A Discussion of a Past, Present, and (Possible) Future of Bioweapons
Meow-Ludo Xavier Palmer Lucas Potter
Biological warfare is a phenomenon that spans human history, tracing its roots to ancient times rather than being a recent invention. To gain insights into bioweapons' current and future landscape, it is imperative to look into historical examples of conventional biological warfare and understand how methods were devised and implemented. Our future hinges significantly on our ability to foster transparency and creativity within the global community. This optimism is intertwined with our comprehension of technological advancements, the rapid pace of innovation, the interconnectedness of various domains, and the imperative task of constructing practical defenses against emerging threats. As a poignant reminder, our vulnerability lies in technological shortcomings and our collective failure of imagination. This discourse extends to establishing social norms and mores that are pivotal in shaping attitudes toward biological warfare and encompasses an exploration of prospective research endeavors and emerging initiatives leveraging artificial intelligence (AI) in the realm of bioweaponry. As we confront the intricate interplay between technological advancements and human agency, it is imperative to remain vigilant and resolute in our pursuit of a future safeguarded against the malevolent exploitation of biological agents.
A Preparation Kit for Increasing Irrelevance
As we cross the event horizon from analog-hybrid communication and most tenets of computer hacking being in actual memories of living people, preparing to pack up the final narrative of what happened is paramount. Jason will provide a set of approaches by earlier enthusiasts and dedicated subcultures to get us all ready for a safe and healthy oblivion.
A Revolution in Representation: Computation Comes to Democracy's Aid
Large groups of people are using open-source software to clarify their internal signal from noise, and by doing so, are bringing about a revolution in representation the world over. The simple idea of having a direct say over one's own future can feel very remote in today's democracies, but it's become possible in the last decade with technological innovation. Polis (OSS AGPLv3) is one such technology - a deliberation system - that is increasingly used by diverse, participatory pro-democracy movements around the world. Social movements and Indigenous nations have implemented Polis to augment their ability to understand their internal diversity and identify their shared goals en route to more effectively determining their own futures. Governments have implemented Polis to listen to their citizens and help their citizens hear each other, towards strengthening democratic processes and institutions - vTaiwan anyone? This talk will cover the basics of the technology and share stories of its impact.
AI Made a 0-Day: Noah Get the Boat
This talk will focus on how Erica used AI to generate an RCE zero-day for server compromise to manipulate search engine AI for vulnerability discovery, for captcha bypass, to make tools that would have been impossible without generative AI, and more. Context-driven hacking with real world examples of attack chaining in relation to AI offense and defense will also be discussed.
AI, Solarpunk, and an Uncertain Future in Computing
For more than a year now, "AI" has been the tech world's most expensive obsession. The scramble to burn money as fast as possible is both unprecedented and utterly familiar - but not every resource is as endless as venture capital funding. AI technology's energy consumption is beginning to approach that of a small country, and it shows no signs of shrinking. How can we reconcile our hunger to compute with the need to avert ecological devastation? Is it possible for progress and sustainability to coexist? And how can hackers help computers save themselves? This talk brings a fresh perspective to discussions on the problems, possibilities, and future of the human relationship to computing.
AI: A Gradient Descent Into Humanity's Doldrums - Hope Comes From the Hackers
2023 marked the year of generative AI with the introduction of OpenAI's ChatGPT. The model's abilities shocked the world and made OpenAI the world's fastest growing customer base in history. Stocks soared and MBAs rejoiced at what increasingly appears to be a corporate grift and an acceleration of the "enshittification" of the Internet and our digital lives. However, all hope is not lost. The hacker ethic holds the key to steering our course back to the trade winds of a free and fair society. This talk will address the fundamental technical and philosophical issues with mainstream AI and provide some ideas on how we can recognize the differences between enshittification and societal benefit.
Addressing Online Threats: AI's Role in Countering Harmful Social Media Content and Its Real-World Impact
This is a discussion of the threats that manifest online from social media platforms and how AI is used to help deal with them. Welton will discuss the broader trends in terms of a growing number of platforms where users can find other like-minded users, how this translates into malign actions in the physical world, and a few case studies that illustrate how noxious online content can motivate a variety of actors, from white nationalists to mass shooters.
An Account on Cybersecurity Outside of Traditional Spaces
Diverse perspectives are crucial for effective cyber defense strategies. Allen Walker shares his nontraditional path in cybersecurity and the importance of mentoring underrepresented groups. He will discuss the trials in building a cybersecurity education organization on a shoestring budget and how he found his stride, all while assisting over 80 people of color from marginalized communities to graduate school in four years and countless more in gaining certifications in IT and cybersecurity. You will hear how collaboration and knowledge sharing among diverse teams can better tackle cybersecurity challenges.
Animism and Artificial Intelligence: A Practical Guide
Do AI systems need to be sentient to be considered people? Thousands of cultures around the world would answer, "Of course not!" This talk explores the cross-cultural concept of animism - the belief that objects, places, and creatures all possess a soul. It will explore how this concept can be applied to any computer system, not just those traditionally recognized as AI. The speaker will trace the evolution of computer infrastructure - from the massive mainframes of the past to personal servers and expansive server farms of today. They will examine landmark AI systems like ELIZA, ChatGPT, and Claude, illustrating how these technologies have forged meaningful connections with users through language since the 1960s. Finally, in their practicum, they will discuss how this knowledge can inform better ethical guidelines for the creation and usage of AI systems, facilitate collaborative storytelling between AIs and humans, and help build a better world for all creatures of the Earth.
The Arduboy Story
The story of Arduboy, an open-source, credit-card-sized gaming system based on Arduino, designed to create a community-driven platform for learning and creativity. Kevin will share his journey from developing a digital business card to creating a viral product with tens of thousands of units sold and a thriving community contributing hundreds of games. He will highlight the challenges and successes in developing and scaling Arduboy, emphasizing the importance of community engagement, maintaining vision, and adapting to change. The talk concludes with insights into the open-source economy and the value of intrinsic motivation in fostering innovation and learning.
Ask the EFF
Bill Budington Cara Gagliano Beryl Lipton Hannah Zhao
The Electronic Frontier Foundation (EFF) is thrilled to return to HOPE to answer your burning questions on pressing digital rights issues. Their panelists will provide updates on current EFF work, including the fight against government surveillance and protecting creative expression, before turning it over to attendees to pose questions and receive insights from panelists on the intersection of technology and civil liberties.
Automating Transparency: A New Era for FOIA Requests
The process of accessing public records through the Freedom of Information Act (FOIA) is often seen as cumbersome and slow, hindering the pursuit of transparency and accountability. In this talk, Florin Badita, hacker and activist, founder of "Corruption Kills," and organizer of the biggest protest in Romanian history, will introduce a transformative tool that automates 80 percent of the FOIA process. This session will detail the development and functionality of the tool, illustrate its impact through case studies, and discuss its potential to revolutionize public data accessibility. Participants will gain insights into harnessing technology for effective advocacy and government oversight - and how we can transform the FOIA process into an API.
BADBOX: Behind the Scenes of an Android Supply-Chain Attack
"Thank you for your order, sir, would you like malware with that?" While supply-chain attacks on consumer electronics are nothing new, we see no signs of these attacks letting up. In 2023, EFF confirmed findings of click fraud malware coming pre-loaded on obscure brand Android set-top TV boxes. This malware was also found to allow botnet controllers to establish a residential proxy using the infected devices' Internet connections, allowing traffic originating remotely to appear as though it came from the set-top box buyers. After many months of reports and investigations into the botnet (now dubbed "BADBOX"), device resellers like Amazon and AliExpress were still making these devices available. In response, Bill's team at the EFF issued a complaint to the FTC and are uncovering details about the fraud operation in order to hold accountable those responsible for harms to consumers. This talk will share some of their findings, as well as raising further questions concerning the digital divide and access, the scale of attacks consumers now face, and what steps both regulators and consumers can take to protect against these types of attacks.
