2016 Car Hacking Tools
Craig Smith, Eric Evenchick
This presentation will focus on some of the most recent car hacker tools and techniques. You will learn how to quickly get set up to do car hacks, both professionally and in your garage. After the demos, Craig and Eric will open up for a full-on Ask Me Anything (AMA) style panel discussion where you are free to ask any car hacking related questions you feel like.
Friday 1600 Noether
Accessibility: A Creative Challenge to Living without Sight
In this presentation, Shaf will be discussing the various methods blind and visually impaired people use to accomplish everyday tasks, with an emphasis on technology, screen reading software, and application design from a blind person's perspective. There will be live demos of screen reading software, OCR apps for smartphones, wearable devices, and mobility aids (time permitting). There will also be a discussion on myths and stigmas relating to blindness, an audience Q&A regarding accommodating those with a visual impairment, and tips and tricks for those who develop applications to include accessibility in their core design.
Friday 1700 Friedman
All Ages: How to Build a Movement
Deb Nicholson, Molly de Blanc
We want the free software movement to keep growing and one facet of successful movement building is embracing a multi-generational community. The good news is that there is no age requirement for using, promoting, and contributing to free software. The bad news is that we aren't always doing a great job of facilitating a diverse, inter-generational movement. We'll take a look at what we're currently doing to bring in young people, how we are treating older people in our communities, and where there is room for improvement.
Saturday 1800 Noether
int0x80 (of Dual Core)
This presentation is the screaming goat anti-forensics version of those "Stupid Pet Tricks" segments on late night U.S. talk shows. Nothing groundbreaking here, but we'll cover new and trolly techniques that forensic investigators haven't considered or encountered. Intended targets cover a variety of OS platforms.
Sunday 1300 Noether
Ask the EFF: The Year in Digital Civil Liberties
Kurt Opsahl, Jacob Hoffman-Andrews, Vivian Brown, Parker Higgins
Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation's premiere digital civil liberties group fighting for freedom and privacy in the computer age. This session will include updates on current EFF issues such as surveillance online, encryption (and backdoors), and fighting efforts to use intellectual property claims to shut down free speech and halt innovation. The panel will also include a discussion on their technology project to protect privacy and speech online, updates on cases and legislation affecting security research, and much more. Half the session will be given over to question-and-answer, so it's your chance to ask EFF questions about the law and technology issues that are important to you.
Friday 1500 Lamarr
Attacking the Source: Surreptitious Software Features (and How to Become Extremely Paranoid)
Forget about network perimeters - an organization's real attack surface is made up of which codebases can be interacted with or altered. This talk explores the past history and the methods available for maliciously altering codebases and it even includes how an attacker can bring their code into your organization without even touching your perimeter. Topics covered include everything from conceptualizing an attack path to the execution of it; including obtaining relevant target information, exploiting the human element, writing plausibly deniable vulnerable source code, and backdooring binaries.
Saturday 2300 Friedman
Biology for Hackers and Hacking for Biology
Kevin Chen, Jameson Dungan
Biotechnology is information technology - software that you can code and engineer. It is becoming very clear that biology needs to be approached with the same hacker ethic and mentality as software and hardware. Furthermore, the technology needed to hack biology is becoming much more accessible. In this panel, you'll learn some of the basics of biology using terms and analogies that would be useful for hackers and for people in information technology. Basic points will be outlined on how to get started in biohacking, both virtually and physically. This talk will also cover the current state of biotechnology and how biology can be approached and improved upon through the philosophy and culture of hacking.
Friday 1000 Lamarr
The Black Holes in Our Surveillance Map
While Edward Snowden has revealed a lot about the NSA's surveillance, our federal and local governments conduct a great deal of surveillance we still don't know about. We can begin to identify what that surveillance is by identifying the empty spaces - in criminal cases, in legislation, or timelines - where such surveillance must be. This talk will attempt to point to some of the black holes in our surveillance map, both ones we know exist and the places where one must exist. That's the first step in working collaboratively to expose that surveillance. More importantly, this talk will focus on how to see these black holes, and how people around the country can work together to make them visible again.
Sunday 1600 Lamarr
Bringing Down the Great Cryptowall
Ransomware has been running rampant for the past six years and there has been very little done to stop infections aside from deprecated signature scans and classic malware scanners. This talk will unveil some proof of concepts that work on even the most current versions of the ransomware plaguing the networks of today, from a hacked USB device to a form of backup to making your physical machine look like a virtual machine which the malware ignores.
Sunday 1800 Lamarr
Bring the Noise: Ten Years of Obfuscation as Counter-Surveillance
Daniel C. Howe
It has been a decade now since the release of TrackMeNot, the first privacy tool to leverage obfuscation for counter-surveillance. In the interim, obfuscation has been actively developed, with new tools exploring its use for email (ScareMail), location-tracking (CacheCloak), advertising (AdNauseam), DNA analysis (Invisible), and beyond. This talk reviews the development of the strategy and considers some of the questions it raises for the tool-making community. Daniel will debut AdNauseam 2.0, the first cross-platform production release of AdNauseam, which aims at nothing less than ending advertising-based surveillance as we know it. Obfuscation can be defined as the strategy of using noise to hide one's true interests and/or confuse an adversary. As obfuscation is relatively flexible in its use, it holds unique promise as a strategy for DIY privacy and security. TrackMeNot was the first privacy tool to leverage obfuscation online, protecting web searchers from search engine profiling by hiding their queries in a cloud of generated noise. AdNauseam directs similar techniques at the advertising networks that track users across the web, polluting user profiles and subverting the economic system that drives this pervasive form of surveillance.
Saturday 1600 Friedman
Building Your Own Tor-centric ISP for Fun and (non)Profit
Following the Snowden revelations and with the U.K. government's revival of the Snooper's Charter legislation, Gareth was one of many people who accepted the EFF Tor challenge. Unfortunately, many U.K. ISPs' colocation providers do not appreciate Tor exits and, after several abruptly terminated servers, he decided to build his own privacy centric, non-profit ISP so he could operate Tor exits and offer Unix shells, etc. on his own terms. This talk explores the process of becoming a local Internet registry in Europe, dealing with RIR polices such as IPv4 exhaustion, Tor abuse complaints, and the deployment of a broadband product that only has a Tor bridge instead of a next hop at the end of a DSL connection.
Saturday 1500 Friedman
Can We Sue Ourselves Secure? The Legal System's Role in Protecting Us in the Era of Mass Data Leaks and Internet of Things
Large data breach stories just merge into one another. Weak IoT security is no secret. Yet the marketplace isn't fixing this problem. Can the legal system play a part? This talk will discuss current approaches under U.S. regulatory, product liability, and tort law to encourage vendors to secure their devices and services.
Sunday 1400 Lamarr
CAPTCHAs - Building and Breaking
CAPTCHAs are the most common form of web activity security and they play an important role in regulating online activity. CAPTCHAs keep bots and "blackhats" from abusing online resources by proving a user's humanity via solving a challenge that consists of a hard AI problem. CAPTCHA development is a constantly evolving arms race with new styles and designs being created by site administrators and broken by attackers every day. In order to keep the world wide web usable, site administrators must constantly work on developing new methods and improving CAPTCHAs to prevent automated abuse. This talk will cover the basics of what CAPTCHAs are, what type of security they provide, the major types of CAPTCHAs, and how to attack them. The speakers will also discuss criteria used when designing their CAPTCHA framework and cover some academic literature that is relevant to the field. They will look at popular tools and services currently used to attack CAPTCHAs and provide some insight into the current state of bot identification. A fresh new CAPTCHA design will be presented that uses human emotion recognition as the "hard AI" challenge. Speakers will demonstrate how they have achieved their desired usability, scalability, and robustness levels via a real world implementation. An overview of the tools and tool chain used (MS Emotion API, GIMP, Google APIs, Python, Django) to create the CAPTCHA challenges will be detailed. The session will conclude with a user study and provide an analysis of the results with a discussion about some of the limitations of the project.
Saturday 2300 Noether
Censorship- and Coercion-Resistant Network Architectures
Decentralized network architectures can protect against vulnerabilities not addressed by strong encryption. Encryption works well, but only when private keys can be kept secret and ciphertext can get to its destination intact. Encrypted messages can be surveilled by acquiring private keys (FBI and Lavabit/Apple), man-in-the-middle attacks (NSA QUANTUM), or censored by blocking communication entirely (Pakistan and YouTube). These attacks are difficult to protect against because they are social rather than technological. But they all have one thing in common: they require centralization. Censorship and man-in-the-middle attacks target communication bottlenecks and legal coercion targets a small number of legal entities. This talk will discuss decentralized approaches to attack tolerance, including ongoing original research.
