DEF CON Forum Site Header Art


No announcement yet.

Tony Kava lectures at DEF CON, Brian McCormack DEF CON 27


  • Tony Kava lectures at DEF CON, Brian McCormack DEF CON 27

    Their Title 1: The ethical hacker: PCSO's Tony Kava learns secrets, gives lectures at DEF CON conference

    Originally posted by URL1
    By Brian McCormack
    Aug 25, 2019

    [IMAGE: caption: From right, Sgt. Jim Doty, Digital Forensics and Technology Administrator Anthony Kava and Deputy Ryan Avis of the Pottawattamie County Sheriff’s Office worked together to solve the 2012 cold case murder of Macedonia resident Cari Farver. Staff photo/Joe Shearer]

    Anthony Kava is kind of a mad scientist. But instead of bubbling beakers and chalkboards full of mind-scrambling equations, he is surrounded by computers.
    Kava is employed with the Pottawattamie County Sheriff’s Office and his deep knowledge of modern technology has earned him a unique position within local law enforcement. Kava is not only the agency’s technology administrator, but he is also an expert on digital forensics and a member of the Iowa Internet Crimes Against Children Task Force.
    But long before Kava was busting bad guys on the world wide web, he was a just kid who was fascinated by computers. In the early ‘90s, internet access wasn’t as commonplace as it is now. At age 12, Kava had to get creative if he wanted to hop online and hone his burgeoning tech skills.
    That’s when Kava decided to exploit vulnerabilities within a local internet provider’s billing system. He created fake credit card numbers and used them until the system caught up with the bogus digits. When it did, he simply entered a new, phony credit card number to keep the scam going.
    But when his luck ran out, kid Kava faced some potentially serious consequences. Credit card fraud committed across state lines is no laughing matter. Luckily for him, the authorities looking into the case determined that Kava was not a threat to society.
    One Omaha detective spoke to him and tried to frighten him with what Kava called a “scared straight” talk. But another person, an employee who worked security for the company Kava hacked for free internet, gave him another kind of talk. Kava referred to it as the “good hacker” talk, and it was just what Kava’s young ears needed hear. He decided from that point on to keep on hacking, but instead of stealing services, Kava wanted to use his knowledge to serve society.
    “If it wasn’t for the ‘good hacker talk’, I don’t know where I’d be,” Kava said.
    Now 38-years-old, Kava recently returned from DEF CON, an annual conference held in Las Vegas where thousands of the world’s most elite hackers congregate to share their findings. It’s the world’s largest hacker gathering.
    Which operating systems are vulnerable, how to exploit the vulnerabilities and how to shore up security within them are all hot topics at DEF CON. With an attendance of about 30,000 this year, there was plenty for Kava, who went to DEF CON, to learn. But Kava was also a speaker at the event he’s attended four times, hosting a lecture about application security (known as AppSec). And one talk so secret, nobody outside the room could hear it.
    “It’s not just about computer security hacking,” Kava said. “There’s a lot of that. But it’s about all sorts of things that fall under the hacking umbrella. So that includes Locksport — people who like to pick locks; social engineering, where you try to basically be a con artist and sometimes it’s for a good reason like trying to get information out of people; reconnaissance; defending networks; attacking networks — there’s something for everybody there.”
    Tasked with protecting Pottawattamie County’s software and computer systems, Kava said the conference is the best resource there is for learning the nuts and the bolts of how to keep the public safe from an external threat.
    “There’s so much information presented there,” Kava said. “What I’m looking for is emerging technology stuff. The latest advances in security, but also breaking into stuff and attacking things.”
    “I’m interested in the attack part, too. A, because It makes you a better defender to know about those things. And B, because some of that technology, we can use to get into the systems that we have to examine forensically.”
    You could say Kava is among the elite when it comes to digital forensics. He believes being a law enforcement hacker is something more people should aspire to. Kava has been trying to build dialogue within the hacker community on how ethical hacking can benefit not only law enforcement, but the general public. That was the subject of Kava’s other speech at DEF CON.
    The history between law enforcement and DEF CON attendees is complex, Kava explained.
    “It’s been adversarial in the past. In the old days of DEF CON they had a game called ‘Spot the Fed’. (Agents) would be looking at these people because they thought they were trying to break laws. And some people were,” he said. “But if you spotted a fed, you could call them out. You went to the goons, the people in red shirts that run the conference and security. So you’d go to a goon and say ‘I spotted this guy, he’s a fed’. If they admit to being a fed, you both get T-shirts. One said I spotted the fed, one says I am the fed. It’s a different environment now.”
    Kava’s hacker ethic played an integral role in cracking the case of Cari Farver, which went cold after the Macedonia woman was murdered in late 2012. Kava pored through thousands of digital communications from the woman eventually convicted of Farver’s murder, Shanna Golyar, who was posing as Farver online for years in an attempt to elude law enforcement. He connected the cyber-dots that prosecutors needed to build a case against Golyar, going as far as to write his own code to help analyze the terabytes of data recovered from various devices and memory cards Golyar had used.
    It was listening to a previous talk, as well as reflecting on his “good hacker” talk, that Kava said helped him prepare for tackling the Farver case.
    “Being in a position to help with that case might have saved a life, put a killer in prison and brought closure to victims,” Kava said.
    Now, Kava tries to spread the “good hacker” ethic to others interested in working for or with law enforcement agencies and especially to children who may be at a fork in the road, just as Kava was back in 1993.
    “When I talk to kids, like at the Rotary Club Career Fair or the Cyber Patriot mentoring at Abraham Lincoln High School, I always tell them ‘hacking is good’,” Kava said. “They get the good talk. I give kids a positive definition of hacking. To me, it’s tinkering, being curious, taking things apart and putting them back together to do something new.”
    Kava started his own hacker club. It can be found at online at It’s a fledgling group, but one Kava hopes to grow with time. It exists to unite hackers within law enforcement as well as hackers not opposed to working with law enforcement.
    “Really right now it’s just a website with a couple of forms,” Kava said. “What I’m trying to do is find other people that work in law enforcement or that are interested in having dialogue with law enforcement that consider themselves to be hackers. I’m not looking for computer security experts, per se, I’m looking for people that have that ethic. I want to get those people talking just to try to come up with some ideas about things that we can do better on enforcement. But also not step over the edge into a ‘1984’-type thing.”
      Posting comments is disabled.

    Article Tags


    Latest Articles