Bait and Switching Costs - How Big Tech Took the Web and How to Take It Back
In the early 1990s, the technology giants of the day assembled to deploy their vision of the networked future. But that vision was not the World Wide Web. It was interactive TV, a walled garden in which corporations would provide the only content and the only "interactive" element would be the ability to buy merchandise tied to the programs. Big tech lost that battle, but 30 years later, it is winning the war.
Network effects explain the hyper-growth of one walled garden at the expense of its rivals, but it is switching costs that explain why the audience remains as the walled garden becomes choked with weeds. The first step towards taking the Internet back is to start taking switching costs seriously before taking up any Internet service, especially those which are offered at no cost to the user. This presentation will set out a strategy for first reducing and eventually eliminating switching costs in a range of applications from messaging to IoT to social media based on the technologies provided by the Mathematical Mesh - and a strategy for deployment.
Bitsquatting Is Dead! Long Live Bitsquatting! A 13-Year-Old Attack Finds New Life Among Old Friends
Since its initial discovery by Artem Dinaburg in 2011, bitsquatting has been relegated to the back burner of cybersecurity as a low-priority, low-relevance issue. In this talk Mark will take a second look at bitsquatting and how it may not be as benign as it seems. He will take a deep dive into how these unpredictable DNS issues can be used for serious attacks against critical Internet infrastructure - with a low cost and low technical knowledge requirement. The discussion will cover mitigations attempted over the past, how successful they've been, and what mitigations should be considered moving forward. This talk is suitable for hackers of all experience levels and backgrounds, and covers attacks you can try at home for less than $15.
CLOSING CEREMONIES
It all has to end sometime and that time is 6 pm on Sunday. Drop by to hear some fun stories and highlights of this weekend. We can't ever predict what we'll have to talk about as we wrap things up, but every HOPE conference has a lot of cool stuff to remember. It's also our last chance to see many of you until the next time.
Cap2r: Rescuing the Forgotten Texts Hidden in Analog Video
Closed captions for analog television were in widespread use from the early 1980s until being supplanted by the digital signal transition in the 2010s. However, these data are not routinely captured when transferring or archiving recordings of the time. The service that provided accessible information to millions of viewers should be preserved alongside the video and audio that is routinely digitized. Submitted for your approval: a system to extract and preserve these encoded messages using readily available components. Delve into the secrets of the analog signal, harness the power of newly-obsolete hardware, and marvel at what is possible with a little ingenuity.
Chaos and Undetectable Communications
A butterfly flaps its wings and alerts the agents their cover has been blown. Undetectable communications let you talk freely with your friends while preventing everyone else from knowing if you even transmitted. Covert communications systems approach privacy and security from an entirely different angle than standard encryption techniques do. How is this possible? What is chaos exactly, and how does it differ from randomness? This whirlwind presentation will cover exactly how chaotic functions can bury a signal so deep in the noise floor that your transmissions become merely a whisper on the wind. There's a 100 percent money-back guarantee this talk will discuss chaos communications schemes (unlike a certain unnamed German hacker conference) and compare their merits. Learn all about how you can inject a little more chaos into your life today!
Choose Your Own Dystopia: How Our Decisions on AI Can Lead Us to Different Futures
This talk explores the pivotal role of AI in shaping divergent futures, drawing inspiration from sci-fi movies, series, video games, and books as cautionary tales. Delving into the ethical and social implications of AI development, Laura will navigate through imagined scenarios, from utopian promises to dystopian nightmares. Through engaging examples from pop culture, attendees will confront the ethical dilemmas of AI governance, gaining insights to navigate the complex intersection of technology and humanity. This presentation is a call to action, empowering attendees to shape a future where AI serves as a force for good rather than a harbinger of dystopia.
Circumventing Prison Tech Censorship
As lockdowns and solitary confinement increase, an out of control private prison tech industry is profiteering off draconian new restrictions on access to communications: banning books, visits, and physical mail to sell a dystopian digital regime where every message is taxed and monitored on sandboxed tablets and kiosks. This talk will unpack the world of carceral technology: map out the major security corporations, what they have in store for us, and how we can fight back. In this era of police repression and imperialist genocide, how can technologists reject complicity and cooptation? How can hackers practice global solidarity instead, working to undermine and overcome the logic of borders and cages on both the net and in the streets?
Climate Hacking to Save the Planet
Let's use our hacker superpowers to help mitigate the ongoing climate emergency. Greg will discuss some of the things that hackers can do to help lessen climate disruption. Some themes will include:
- Technical mechanisms: for reducing pollution and removing carbon.
- Green energy: production, storage, and transmission.
- Misinformation and disinformation: information engineering for social good.
- Modeling and simulation: forecasting future events and understanding interactions within the Earth's complex systems.
- Effecting social change: raising awareness, changing behaviors.
- Response and resiliency: how hackers can help during climate-caused disruptions.
The impacts of climate change are being felt everywhere, and hackers can help. Hacker characteristics include resiliency, creativity, and an ability to span knowledge domains. There is much to do, and this session will inspire both thought and action.
Congress's Privacy Wars in 2024
Come along to hear tales of propaganda, shenanigans, and malarkey like you wouldn’t believe: the real story of how the civil liberties community nearly won, how the administration gleefully renewed and expanded surveillance powers just in time for the next election, and how we can all prepare for the next fight in 2026.
DIY Geoengineering
Earth is too hot, and we need to cool it off. Learn how to do it yourself. Luke is the founder of Make Sunsets, and in this talk he will cover how we can hack global temperature. Attendees will leave this talk with all the knowledge they need to offset their personal carbon footprint (in terms of temperature) for under one dollar per ton-year. You will also learn why centralized green stuff is largely oil company marketing.
Demoscene 2024: Just When You Thought There Wasn't Any More!
The demoscene once consisted of hackers, crackers, and pirates. Back then, software pirates would compete for the most cracked games, but they would also hire artists to decorate their new distributions. Eventually, they ditched the piracy bit and continued creating amazing works of art, motion graphics, music, and of course, code. Squeezing every bit of computing power out of a platform, they now regularly compete at events around the world. There's more to this story - join Inverse Phase for this talk about not only how we got here, but what's being done in 2024 to push the envelope today in algorithmic computer art.
EOL... RLY? Ending The Epidemic of Bricked and Abandoned Stuff
John Bumstead Lodrina Cherne Lucas Gutterman Paul Roberts
As the Internet of Things ages, a gap has emerged between the useful life of connected hardware devices (measured in decades) and the manufacturer-imposed "support lifespans" of the same products (measured in years). The result: useful and functioning devices - from laptops to smart home appliances to heavy equipment - are reaching an OEM-imposed "end of life" and being abandoned or even bricked by their makers. Businesses, consumers, communities, and our planet are left holding the bag: forced to choose between hosting vulnerable and unpatchable "EOL" devices within their environment, or sending perfectly functioning hardware to the landfill and spending to replace an otherwise functional device. In the meantime, malicious actors are rejoicing at a vulnerable population of hundreds of millions of EOL devices they can exploit and leverage in attacks via IoT botnets, such as those leveraged by cybercriminals and nation-state actors like the Chinese advanced persistent threat (APT) Volt Typhoon.
