💾 Archived View for clemat.is › saccophore › library › shorts › defcon › 27 › 10yearproject_by_p0wny… captured on 2022-07-16 at 15:44:06.
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
The 10-year Project by p0wnyb0y
I remembered the day we met. Riviera, DEF CON 17. As I walked
from Track 4 back through the foyer, I glanced at the
'chill-out' space to my left. My body trudged through the busy
halls. With an aching back I found my way through the narrow
doorway and sat down at a black plastic table.
That year's DEF CON badge had an I2C interface which allowed it
to communicate with other badges. If you were able to hack the
badge you were given a prize. After fumbling around with the
badge, a realization hit me. I had to 'socialize' to hack it. Two
badges were more than likely the key to hacking it, or so I
thought. I looked up from the badge hanging around my neck.
Another kid was sitting across the table, focus centered on his
Human badge. A beat-up Dell Studio laptop sat directly in front
of him. A solid minute of hesitation and doubt was followed by a
single word. "Hi." "You talking to me?" a bewildered face said in
response. "Yes," I said before he finished talking. "Are you
trying to get into that badge?" "Sure," he paused. "I mean, I'm
in it. I just need to like, you know, hack it."
As the day went by, we got to know each other a tad better.
Hunter introduced me to some of his friends, who swung by the
lounge and helped us hack the device. After hours of trying to
decrypt and get into the badge with them, I decided to head home.
As I exited the Riviera, I wondered if they would be back at DEF
CON the next day.
DEF CON 17 came and went, but Hunter stayed behind. He lives in
Las Vegas too, near my ghetto apartment. Hunter and I became
great friends. We frequently hung out and talked about nerdy
things. We talked about how people have to sacrifice privacy for
Internet usage, and why protective governments filter the
Internet out. We determined that these problems were the result
of the developing dystopia.
Hunter and I devised a plan. It was simple: station 'evil twin'
access points at popular Las Vegas locations, and let them
collect data from unsuspecting people. The evil twin access
point would share the same SSID and MAC address as the target
network, fooling devices into connecting to the twin network. We
would plant a couple rogue 802.11 routers inside of the Las
Vegas Convention Center, where hundreds of events are hosted
every year.
The goal of this plan? To try and get back our freedom- one
compromised account at a time. Create mayhem, using compromised
data, to remind normal civilians of the ever-so-present dystopia.
A dystopia that prevents punks from having their well-deserved
privacy. A dystopia where Internet access is restricted across
nations. Society has become so engulfed in this 'dystopia' that
no one would ever realize the magnitude of the situation. Unless,
that is, it was brought to their attention. My outfit consisted
of a black hoodie and baggy jeans, not my usual style. Hunter's
outfit was the same, except that he was wearing tactical gloves.
"Like that won't attract suspicion," I whispered as we walked
through the sunny parking lot. "My fingerprints would be left
behind," Hunter responded. "I don't intend on getting caught
tonight." "Yeah, alright."
Sweat dripped off of the palm of my hand onto the concrete stairs. My
eyes made contact with the Las Vegas Convention Center sign overhead,
attached to the main building. The National Electrical Contractors
Association Convention was a three-day-long event, with day passes
costing $50/person. Since we couldn't waltz into the center without
going to an event, we had to burn money on tickets.
My hand reached inside of my crammed backpack, pulling out the
pair of passes. The automatic glass door slid apart as we
approached the entrance. A person dressed in a reflective jacket,
sitting on a stool, holding a barcode-scanner greeted us.
"Hello."
I drew a breath, and then replied, "Here's two." "Alright," she
mumbled. She took the tickets out of my hand and put them
directly underneath the scanner's red light. Two beeps echoed
throughout the narrow hallway coming from the handheld device.
The lady mumbled the usual, "Thanks. Have a great day!"
"Thanks."
I cringed as I walked away from the check-in, knowing that we wasted one
whole Franklin to get in the doors. "I really hope this is worth the
effort." I exclaimed to Hunter.
"If I get caught," he paused. "I would have wasted fifty-bucks,
but I guess doesn't matter if I'm in jail." "Let's hope we don't
get caught then."
We set off on a journey to a well-hidden location, across the convention
center, to place our homemade routers.
The "10-year database", we called the project. Hundreds upon
hundreds of plaintext usernames and passwords, administrative
URLs, FTP creds, sensitive documents, and compromised emails
hacked together into one repo, gathered from numerous data
sources. One source included the routers we placed at the Las
Vegas Convention Center, and then another router up at the
Mandalay Bay. Over time, more and more attempts at gathering
information were made.
There would be a spectacular release of the data at DEF CON 27,
exactly 10 years since we started the project. I had prepared a
20-minute presentation for the event. Hunter had already put
together a couple badges in an attempt to advertise to the
like-minded community. A blue button labeled "Upload" turned to
grey as I clicked it. The estimated upload time rose sharply,
from one hour, to half a day, to three days. I glanced at my
generic, black and white calendar nailed to my bedroom wall.
"Three days... August 5th, 6th, 7th, 8th," my brain stopped
working. "That's three days, which is right on time."
The faces of nerds in the crowd went blank as I finished the
presentation, with the aid of Hunter. Information overload.
"This is free, right?" A viewer among the crowd yelled out.
"Uhm," I paused. "Yeah. It's free." Hunter chimed in. "Actually,
it's at the expense of people using public Wi-Fi."
The crowd let out a subtle laugh before going back to socializing
amongst themselves. Within minutes, the ballroom was barren except for
forgotten possessions and food wrappers. It was almost night, so we
decided to hit the road after a long day of executing our decade long
pet project.
The hotel room door slammed behind me. I was staying with my dad
up at a luxurious hotel on the Strip, payed for by his employer,
Merit Electric. DEF CON and the National Electrical Contractors
Association Convention aligned this year, which meant I could
see my Dad for a little bit. I paused before throwing myself on
the pillow-covered king-sized bed, adjacent to the couch my Dad
was snoozing on. My eyes met the beautiful, neon-filled Las
Vegas Strip. A feeling of drowsiness grew evermore present as
the seconds ticked by. My body met the comforter of my bed, and
all seemed well again. My eyelids fell, too heavy to resist.
Reality slipped right through my fingers, and I was back to
sleep again.
A loud "DING" woke me up. My eyes tried to focus on the blurry
message displayed on my smartphone. "Check outside your window,"
the text message from Hunter said. "What is it?" I responded.
"Just look!"
My attention shifted to the window. I pulled myself out of bed and
lunged over the windowsill. Nothing seemed to have changed, it was just
dark outside. I grabbed my smartphone, and texted back. "I don't see
anything. What's going on?"
I climbed back in bed as I reread the text messages. Suddenly, I
realized, and spun toward the window to see that not a single
neon sign was powered on. Only the headlights of few passerby
vehicles were visible. A gut feeling told me that we had
something to do with the power outage. I reached for the light
switch next to the window and flipped it. No power.
A victory. The dystopia was realized. If a pet project could
somehow take down a power grid, various government websites, and
mass surveillance systems- that'd be a red flag. A huge red flag.
We needed to rethink what technology should be used for, and how
it can be monitored and controlled. That was the whole point of
the project. And there Hunter and I sat, at the forefront of the
'Technological Reliance Act'.