Sunday 1300 Friedman
Censorship, Social Media, and the Presidential Election
There is increasing interest in the ability of companies like Facebook and Twitter to influence elections. What are the roles and responsibilities of these companies to be fair and impartial? Newspapers express bias and endorse candidates. Facebook employees have even asked if they have a responsibility to (try to) prevent Donald Trump from becoming elected. Twitter has been accused of censoring tweets supporting Donald Trump, while also allegedly censoring posts that were unfavorable to Hillary Clinton. While that is certainly legal, is it acceptable to us as citizens? If not, what can we do about it? And what makes our expectations of bias from Twitter different from our expectations of The New York Times or The Daily News? This talk is an exploration of the ways that social media can influence elections, and what that means for us as citizens.
Friday 1700 Noether
Chinese Mechanical Locks - Insight into a Hidden World of Locks
Lucas Zhao (UrbanHawk)
Chinese-made locks have traditionally had poor reputations. The Chinese-made locks that we usually encounter in our day-to-day lives always seem to be low quality, cheap, and insecure at best, so it may seem that this is all that the Chinese make. However, there is a whole other world of lock designs that are sold exclusively to the Chinese domestic market. In this presentation, a variety of different Chinese lock designs will be discussed, from the prominent and innovative, such as the Yuema free spinning cylinder line of locks to the relatively obscure, such as the Chinese take on the Corbin Emhart rotating pin design. This talk will cover the defeats of these locks, both theoretical and practical, in addition to the steps Chinese lock companies have taken to address these vulnerabilities, as well as the reasons behind the constant innovation.
Friday 1500 Friedman
We've finally gotten a bill before Congress designating the Monday after HOPE as a day when one doesn't have to go to work or school. Many employers already recognize as fruitless any expectation that work will get done on that day. So don't feel bad about staying late on Sunday in order to attend our final session of the conference - the infamous HOPE closing ceremonies. This is where we go over what went right and what went wrong this weekend - and where we let you know what we had to go through in order to pull this whole thing off. And, if we're not totally fed up and disgusted, there may be talk of a sequel.
Sunday 1900 Lamarr
The Code Archive
Filippo Valsorda, Salman Aljammaz
Friday 1800 Noether
Code Is from Mars, the Courts Are from Venus: Reverse Engineering Legal Developments on Reverse Engineering
Sebastian Holst, Alexander Urbelis
This past May, in response to the growing sophistication of cyberattacks and application exploits, U.S. lawmakers (almost unanimously) passed the first-ever federal law concerning trade secret protection: the Defense of Trade Secrets Act. Under the DTSA, however, reverse engineering is protected and deemed 100 percent legal. Within weeks, the EU followed with their own directive increasing trade secret protection while protecting reverse engineering. This talk discusses how this new law impacts reverse engineering, the pros and cons of tying reverse engineering to the courts, best practices for code development, limitations on reverse engineering, counterattacks to those limitations, and counterattacks to the counterattacks.
Saturday 2200 Noether
Coding by Voice with Open Source Speech Recognition
Carpal tunnel and repetitive strain injuries can prevent programmers from typing for months at a time. Fortunately, it is possible to replace the keyboard with speech recognition - David writes Linux systems code by voice. The key is to develop a voice grammar customized for programming. A community has evolved around hacking the commercial Dragon NaturallySpeaking to use custom grammars, but this method suffers from fragmentation, a steep learning curve, and frustrating installation difficulties. In an attempt to make voice coding more accessible, David created a new speech recognition system called Silvius, built on open-source software with free speech models. It can run on cloud servers for ease of setup, or locally for the best latency. He and his collaborators have also prototyped a hardware dongle which types Silvius keystrokes using a fake USB keyboard, and requires no software installation. This talk will include live voice-coding demos with both Dragon and Silvius. The hope is that Silvius will lower the bar for experimentation and innovation, and encourage ordinary programmers to try voice coding, instead of waiting until a crippling injury throws them in at the deep end.
Friday 2000 Friedman
Come into My (Biohacking) Lab and See What's on the Slab
It's 1979 and bright young hackers are torturing their Commodore PETs and Apple IIs to make all the pagers beep on a university campus, or take control of a dam in Alberta. (Both are true stories - Tom was there.) Fast forward to 2019 and their children (or grandchildren) are doing the same thing - driven by our universal desire to make technology "do things it's not supposed to be able to do." Except now, the role of personal computers is being played by CRISPR Cas9 gene editing gear that they bought for a few dollars on eBay. What can they do with it? Make animals glow in the dark? Destroy all life on this planet? Hold us hostage with bio-ransomware? This talk will examine the fast moving science behind biohacking and how it will change our lives. It will also apply the "technocreep framework" to predict which aspects of biohacking will be considered cool and which will seem creepy, even to the freethinking folks who attend HOPE. As a bonus, you'll learn what happens when you put sponges and electrodes on your head and run direct current through your brain.
Sunday 1600 Noether
Computer Science Curricula's Failure - What Can We Do Now?
Ming Chow, Roy Wattanasin
We are still facing the same security vulnerabilities from over a decade ago. The problems are not going away anytime soon and a reason is because computer science curricula are still churning out students who are not even exposed to security. This talk will address the lack of emphasis on information security in computer science curricula, how CS curricula have an obligation, how to gradually fix the problem by integrating security into many computer science undergraduate and graduate classes, and success stories from students. This talk will also discuss what Tufts and Brandeis are currently working on to further address the security education problem by creating a joint cyber security and policy program that spans multiple departments. Additional points and feedback from the audience are encouraged to help with the issue.
Saturday 1800 Friedman
Constructing Exocortices with Huginn and Halo
Huginn (https://github.com/cantino/huginn) is an open-source human capability-amplifying and augmentation system which implements scenarios - networks of autonomous software agents that collectively analyze data and use it to accomplish sophisticated tasks on behalf of its users. External to Huginn is the Halo (https://github.com/virtadpt/exocortex-halo), a collection of software constructs optimized for carrying out tasks too complex for Huginn due to resource requirements, contention, or reliance upon lower level libraries, including synthesizing speech, placing Voice over IP calls, and carrying out limited secretarial duties to facilitate human interaction. The development histories of both Huginn and Halo will be discussed during the first part of the talk with representative examples of the presenter's agent networks to demonstrate the architecture of scenarios as well as solutions to practical problems. Agents, the basic building blocks of Huginn scenarios and the software constructs of Halo will be briefly detailed to give an overview of some of possibilities of the two interrelated software systems. The talk will conclude with brief descriptions of some of the tasks that HOPE attendees can accomplish through the use of both Huginn and Halo.
Sunday 1400 Noether
Crypto War II: Updates from the Trenches
Matt Blaze, Sandy Clark
For several years, law enforcement has been complaining that legal wiretaps are "going dark" (especially when encryption is used), and has been lobbying lawmakers to mandate "surveillance-friendly" technology that allows the government to break encryption and unlock devices under certain circumstances. At the same time, computer and network security is universally recognized to be in an increasingly dangerous state of peril, and technologists worry that "backdoor" mandates will only make things worse. We've been here before, not long ago. In the 1990s, after the government proposed the "Clipper Chip" key escrow system, we had a similar debate with similar stakes. It was finally resolved when the government essentially gave up and finally allowed cryptography to proliferate. This talk will review the current cryptography debate, will examine the risks of the "keys under doormats" that the FBI is asking for, and will explore technical alternatives that could satisfy the needs of law enforcement without making computer security more of a mess than it already is. In particular, Matt and Sandy will examine the viability, and risks, of law enforcement exploitation of existing vulnerabilities in targets' devices to obtain wiretap evidence.
Friday 1700 Lamarr
De-Anonymizing Bitcoin One Transaction at a Time
David Décary-Hétu, Mathieu Lavoie
Bitcoin is an established virtual currency well known for enabling affordable and efficient transfers of money between individuals and entities. With its market cap of over $7 billion and hundreds of thousands per day, the Bitcoin currency has become popular enough for offenders to be able to hide among its users when they purchase illicit goods and services online or need to receive extortion payments. The aims of this presentation are twofold. The first is to present an open-source tool developed by the panelists that analyzes all of the Bitcoin transactions and regroups Bitcoin addresses based on their incoming and outgoing transactions. This allows for a more accurate mapping of individuals' online activities no matter how many Bitcoin addresses they are using. The tool, as well as a database of all nodes identified by the tool, will be released on the day of the conference. The second aim of this presentation is to provide real world use cases for the tool to better understand online illicit activities. To do so, David and Mathieu will present two case studies that will follow the evolution through time of the revenues generated by online illicit groups and the strategies they used to manage the incoming bitcoins. This talk will be of interest to attendees looking to better understand how the Bitcoin currency works and the attacks that can be used to de-anonymize Bitcoin users. A live demonstration will explain how the open-source tool works and the strategies that could be used to preserve one's anonymity in the Bitcoin network.
