down is a megaphone. If you turn the megaphone on, you don't need to hold
[09:17.090 --> 09:23.010]  the mic. I cannot turn it on for you because you have more permissions than I do. So I can't force
[09:23.010 --> 09:28.610]  your permissions to do anything. That's fine. I turned it on. So let's see if it stays stuck.
[09:29.770 --> 09:34.730]  So yeah, the cool thing, they were able to get the work that's being done by the ORI
[09:34.730 --> 09:41.330]  and specific codecs, like we're talking about the M17 codec, different things.
[09:41.330 --> 09:48.730]  They were able to get those classified as non-export control, I guess,
[09:48.730 --> 09:53.830]  which is awesome because that sets the groundwork for going down the road into the future
[09:53.830 --> 09:58.530]  with various projects and not getting entangled by somebody who's trying to throw a wrench in the
[09:58.530 --> 10:05.890]  works. So check out openresearch.institute and you can see all the different projects
[10:05.890 --> 10:11.130]  they got going on. And now I'll bore you with a little bit of ham radio stuff to show you how
[10:11.130 --> 10:21.240]  straightforward it really is to get a license. Oh, there we go. So depending on how much
[10:21.240 --> 10:32.260]  everybody knows about... let me see if I can see my own deck here. So some background, what is
[10:32.260 --> 10:45.460]  radio? What is frequency? And what is spectrum? And radio is using an alternating current to
[10:45.460 --> 10:51.520]  modulate a signal, sending it into a wire, think of an antenna, which then leaves the antenna as
[10:51.520 --> 10:59.500]  an electromagnetic wave into space or air, if you will. The frequency, which is how it's measured,
[10:59.500 --> 11:06.760]  is the number of oscillations per second. And then spectrum is the range of frequencies that
[11:06.760 --> 11:12.820]  can be allocated. And so you can see on the chart here, which I forget who I stole it from,
[11:12.820 --> 11:18.320]  it's got everything from, you know, you hear people laughing when they say DC light.
[11:22.380 --> 11:28.980]  And those, that spectrum, and I'm hearing somebody eating, so I don't know if we can
[11:28.980 --> 11:42.660]  figure out who's chomping away there. So that's that. So here's... next slide.
[11:44.440 --> 11:48.620]  Well, Ham Radio is the amateur radio service, which we talked about already.
[11:48.620 --> 11:55.700]  It's licensed by the FCC. So that's who you participate with. You need a license to transmit.
[11:55.700 --> 12:01.640]  You can, hopefully a lot of us have played with the SDR, inexpensive, you know, software to find
[12:01.640 --> 12:10.540]  radio dongles and software. You can listen to anything, you know, within limits. But to transmit,
[12:10.540 --> 12:16.660]  you have to have a license. Frequencies are allocated by usage. And over on the right,
[12:16.660 --> 12:22.260]  there's a chart that's showing different bands, they call them in the amateur radio service.
[12:22.260 --> 12:27.740]  And then there's a thing called a band plan. That's who's allowed to transmit on what frequencies.
[12:27.740 --> 12:36.200]  The most part, amateur radio frequencies are shared with somebody. So if there's like a public
[12:36.200 --> 12:41.900]  service or commercial service or something else that's out there in a similar or nearby frequency
[12:41.900 --> 12:48.500]  range, if you end up transmitting and mess up their signal, so they can't do what they're supposed
[12:48.500 --> 12:54.320]  to do, you're going to be the one that gets told you need to tone it down, lessen the power, move
[12:54.320 --> 13:00.840]  the antenna kind of stuff. So now what's interesting is high end frequencies that we were looking at
[13:00.840 --> 13:07.500]  earlier, some of those are exclusive to the amateur radio service, which is a godsend for experimenters
[13:07.500 --> 13:15.100]  and folks doing cool stuff. There's different license classes. And at this point, the entry
[13:15.100 --> 13:21.860]  level license class is a technician license, which is a very straightforward to get.
