DEF CON was extra special for me this year. This was my third year in a row both attending and presenting at DEF CON. I also did something quite rare: Giving two presentations in the same year, which was somewhat of an accident. I had submitted my talk on low-tech ways of detecting surveillance, then Malaysia Airlines flight MH370 disappeared promptimg a surge in sensationalized stories of how airliners could be cyber-hijacked from afar. As one of a small number of people in the world qualified to speak on this topic, I felt compelled to debunk some of the myths being promoted by a minority with amplification from numerous media outlets. I submitted the cyber-hijacking talk with a note to the conference organizers almost pleading to give this talk. The talk was accepted in the first round. I was surprised when a couple months later I received notification that the anti-spying talk had also been accepted. I had intended to replace that submission with the cyber-hijacking one. Not wanting to disappoint, I decided to do both talks.
As soon as the cyber-hijacking talk was posted on the DEF CON website I was inundated by requests from several people in the information security community, including the ones whose myths I intended to debunk. One of the people who contacted me several times had given a presentation on ADS-B hacking and was convinced that his work based on hacking a freeware PC flight simulator was correct. Ironically, he also questioned the accuracy of the $750,000 certified flight simulator that was featured in some of our videos (my co-presenter Professor Polly Kadolph was responsible for creating the videos). I downloaded this individual's slides from his ADS-B talk and gave him some pointers as to what was correct and incorrect and also provided some information on how some of the pertinent avionics actually function. His response was to demand access to our simulators and full aircraft schematics. Legally, we are unable to provide either of these things (allowing non-U.S. citizens access to an airliner simulator is now illegal). This request also demonstrates a culture clash that is hampering the ability of the information security community to work with industry. Most manufacturers don't take kindly to people demanding access to their corporate secrets and intellectual property.
I am a relative newcomer to DEF CON. I previously had the pleasure of attending with some of my students. I recently moved to Bloomsburg, PA where I am an associated professor in the department of Math, Computer Science, and Statistics at Bloomsburg University of Pennsylvania. As a result, I was unable to bring any students from my summer ethical hacking class this year. I did meet up with several alumni, however.
One of the things I like best about DEF CON is meeting new and old friends. The size of DEF CON draws people from all around the globe. This year I was able to spend time with friends from the UK, India, and many parts of the USA. I also met some new people who will be great resources for my current and future research. One of the other things I find refreshing about DEF CON is that attendees are some of the most accepting people one could find. Everyone is treated the same regardless of how they dress, what they look like, etc. I would encourage anyone who thinks she or he has something to contribute to the information security field to submit a talk to DEF CON. Be careful, however, as speaking at DEF CON can become addictive.
Philip Polstra is Associate Professor at Bloomsburg University of Pennsylvania in the Department of Mathematics, Computer Science, and Statistics specializing in digital forensics and computer security. His research focus over the last few years has been on the use of microcontrollers and small embedded computers for forensics and pentesting. Phil has developed a custom pentesting Linux distro and related hardware to allow an inexpensive army of remote pentesting drones to be built using the BeagleBone Black computer boards. This work is described in detail in Phil's book Hacking and Penetration Testing With Low Power Devices (Syngress, 2014).