In this panel discussion, leading experts from the cybersecurity and repair community will dig into the growing phenomenon of "bricked and abandoned" devices - everything from toothbrushes and streaming devices to robot vacuum cleaners. The panel will talk about what's driving the phenomenon of "abandonware" and about possible solutions - both market and policy based - to the problem that will help us build a secure and resilient future for the Internet of Things.
Enshittification: Why Everything Suddenly Got Worse and What to Do About It
The rapid, precipitous decline of every digital service we depend on isn't a coincidence. It's the result of specific known, policy choices made by specific, named individuals. We can reverse those decisions (and we can determine what sized pitchfork those individuals wear).
Enshittification wasn't inevitable: it was the foreseeable outcome of a plan to encourage digital monopoly platforms and turn them loose to extract unimaginable value from both their users and business customers, leaving behind a homeopathic residue of utility to keep us locked in.
This talk will explain what enshittification is, how it works, why it's happening now - and, most importantly, how we can reverse it, by seizing the means of computation and building a new, good Internet suitable to serve as the digital nervous system of a connected world confronting environmental collapse, genocide, and rising fascism.
Explosive Overflow: Lessons From Rocket Science
Thirty-nine seconds after its launch towards space, rocket number 501 erupted into a scintillating fireball. No casualties were reported, other than perhaps the ego of a few software engineers. The 1996 inaugural flight of the Ariane 5 rocket was cut short due to a series of software design missteps. This talk will analyze these historical flaws to discuss resilience and product security, touching on the nuance of static analysis, testing, validation, legacy code, assumptions during design, and, for when things don't blow up, the unique challenge of proving that a negative event did not occur.
Flights of Fancy: Celebrating the Dead Ends of the Jet Engine Revolution
The jet engine is a technology so successful that is now considered somewhat obvious. Even to the initiated, the history of its success is narrated as an inevitable foregone conclusion: where there once were heavy and complex piston engines, there suddenly was a light and elegant reaction engine to replace them. In reality, what we know today as a synonym for the aviation age is but one combination of many technological threads that were coming together in the early part of the 20th century, and not an obvious one at that. This talk will explore some of these threads and combinations to celebrate them as the invisible building blocks of a revolution.
Flying Signals: What to Do With Them
Wireless signals are pervasive from high above in orbit, on the ground, and all the places in between. This presentation will focus mostly on unencrypted signals easily received and analyzed, sent from birds (Motus), balloons (NWS upper air), aircraft (ADS-B and UAT), and drones (RID), to name just a few taking place from a few feet to 15 miles above ground. Some limited ethical ways to access encrypted flying signals may also be explored. Topics will include how to receive, what is needed, what to do with the data, important use cases, and overall ethics for unintended users surrounding them. Some hands-on demonstrations will also take place following the presentation in the RF Village for those interested in some deeper information.
From Hackerspace to Hackerhome
This talk will detail the transition from negative $10k and a business plan to a $1.2M 21,000 square foot building and 14 years spent to build a workshop with no debt on an insane work schedule. Chris founded Sector67 in 2010 in Madison, Wisconsin, graduating with a BS/MS in mechanical engineering. He competed in various student business plan contests and will share the journey from literally nothing to now being able to provide housing for three people (and six chickens) and having a large workshop full of tools and equipment all owned by a non-profit organization with many volunteers helping to get where they are today. There were a few bumps and a lot of entertainment along the way.
The Fundamentals of Veilid: cDc Breaks the Internet, and You Can Too!
Katelyn "medus4" Bowden Paul "The_Gibson" Miller
Last summer, Veilid was unveiled to the world as a part of the Bovine Resurrection. The team generated press coverage worldwide, and managed to drag the window over on how the press talked about digital privacy. Now they come to HOPE to spread the good word of the future restored, how we can seize the means of computation, and how you can help. They'll talk about the whys and hows of the Veilid framework, and what this new combined technology stack means for restoring the future we were promised.
The Future of Leaks: What's Next for the Online Library of Hacked Data?
Whatever you call it - transparency project, publication collective, or journalism tech - Distributed Denial of Secrets has built the world's largest library of once-secret information, publishing over 100 million leaked files from 60 countries. Including all the pending publications, DDoSecrets has grown larger than the Library of Congress. Like an "endless scroll" of social media, terabytes of data get regularly liberated from cartels, governments, and corporations. Mixed in with the stream of useful leaks is a flood of disinformation, bolstered by AI-powered deepfakes and state-sponsored troll farms. How are we adapting - or failing to adapt? How can hackers and data journalists collaborate to navigate the ransomware blogs, Breach Forums, and hacktivist Discord channels of variable quality? Core DDoSecrets members Emma Best and Lorax Horne come together to discuss the greatest challenges of today's leaks librarians, and what the future of source protection looks like in a world saturated by misinformation and capitalism.
Get High Like Planes: Combining Psychology, Social Engineering, and AI to Compel Real World Actions
In the quickly evolving field of cybersecurity, generative AI and voice cloning represent the next step in the sophistication of social engineering attacks. However, sifting through generative AI tools during a social engineering engagement can cost precious time. This talk will explore how these technologies are being used by red teams and threat actors to craft compelling and deceptive phishing lures. The speakers will discuss the underlying psychological tactics that make these approaches effective and compare various generative AI solutions. Attendees will leave this presentation with an understanding of how to integrate voice cloning into their social engineering toolkit and enhance the realism and success rate of their penetration tests.
Group Mesh Messaging for Large-Scale Protests
Large-scale protests are an important form of civil action against authoritarian regimes. They inherently require communication, which leads these regimes to shut down the Internet in an attempt to quash the movement. Smartphone mesh messaging has been explored as an alternative, but is still too inefficient to deploy. In this talk, Tushar will describe Amigo, the first mesh messaging system designed for large-scale protest communication. They create routing and key agreement protocols for group chats, and show their effectiveness using representative protest simulations. Amigo is able to provide large-scale protests with anonymous group communications in the face of Internet shutdowns.
HOPE XV Begins!
We kick things off bright and early on Friday and hit the ground running. Please join us as we test the microphones and give a brief outline as to what will be happening this weekend. The moment we've been building up to for two years will have finally arrived.
HOPE XV Begins!
We kick things off bright and early on Friday and hit the ground running. Please join us as we test the microphones and give a brief outline as to what will be happening this weekend. The moment we've been building up to for two years will have finally arrived.
Hack (To Heal) the Planet
There is only one common, livable planet (thus far), but it is increasingly becoming uninhabitable for humans and non-humans. What could hackers do to help address this existential issue? It turns out hackers have already done a lot to raise awareness of environmental problems - and continue to do so with important hacks in the public and environmental interest. In this talk, Unixjazz will cover important chapters in hacker history, but will also discuss ongoing projects that were primarily organized as hacker responses to the environmental crisis. In particular, he will introduce an ongoing project in the Arctic Circle that is bringing a set of tools and approaches from hackerdom to help study and mitigate the impact of permafrost instability. The ultimate goal of this talk is to make a call for hackers worldwide to get involved and engaged in hacking (to heal) the planet.
Hack the Violin: A Hacker's Approach to Learning, Playing, and Teaching the Violin
It's a common belief that beginning violin player sound is terrible and has to be that way, and with traditional rote-learning approaches this is most often true! Hack the Violin says it need not be so! Hacking all the components to playing the violin, including hacking music, the mind, the body, hearing, feeling, practicing, and performing, Hack the Violin is a hacker's approach to learning, playing, and teaching the violin that will enable anyone and even the chair they're sitting on to make some beautiful melodious sound on the violin right away! Feel free to bring your violin/fiddle along so you can try the hacks for yourself!