Friday 1400 Noether
Deconstructing Ad Networks for Fun and Profit
This talk focuses on an open-source software tool, webXray, which detects the presence of third-party data flows on the web and attributes such flows to the corporations which receive user data. The talk will first describe the challenges, dead ends, and solutions encountered in developing the software so that developers and novices in the audience may understand the nature of the problem domain. Second, the talk will cover how to use the tool to analyze targeted populations of web pages with an emphasis on scaling and cost considerations. Third, the talk will describe findings in three areas: tracking found on medical websites, Chinese websites, and newspaper websites including measures of user exposure to malware-hosting domains embedded in ostensibly trusted websites. The talk will conclude with a theoretical discussion of how those seeking to leverage ad networks to deliver malware may pick the best networks suited to their objectives.
Sunday 1700 Friedman
Democratizing Wireless Networks with LimeSDR: Open Source, Field-Programmable RF Technology
This talk presents new, low-cost, open-source, field programmable RF technology, where flexibility is extended from the digital to the RF domain. See demonstrations from the open-source community using the LimeSDR platform, which incorporates two transmitters and two receivers covering 100kHz to 3.8GHz which can emulate GSM, LTE, UMTS, Wi-Fi, Bluetooth, Zigbee, RFID, HDTV, radio astronomy, passive RADAR, 2G/3G/4G cellsites, IoT gateway, amateur radio, wireless keyboard/mouse transmission/detection, aviation transponders, utility meters, satellite reception, remote tire pressure monitoring, drone command and control, RF test and measurement, and more.
Sunday 1600 Friedman
Detour Through Their Minds: How Everyday People Think the Internet Works
Gillian "Gus" Andrews
When you work in IT or Infosec, it may feel like you're constantly fighting a battle to bring the non-technical people you work with up to speed on how technologies work. When you help family members with their computer problems, you may just want to throw up your hands and scream "It's no use! They just don't get it!" But when you dig a little deeper, as a number of studies have done, you find that the average person does have some knowledge about how the Internet works. They build on this knowledge every day - but sometimes they're incorporating what they've learned from that scene on NCIS where two people are using a keyboard at once. They may hold some common misconceptions. Or they may be sooo close and just need one little additional piece of information. Gus will share insights from the study she has been working on for the past year about average people's mental models of the Internet, along with a number of other studies from human-computer interaction and security research. Key concepts like "mental models," "fragile knowledge," "stereotype threat," and "learned helplessness" will be explored. In addition, ways the gaps in people's knowledge impact digital security and how we might strategize on a large scale to help fill those gaps will be explored. You'll come away with better strategies for helping empower the non-technical folks in your life to solve their own problems.
Saturday 1700 Noether
FOIA and Public Records Hacking: How to Complete a FOIA Request or Dox Yourself via the Privacy Act
Caitlin Kelly Henry
Learn how the key to writing successful FOIA requests is reverse engineering agency data structures. This talk will include an overview on writing successful FOIA or Privacy Act requests, including updates from recent cases. You will learn the step by step process of drafting a request, using the FBI as an example. This talk is great for activists, students, researchers, journalists, and people with security clearances (especially after the OPM hack).
Sunday 1100 Friedman
FOIA at Fifty
Jameel Jaffer, David Pozen
The Supreme Court has stated that the Freedom of Information Act "defines a structural necessity in a real democracy." On the 50th anniversary of its enactment, now is an opportune moment to reflect on the role FOIA has played in our legal and political system. This conversation will bring together Jameel Jaffer from the ACLU and David Pozen from Columbia Law School to consider the past, present, and future of FOIA. They will discuss virtues and drawbacks of the FOIA model, FOIA's relationship with technology and other transparency mechanisms, the effectiveness (or ineffectiveness) of FOIA in the national security context in particular, and lessons to learn from foreign and state-level approaches to regulating government openness.
Saturday 1500 Lamarr
Freedom and Privacy in Our Lives, Our Governments, and Our Schools
If we don't control the program, it controls us. It is clearer every year that nonfree programs, beyond the basic injustice of giving the developer or owner unjust power over the users, also tends to be malware, for instance designed to restrict users or snoop on them. Since government agencies and schools require people to run software to exercise their rights, this software must all be free, but increasingly they impose use of nonfree software and commercial snooping services. We must now organize to demand that they stop.
Sunday 1200 Lamarr (2 Hours)
F*ck it, We'll Do It Live: Eight Years of Radio Statler!
Beaches, Nikgod, TechDarko, Bunni3burn, Johnny Xmas, Stoppay
Since 2008, Radio Statler has been broadcasting original content from HOPE to the rest of the world: interviews with speakers, extended Q&As, panels, and the occasional glimpse into everything that happens outside the talk rooms. The panel will take you through how and why Radio Statler! started, the obstacles faced running a temporary radio studio, and some of the war stories of the things that have gone terribly, terribly wrong along the way.
Friday 2300 Lamarr
Go Hack Yourself!
Hacking of all kinds requires discipline and concentration. Over the past few years, Michael has been seriously practicing yoga and meditation and has found that it's been a great help in many areas of his life, including his work as a hacker and programmer. Eating healthy and exercising your mind and body sounds like a load of crap to a lot of hackers but the reality is that if you want to have a long sustained life that you can continue to use for hacking and exploration, you'll want to keep your mind and body healthy. Practicing concentration daily and learning to meditate can help you literally hack your mind, and help you make changes within yourself you might have thought impossible. Practicing discipline in these areas will also bring confidence and inner strength that will help you in whatever kind of hacking you're doing or planning to do.
Sunday 1000 Friedman
Hackers Are Whistleblowers Too: Practical Solidarity with the Courage Foundation
Nathan Fuller, Grace North, Naomi Colvin, Carey Shenkman, Lauri Love, Yan Zhu
In the two years since the Courage Foundation was launched, they have supported beneficiaries at every stage of the information exposure process: hacktivists, investigative journalists, and human rights defenders. Most recently, the Courage Foundation announced their campaign to raise European funds and awareness for Chelsea Manning. They believe the blurred line between activists and journalists needs to be embraced as a spectrum of solidarity; each of these actors needs the others to bring information to public attention, and so each deserve our support. While whistleblowers like Edward Snowden enjoy international appreciation, hackers are often marginalized as outsiders who don't enact real change. But it's high time we recognized their value, understanding that - since the information war occurs largely online - digital activists are those that governments seek to make the biggest examples of. In this session, the speakers will provide updates on their ongoing cases, including Barrett Brown's and Chelsea Manning's, discuss some of the systemic issues encountered along the way, and then solicit your input. This is a two-way conversation. The purpose is to bring the kind of support Edward Snowden gets to all beneficiaries - and your ideas of how to get there are welcomed at this panel discussion. Naomi Colvin and Nathan Fuller from the Courage Foundation will recap what we've learned in the past two years and what they plan to do going forward. Grace North, prison-rights activist heading the Jeremy Hammond support network, who has also worked closely with Lauri Love on his case, will discuss the challenges Jeremy continues to face and what we need to do for Lauri to prevent him finding himself in the same situation. Lauri will be joining the discussion by video feed to talk about his ongoing battle against extradition to the United States. Yan Zhu, security software engineer and friend of Chelsea Manning, will talk about how we can help Chelsea from the outside. Carey Shenkman, First Amendment and human rights attorney with the Center for Constitutional Rights representing journalists including Julian Assange and WikiLeaks, will explain the need for a public interest defense for journalistic sources.
Sunday 1000 Noether
Hacking DNA: Heritage and Health Care
Humans are the compilation of bio-code that has been changing and evolving for almost 200,000 years. In some ways, we are the oldest open-source project around, but not on GitHub - yet. In years past, DNA sequencing and analysis was available only to a handful of scientists with huge labs and nearly unlimited budgets. Now that world is changing. There are products and services available today that bring individual DNA sequencing to your fingertips, and digging into your own source code has never been easier or cheaper. Analyzing DNA can not only reveal secret ancestries, but can provide a level of insight and history into your health that doctors in the past have only dreamed of. This talk will discuss how and why you can perform your own genetic background check, and what it means for your past, present, and future.
Saturday 2000 Friedman
Luke Iseman, Heather Stewart
Luke and Heather will discuss their work building shipping container based, off-grid, open-source houses and factories. They will provide a crash course in getting and converting containers, including specific recommendations on how to modify them into solar-powered, comfortable living and working spaces. This is relevant because it's silly for us to live and work in corporate-owned environments built by somebody else, rather than hacking our own sustainable, affordable alternatives.
Sunday 1500 Friedman
Hacking Machine Learning Algorithms
Algorithms control more and more of the systems we interact with on a daily basis. Critical decisions are executing without direct oversight by machine learning models. These systems, like any system, should be continuously taken apart and inspected to see how they work. Examining a machine learning model is not as easy as examining source code. This talk goes into detail on how to hack machine learning models and similar systems. Could an algorithm be racist? How can we detect it? Live examples in Python will be demoed and available on GitHub, and only basic programming knowledge is required to understand the talk and reproduce the examples.
