The best experts on protection against hackers may just be… other hackers. So argue the military and law-enforcement officials who join each year with IT techies engaged in varying stages of legal or illegal activity at DEF CON, an annual hacking-themed tech expo. FBI agents and criminal hackers alike mingle in the same workshops and presentations, with a shared objective: figuring out how vulnerable U.S. government and military assets are to cyber-sabotage, and what kinds of defenses might work to thwart the real-life saboteurs.
Air Force One of DEF Con’s Honored Guests
This year’s event, DEF CON 28 will have the U.S. Air Force, the new U.S. Space Force, and the Defense Department’s Digital Defense Service among its honored guests. The first-ever event began in 1993 when one hacker threw a party and invited members of a plethora of hacker networks in which he was connected.
The Air Force came to DEF CON last year with an F-15 fighter jet data system and invited participants to attack it with the deadliest malware they could muster up. Air Force personnel collected the results to assess how vulnerable the aircraft was to cyber-attacks, and what kinds of damage these attacks could render to it.
The event was clearly fruitful, because the Air Force has returned to DEF CON 28. This time, it’s offering an orbital satellite for hacker target practice, as part of a DEF CON “Aerospace Village” special feature spotlighting security issues of military spacefaring technologies. The Space Force is joining in the endeavor, as well.
The military doesn’t just look for consultants at DEF CON events, however. Some military recruiters like to attend the conferences to find talented IT experts that they can bring on as full-time employees.
Some Background
DEF CON has been held in the last week of July or first week of August for a while. However, the founder purposely chose the name because it isn’t tied to any one time of year. He’d seen his share of HoHoCons or Halloween-adjacent PumpCons and decided that wasn’t what he was going for.
If you’re military, the name “DEF CON” has added connotations for you: “DEFCON” is U.S. Armed Forces shorthand for “Defense Readiness Condition,” the five-tiered alert system describing levels of threats to U.S. forces. DEFCON 1 is maximum danger, and it calls for forces to be at their highest alert. DEFCON 5 is minimal danger and forces are to maintain their usual levels of security.
The name fits: To defense experts, this annual hack-fest is a rich opportunity to crowd-source hackers’ perspectives on where defense systems are weak to cyber-attacks and what can be done to strengthen them.
Hacking Meets COVID-19
The conference typically convenes in Las Vegas. But while these hackers may know their way around software viruses, they ran up against an unforeseen difficulty this year: the COVID-19 virus. An in-person DEF CON 28 was not in the cards this year.
The conference will still run; however, event planners have shifted to what they call“safe mode”, i.e., in virtual space. Organizers are rolling out conference content online until Sunday, August 9 as a series of pre-recorded presentations along with live-streamed Q&A sessions. You can view the pre-recorded content on YouTube or download from the event’s website, media.defcon.org. The live-streamed events will run on Twitch.
More Hacker-Military Partnerships
DEF CON is a particularly large gathering where government experts and private hackers meet. But it’s by no means the only one.
In 2016, the Pentagon hosted a Hack the Pentagon event in which it asked hackers to try their luck at infiltrating the military’s websites. Participants delivered troves of feedback on where and how the websites were susceptible to data breaches, and Pentagon officials have continued to work with these “white hat” hackers to bolster its online security every year since. And last year, the Air Force invited a hacker platform, Bugcrowd, to scout out vulnerabilities within the military branch’s new cloud server. Bugcrowd found 54 weak spots.
“When our adversaries carry out malicious attacks, they don’t hold back and aren’t afraid to be creative,” said Chris Lynch, director of Defense Digital Service, in a press release. “Expanding our crowdsourced security work allows up to build a deeper bench of tech talent and bring more diverse perspectives to protect and defend our assets.”
Innovative Hackers Require an Innovative defensive Approach
Certainly, the dangers the U.S. government and military face from cyber-attacks continue to grow and evolve. Hackers, whether they are “white hat” or not, are innovative. And defense forces have to be just as innovative to counter them. And where they don’t have all the answers, they must be resourceful and reach out to channel expert help wherever they can find it—even if they must reach into the legally gray corners of the Internet.