Hackers Got Talent
In what has become a HOPE tradition, hackers from around the world will have a chance to showcase their talents in this fun display of hacker skills. You can sign up at InfoDesk and the talent you decide to share is entirely up to you. (It doesn't have to relate to hacking.) Hacker archivist Jason Scott will again be on hand to keep it all under control. Judging will be done by a combination of panelists and audience members. First place wins a valuable prize! Maybe second place too.
Hacking Is a Mindset, Not a Skillset: A Non-Technical Guide to Building Solidarity Infrastructures With Friends
You don't need to have tech skills to build a mesh network! In this talk, moshfet will share how he helped spawn an anti-capitalist mesh network in Tucson, Arizona with just a bit of
COVID stimulus money and a wish upon a (shining) star. His goal is to inspire the possibility of building infrastructure in common in local communities - like mesh networks - to push
back against the corporatization and monopolization of critical infrastructures more broadly.
In the presenter's words: "We didn't choose to work on providing Internet access because we're tech experts (we're not!), but as a demonstration to ourselves and our community: if
complicated technologies such as the Internet can be given away at cost by a network of volunteers, what's to stop people in Tucson from doing the same thing with cellular service?
Libraries of Things? Repair cafes?"
Hacking Your Health: Adventures in Building a Glucose Monitor
In the past few years, there's been quite a stir in the hacking community and in the news about a select group of diabetics who managed to hijack the readings from continuous glucose monitors in order to do everything from automatically dispensing glucose to sending notifications to their phones when they need insulin. This leads to an interesting question: what exactly makes a glucose monitor so special? This talk focuses on boiling down the complex logic of a glucose monitor, from the chemistry to the electrical engineering to the cloud, into a step-by-step process that will make you truly realize the ingenuity of these devices which more than nine million people across the world need to survive.
Hacking at Leaves: A film by Johannes Grenzfurthner
Ryan Finnigan Johannes Grenzfurthner Jasmin Hagendorfer Aaron Hillis Peter Romine
Hacking at Leaves documents artist and hazmat-suit aficionado Johannes Grenzfurthner as he attempts to come to terms with the United States' colonial past, Navajo tribal history, and the hacker movement. The story hones in on a small hackerspace in Durango, Colorado, that made significant contributions to worldwide COVID relief efforts. But things go awry when Uncle Sam interferes with the film's production.
After the screening, a panel discussion with various people involved in the film will cover themes including hacking, DIY, colonialism, the Navajo and Diné cultures, COVID-19, the pandemic, the USA, the Southwest, nuclearism, Internet history, computer culture, science fiction, subversion, and social change.
Hacks, Leaks, and Revelations: The Art of Analyzing Hacked and Leaked Data
The world is awash with hacked and leaked datasets from governments, corporations, and extremist groups. In many cases they're freely available online and waiting for anyone with an Internet connection, a laptop, and enough curiosity to analyze them. Using real hacked and leaked data as examples, Micah will go over how to investigate datasets yourself. You'll see secret docs showing cops spying on Black Lives Matter protesters, read chat logs leaked from a Russian ransomware gang, learn how to analyze GPS coordinates hidden in video metadata that Trump supporters accidentally uploaded to Parler while storming the Capitol, and peak behind the curtain of a WHOIS privacy service used by extremist sites like the Oath Keepers and 8chan. All of this work comes from Micah's new book Hacks, Leaks, and Revelations.
[He'll also be doing a workshop specifically on the BlueLeaks dataset of hacked law enforcement documents, and signing books!]
Hacktivism for Organizers: Social Change From the Keyboards
Empowered with unparalleled knowledge and skills, hackers possess a unique ability to engineer solutions and drive progress. How can organizers evolve into digital activists or hacktivists? How can they harness the power of hacktivism to amplify their voices and drive social change? What does digital organizing and activism look like in the coming future? How can we do this safely and successfully? Join Danacea and Matt as they delve into real-life examples and strategies for catalyzing movements from our keyboards - how hackers can contribute their expertise for a better world! Want to change the planet? Hack the planet!
Ham Radio for Hackers
Some people consider ham radio operators to be the original hackers. In this talk, Dan will discuss some of the cool development projects that ham radio hackers are working on and talk about how you can get your own hacker, errrrr ham radio license.
Harvest: The Most Interesting Computer You Never Heard Of
Harvest (IBM 7950) was a one-of-a-kind machine that was built by IBM for NSA for cryptanalysis and text processing. It was an add-on to a better known machine called Stretch, the 7030. There were about eight Stretch computers built, but Harvest was unique. Harvest ran from 1962 until 1976, when the mechanical parts of it literally wore out. Harvest was an unusual machine whose architecture has never been implemented since. This talk will examine all that made this computer so unique. If time permits, discussion will include a co-developed programming language.
The History of Leaks
This is a presentation on the modern history of leaks, from the Pentagon Papers to the end of WikiLeaks' publishing era. The talk looks at leak publishers and press consortiums, and the changes in how newsrooms, the public, and the powers that be have responded to leaks and leakers, asking how newsrooms have handled the rapidly changing landscape of leaks, hackers, and leak laundering. The talk concludes with a brief look at what AssangeLeaks can tell us about WikiLeaks and the government's case against it.
In the End, We Will All Become Stories - The Importance of Hacking Contexts and Narratives
We need to shape contemporary political narratives. Context hacking is a powerful tool to play with the nuts and bolts of the power structures that surround us; it's about understanding and manipulating the very fabric of our social relationships and cultural norms. Imagine society as a complex system - context hackers treat it as such, recognizing its potential for modification and subversion. From "urban hacking" to "cultural jamming," we employ creative tactics to challenge entrenched hierarchies and empower individuals to think critically about the world around them. But context hacking doesn't exist in a vacuum. It intersects with the powerful domain of political narrative, where storytelling becomes a potent force in shaping our perceptions of reality. This talk will explore how political narratives blur the lines between fact and fiction, weaving myths into public discourse and constructing grand meta-narratives that shape our understanding of history and progress. Drawing from narrative theory, Johannes will trace the evolution of political storytelling - from its roots in literary theory to its resurgence in the digital age. He'll confront the challenges posed by "fake news" and misinformation and examine how narratives are crafted to evoke pathos and sway public opinion. Amidst these challenges lies immense opportunity. By harnessing the tools of context hacking and narrative construction, we can forge a path toward a more open society.
In the Twilight of Copyright
In the two years since generative AI became publicly available, the U.S. Copyright Office has definitively concluded that AI-generated work cannot be copyrighted. But that simple conclusion has complex implications for software ownership. How does it apply to automatically generated code? As code-completion and code-assistance become more prevalent, how do those tools affect the author's ability to control the final product? What are the implications for open source software, when licenses like the GPL are built on top of copyright ownership? Ed will look at how software copyright works and how generative AI plays a role in software development - and will try to predict the future of software.
Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs
Machine learning (ML) pipelines are vulnerable to model backdoors that compromise the integrity of the underlying system. Although many backdoor attacks limit the attack surface to the model, ML models are not standalone objects. Instead, they are artifacts built using a wide range of tools and embedded into pipelines with many interacting components. In this talk, Suha will introduce incubated ML exploits in which attackers inject model backdoors into ML pipelines using input-handling bugs in ML tools. Using a language-theoretic security (LangSec) framework, they systematically exploited ML model serialization bugs in popular tools to construct backdoors. In the process, they developed malicious artifacts such as polyglot and ambiguous files using ML model files. The team also contributed to Fickling, a pickle security tool tailored for ML use cases. Finally, they formulated a set of guidelines for security researchers and ML practitioners. By chaining system security issues and model vulnerabilities, incubated ML exploits emerge as a new class of exploits that highlight the importance of a holistic approach to ML security.