Friday 2200 Lamarr
Hacking Sex: Toys, Tools, and Tips for Empowerment and Pleasure
Hacker culture celebrates technological empowerment: encouraging people to move beyond passive consumerism towards building and modifying technology to better meet their own needs. Hacking sex means expanding our definition of "sex;" recognizing that no two of us have the exact same biology, (a)sexuality, or desires; and building and modifying toys and equipment to enhance our own pleasure. Join Kit "where did this b!tch get [their] doctorate" Stubbs for a look at technological empowerment for sexuality and pleasure. Recent developments in sex/tech will be covered, including crowdfunded sex toys, a patent troll, open-source sex toys, and 3D printing, with plenty of resources for folks new to sex/kink-positive DIY.
Saturday 1900 Noether
Hacking through Business: Theory and Logistics
Mitch Altman, Limor Fried, Phil Torrone, Ben Dubin-Thaler Moderators: Sean Auriti (Theory), Charles Beckwith (Logistics)
It's rare that you see an engineer as CEO, but occasionally taking a technical idea to its logical conclusion requires the person who knows what's going on inside the black box to take the reigns. Someone who knew everything they needed to know to start the project technologically is suddenly confronted with human problems and legal issues and paths forward that might require new types of specialized knowledge and very different gut decisions. This extended panel discussion will address both the blue sky possibilities of a company led by tech, as well as the plethora of challenges thrown at anyone who finds it necessary to not let someone else run their business.
Sunday 1700 Noether (2 hours)
How Anonymous Narrowly Evaded Being Framed as Cyberterrorists
Gabriella "Biella" Coleman
Over the years, Biella has used many different words and phrases to describe Anonymous: hydra, trickster, confusing, enchanting, controversial, frustrating, unpredictable, stupid, and really stupid. But rarely has she ever argued seriously against the idea that Anonymous is tantamount to cyberterrorism. How did Anonymous avoid the title of cyberterrorists when they were perfectly positioned to earn it? Biella will discuss the reasons such as the adoption of the Guy Fawkes mask, the timing of their most important operations, and the role of pop cultural representations of hackers like Mr. Robot that allowed them to narrowly escape this designation.
Friday 1300 Lamarr
How to Start a Crypto Party
Learning about encryption tools can be intimidating. If you don't feel comfortable with a computer, or are deathly afraid of some long-winded mansplaining of how something works, it's probably a nightmare or doesn't feel worth doing at all. And who cares about combating NSA surveillance when you get frustrated/annoyed at "all this computer stuff?" Enter the Crypto Party: a nonhierarchical space to get together and ask questions, learn from each other, and ideally to leave the event with encryption and anonymity tools set up on your computer. It's a space to eat snacks, get answers, and, if no one knows, you can figure it out together. There are solutions to resist surveillance, but it is still a problem of accessibility to get the solutions to the people in a way they can understand. And there are already enough borders in this world! In this talk, Comet Crowbar will share her experience with organizing monthly crypto parties in the Boston area. Having been "crypto-ized" while living in Berlin, she was inspired by the do-it-yourself crypto parties she encountered there, and has aspired to bring the idea back to occupied Turtle Island. And so far, so good. Comet will also show examples of her zines and artwork that she uses as a medium to bring political issues to the mainstream by creating culture. Become the media! And start a crypto party in your hometown. This talk is for everyone and will be using accessible language.
Friday 1800 Friedman
How to Torrent a Pharmaceutical Drug
Michael Swan Laufer, Bethany (Benny) Koval
Why are people still being left to die from treatable diseases when they can't afford the arbitrarily inflated prices of patent-protected medications? As hackers, we believe that when the infrastructure fails, we must have a way to fall back to DIY methods. Medicine should not be an exception to this. Pharmaceuticals are just chemicals, chemicals are made using chemistry, and chemistry can be automated. Come learn how anyone can make patent-protected medications at home using a new open-source automated chemical reaction chamber made from off-the-shelf parts. One no longer has to have a science background to do chemistry. We can save our own lives. Speakers will detail how the mechanism can be built, how it is programmed, and distribute the plans and programs live at the talk. The programs for drug synthesis and the design of the mechanism can be shared over any digital channel - and can be improved and modified by any end user. A highly controversial drug will be synthesized live on stage during the talk.
Friday 1100 Friedman
I "Hacked" for China
For six months, Zimmer was hacker-in-residence for a top Chinese engineering university, tasked with mentoring students and building projects. He encountered brilliant Chinese hackers and incredible startups and built several projects aimed at reducing air pollution in Beijing. After his residency, he stayed in Beijing for four months and helped to cofound Q Space, Beijing's first feminist makerspace which now holds regular workshops and events, and has over 300 members in their group chat. If you've ever wanted to travel to China as a hacker, Zimmer will be happy to share everything he wishes he knew before he went.
Friday 1100 Lamarr
Information Overload and the "Last Foot" Problem
Nick Lum, Andrew Cantino
There's so much to read and so little time. Unlike past generations who awoke to find a single newspaper on their doorstep, we open our smartphones and computers to find thousands of newspapers, websites, and blogs beckoning our attention. With this deluge of reading material, we're left with a "last foot" problem: how do we get all this information from our screens into our brains? This talk will give a brief history of the written word, describe neurological aspects of the reading process, and explore some of the new innovations that aim to let us read more quickly and efficiently on-screen.
Saturday 2200 Friedman
Iridium Satellite Hacking
Stefan "Sec" Zehl, schneider
The Iridium satellite system has been in orbit for over 15 years now and provides various data and voice services. This talk will show how to use Software Defined Radio (SDR) to receive and decode data from the Iridium satellite network and how a lot of reverse engineering was performed to understand the protocol and decode the details.
Sunday 1200 Noether
Is the Brain the Next Hackable Driver?
Do our EEG, fMRI, and other biometric data contain the essence of who we are and what we think? In the future, could this data be used as an identifier for security and thought modification as well as exploring virtual worlds? If our "brainotypes" or "brain fingerprints" and concurrent cognitive processes are monitored, how do we prepare for this looming horizon? Though no one is entirely sure, these questions invite both scientific and metaphorical approaches addressing these issues. Ellen will discuss the emergence of technologies, research, and methods on brain datatyping; privacy and its ethical implications; sending and receiving motor commands between two different brains; moving robotic prosthesis through thoughts; the formation of memory; manipulating memory via frequencies of light; and hacking brain computer interfaces (BCIs) to extract vital information. Keeping these methods and techniques in mind, she will also show a brief excerpt from her own creation "Noor - a Brain Opera" which asks the question "Is there a place in human consciousness where surveillance cannot go?"
Friday 1400 Friedman
Keynote Address - Cory Doctorow
We are so stoked to have Cory Doctorow as our keynote this year. We've been trying to get the stars to align for many HOPEs, and this time they did. But we're glad we waited until now, since so much has happened in the past few years that Cory has been on top of - Snowden, Manning, privacy, copyright issues, surveillance - and his talk will no doubt open your eyes even more. As co-editor of Boing Boing, special advisor to the Electronic Frontier Foundation, a prolific writer of both fiction and non-fiction, and a vocal proponent of changing our copyright laws, Cory really has a lot of super-important and relevant thoughts to share with our HOPE audience.
Saturday 1300 Lamarr, Noether, Friedman
Leak Hypocrisy: A Conversation on Whistleblowers, Sources, and the Label "Espionage"
Jesselyn Radack, Carey Shenkman, Naomi Colvin
The two-tiered injustice system: high-level officials who leak for political gain get cover; those blowing the whistle on crimes and abuse face decades in prison. The problem is urgent, costing daily the liberty of Edward Snowden, Chelsea Manning, and many whistleblowers, as well as the liberty of Julian Assange, a publisher. In this critical moment, join two leading lawyers and the Courage Foundation for a conversation on attacks on freedom of expression, the failure of internal oversight mechanisms, the serious need for a "public interest" defense for truth tellers, and the promise of a growing international movement to promote and protect them.
Saturday 1100 Lamarr
LinkNYC Spy Stations
Deborah Natsios, John Young
The infamous team from cryptome.org and cartome.org will report on the new LinkNYC kiosks' origins, legislation, design, manufacture, installation, and operation, along with the civil liberties threat they pose and options we can implement to inhibit and avoid their spying capabilities.
Sunday 1100 Lamarr
Lockpicking in Real Life versus on the Screen
Nite Owl, Max Power, Deviant Ollam, and many others from TOOOL and Locksport International
We all know that Hollywood has a difficult time portraying hackers accurately. This quirk often extends to the realm of showing lockpicking in movies and on TV. But sometimes, a film gets it really right! This talk is both an introduction to lockpicking (in case you still need to learn) as well as a walk through some of the best - and some of the worst - scenes of lockpicking that have ever been seen by movie and TV audiences. Learn about how to be a better lockpicker and a better filmmaker... all at the same time!
