Bomb scare causes mass evacuation at DEF CON

Summer Camp is over and what has been done? Have aspirations shriveled in the Sun?

DEF CON A bomb scare at Caesars Forum, the main venue for this week's DEF CON hacking convention, led to the halls being cleared on Saturday evening.

We're told a suspicious-looking box was spotted and reported, leading to an evacuation for safety's sake and so that fire crews and police officers could investigate.

The timing was bad, coming during the main party night for the conference. The event's Goons, the red-shirted volunteers who serve as guides and organizers, were praised by attendees for managing the evacuation with aplomb. That said, the DEF CON team was ultimately forced to cancel the evening's festivities at Caesars, to the disappointment of thousands.

"Last night we were asked to evacuate the building due to a report of a suspicious package," the conference organizers said.

"Local police and fire departments conducted a thorough investigation and ultimately determined that the package was safe.

"They also conducted additional sweeps of the building as a precaution before allowing our team to return and prepare for today’s con. We are working quickly to keep the original schedule on track, but please check here for additional updates before arriving at DEF CON."

The event kicked off on August 10 and wrapped up by August 13.

Security at the show was certainly heavy enough. The event was patrolled regularly by security guards in body armor with handguns, tasers, the occasional police dog, and a host of other equipment that was a bit of an overkill for a bunch of peaceable hackers.


Gravy SEALs maybe, but they made a swatting call impossible

Dubbed by some as "Gravy SEALs," by the end of the show they were visibly warming up, and this hack saw several of them accepting stickers from attendees.

The great badge fiasco

The badge situation at the conference's start did peeve quite a few people, and one of them may have been the wazzock behind the bomb scare.

DEF CON badges are legendary. Usually consisting of a circuit board, a port or two, and an interesting puzzle to solve or challenge to complete – such as a scavenger hunt – they are highly collectable and can fetch high prices if resold. So it came as a shock to many when they were told that the badges weren't available in large numbers and were given paper badges.

What made this particularly hard to swallow was that DEF CON really jacked up its prices this year. Last year's tickets cost $360 each, whereas this year the price rose to $440. While the venue was much better than previous years, and the DJ lineup in the chillout rooms was much improved, not getting the prized badge annoyed many people – some of whom got up early to queue in the infamous LineCon queue to pick one up.


DEF CON 31: from tiny acorns mighty oak trees grow

Officially the excuse was that production and shipping problems had led to the shortage. However, two Goons told this hack that the issue had been one of oversupply at previous conventions, and that only those who had preordered their tickets were guaranteed a badge.

Some more did show up during the show, but were quickly grabbed by attendees, leading to jokes about LineCon 2. Still, it's not a good look and left a sour taste in the mouth of some.

My god, it's full of hackers!

The badge kerfuffle certainly didn't seem to put too many people off attending.

While official attendance figures haven't been released, sources close to the matter tell us that over 30,000 people attended DEF CON this year, compared to about 20,000 for Black Hat. The halls were noticeably fuller than past years and on day one only one hall was open for speakers and the lines were very long.

But the new venue had space for almost everyone to get in or stand at the back. This is a huge improvement over previous years, where you'd have to get in line more than half an hour before some talks.

This wasn't true everywhere however. The queues for the AI Village were initially immense, and for some others, including the Blacks in Cybersecurity Village. The Aerospace Village was seldom not jam packed, and even lines for the official merchandising room were immense.


Not anatomically correct: the inflation valve was on the inner thigh

Still, the quality of the talks was better than average, even if the timing wasn't. On the Friday 0900, opening sessions we covered included the Veilid keynote, but at the same time DEF CON founder Jeff Moss, aka Dark Tangent, hosted the opening speech and then sat down for an extra 30 minutes with the Secretary of the DHS Alejandro Mayorkas to discuss the policy and practice of America's online government role and how it interacts with the security community.

Also in the same time slot was the official start of the AI hacking challenge and separate session on the Security Research Legal Defense Fund – an initiative to provide free legal advice and support for white-hat hackers who are being prosecuted for conducting legitimate research in a way that could break onerous laws like the DMCA.

Doctorow's prescription for a new internet

And speaking of the DMCA and other restrictive laws, Cory Doctorow was on form with a talk entitled "An audacious plan to halt the internet's enshitification."