Innovating for Impact: Building Technology in Resource-Constrained Environments
Jason A. Long Alexander Urbelis
Developing technology within nonprofit organizations presents a unique set of challenges and opportunities. Unlike for-profit enterprises, nonprofits often operate with limited funding and resources, which necessitates a different approach to innovation and development. Jason has spent the last few years navigating this environment, and developing strategies that have come to inform how the Human Rights First Innovation Lab approaches technical work. This talk will explore the intricacies of creating impactful tech solutions in these settings, offering insights and strategies to navigate the constraints while maximizing positive outcomes.
Less Power to Porn Tech Giants, More Love in the Cyberspace
Spring Cooper Alessandro Polidoro
Porn tech giants have the power to alter the ways we think of our sexuality and shape how we perceive our bodies and relationships. To get back in control, there are so many challenges to overcome: the fight against image-based sexual abuse, such as deepfake and non-consensual intimate images (NCII); the balance between age verification of users and their right to privacy; the accountability of big platforms; and the safeguard of marginalized groups and individuals. In this talk, the speakers will explore some examples coming from Europe leveraging the new E.U. tech regulations and assess the potential to replicate these initiatives in the U.S., delineate the core problems that we see for sexual representation in the cyberspace, and point together at their possible solutions.
Librarians Are Radicalizing Their Communities About Why the Internet Is Broken
Eliza Bettinger Reanna Esmail Alison Macrina Kimberly Springer Tess Wilson
All Computers Are Broken. The hacker scene knows this and fights against it every day. But what about the regular people in your life, those who describe themselves as "not that technical?" They're the ones who are often most at risk in the hellscape that is the Internet today. How do we help them understand what's happening when they go online, and how to protect themselves from the worst of it? Librarians, that's how! Library Freedom Project is an organization that trains librarians on issues of technology, surveillance, privacy, open source intelligence, free culture, and how to organize collectively towards a better world. The LFP believes librarians are an essential front in the fight to create more democratic and free Internet. Come hear what they're up to, and why their work won the EFF Award for Information Democracy in 2023.
Live Show Technology: Past, Present, and Future - Have We Reached a Maturity Point?
The modern era of live show technology is often thought to have begun with the Beatles at Shea Stadium in 1965 (only a few miles from the HOPE site!). Production and technological development progressed slowly until an explosion of innovation began in the mid 1980s. This period of constant change and development continued until about 2010, when the field of show production hit a significant maturity point. This maturity process was gradual enough that fans and creators who lived through the transition may not even have been aware of it. In this talk, John traces the evolution of show technology and its transition phases on its way to maturity. He will also discuss the implications on the industry of a mature, stable toolset, and speculate about the maturity's effect on future show technology development, and its impacts on fans and creators alike.
Love, Hackers, and Robots: A Reflection of My First Year in the Biohacking Community
In the summer of 2023, Karen finally pulled the trigger on something she had wanted to do for many years: her first RFID implant. Along with it, she started posting to forums revolving around biohacking and found that despite her research before getting the implant, she had only barely scratched the surface. She found herself joining a crazy community full of hackers, innovators, and cyborgs - where the only limit was whether the tech had caught up to the ideas yet. This talk discusses her journey as a new biohacker, and what she found in her first foray into what might be the coolest community she's ever been a part of.
Making Surveillance Policy Change in Canada: Slow Burns and Sudden Actions
This is a talk about the deobfuscating state surveillance project that aims to map out state surveillance capabilities in Canada and the U.K., as well as the laws that govern them (or do not). Started during the pandemic with collaborators in Canada and the U.K., the research has been a slow and gradual process. Taking advantage of Canada's access-to-information system, the team has spent three years diving into government procurement and has requested over $750 million worth of federal contracts with manufacturers of a wide array of surveillance technology. In this session, Evan will discuss their work on mobile forensic devices - crafty tools for hacking digital devices which they've found to be in use by at least 14 federal agencies, and a journalistic collaboration which quickly led to a parliamentary hearing and substantive policy change within six months.
Modern Day Automobile Safety: Rescue Ops Using CanBus
Modern vehicles use a concept called "drive-by-wire" (DBW) to control almost every aspect of a car from human-controlled basics (of acceleration, steering, and brakes). The vehicle's local communications network for DBW is known as CanBus, which simply reports status and delivers commands between the various vehicles' electronic sensors and physical actuators. DBW/CanBus has received a bad rap because of security vulnerabilities, but has also allowed for more advanced safety features (such as lane change indicators, "lane keep assist," and front crash detection). As a first responder for over 40 years, John has been involved in hundreds of vehicle extrication calls, and he remembers and recalls the especially difficult ones. As vehicles get more advanced, they also get more difficult to perform rescue operations with. This talk will explain how vehicle manufacturers can do more to increase passenger survivability in the event of a serious accident. Using similar concepts as those already in place for high-rise buildings, DBW/CanBus could automate and standardize rescue stabilization and accessibility operations, reduce the chances of injury to rescuers, decrease time for EMS access and patient egress, and increase passenger survivability.
Musings of a Mechatronic Mistress: The Peculiar Purpose of Tiffany the Sex Robot
Johannes Grenzfurthner Jasmin Hagendorfer Jason Scott
A screening of Jasmin's 24-minute short documentary/sci-fi film, Musings of a Mechatronic Mistress. The film presents Tiffany, a self-aware sex robot, on her quest to discover her identity, purpose, and creator. Exploring the future of intimacy and human-robot interaction in a humorous and engaging manner, the documentary aims to initiate discussions on queerness, feminism, sex tech, sexual identity, and societal norms. Following the screening, there will be a panel discussion to delve deeper into these themes. Jasmin will be joined by two of her interviewees featured in the film in a panel discussion whose theme will be "Redefining Intimacy and Human Connection in the Age of Intelligent Machines."
Navigating Geopolitical Nuances in Cyberattacks With Advanced IP Address Analysis
Andréanne Bergeron Constance Prevot
While some countries exhibit disproportionate aggressive behavior in cyberattacks, others show proxy-centric Internet traffic redistribution, and some experience higher frequencies of cyberattacks, leading to more compromised computers within their infrastructure. To investigate these patterns, Andréanne and Constance built a honeynet of RDP Windows servers in the cloud, collecting over 190 million events over three years. This dataset provides valuable insights into the origin of IP addresses, though attributing attacks to specific countries is complex. They found various data sources providing contradictory information about IP addresses and will explain how they used several tools to streamline access to this information, while leveraging open source information. The results reveal that different attack techniques vary by geographic origin, and evidence will be presented of shared hacking tools between cooperating countries, enhancing our understanding of global cyber threats.
Net Who-trality: Revisiting the FCC Fake Comment Scandal
For many Americans, the term "net neutrality" will forever be linked with the millions of fake public comments submitted to the Federal Communications Commission's (FCC) website in 2017 ahead of the agency's rule reversal. But despite its recent reinstatement, several questions remain: Who submitted all of those fake comments? How do we know? And why does it still matter seven years later? Using examples taken from court documents, emails, server logs, and other data obtained from Freedom of Information Act lawsuits, this presentation will briefly summarize the history of net neutrality in the United States, detail the overlapping legal battles to identify the fake comment culprits, and explore the technical and ethical complications with using the resulting data to solve this mystery.
News From the 2600net IRC Network and Facebook Group
Daniel Baldor Tim Benish Andrew Strutt dclaw
Throughout the 25-plus years of 2600net history, the project has survived and succeeded through some of the world’s largest DDoSes, raids, persistent trolls, disinformation botnets, Facebook issues, technical debt, challenges, and successes. This presentation will detail out the last 25 years of legal processes, significant actions, staff changes, new projects, old projects, and setting the record straight. This is an update to the previous 2600net talk, now including Facebook groups, Discord, Slack, and other contributions to the 2600 community!