Saturday 1600 Lamarr
LockSport Roadshow: Bring Your Oddities!
TOOOL and friends
There have been plenty of talks at HOPE teaching you to pick conventional locks. But what about non-conventional locks? This panel - which will require much audience participation - is all about unique and interesting locks. Have a weird lock or even a strange key and want to know more about it? Bring it to the stage! If you can stump our esteemed panel, you'll win a prize! Don't be shy... bring out your unique and strange lock hardware and, if you're really brave, give the panel a chance to try to pick it!
Friday 1900 Lamarr
Matehacking: Legalizing Autonomous Production and Permaculture - Establishing a Hack Farm
Fabrício do Canto
This talk will focus on a proposal to create a "mate hacking farm." Technologization is running full power in the direction of monoculture and industrial mass scale drying of mate using eucalyptus burning as an energy source. This will bring dramatic ethnological and environmental impact to the South American Pampas. Hackers can play an important role by developing easy to construct, recycled, upcycled, and DIY technology for the decentralized production of yerba mate in both traditional and new ways. This draws attention to the need for a solution for food sovereignty in the southern hemisphere. The "mate hacking farm" would be a fantastic place to tunnel in, get wired, and push new technologies and open-source forest management solutions. Any activistic, fantastical, solidary and commerce-free ideas and concepts are welcome to be executed there and planned for now.
Friday 1200 Friedman
The Mathematical Mesh and the New Cryptography
Recent events have reminded us again of the urgent need to make encryption ubiquitous on the Internet. Yet, with the exception of Transport Layer Security, encryption remains the domain of "expert" users. Hope X (2014) was held in the immediate aftermath of the publication of the Snowden papers. In the two years since, there have been many important developments in the standards world (in particular, IEEE, IETF, W3C) that are designed to defeat mass surveillance. These efforts include randomized MAC addresses for Wi-Fi, Certificate Transparency, and DNS privacy. This talk will review those efforts and provide a preview of the next generation of cryptographic applications currently being built. The PrismProof email system described at Hope X has become the core of the Mathematical Mesh, an infrastructure that solves the encryption usability problem. Once a device is connected to a user's Mesh profile, all the network application settings (including for OpenPGP, SSH, etc.) are managed automatically from an application controlled by the user. Solving the usability problem and the current move to elliptic curve based cryptography allows Internet security to move beyond the limited cryptographic primitives used in TLS, SSH, and OpenPGP. Public key encryption offers more than just encryption and signatures. Future message encryption schemes will allow end-to-end secure communication within groups of users without the sender having to create decryption material for each intended recipient.
Sunday 1700 Lamarr
Medical Devices: Pwnage and Honeypots
Scott Erven, Adam Brand
We know medical devices are exposed to the Internet both directly and indirectly, so just how hard is it to take it to the next step in an attack and gain remote administrative access to these critical life saving devices? This talk will discuss over 30 CVEs Scott has reported over the last few years that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. Over 100 remote service and support credentials for medical devices will be presented. So is an attack against medical devices a reality or just a myth? Now that we know these devices have Internet facing exposure and are vulnerable to exploit, are they being targeted? Scott and Adam will discuss six months of medical device honeypot research, showing the implications of these patient care devices increasing their connectivity and steps that can be taken to reduce risk associated with these life saving devices.
Saturday 1500 Noether
Mesh VPN with Service Discovery
Tinc provides a secure mesh VPN for any number of hosts. Spencer and his friends used this to build a network linking their homes, laptops, and various hosted machines. They started doing some cool things with it such as UPnP and NFS, things that would be impossible to do securely over the public Internet. This talk will highlight their experiences along the way.
Friday 2100 Friedman
Monitoring Dusty War Zones and Tropical Paradises - Being a Broadcast Anthropologist
Tuning in distant foreign radio and television stations is a conduit to unique and exotic information. These signals are often confronting, uncensored, and unsanitized. In the western world, we blur or pixelate images of death and torture, but signals from war zones or rebellions show tragedies happening live on the air. Other signals broadcast the joy of life on this planet through exotic song, music, and film. Digital wide-band recordings of the electromagnetic spectrum allow virtual time travel, a form of mental teleportation whereby recorded spectrum is tuned to hear stations as if they were being tuned in real time. Take a virtual tour of Mark's monitoring station in Sydney, Australia which is wired to access the world's mass media via whatever delivery conduit is needed to capture the content. The station receives hundreds of thousands of inbound digital audio and video channels that let him monitor domestic radio and television from most parts of the world. If he wants to watch breakfast television from Tibet, or maybe the nightly news from the remote Pacific islands of Wallis and Futuna, then it's available in perfect studio quality. You'll also see his visits to remote broadcasters and rare, uncensored video from telejournalists that captures the tragedies and joy served up by our planet.
Saturday 1000 Lamarr
National Security Letters: The Checks and Balances Aren't Strong Enough - Sometimes They're Nonexistent
Twelve years have passed since Nicholas Merrill first began his lawsuit challenging the constitutionality of the USA PATRIOT Act and, specifically, the warrantless searches known as National Security Letters (NSLs). Now that he can tell the full story, what really happened? How much has actually changed because of the 12-year court case? If the government lost, why are NSLs still being issued at a rate of 50,000 per year? Who is doing anything about this problem, and what are they doing? What are the respective roles of litigation, legislation, and technical approaches to the issue of privacy?
Friday 2200 Noether
The Next Billion Certificates: Let's Encrypt and Scaling the Web PKI
Let's Encrypt is a free and automated certificate authority to encrypt the web, launched in December 2015. Jacob will explain why HTTPS is important to Internet freedom and the role certificate authorities play. He'll give an introduction to the ACME protocol that Let's Encrypt uses to automate validation and issuance, discuss Let's Encrypt's progress by the numbers, and outline some of its future plans.
Sunday 1000 Lamarr
Now and Then, Here and There
In the last few years, the Internet Archive (archive.org) has steered deeply into the worlds of software history, hacker presentations, and artifacts from all parts of technology's past and present. Jason Scott, the Archive's software curator and inside man, walks through both the current stacks of technology and hacker culture history and reveals in what directions the nonprofit library hopes to expand. Lots of amusing imagery and endless lost weekends will ensue.
Saturday 2200 Lamarr
The Onion Report
asn, John Brooks, Nima Fatemi, David Goulet
The Tor community, network, and ecosystem are growing and evolving at a very fast pace - from new secure applications using Tor to deploying relays in public libraries around the world. Tor as a project, but first and foremost as a large community, is at the forefront of technical, social, economical, political, and cultural battles pertaining to anonymity and basic human rights. This talk will cover the state of Tor on all levels: organizational, community, and technical. Recent and upcoming software developments, movement in onion (aka hidden) services land, attacks on the network and how we are fighting back, community projects, and much more will be covered. This is not about the Dark Web but rather about a Secure Web (copyleft pending).
Friday 1600 Lamarr
Only You Can Stop Police Surveillance - Here's How
Matt Cagle, Mariko Hirose, Jared Friend
As America debates policing reforms, police departments continue to rapidly acquire surveillance technology in secret, often with federal grant funds. Whether it's Stingray cell surveillance devices or social media monitoring software, invasive tools are being deployed without democratic debate or safeguards to prevent racial profiling. But while this war against surveillance may seem like a losing one at times, advocates are winning key battles in cities across the U.S. Join civil liberties advocates and ACLU attorneys from New York, San Francisco, and Seattle for a discussion of how to increase transparency, frame the debate, and create meaningful policy reforms that protect civil liberties and civil rights.
Friday 1300 Noether
Open Source Malware Lab
The landscape of open-source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open-source tools that satisfy the analysis requirements for each of these entry points. Each tool's output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open-source software.
Saturday 2100 Noether
Orbital Mechanics Ate My Weblog
Edward K. Beale
At high latitudes, orbital mechanics make deep-ocean Internet almost impossible. In most cases, it is not wattage, atmospheric attenuation, latency, or antenna position that are the culprits - it is geometry. In 2001, Edward blogged about his voyage to Antarctica aboard an icebreaker as lead helicopter pilot. Twelve years later, he completed a full shipboard circumnavigation and delivered a daily weblog to several hundred crowdsourced readers, later self-published in the book West By Sea. Across those years, Internet access got better, but at high latitudes it still sucked. In addition to sea stories about massaging crappy packets, this talk outlines the basics of deep ocean bandwidth in layman's terms, gives a short modern history of the tools and tech, outlines new innovations that meld terrestrial and orbital bandwidth for offshore users, and focuses on the burgeoning need for better solutions at high latitudes.