His argument is that a lack of antitrust laws, specifically allowing companies to sell goods below cost to drive out competition and a relaxed attitude to mega mergers, has left almost every major market in the US – from broadband to media to even candy makers, in the hands of a few corporations who then abuse their market position.

When the internet first became a thing it was a great disruptor, he pointed out, because open standards allowed free competition and a thriving state of innovation. Then the very companies that benefited from things like being able to reverse-engineer APIs and coding, such as Apple, Google, and Facebook, have since supported laws to ban such practices and ensure their continued dominance.

As this has happened the internet has in many ways gone backwards. Originally envisaged as a way to cut out the middleman and reduce costs and speed transaction, this plan worked - for a while. Now it's back with a vengeance and the middlemen hold the whip hand, for the moment, and are squeezing consumers, businesses, and now their own workers hard.

"Remember when tech workers dreamed of working for a big company before striking out on their own to start and put that big company out of business? Then that dream shrank, to working for a few years, quitting and doing a fake startup to get hired back by your old boss in the world's most inefficient way to get a raise," he said.

"Next it shrank even further, you're working for a tech giant your whole life but you get free kombucha and massages. And now that dream is over and all that's left is work with a tech giant until they fire your ass, like those 12,000 Googlers who got fired six months after a stock buyback that would have paid their salaries for the next 27 years. We deserve better than this."


Time to ring in some changes

While President Carter might have started the move against antitrust enforcement, his Democratic successor President Biden has become the first occupant of the White House to try and stop this consolidation. FTC chair Lina Khan might have had a couple of high-profile failures, he opined, but many more smaller cases and some corporate consolidations have been dropped or suspended

And it's becoming a bipartisan issue that's making strange bedfellows in the normally closed ranks of bipartisan politics in America.

"There's a bill in Congress right now called the America Act that will break up Facebook and Google and its sponsors are Ted Cruz (R-TX) and Elizabeth Warren (D-MA)!"

This appears to be a global phenomenon too. The EU and even China are working on interoperability and breaking up companies that get too big and powerful for free markets. The tide seems to be shifting, yet there remains a long way to go.

War stories

The War Stories track, held this year in Harrah's, produced two standout talks.

The first, from EFF security analyst and top boffin Cooper Quintin, covered the Dark Caracal spyware slinger. Cooper and his team have been tracking this miscreant for over six years now and it appears that the protagonist is a worker with the Lebanese government intelligence agency who freelances in crime in their spare time.

When first spotted they weren't very good, forgetting to register the domain for one of their command and control servers for the Bandook spyware which allowed the EFF to bag it first and then monitor traffic. The criminal has since come back with a better Bandook 2 version, which is harder to track.

But recently the EFF team noticed something odd - Dark Caracal was hitting a huge number of targets in the Dominican Republic and infecting them with Clop ransomware. Cooper speculated that the Dominican Republic was targeted because it's low tech and Interpol and others aren't too focused on the country right now, as they have bigger fish to fry.

He speculated that we are seeing a new breed of cyber mercenaries that are crossing over from national state spyware into more lucrative fields and said this could be the biggest threat for 30 years. That seems a little pessimistic, but this is going to be an area to watch.

Another great talk was from Mikko Hypponen, chief research officer at WithSecure, about the history between his native Finland (NATO's newest member) and Russia. He described how, at the start of the 20th Century, Finland was forced to give up land to Russia in exchange for independence and that - rather than live under Russian rule - a man and his family packed up their house (and sauna) and moved West to freedom.


Don't make us go sisu on you

That man was Mikko's ancestor and the CRO's mother became one of the first women to operate Finland's computer infrastructure, and she taught her son all about coding. What follows is one of the best talks on the history of Russian computer crime this hack has seen in a long time.

Russia pioneered this stuff, first on Bluetooth and then on other platforms - almost always avoiding interfering in their own country but wreaking havoc elsewhere. Unlike shy Western agencies who hate being exposed, the Russian operatives are very blatant and as long as its operators stay within the borders of the largest country in the world they are almost always safe.

This talk is well worth a look once the video comes out and the organizers have already started putting content up for free. If you couldn't make it to the sweaty hell that was Las Vegas this year, you can still get the data without paying Black Hat rates. ®

Editor's note: This article was revised after publication to make clear it was the discovery of a suspicious package that sparked the evacuation, and not a threat made against the conference or its host.

More about


Send us news

Other stories you might like