Nikola Tesla: The Futurist of Yesterday
This presentation will highlight Nikola Tesla, his predictions, and some of his early accurate forecasts. The goal is to inspire people to think about technological changes over the next 100 plus years. Douglas will explore ideas that may not seem possible today, but could become reality as technology advances and grows, emphasizing how each of us can contribute to shaping that future.
Our Communities, Resiliency, Our Future
We all need community. Yet community is currently facing major challenges. Humanity faces major challenges. If we are to survive and thrive, an important key is solving problems in community. On top of how much hard work community always requires from us, mix in the rise of authoritarianism, manipulation through "social" media, the polarization of society, bad actors, trolling, the skyrocketing cost of real estate, the ability of all people (including left-leaning people) to fight one another - and the result is a serious threat to the future of our communities. Yet, our future depends on our ability to continue. How can we create communities that are resilient to the challenges we face? Can existing communities be made more resilient? This talk will draw from Mitch's extensive experiences with hackerspaces, as well as his lifetime of community organizing, to attempt to explore and answer these and other pertinent questions for our future.
Our Defensive Security Blind Spot
This session will introduce methods to monitor sensitive data and network signals directly on the wire, allowing for real-time detection of data exfiltration, accidental data leaks, and zero-day threats through classification of data traveling within Layers 4-7 of network traffic.
Outline Toolkit: VPNs, Serverless Strategies, and Beyond - Build Your Own Defense Against Online Censorship
In an era of escalating online censorship, maintaining a free and open Internet is crucial. This talk dives deep into the Outline ecosystem, a comprehensive toolkit that empowers individuals and organizations to circumvent censorship, share VPN access, and even develop their own blocking-resistant protocols. From the user-friendly Outline manager and cross-platform Outline client to the empowering Outline SDK and powerful Intra, Junyi and Vinicius will explore technologies that are reshaping the fight for digital freedom.
Past, Present, Predictions - A Look Into AI, Deep Fakes, Social Media PsyOps, and Their Effect on the Upcoming Election Cycle
This year, many major nations, including the U.S., are holding elections. With new weapons like AI on the rise, there are more ways than ever for existing Psy Ops attacks to be amplified and for new ones to emerge. There's a lot to be learned from past mistakes, and our last elections have provided plenty of learning material. In this talk, BiaSciLab will show how past attacks and present tools can affect our election system. She will also demonstrate how social media Psy Ops, powered by AI, can influence voters' minds and change the course of elections.
Popping S(h)ells - Hunting for Vulns in the Stock Market
Blaming short sellers for your GameStop shares cratering is so 2021. In this talk, Eric will explore how market manipulation actually works. After first getting through some math and strategy, the talk will take a deep dive into how stock exchanges are built. He'll talk about assumptions made in designing markets, and show how those design assumptions create vulns that bad actors can exploit. Finally, the presentation will break open the SEC archives and walk through past cases of real market manipulation. You'll learn why the schemes worked and how those involved got caught. The audience will come away from the talk with a new appreciation for late-stage capitalism, a deeper understanding of how markets work, and (hopefully) sufficient discouragement against trying this at home.
PortableSecret - Carry and Share Your Most Critical Secrets Without Special Software
Everyone deserves access to encryption, but not everyone can be bothered to learn how to use it. PortableSecret was designed to bridge this gap. It works on any platform, without special software, and it's so simple even your parents can use it!
Privacy-Focused Computing Curriculum for Teens
This talk will introduce a new middle school curriculum on public interest technology that focuses on privacy, Internet infrastructure, and the role governments and corporations play in control and use of the digital infrastructure. Computer science curricula is often sponsored by large technology institutions, and the curricula are aligned with the policies, procedures, and culture of the technology institutions, which may not serve the interests of students or open Internet culture. This new curriculum hopes to correct that. Part computer science, part social studies - this curriculum recenters computing education on privacy and freedom to help youths understand the loss of - and regain - their digital rights.
Protecting jetBlue Airways From Cyber Threats in the "Clouds"
JetBlue Airways is a New York-based airline with flights across the U.S., Europe, and Latin America. Every day, thousands of crew members come together to safely transport customers across their network. Randy and Greg help protect jetBlue and will showcase how an airline operates from an IT perspective, and all of the ways that jetBlue CyberSecurity protects its customers, ensures safety in data and IT operations, and protects the brand and website from an onslaught of daily web attacks and other threats targeting aviation. This talk will focus on web application attacks and defenses, observability, and aviation intelligence sharing.
Protecting the Network Traffic of One Billion People: Reverse-Engineering Chinese Cryptography
Jeffrey Knockel Zoë Reichert Mona Wang
TLS is not as universal as we might think! To this day, extremely popular Chinese applications use home-rolled network cryptography. Mona, Jeff, and Zoë have been reverse-engineering various home-rolled cryptography that protects hundreds of millions of users' sensitive data. They'll present various case studies from the past several years, including but not limited to: MMTLS, the custom cryptographic protocol that governs all WeChat traffic; various network encryption schemes used by popular Chinese keyboard apps; and flawed cryptography found in popular Chinese browsers. Their research found that faulty cryptography in multiple browsers and keyboard apps - each with hundreds of millions of users - effectively exposed every site visited and every keystroke made to any network eavesdropper. After studying and reporting the (often severe) flaws in these schemes, the companies mostly switched to standard cryptography like TLS.
The presentation will end with a call to action for hackers to help study the network encryption ecosystem in China, which continues to be overlooked by the modern security community.
Psychoactive Drugs: How They Hack the Brain and What It Means for Our Minds
Have you wondered how psychoactive drugs, both licit and illicit, exert their effects? How are they able to alter pain, emotion, attention, thought, the senses... consciousness itself? In this talk, Dr. Jen will explore the mechanisms of how these molecules hack the brain. But there's another question: How do we best use these biochemical hacking tools? After all, we're not just talking about brains, but our minds. Our lives. The scientific, legal, and media landscapes are all changing. What can we reasonably expect? And how can we tell which information we're told is true?
Pwn Chromebook With Linux
Chromebooks are issued to kids at school, but they are limited. Since the kids were familiar with Chromebooks already, Derek's school bought them some used Chromebooks as simple devices they could browse the web with and watch videos. They were relatively inexpensive to purchase used, so it was an attractive option. Unfortunately, however, Derek and his team discovered that Chrome OS on these devices was out of support. This was untenable, and thus made these devices "disposable appliances." Derek's wife asked if he could put Linux on these since she had seen him do that with laptops in the past. The proposal was to install Linux and completely remove ChromeOS. This talk will outline the steps necessary to achieve that goal. (Involve kids for fun learning experience.)
Ransomware Gone Kinetic
Guillermo Christensen Matthew Leidlein Ashley Rose James Taliento
This talk will provide insights into the shifting terrains of ransomware threats, focusing particularly on the rise of kinetic ransomware compared to conventional variants. Through research and analysis, the speakers will sound the alarm about an ominous and escalating trend: ransomware attacks targeting critical infrastructure and public utilities. They will explore the historical and present-day events, motivations, and ideologies driving these attacks, which include financial motivation and geopolitical agendas. The presentation will differentiate between nation-state-sponsored ransomware, conventional cyber-extortion, and hacktivism, acknowledging that while the first two may adopt hacktivist ideologies, it's not always a universal trait. Ultimately, this conversation underscores the vital importance of increased awareness, proactive defense strategies, and domestic collaboration necessary to protect against the growing threats endangering the way of life in the free world.