Saturday 1100 Friedman
The Ownerless Library
Managing a subversive digital library takes courage: Julian Assange is in exile and the founders of The Pirate Bay received prison sentences. How can we design a digital library without a central administrator to attack? To meet this challenge, we'll sneak data into the Bitcoin blockchain, permanently destroy bitcoins, and build a peer-to-peer network entirely out of browsers. If we do it right, we won't be able to take the library down even if we wanted to!
Saturday 1700 Friedman
The Panama Papers and the Law Firm Behind It: Shady Lawyers Caught With Their Pants Down
Alexander Urbelis, Manos Megagiannis
The Panama Papers are beyond question one of the most significant acts of whistleblowing next to the Snowden revelations. Yet, the full measure of what has been leaked remains to be disclosed to the public, raising considerable questions about what happened, who is implicated, and the legal and illegal acts of Mossack Fonseca, the law firm behind the breach. This talk will review what the Panama Papers leak is, introduce the breached law firm, examine Mossack Fonseca's explanation of the breach, deconstruct and debunk their explanation, present MF systems that were more likely the cause of the breach, present alternative and more plausible theories of the breach, examine MF communications that indicate questionable and possibly illegal activity within and without the United States, step through the legal implications of MF's activities, identify the right Infosec questions clients should be asking of law firms, and provide a question and answer session to ruminate about the breach and its source.
Friday 1400 Lamarr
A Penetration Tester's Guide to the Azure Cloud
The wide adoption and the benefits of cloud computing has led many users and enterprises to move their applications and infrastructure towards the Cloud. However, the nature of the Cloud introduces new security challenges, therefore organizations are required to ensure that such hosted deployments do not expose them to additional risk. Auditing cloud services has become an essential task and, in order to carry out such assessments, familiarization with certain components of the target environments is required. This talk will provide insight into the Microsoft Azure Cloud service and present practical advice on performing security assessments on Azure-hosted deployments. More specifically, it will demystify the main components of a cloud service and dive further into Azure-specific features. The main security controls and configurations associated with each of the mainstream Azure components will also be explored. Areas that will be covered include role-based security, secure networking features, perimeter security, encryption capability, auditing, and monitoring of activities within the Azure Cloud environment. Additionally, the talk will include the demonstration of a new tool that uses the Azure PowerShell cmdlets to collect verbose information about the main components within a deployment. The tool also provides functionality to visualize the components within a network infrastructure using an interactive representation of the topology and the associations between the deployment's components.
Friday 2000 Noether
The Phuture of Phreaking
The Cheshire Catalyst
Phone phreaking has always been about the exploration of the PSTN (Public Switched Telephone Network). Richard Cheshire will discuss phreaking in the age of VoIP (Voice over Internet Protocol). Downloading the Phone Loser's blue box app is not a prerequisite.
Friday 1000 Noether
Presidential Twitter Bot Experience
Until a few months back, Argentina had a monarchy-styled government that included huge corruption, nepotism, and political violence. Néstor Kirchner was president for four years, then his wife, Cristina Fernández de Kirchner, was president for the following eight years. Instead of giving press conferences, she used the official Twitter account (@CFKArgentina) to spread Goebbels-styled propaganda, send threats to the opposition, and exalt fanatics of all kinds. This talk will explain the adaptation of an old chatter bot engine designed for a porn web site that now is used for a fake presidential Twitter account. Day by day, lots of political tweets are answered by this bot and almost no one detects that a piece of code is responsible for the mise-en-scène.
Sunday 1200 Friedman
Privacy, Anonymity, and Individuality - The Final Battle Begins
First came the assault on privacy. Name, address, telephone, DOB, SSN, physical description, friends, family, likes, dislikes, habits, hobbies, beliefs, religion, sexual orientation, finances, every granular detail of a person's life, all logged, indexed, analyzed and cross-referenced. Then came the gathering of location and communication data. Cell phones, apps, metro cards, license plate readers and toll tags, credit card use, IP addresses and authenticated logins, tower info, router proximity, networked "things" everywhere reporting on activity and location, astoundingly accurate facial recognition mated with analytics and "gigapixel" cameras and, worst of all, mindlessly self-contributed posts, tweets, and "check-ins," all constantly reporting a subject's location 24-7-365, to such a degree of accuracy that "predictive profiling" knows where you will likely be next Thursday afternoon. Today we are experiencing constant efforts to shred anonymity. Forensic linguistics, browser fingerprinting, lifestyle and behavior analysis, metadata of all types, HTML5, IPv6, and daily emerging "advances" in surveillance technologies - some seemingly science fiction but real - are combining to make constant, mobile identification and absolute loss of anonymity inevitable. And, now, predictably, the final efforts to homogenize: the "siloing" and Balkanization of the Internet. As Internet use becomes more and more self-restricted to a few large providers, as users increasingly never leave the single ecosystem of a Facebook or a Google, as the massive firehose of information on the Internet is "curated" and "managed" by persons who believe that they know best what news and opinions you should have available to read, see, and believe, the bias of a few will eventually determine what you believe. What is propaganda? What is truth? You simply won't know. In a tradition dating back to the first HOPE conference, for three full hours Steven Rambam will detail the latest trends in privacy invasion and will demonstrate cutting-edge anonymity-shredding surveillance technologies. Drones will fly, a "privacy victim" will undergo digital proctology, a Q&A period will be provided, and fun will be had by all.
Saturday 1700 Lamarr (3 hours)
Privacy Badger and Panopticlick vs. the Trackers, Round 1
William Budington, Cooper Quintin
Increasingly, as you navigate the web, your movements are being tracked. Even when you reject browser cookies, you transmit unique information that makes your browser personally identifiable. Ad tech and tracking companies are transforming the web into a platform where your user data is brokered and exchanged freely without your consent or even knowledge - and there is a true absence of limits to the methods trackers are willing to use to get that data from you. Luckily, there is hope. The Electronic Frontier Foundation (EFF) has been developing technologies that let you know exactly how much of this data you are giving out as you browse, as well as releasing tools to help you protect yourselves against the trackers. Panopticlick and Privacy Badger help you keep your personal data private - and this talk will show you how.
Friday 1800 Lamarr
SecureDrop: Two Years on and Beyond
Two years ago, Freedom of the Press Foundation introduced HOPE to their just-launched SecureDrop project, the open-source whistleblower submission system for journalists and news organizations that was originally created by the late Aaron Swartz. Now over three dozen news organizations around the world are using SecureDrop, and they've learned a ton about how journalists and sources interact securely. This talk will share a lot of this information for the first time. How is SecureDrop working in newsrooms? What challenges and threats does the system face? And what does the next generation SecureDrop look like?
Friday 2000 Lamarr
The Securitization of Cyberspace and Its Impact on Human Rights
Sacha van Geffen, Mallory Knodel, Stefania Milan, Camille Francoise
A handful of representatives from governments, the private sector, and civil society comprise an international working group of the Freedom Online Coalition (called "An Internet Free and Secure") that is tasked with harmonizing human rights and security. But protected rights like privacy and free speech already are security. Rights and security are not antithetical; they are compatible. Government power and corporate profits fuel the rights versus security narrative that has dominated the U.S. and Europe since the introduction of the U.S. Patriot Act. To dislodge this dominant narrative, this panel has developed over the course of two years a human rights respecting definition of cyber security and a normative statement of policy recommendations for how cyber security policy should be written and implemented if it is to truly be secure, e.g. to protect human rights.
Sunday 1100 Noether
Security Options for High Risk Travelers
Aggressive surveillance and espionage has long been a fact of life for government agents traveling to hostile nations but, increasingly, economic espionage is waged against visitors who neither have the expectation that they're a target nor the resources to adequately defend themselves from plausible threats. This talk will present tools, techniques, and procedures which will allow non-nation-state international travelers to defend themselves from government, criminal, and commercial monitoring, with a bias toward free and open-source options readily adopted by potential targets.
Friday 2300 Noether
Seven Continents: A Telecom Informer World Tour
As The Telecom Informer, TProphet has traveled all over the world and visited all seven continents. Everyone knows that different countries have different cultures, but did you know that there are different telephone cultures? The way that people use and interact with telecommunications services is different all over the world. Learn about some of the off-the-beaten-track places he has visited (such as Antarctica, Ecuador, Myanmar, and North Korea) and how, no matter where you live, phones bring the world closer together.
Friday 2100 Noether
Behind the scenes on most any large entertainment production today - from an arena spectacle to a theme park dark ride, from a concert tour to a Broadway stage - you will find Ethernet switches, cat 5 cables, and IP addresses all playing a critical role carrying a variety of control protocols that make these sophisticated shows possible. In this talk, John Huntington, author of Show Networks and Control Systems, will give an overview of the ways that networks are used on shows, and why and how we use equipment from traditional IT applications. In addition, applications from real shows will be featured, including a detailed exploration of the sophisticated control network for the Gravesend Inn haunted attraction.
