Announcement

Collapse
No announcement yet.

The 10-year Project by p0wnyb0y

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The 10-year Project by p0wnyb0y

    The 10-year Project
    by p0wnyb0y

    I remembered the day we met. Riviera, DEF CON 17. As I walked from Track 4 back through the foyer, I glanced at the 'chill-out' space to my left. My body trudged through the busy halls. With an aching back I found my way through the narrow doorway and sat down at a black plastic table.

    That year's DEF CON badge had an I2C interface which allowed it to communicate with other badges. If you were able to hack the badge you were given a prize. After fumbling around with the badge, a realization hit me. I had to 'socialize' to hack it. Two badges were more than likely the key to hacking it, or so I thought. I looked up from the badge hanging around my neck. Another kid was sitting across the table, focus centered on his Human badge. A beat-up Dell Studio laptop sat directly in front of him. A solid minute of hesitation and doubt was followed by a single word. "Hi."

    "You talking to me?" a bewildered face said in response.

    "Yes," I said before he finished talking. "Are you trying to get into that badge?"

    "Sure," he paused. "I mean, I'm in it. I just need to like, you know, hack it."

    As the day went by, we got to know each other a tad better. Hunter introduced me to some of his friends, who swung by the lounge and helped us hack the device. After hours of trying to decrypt and get into the badge with them, I decided to head home. As I exited the Riviera, I wondered if they would be back at DEF CON the next day.

    DEF CON 17 came and went, but Hunter stayed behind. He lives in Las Vegas too, near my ghetto apartment. Hunter and I became great friends. We frequently hung out and talked about nerdy things. We talked about how people have to sacrifice privacy for Internet usage, and why protective governments filter the Internet out. We determined that these problems were the result of the developing dystopia.

    Hunter and I devised a plan. It was simple: station 'evil twin' access points at popular Las Vegas locations, and let them collect data from unsuspecting people. The evil twin access point would share the same SSID and MAC address as the target network, fooling devices into connecting to the twin network. We would plant a couple rogue 802.11 routers inside of the Las Vegas Convention Center, where hundreds of events are hosted every year.

    The goal of this plan? To try and get back our freedom- one compromised account at a time. Create mayhem, using compromised data, to remind normal civilians of the ever-so-present dystopia. A dystopia that prevents punks from having their well-deserved privacy. A dystopia where Internet access is restricted across nations. Society has become so engulfed in this 'dystopia' that no one would ever realize the magnitude of the situation. Unless, that is, it was brought to their attention.

    My outfit consisted of a black hoodie and baggy jeans, not my usual style. Hunter's outfit was the same, except that he was wearing tactical gloves. "Like that won't attract suspicion," I whispered as we walked through the sunny parking lot.

    "My fingerprints would be left behind," Hunter responded. "I don't intend on getting caught tonight."

    "Yeah, alright."

    Sweat dripped off of the palm of my hand onto the concrete stairs. My eyes made contact with the Las Vegas Convention Center sign overhead, attached to the main building. The National Electrical Contractors Association Convention was a three-day-long event, with day passes costing $50/person. Since we couldn't waltz into the center without going to an event, we had to burn money on tickets.

    My hand reached inside of my crammed backpack, pulling out the pair of passes. The automatic glass door slid apart as we approached the entrance. A person dressed in a reflective jacket, sitting on a stool, holding a barcode-scanner greeted us. "Hello."

    I drew a breath, and then replied, "Here's two."

    "Alright," she mumbled. She took the tickets out of my hand and put them directly underneath the scanner's red light. Two beeps echoed throughout the narrow hallway coming from the handheld device. The lady mumbled the usual, "Thanks. Have a great day!"

    "Thanks."

    I cringed as I walked away from the check-in, knowing that we wasted one whole Franklin to get in the doors. "I really hope this is worth the effort." I exclaimed to Hunter.

    "If I get caught," he paused. "I would have wasted fifty-bucks, but I guess doesn't matter if I'm in jail."

    "Let's hope we don't get caught then."

    We set off on a journey to a well-hidden location, across the convention center, to place our homemade routers.

    The "10-year database", we called the project. Hundreds upon hundreds of plaintext usernames and passwords, administrative URLs, FTP creds, sensitive documents, and compromised emails hacked together into one repo, gathered from numerous data sources. One source included the routers we placed at the Las Vegas Convention Center, and then another router up at the Mandalay Bay. Over time, more and more attempts at gathering information were made.

    There would be a spectacular release of the data at DEF CON 27, exactly 10 years since we started the project. I had prepared a 20-minute presentation for the event. Hunter had already put together a couple badges in an attempt to advertise to the like-minded community.

    A blue button labeled "Upload" turned to grey as I clicked it. The estimated upload time rose sharply, from one hour, to half a day, to three days. I glanced at my generic, black and white calendar nailed to my bedroom wall. "Three days... August 5th, 6th, 7th, 8th," my brain stopped working. "That's three days, which is right on time."

    The faces of nerds in the crowd went blank as I finished the presentation, with the aid of Hunter. Information overload. "This is free, right?" A viewer among the crowd yelled out.

    "Uhm," I paused. "Yeah. It's free."

    Hunter chimed in. "Actually, it's at the expense of people using public Wi-Fi."

    The crowd let out a subtle laugh before going back to socializing amongst themselves. Within minutes, the ballroom was barren except for forgotten possessions and food wrappers. It was almost night, so we decided to hit the road after a long day of executing our decade long pet project.

    The hotel room door slammed behind me. I was staying with my dad up at a luxurious hotel on the Strip, payed for by his employer, Merit Electric. DEF CON and the National Electrical Contractors Association Convention aligned this year, which meant I could see my Dad for a little bit. I paused before throwing myself on the pillow-covered king-sized bed, adjacent to the couch my Dad was snoozing on. My eyes met the beautiful, neon-filled Las Vegas Strip. A feeling of drowsiness grew evermore present as the seconds ticked by. My body met the comforter of my bed, and all seemed well again. My eyelids fell, too heavy to resist. Reality slipped right through my fingers, and I was back to sleep again.

    A loud "DING" woke me up. My eyes tried to focus on the blurry message displayed on my smartphone. "Check outside your window," the text message from Hunter said.

    "What is it?" I responded.

    "Just look!"

    My attention shifted to the window. I pulled myself out of bed and lunged over the windowsill. Nothing seemed to have changed, it was just dark outside. I grabbed my smartphone, and texted back. "I don't see anything. What's going on?"

    I climbed back in bed as I reread the text messages. Suddenly, I realized, and spun toward the window to see that not a single neon sign was powered on. Only the headlights of few passerby vehicles were visible. A gut feeling told me that we had something to do with the power outage. I reached for the light switch next to the window and flipped it. No power.

    A victory. The dystopia was realized. If a pet project could somehow take down a power grid, various government websites, and mass surveillance systems- that'd be a red flag. A huge red flag. We needed to rethink what technology should be used for, and how it can be monitored and controlled. That was the whole point of the project. And there Hunter and I sat, at the forefront of the 'Technological Reliance Act'.
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A
Working...
X