The Real Danger From AI Is Not the Technology
The media is full of dire predictions about how AI poses a danger to humanity: mostly from the very people who are building and benefiting from existing AI tools. When "AI" is embedded in everything from mobile phones to photo editing software to chatbots, what does AI actually mean? And what are the real dangers that it poses? In this talk, Tom will delve into the history of AI, before looking at what current AI solutions actually are (and aren't). Far from the grim meathook future of Skynet, the rush to build large scale AI solutions today by big tech brings more subtle but equally dangerous challenges - and opportunities for us as hackers to address them.
Right to Repair in California (SB 244) - Using New Legislation for DIY Wheelchair Repair
Our medical aids (DME, or Durable Medical Equipment) are designed with planned obsolescence, closed-source, and perhaps most importantly, without our input. Companies do not hire or seek to hire severely disabled engineers who actually use the products being developed. Instead, medical equipment is designed for insurance companies who will "pay the bill" - leaving out millions of Americans who must use GoFundMe or other means to get their needs met. For the lucky few who can get an expensive medical device, the question is: how can we get repairs done? Most people can't afford it. DME shops have little to no incentive to do repairs, preferring to bill insurance for a brand new one (and send people through months of waiting and doctors' appointments to try and get approval). This causes major harm to disabled people, the environment, and (often) taxpayers.
CriptasticHacker has a solution. He's been doing his own wheelchair repairs since 2012 and has documented many of these repairs and upgrades on his YouTube channel. Now, with the passage of SB 244, he finally has a direct line to the technicians of his wheelchair - something unthinkable even a couple of years ago! The struggle continues in getting access to his firmware and battery charging info so he can keep his chair running for many years to come, and help others in that process as well.
Robot Invasion! The Rise of Educational Robotics
Robots are here, and they're invading our schools, homes, and libraries! Now more than ever, there's a plethora of choices for teachers and parents to teach coding and engineering skills. Students from kindergarten to college can sharpen their STEM skills with the robot of their choice, but with so many options out there it's hard to know where to start. What robot is right for your students or children? Finding out would normally require extensive time and research, but this talk will help to provide an overview of your options.
During the course of this talk, you'll see demonstrations of many of the leading educational robots, and even a few that are less well known. This overview of your robot options will cover a spectrum from the easiest, screen-free codable robots for the youngest children to robots that rely on block-based coding such as Scratch and Tynker, and finally those robots that work with script code like Python. Discover for yourself exactly what you can choose from to enrich your children's education with the robot that will work best for them.
SIMULCAST: CLOSING CEREMONIES
It all has to end sometime and that time is 6 pm on Sunday. Drop by to hear some fun stories and highlights of this weekend. We can't ever predict what we'll have to talk about as we wrap things up, but every HOPE conference has a lot of cool stuff to remember. It's also our last chance to see many of you until the next time.
SIMULCAST: Enshittification: Why Everything Suddenly Got Worse and What to Do About It
Simulcast of the Doctorow talk
Safeguarding Secrets: Homomorphic Encryption for the Curious Mind
Fully homomorphic encryption (FHE) is an emerging, privacy-enhancing technology that enables computation on encrypted data without the need to decrypt it. FHE-enabled products and services have the potential for securing user data from mass collection by tech giants and law enforcement. FHE uses arithmetic operations (addition and multiplication) as blocks for building arithmetic circuits. Using these, a third party can perform complex tasks on encrypted client data, for example, running diagnostic algorithms on medical imagery, without client data ever being revealed to the party providing this service. This talk will cover the history of homomorphic encryption, where the state-of-the-art is today, what the remaining gaps are, and why we should all advocate for advances in fundamental FHE research.
Social Justice and Prompt Engineering: What We Know So Far
Large language models are only as good as the data we feed into them. Unfortunately, we haven't quite dismantled racism, sexism, and all the other -isms just yet. AI isn't going away, so let's apply a harm reduction lens. Given the imperfect tools that we have, how can we write LLM prompts that are less likely to reflect our own biases? In this session, Tilde will review current literature about LLM prompting and social justice. They'll compare how different models perform in this context, since they're trained on different datasets. You'll leave with some ideas that you can apply as both users and builders of LLM applications, to iterate towards a more equitable world.
Star Monitor: Updates on Standards and Internet Governance
An update on several I-star organizations, namely ICANN, IETF, IEEE, W3C, and ITU. The tensions and synergies of human rights considerations in Internet governance and standards setting across the I-star bodies is rapidly expanding. The talk will touch on the major controversies in each space as they relate to human rights, namely censorship and the right to privacy.
Strength in Unity: Sharing Is Caring
By advocating for a collective approach to threat intelligence, this presentation aims to inspire organizations to embrace collaboration as a strategic advantage in navigating the ever-changing cybersecurity landscape. Together, we can not only analyze threats more comprehensively, but also respond more effectively to safeguard our digital ecosystems.
Strengthening Security Culture Through Compassion and Understanding
In this talk, Davis will explore the challenges organizations face in embedding a security mindset across diverse employee groups with varying levels of expertise. By focusing on amazee.io's approach of compassion and empathy, rather than punitive actions, he will demonstrate how fostering a supportive security culture can encourage open communication and trust. This talk will emphasize the importance of viewing mistakes as learning opportunities, thereby enhancing security team engagement and strengthening the overall security framework of organizations.
Survey and Scrutiny of Election Security
Fake news or flawless? Our computerized elections are neither. To truly understand corporate, closed-source election computers requires understanding of how they fit into the wider electoral system and its interlocking parts. Douglas' investigative journalism will provide case studies documenting how it can go haywire: the 2016 Kremlin cyberattacks on U.S. election infrastructure exposed by whistleblower Reality Winner, the MAGA-led Coffee County elections office breach still compromising Georgia's statewide voting software, and more. Such details will show how you can help secure elections: scrutineers, statistical forensics, free software voting companies... the list goes on. He will address democracy's evolution, too, scrutinizing statist voting within the bigger picture of human collaboration.
TLDR: Terms of Service - Privacy, Data Collection, and Coercive Agreements
When you click to "accept" a terms of service (TOS), it's essential to understand what you're agreeing to. Many conditional access agreements include information about the privacy policy, data collection, how your data will be used, and who the data is shared with. Some TOS agreements can indeed be lengthy and overreaching. It's crucial to review these carefully and look out for clauses that restrict your rights, such as restricting your ability to sue, censoring negative reviews, or some overly broad data collection practices. This presentation covers privacy, a few example terms of service, data collection, along with a discussion on the amount of time it would take (estimated) to read. Understanding TOS agreements empowers you. Additionally, there is a pending bill in the United States to simplify terms of service. This will also be discussed.
Tales From the Crypt... Analyst: The Afterlife
The speaker began his career in infosec at the National Security Agency first as a cryptologist, designing and fielding the first software-based cryptosystem ever produced by NSA, and later becoming the primary architect of the first NSA red team. He has shared his NSA story in a series of talks, "Tales from the Crypt... Analyst" and "More Tales From the Crypt... Analyst." This talk is the third installment in Jeff's story and features his transition from NSA to the private sector in the early days of Internet security.
Teaching With Microcontrollers: Hope for Ethical Hacking Education on a Budget
In this presentation, Kody will share his journey in teaching ethical hacking with low-cost microcontrollers, making learning both accessible and engaging on a shoestring budget. With a background in ethical hacking and expertise in creating low-cost hacking tools, Kody will go over lessons learned teaching numerous workshops and designing prototypes specifically for beginners. The hurdles in teaching microcontrollers, such as complex setups and technical barriers, will be discussed and the talk will explore solutions like WebSerial and user-friendly languages like MicroPython and CircuitPython. Various beginner-friendly microcontrollers, including ESP8266, ESP32S2/3, and Pi Pico, will be covered, emphasizing their educational advantages and how grant funding can make these tools more accessible.