[13:21.940 --> 13:28.640]  You have to, there's a tiny bit of math and most of it you can memorize or if you test prep,
[13:28.640 --> 13:34.320]  you can learn, understand and do the recognition thing versus having to break out a calculator and
[13:34.320 --> 13:42.390]  compute things. Technician class is authorized to transmit on VHF, UHF and microwave frequencies.
[13:42.390 --> 13:50.390]  And then the band plan we talked about, technician test is easy. So we're good there. Let's go here.
[13:52.870 --> 13:56.290]  And is this my, let's see where we're at.
[13:57.870 --> 14:04.850]  Oh, taking the test. Yeah, there's different test prep methods. You can take the test in person,
[14:04.850 --> 14:10.230]  you can take it online, which is what I did. I'd always wanted to get a ham radio license.
[14:10.230 --> 14:16.170]  And but back in the day, when I first looked at it, knowing how to send and receive Morse code
[14:16.170 --> 14:21.870]  was a requirement. And I just never had the time to get in there and figure all that out.
[14:21.870 --> 14:26.650]  Nowadays, that's not a problem. Oh, this is the basic steps you would go through,
[14:26.650 --> 14:32.150]  which may be a little more minutiae than we all need. But you study for the test,
[14:32.150 --> 14:39.750]  register for your FRN. And then that goes on a website. And you sign up with a testing body to
[14:39.750 --> 14:46.730]  take the test. And that can be online with Glarg, that's who I used. You pay your test,
[14:46.730 --> 14:52.710]  or pay your fees, take your test. And then assuming you passed, you get assigned a call sign.
[14:53.170 --> 15:00.430]  And the other cool thing you can do is you can go look for call signs that are in disuse,
[15:00.430 --> 15:06.770]  so to speak. They call that a vanity sign. Or sometimes in the case of, say you have,
[15:06.770 --> 15:13.830]  you know, a parent and a child or a family relation, and a younger family relation,
[15:13.830 --> 15:19.490]  and that person is no longer either actively transmitting, they're not using their license,
[15:19.490 --> 15:25.930]  or maybe they passed away. And the family relation would like to be the keeper of that license,
[15:25.930 --> 15:36.730]  you can sign up with the FCC. And assuming nobody else has tried to get that license,
[15:36.730 --> 15:44.350]  your uncles, or your aunts, or whoever's ham radio license number, you can now legally
[15:44.350 --> 15:52.750]  transmit on allocated bands. And like I mentioned before, go check out Open Research, or yeah,
[15:52.750 --> 15:58.570]  openresearch.institute. And you can see what projects I got going on. Also interested in
[15:58.570 --> 16:03.690]  having people contribute. You know, there's a whole lot of smart people in this room. So I'm
[16:03.690 --> 16:07.650]  sure there's something out there you would take a look at and say, hey, that's kind of cool. Let's
[16:07.650 --> 16:17.310]  go explore that. And to complete my meme thing. So on the first slide, we had, you know,
[16:17.310 --> 16:23.210]  ham radio isn't just for dinosaurs. So now we're going to have any questions
[16:23.790 --> 16:33.330]  by our space going dino there. So if anybody's got a question, holler it out or track me down
[16:33.810 --> 16:39.130]  and we can talk about stuff. This can be a dry topic, but it also can be an exciting topic,
[16:39.130 --> 16:42.910]  depending on, you know, where your project interests lie and so forth.
[16:49.240 --> 16:53.960]  So what separates the technicians? I've actually been doing some of the ham study app stuff for
[16:53.960 --> 16:59.680]  the technician app or for the technician exam. What makes the higher level ones a lot more
[16:59.680 --> 17:05.660]  difficult to obtain? Like what separates them? Well, so what I did, I'm a general class,
[17:05.660 --> 17:11.500]  is the one up above technician. So I went and took the technician like a test because I was like,
[17:11.500 --> 17:16.140]  I just want to see what's going on here. Some people go on there and take two or three at a one.