Friday 1300 Friedman
The Silk Road to Life without Parole - A Deeper Look at the Trial of Ross Ulbricht
Joshua Horowitz, Andy Greenberg, Patrick Howell O'Neill, Alex Winter
Join Joshua Horowitz, one of Ross Ulbricht's defense attorneys, tech journalists Andy Greenberg and Patrick Howell O'Neill, and filmmaker Alex Winter for an in-depth discussion of the Silk Road case. All panelists attended Ulbricht's trial. Greenberg and O'Neill have written extensively about the now legendary black market's rise and fall and Alex Winter directed the documentary Deep Web, with exclusive access to the Ulbricht family and defense team. In this panel discussion, they'll examine the less-discussed aspects of Ulbricht's case, including the role of two corrupt federal agents in the Silk Road investigation, the indictment of Ulbricht's alleged mentor and consigliere Variety Jones, and Ulbricht's controversial life sentence without parole.
Saturday 1600 Noether
Slicing and Dicing Espionage: The Technical Aspect of Hunting Spies
James M. Atkinson
TSCM (Technical Security Countermeasures) is the U.S. federal government's abbreviation for electronic counter-surveillance. This talk is about the art and science of TSCM and how it's used to actually catch spies in the act. It will include photos and visual aids about how a TSCM professional goes from a mere hunch to tracing the spy right to their listening post. While this presentation will obviously be unclassified, it will focus on facilities used by the U.S. intelligence community and DoD contractors, methods used to "sweep" these targeted locations for electronic surveillance, and how actual "bugs" were found. It will include sufficient technical detail to enable the HOPE audience to apply technical search methods to their own locations and communications equipment. This will be a distinctly hardware or physical layer oriented presentation, which will assume a limited knowledge by the attendee of the physical aspects of technical espionage. The presentation will cover an actual espionage operation uncovered using these methods, and what was done to exploit the spy who was exploiting the bug, and how they were neutralized. Methods used for frustrating technical spies, including state actors, will be discussed, as well as methods for identifying an informant within a group. The concept of "nexus" will be discussed as it applies to counterespionage and how scientific methods are used to locate a nexus between the target and a pathway, between the pathway and the listening post, and from the listening post to the spy. This talk is designed to have a broad appeal, and will include details about bug sweeps and spy hunting jobs that the speaker recently led. The audience may become a bit paranoid learning how vulnerable they are to illegal electronic eavesdropping, but methods will be presented on how they can lawfully enhance their privacy. Legal protections that U.S. citizens have against government eavesdropping, and how to frustrate state-sponsored eavesdroppers, will be discussed - as well as how and where to look for bugs and other eavesdropping devices and how to use improvised methods when only low-tech tools are available. Highlighting this talk will be examples of four specific bug sweeps (two CIA cover operations and two DoD contractor locations) and, while it will not include classified information, the U.S. government will not be amused. Photographs, blueprints, drawings, cable traces, spectrum analyzer screenshots, and related measurements will be shown so the audience can grasp the art and science of effective TSCM.
Friday 2100 Lamarr
Smart Cities and Blockchains: New Techno-Utopian Dreams or Nightmares?
Burcu Baykurt, James Cropcho, Benjamin Dean
History is littered with techno-utopian visions, particularly those of powerful American industrialists. Henry Ford's Fordlandia, Walt Disney's Epcot, Peter Thiel's Seasteading. Technologies play a recurring role in inspiring and enabling these attempts to forge or impose new governmental and/or social relations. Techno-utopian dreams are once again emerging in the form of sensor and data-driven "smart" cities and decentralized, blockchain-based organizations. What are the similarities and differences between techno-utopian visions over time? What role does technology play in forming and operationalizing these visions? Who ultimately defines what a perfect society is? How does this determine whether the techno-utopian visions end up as dreams or nightmares?
Friday 1900 Noether
Emmanuel Goldstein and friends
Since 1994, we've had a lot of fun with this panel, where we not only share stories of some of our most memorable social engineering adventures of years past, but we try and create some new memories live on stage over a good old-fashioned telephone line. For those not familiar, social engineering is the art of getting information out of people, information that you usually have absolutely no business possessing. The ability to gain a stranger's trust, knowing what to ask for, and (perhaps most importantly) how to deal with failing miserably are all vital skills in the pursuit of unauthorized information. This panel is open to suggestion on targets to try, as well as open to new panelists who want to share their stories and skills. Leave your info at the information desk. (Be sure to include your Social Security number and mother's maiden name.)
Saturday 2100 Lamarr, Friedman
Spy Hard with a Vengeance: How One City Stood up to the Department of Homeland Security
aestetix, Brian Hofer
Sunday 1500 Noether
Stealing Bitcoin with Math
Filippo Valsorda, Ryan Castellucci
Bitcoin is the best thing that ever happened to bored applied cryptographers: it's a public database of keys and signatures made by quickly developed software that, when broken, drops money as if it was loot. This talk will look at mistakes old and new that enabled attacks: from ECDSA repeated nonces to using Math.random to make keys, from double spending and transaction malleability to crappy brainwallets. The bad news is that most vulnerable wallets were emptied a long time ago. The good news is that we get to look at how (and how fast) "cryptocriminals" operate in the process. In any case, new tools that implement some of the attacks will be demoed and released. No need to be a Bitcoin or crypto wizard - everything you need in order to understand what those poor victims didn't will be explained.
Saturday 2000 Lamarr
Sunset or Evolution of the PSTN?
The public switched telephone network has seen better days. With interest diverted to the Internet and mobile services, the venerable PSTN that we know and love seems like it's ready for the knackers. But maybe that's not quite right. True, the dominant carriers have let their wireline networks rot, and the TDM technology that seemed so advanced two decades ago is this year's black-and-white TV set. But the PSTN has undergone many rounds of evolution, from cord switchboards to Strowger dial to common control to analog ESS to digital. Now SIP signaling and IP networks are taking over. It's the big carriers who want to claim that this is no longer the PSTN so that they can get out of their regulatory obligations and exercise their remaining monopoly muscle. And the folks in Washington who are supposed to be supervising this still haven't figured out what VoIP is, so no wonder it's all such a mess. Let's see where the PSTN is going and what that means to us.
Sunday 1400 Friedman
Surveillance Gives Me Chills
In surveys, users say that government surveillance affects their online behavior, but users could always be lying. Join Alex as he takes you through the latest research on the effect of surveillance on actual user behavior - some of it his own - and connects this research to government and corporate efforts to chill and censor "extremist content" on the Internet.
Saturday 1000 Friedman
This Key is Your Key, This Key is My Key
Deviant Ollam, Howard Payne
We all know that the four most common passwords are love, secret, sex, and god. Like default passwords, locks are often keyed alike for convenience, perceived safety, or for economic and other reasons. This talk explores the idea of "popular keys" and how many lock systems are secured by easily guessable keys.
Sunday 1500 Lamarr
Artist and lifelong nerd Johannes Grenzfurthner takes us on a personal road trip from the West Coast to the East Coast of the USA to introduce us to places and people that shaped and inspired his art and politics. Traceroute wants to chase and question the ghosts of nerd-dom's past, present, and future. An exhilarating tour de farce into the guts of trauma, obsession, and cognitive capitalism. The film features interviews with Matt Winston, Sandy Stone, Bruce Sterling, Jason Scott, Christina Agapakis, Trevor Paglen, Ryan Finnigan, Kit Stubbs, V. Vale, Sean Bonner, Allison Cameron, Josh Ellingson, Maggie Mayhem, Paolo Pedercini, Steve Tolin, Dan Wilcox, Jon Lebkowsky, Jan "Varka" Mulders, Adam Flynn, Abie Hadjitarkhani, and more. A question and answer session will follow the film.
Friday 2200 Friedman (2 hours)
The TSA Keys Leak: Government Backdoors and the Dangers of Security Theater
DarkSim905, Johnny Xmas, Nite 0wl
In late 2015, hackers revealed yet another threat to American privacy, but this time it hit far closer to home than credit cards and Social Security numbers. The master keys the TSA uses to inspect all luggage being placed on an airplane were now available to anyone with a 3D printer! Three of the primary contributors to the leak and the subsequent reproduction of those keys will discuss their trials and tribulations during the event, including why government backdoors like key escrow are a really bad idea, the preposterousness of 3D printing keys in the first place, how the media completely missed the point of the entire operation, and how journalism doesn't actually even exist anymore. This will be a comprehensive discussion of literally every aspect of the TSA keys leak from top to bottom, including the release of previously undisclosed research. No talk of this magnitude has been given at any con on this topic! Notice: This talk will include the first public release of a brand new master key!