Telecom in an Exclave
Point Roberts, Washington is a tiny exclave of the United States located south of Tsawwassen, British Columbia and separated by water from the continental United States. Telecommunications on "The Point," as it is locally known, are extremely unusual, not only in the United States, but in the world. In this talk, TProphet will introduce you to this unique community, and describe the past, present, and future of telecom in one of the world's most geographically fascinating places.
There’s Always HOPE for Privacy: Policy Wins and Needs
Privacy risks keep multiplying every year as we continue to accept more automation in our lives. Many of us take measures to improve our privacy and find ways to help others stay safe. It can help to take positive steps to foster HOPE and generate motivation to continue this work. This hour will celebrate some positive developments that everyone can learn from and will encourage attendees to push for more legal and regulatory solutions so more people can live their lives simply and safely. A member of the privacy team at the FTC will join the discussion to talk about some of their accomplishments, the road ahead, and ways that people can help them support their mission to protect the public against malicious business practices.
They're Still Using Balloons... - Disseminating Information Into North Korea in 2024
North Korea is the only country you cannot leave. Within this prison state, anyone found with outside information may be publicly executed. Despite the risks, there's a growing thirst for outside information. Few organizations are able to quench it, as "dissemination tech" hasn't progressed much beyond balloons. This talk aims to inspire innovation among fellow makers. It will cover the technology that citizens of North Korea have access to as well as the tools the government uses to block open information access, while highlighting projects and individuals that are making a difference.
This World Is Not Designed for Disabled People, so I've Been 3D Printing It
As 3D printing continues to grow as an amazing hobby industry, it is reaching new demographics with some exciting possibilities. Being disabled is a constant reminder that the furniture, architecture, kitchenware, lighting systems, remotes, and more are designed without the disabled in mind. With the power of 3D printing, CriptasticHacker has been leveling up his life by making repairs and add-ons for his wheelchair, home appliances, and much more. As a "canary in the coal mine," he has been able to design new things that focus on ease-of-use, accessibility, and comfort in ways that non-disabled people miss. It's one of the "superpowers" of disability: keeping people in touch with their bodies and the environment around them to develop and design in unique ways.
Tobias on Locks and Insecurity Engineering
This will be a discussion of lock design and what design engineers, covert entry teams, locksmiths, law enforcement agencies, and lock sports enthusiasts must know to assess a lock's security properly - and to compromise it. Several examples will be shown during the presentation. Marc is a renowned author of multiple books on locks, keys, and safes. Expect to learn about the complexity of locks and why they can often be defeated, regardless of their security rating.
Unearthing Security Flaws in AI Infrastructure: The Hacker's Way
Attacks targeting the artificial intelligence (AI) infrastructure have become increasingly prevalent as AI technologies proliferate across various domains. The unsecured AI infrastructure poses significant risks to privacy, security, and trust in AI technologies. To combat the attacks targeting the AI infrastructure, advanced research into AI security and privacy is essential to stay ahead of evolving attack techniques and safeguard the integrity and trustworthiness of AI technologies. This talk will present the attacks and threats in the AI infrastructure, covering real-world case studies. As part of this research, extensive security assessments have been conducted to assess security flaws in different components of the AI infrastructure to understand the ongoing state of AI technologies and how these are developed and deployed in the real world. The talk will showcase the case of practical and timely research in AI security.
This new research will share several exciting security vulnerabilities and flaws in AI infrastructure. Attacks and threats will be shown that target AI infrastructure, covering MetaAI, ChatGPT, GenAI custom applications, and AI infrastructure components. There will be a demo for the specific case studies. This talk results from practical research supported by real-world case studies, including original research. Attendees will learn and understand how the attackers are exploiting the AI infrastructure. The threat intelligence provided during this talk will enhance the existing state of specific detection and prevention algorithms.
Using the J Language to Streamline Hacking
This talk will look at how the simplicity and interactivity of the J programming language allows us to easily work with data and code. You will see examples of steganography, direct manipulation of executable binaries, extracting and organizing data from the web, and general uses of J as a "glue" language to invoke external routines by preparing their inputs and processing their outputs. The talk will conclude with references to resources on learning and using this powerful, dynamic language.
What Wi-Fi Devices Are Nearby? Any Cameras Watching Me?
Ever wonder what Wi-Fi devices are around you? Ever wonder if Wi-Fi security cameras are recording and uploading videos of you? This talk will explore a tool called trackerjacker, which helps answer these questions. It's been described as nmap for Wi-Fi.
What's Happening With Appin: Fighting Redacted Reporting and the Censorship of Threat Intelligence
Emma Best Lorax Horne Cooper Quintin Alexander Urbelis
The Indian "hacker-for-hire" operation, Appin, obtained an order from a court in New Delhi that forced the global newswire Reuters to remove investigative reporting about Appin's criminal enterprise. Users of Appin's services included American lawyers, Russian oligarchs, and Scandinavian businesses, among others. With that court order from New Delhi, Appin's American lawyers demanded that other media outlets remove their reporting, and many have complied. Appin's lawyers issued threats to the Internet Archive, the New Yorker, various podcasts, and many others. Litigation between Reuters and Appin is ongoing. What threats can this case pose to free speech and the integrity of cyber threat research?
Why Are We Insecure? An Ethical Hacker's Lonely Road to Cyber Dystopia
In this revealing presentation, an ethical hacker with 25 years of experience explores why, despite advancements in security technology and legislation, cyber-threats continue to escalate by analyzing the evolution of the hacking landscape. The session will highlight the overlooked fundamentals of cyberattacks, the creation of vulnerabilities through digital transformation, and the misuse of technology. Attendees will gain a deeper understanding of the human aspects of cybersecurity, learn to recognize common vulnerabilities, and see a live demonstration of a hack, which includes bypassing multi-factor authentication and weaponizing legitimate software for social engineering.
Working Towards a Sneakernet for Libre Biotech Wetware
A valuable feature of biological organisms is that their code (DNA) is contained in their self-replicating hardware. That means it should be possible to develop biotech (tools) that can be shared as easily as plant clippings. In practice, the investment required to do that development is only mobilized when the assurances of intellectual property can be claimed and enforced in order to protect the investment. How then can we work towards a world where biotech innovations can be more easily accessed by anyone? What does a sneakernet for biotech wetware even look like and what sorts of things would it be good for exchanging? This talk will first tell a story about how open data principles have shaped genomic research, then describe the gaps in that openness extending to biotech in general. That will be followed by a description of some examples of how we share biotech wetware and what it could look like in the future.
iWar 2024: The Evolution of Information Warfare in the Digital Age a.k.a What Happens When You Run the Internet Through CRISPR?
Daniel Nowak Roel Schouwenberg Alexander Urbelis
This talk will explore the evolution of information warfare and the transformative impact of AI and quantum computing. It will examine recent disinformation campaigns and the exploitation of platforms like TikTok and Telegram. Key defensive strategies include AI-driven detection and robust cyber hygiene. Future scenarios involving hyper-reality, digital sovereignty, and the "3DCs" (Decentralization of Communication, Currencies, and Communities) will be discussed. Emphasizing ethical responsibilities and proactive defense, the session will aim to provide insights and tools to counteract emerging digital threats and protect the integrity of information in the evolving landscape of 2024 and beyond.