[17:16.140 --> 17:21.000]  I didn't have that much time to commit or try to keep things, you know, stuck in my head long
[17:21.000 --> 17:26.280]  enough. Really what the difference technician has a list of things. There's a certain amount
[17:26.280 --> 17:32.960]  of relationships of, you know, if a frequency range is this, how big is the antenna for a
[17:32.960 --> 17:38.580]  half wavelength or a quarter wavelength or whatever. And so you figure out the math. I mean,
[17:38.580 --> 17:43.000]  you're already doing, you know, binary math. I think you could take a number and divide it into
[17:43.000 --> 17:50.340]  or by 300 and do okay. Right. So that's pretty straightforward. General class had a few more
[17:50.340 --> 17:55.080]  specific things. I'm trying to remember what some of those were. And then the next one is,
[17:55.080 --> 18:00.740]  is it extra advanced extra? I can't remember what the one after general is. Yeah. That was got extra
[18:01.500 --> 18:15.080]  extra. Yeah. That one has more math. And then I also saw a thing from one of the guys on the
[18:15.080 --> 18:20.620]  deaf, the DCA five, eight slack was, there was a topic being kicked around and they had an answer.
[18:20.620 --> 18:25.920]  And it's like, Hey, that's because I'm studying for extra. And a lot of it could be policy.
[18:25.920 --> 18:32.160]  It could be things are allowed to do what, you know, a given band range is shared by
[18:32.160 --> 18:40.640]  what like the, the, the 220 megahertz, the 1.25 meter band, the low end of that is actually shared
[18:40.640 --> 18:46.000]  by old school paging services and things. And so there, you could end up with a test question that
[18:46.000 --> 18:51.380]  says, you know, what part of the 1.25 meter band are you not allowed to use? And then you'd have
[18:51.380 --> 18:56.600]  to recognize which of them it is. And it would be the one on the low end. Oh, I don't know if
[18:56.600 --> 19:03.660]  that's a good enough thing. I've got a couple of different prep book things that I found that I can
[19:04.020 --> 19:08.920]  recommend. They're, they're pretty good. So you don't have to go out there and you know, and I'm
[19:08.920 --> 19:14.340]  not trying to suggest that, Hey, you're going to be an MCSE by reading the cliff notes, but it's
[19:14.340 --> 19:19.500]  more focused how you, how to study, what to study, what to recognize, and then what you have to
[19:19.500 --> 19:25.760]  calculate. It's really based on other tests. I'm sure everybody in the room has taken, this is a
[19:25.760 --> 19:40.820]  pretty darn easy. Awesome. Thank you. And also, tell them about the ARRL guide you can get for
[19:40.820 --> 19:49.300]  studying for the test. I didn't even use that one. So x-rays telling me to make sure I mentioned the
[19:49.300 --> 19:56.140]  American Radio Relay League guide to studying for the tests, which I ended up not using,
[19:56.140 --> 20:02.500]  which is probably pretty complete and useful. It was just a path I didn't, I didn't go down,
[20:02.500 --> 20:09.900]  but the ARRL is also kind of the governing body besides the FCC of all things ham radio. And,
[20:09.900 --> 20:14.720]  and then there's also local groups, just, you know, similar like local DEFCON groups
[20:15.720 --> 20:23.420]  on in the San Diego area. So there's the Palomar amateur radio club, and they run repeaters and
[20:23.420 --> 20:29.380]  things that, you know, we're up on high mountains. So if you're in a good place geographically,
[20:29.380 --> 20:36.120]  you can talk to folks nearby, not so nearby with, you know, just a handheld or something simple.
[20:36.120 --> 20:42.800]  You don't have to be the person with the 30 by 40 foot, you know, big beam antenna on 100 foot tower
[20:42.800 --> 20:50.240]  pointing off into faraway places. Can you do anything with emergency services yourself?