Saturday 2300 Lamarr
Tuning in to New York City's Pirates of the Air
Pirate radio in New York City is a homegrown cultural phenomenon that is at once aesthetically vibrant, technologically tumultuous, and undeniably illegal. Emanating from clandestine studios and hidden transmitters, the sounds of Kreyol, Yiddish, Spanish, and Caribbean-accented English waft into the urban atmosphere. On an average night in Flatbush, Brooklyn, it's not uncommon to be able to hear as many as three dozen pirate stations between 87.9 and 107.9 Mhz. This flowering of outlaw micro-radio stations in Brooklyn and throughout the greater New York City region is a major disruption to the status quo of corporate controlled, robo-playlisted mega stations. Their unregulated presence and programming often reflects the throb and hum of a diverse city more authentically than traditional media outlets. Join radio producer David Goren for an audio tour of these stations featuring the music, programs, and personalities that make up New York City's pirate radio scene.
Friday 1900 Friedman
Understanding Tor Onion Services and Their Use Cases
asn, Nima Fatemi, David Goulet
In the last few years, we've seen more and more interest in Tor onion services (aka Tor hidden services). They are used by press to host whistleblowing platforms, by activists who want to set up a website that authorities want to shut down, by service providers to offer more security to their users, and for tons of other uses as well. This panel will be presenting the technical aspects of Tor onion services as well as interesting use cases. As the onion service protocol aged, weaknesses started to appear in its design. For this reason, the speakers have been working since 2013 on the next generation onion service protocol. You'll get a status update on their progress, an explanation of the improvements it brings, and also why it is greatly needed.
Saturday 1200 Noether
Water Security: Are We in De-Nile or In-Seine? Water Policies, Availability, Geeks Without Bounds and You
Chris Kubecka, Lisha Sterling
The backbone of a modern society is clean, available water. Without clean water, production plants falter due to corrosion, lack of cooling capability, or unsteady supply. However, in many if not most parts of the world, water safety is a challenge. This presentation gives an introduction to some of these challenges, trying to ensure clean, available water and the consequences of unfiltered, dirty water. The focus is on what you can do to help solve this challenge. You, the technologist, the hacker, the lockpicker, the everyday person, can help devise better systems to solve some of these challenges. Geeks Without Bounds works around the world setting up solution-oriented hackathons that put participants in the driver's seat working together on technology issues to make the world a better place.
Saturday 1000 Noether
What is a "Neutral Network" Anyway? An Exploration and Rediscovery of the Aims of Net Neutrality in Theory and Practice
Jeremy Pesner, Kate Forscey, Bob Frankston, Sam Gustin, Alfredo Lopez, Jesse Sowell
This spring, the FCC's net neutrality rules were upheld in court, giving the commission license to regulate the Internet as a public utility and ensure that all users are treated fairly. However, the question remains as to exactly how net neutrality should be implemented and how well the concept applies to not only the Internet of today, but tomorrow. Panelists will discuss the tensions between applying the idea of net neutrality to the pragmatics of the Internet's operations and the very real social and policy consequences of such decisions. By combining and contrasting legal, activist, technical, journalistic, and academic perspectives, they will dig deep into the thoughts and aims behind net neutrality and derive a more nuanced and effective assessment of what is needed to create an Internet that works for everyone. The panelists have discussed, taught, and deliberated these issues in university, government, and social settings, and boast employment/affiliations with MIT, Harvard University's Berkman Center for Internet and Society, ACM, IEEE, Columbia University's School of Journalism, VICE Media, May First/People Link, and Public Knowledge.
Saturday 1100 Noether
What Really Happened? Fact, Truth, and Research Techniques
Anyone can tell you something is true because they "researched" it. Evan will present some methods of performing historical research that stand up to challenges. Some of the methods are useful for social hacking, however the scope does not include any coding or technical subjects.
Friday 1600 Friedman
What the Fuck Are You Talking About? Storytelling for Hackers
Humans are storytelling beings. From the moment the primordial ooze Mendelized itself into something like consciousness, we have been telling yarns: about the harvest, about the Gods, about the giant cats that wanted to eat us. But - for fuck's sake! - hackers are bad storytellers. Misunderstood by the media (and we're not even talking about the mainstream press!), ripped apart by their own peers, often incomprehensible and boring. But whhhhyyyy??? What's going on in the hackersphere is probably shaping the future of our civilization. Narratology refers to both the theory and the study of narrative, and narrative structure and the ways that these affect our perception. You should come and listen, because it might save our movement - and more.
Saturday 2000 Noether
What the Hack? Perceptions of Hackers and Cybercriminals in Popular Culture
Aunshul Rege, Quinn Heath
How are hackers portrayed in the media? What are the typical stereotypes? How does the hacking community feel about the term "hacker," gender portrayals, and depictions in movies and television shows? This panel hopes to answer all of these questions and more! Aunshul and Quinn were at HOPE X, talked to attendees then, and asked about their thoughts on the ways hackers were presented in the media. They are now back to share what they've found and to get more of your thoughts! Expect lots of interaction, conversation, and (possibly) heckling.
Friday 1100 Noether
When Video Is Not Standard Output
In a GUI-dominated cyberspace, the blind user is prey. When a UX change can mean the difference between productivity and disenfranchisement, when an interstitial scareware alert is indistinguishable from a legitimate error dialog, and when security cannot be established because accessibility is left to the aftermarket, the frustrating onus upon a non-visual user exceeds the empowerment the sighted user takes for granted. This talk will shed light on some of these invisible "gotchas."
Saturday 1200 Friedman
When Vulnerability Disclosure Turns Ugly
Sam Bowne, Alex Muentz
Sam was accused of illegal hacking in the SC Magazine article "Professor Hacks University Health Conway in Demonstration for Class." That article made a mess so big, it took a real lawyer, Alex Muentz, to clear it up. Sam will explain how this happened and Alex will then explain how he handled this and offer informed advice on the laws around vulnerability disclosure, along with how to use the media effectively. In addition, Alex will describe a few other cases where attempts at responsible disclosure went wrong, what had to be done to fix it, and how the disclosure should have been done.
Friday 1200 Lamarr
Who's Killing Crypto?
Amie Stepanovich, Drew Mitnick
Governments have gotten really good at coming up with ways to undermine encryption. They can outright ban the use of certain types or strengths, place trade restrictions, mandate the insertion of backdoors or vulnerabilities, work with companies directly to undermine the encryption standards, arrest executives for failing to comply with orders, and seek assistance from courts through antiquated, off topic laws. In this presentation, Amie and Drew will compare various approaches and provide the historical context that better illustrates how and why such restrictions are doomed to either fail or worsen the state of digital security. The session is planned to be part history lesson and part overview of the current state of encryption debates. The discussion will include where panelists think the law of encryption should and will go, and provide details on the campaigns that have been run at Access Now to promote the unrestricted use of encryption.
Friday 1200 Noether
Women in Cyber Security
Renee Pollark, Debora Gondek Moderator: Cindy Cullen
With 11 percent of the cyber security workforce being women, why is it important to encourage women to be involved? How is security done differently by women or is it? This panel consists of women in different phases of career: just graduated college starting first professional job, mid-career, and experienced professional. Each panel member will provide an overview of their perspective on the workplace, including if they have experienced discrimination, how best to survive and thrive, and when it is time to move on. Attendees will learn how others have responded to specific incidents, managed work life balance, become aware of how they may be making the environment feel hostile, and dealt with potential legal implications of their actions, and will also learn why having a diverse employee pool is good for the organization and for fellow employees.
Saturday 1200 Lamarr
Won't Somebody Please Think of the Journalists?
You'll never believe this one weird trick that lets you flip the script on mass surveillance. Oppressive institutions hate it. In this call to arms, we'll learn how to change up debates about secure software and fight calls for backdoors more persuasively, as well as develop a way of thinking about building and supporting tools which really serve people's security needs. The trick? Think (and talk) about journalists.
Saturday 1900 Friedman
Your Level-Building Tool is Our Sound Stage
Tamara Yadao, Chris Burke, Jeremy Pesner
Game art duo "foci + loci" (Tamara Yadao and Chris Burke) talk about hacking immersive video game spaces. Over the last six years, they have been using Little Big Planet to build and break custom game environments for live music performance. Joined by multidisciplinary technologist Jeremy Pesner, they will demonstrate and take apart some of their stranger maps and virtual instruments like the Tiltofon, the Flotrillium, and the Anytime-inator, while discussing successes and failures arising from repurposing or pushing game level-building tools beyond intended uses. They will raise questions about hacking the "look and feel" of game spaces and how it relates to professional game development tools like Unity and the Unreal Engine versus off-the-shelf games like Little Big Planet, Minecraft, or Portal. They will also look at Machinima (using game engines to create cinema) as an early strategy of video game appropriation and its relationship to culture jamming and hard/soft hacking in the gaming community. Lastly, they will present a sneak peak of the upcoming musical-in-game-space, Songs from the Robot Apocalypse, featuring the Arachnobot, the flying Toasterbot, and a robot made from a classic Game Boy DMG-1.
Friday 1500 Noether