[20:50.600 --> 20:57.980]  Yeah, I do. I am part of ARIES amateur radio emergency service. They just had a thing a
[20:57.980 --> 21:05.780]  couple of weekends ago on the, using wind link with hospitals. They set up and they, you know,
[21:05.780 --> 21:10.900]  if you think about doing a tabletop exercise, they're doing a tabletop exercise, but they're
[21:10.900 --> 21:18.200]  doing it for real with, you know, fake data, fake, fake transactions and things. And so everything
[21:18.200 --> 21:24.880]  that gets sent out has to have a drill header on it so that it doesn't get acted on. But yeah,
[21:24.880 --> 21:29.200]  there's lots of amateur radio service. I think there's also, and you could probably talk to it
[21:29.200 --> 21:35.180]  better x-ray. I've heard of Mars, which is military related and is in a slightly different
[21:35.180 --> 21:41.300]  frequency range from some things, but you know, and some of these services may or may not still be
[21:41.300 --> 21:46.620]  out there. I can't remember. Mars is a military affiliated radio station. It's
[21:47.260 --> 21:53.100]  our amateur radio station. I briefly worked at the Mars station at Treasure Island during Vietnam
[21:53.740 --> 21:59.920]  and they work in conjunction with the amateur radio people. And one of the things that they
[21:59.920 --> 22:05.420]  do is set up phone patches like the Vietnam so people in the States can actually talk to people
[22:05.420 --> 22:11.680]  in Vietnam so they can talk to their loved ones. It's really, it's really cool. A lot of fun.
[22:11.680 --> 22:19.960]  Yeah. Once you get into amateur radio space and you find frequency ranges or things, there's
[22:19.960 --> 22:24.800]  all kinds of different protocols. I'm kind of a low power guy, so I'm not going to try to put
[22:24.800 --> 22:32.540]  some giant antenna up. I, with a random wire around my backyard and a little, I think most
[22:32.540 --> 22:40.440]  it puts out is maybe 10 watts. There's a protocol called FT8 and there's software written by smart
[22:40.440 --> 22:49.600]  folk and you load the software up and I was able to hit Japan. I hit Belize. There are monitoring
[22:49.600 --> 22:55.780]  stations around the world that feed back. And I even saw my signal being picked up by something
[22:55.780 --> 23:01.340]  in Antarctica. That doesn't mean there would have been enough signal there, but these, this protocol
[23:01.340 --> 23:09.480]  FT8 is made for very weak, very low level stuff going on. So there's a lot of cool stuff to play
[23:09.480 --> 23:15.820]  with. And the only other thing about amateur radio for the most part is not allowed to send
[23:16.720 --> 23:24.540]  encrypted traffic. For the most part, if you're sending information, the protocol has to be known
[23:24.540 --> 23:33.300]  and the folks that may or may not, you know, that are listening would need to know that that's
[23:33.300 --> 23:38.420]  something, or at least if you want to be in compliance, that your, your, whatever traffic
[23:38.420 --> 23:42.760]  you're carrying isn't encrypted. But the only exception being, and this is what that one test
[23:42.760 --> 23:48.640]  question was, the other person remembered, uh, control signals that run some kind of remote
[23:48.640 --> 23:53.980]  device that's up on a mountaintop. Those are okay to be encrypted. So somebody doesn't take it over.
[23:53.980 --> 24:02.020]  Anyway, it's a whole lot of blah, blah, blah. I should relinquish the stage.
[24:03.680 --> 24:17.430]  Thanks everybody. I turned off megaphone.
[24:22.510 --> 24:30.270]  Okay. Well, we're running a little ahead of schedule. It looks like the next talk is going to be here. It's
[24:33.690 --> 24:39.950]  now four o'clock. So we've got about an hour. So feel free to wander around, talk to people,
[24:39.950 --> 24:45.270]  get something to drink, go to the bathroom, talk to people. That's a novel thing to do at a
[24:45.270 --> 24:50.230]  conference designed for people to talk to each other. So yeah. And ask questions if you see
[24:50.230 --> 24:55.790]  speakers. If you've got questions, feel free to ask them questions. And we'll see you back here at,
[24:55.790 --> 25:01.570]  uh, let's see, it's Las Vegas. It'll be 4 p.m. Las Vegas time
[25:04.050 --> 25:11.850]  for our next presentation, which will be by, uh, Jabels on Pwning Lazy Admins. So that should be
[25:11.850 --> 25:15.890]  an exciting talk because there's a lot of lazy admins out there. So there must be a lot of fun
[25:15.890 --> 25:16.890]  things to talk about.
[25:17.630 --> 25:18.070]  Transcribed by https://otter.ai