Nov. 5 2012 05:04 PM

Hackers, hatebears and darknets at San Diego's info-security conference

The ToorCon badge

I always lose things at conventions. Earlier this year, at a symposium in New York, I dropped the $50 taxi receipt I needed for reimbursement. At Comic-Con this summer, I left behind a bad-ass "Cookie vs. Wookiee" T-shirt (Chewbacca locked in battle with Cookie Monster) at a Doctor Who panel. At ToorCon—San Diego's annual hacker / information-security conference, Oct. 19 through 21—I lost my badge.

A ToorCon badge isn't just laminated card-stock on a lanyard. It's designed with the intent that a hacker will screw with it until it releases some unforeseen potential. Weighing about an ounce, this year's badge was a shiny, black-plastic circuit board that turned out to be a wireless transceiver with a USB connector, LEDs and a bunch of other features, like RfCat firmware and a bootloader, that were well beyond my technological literacy. One group of hackers turned the badges into a chat network, which they then adapted into a way to open up porn websites on other people's computers.

And I lost mine. Epic fail. The upside is that my badgelessness didn't keep me out of presentation hall. A young hacker with a thin mustache vouched for me, on the condition that I sample the gummy bears in his bowl. I asked why they seemed to be dissolving. The answer: They were marinated in ghost-pepper vodka, a beverage Gizmodo described in August as "The Vodka So Dangerous You Should Never Drink It Straight." I would later learn the concoction is called "Hatebears."

 So, there I was with sticky fingers and blistering lips, trying to take notes about how to defeat censor-happy dictators. The presentation was dubbed "#InternetKillswitch... Come At Me Bro," and since I speak a little hacker, I'll try to translate. The Internet Kill Switch is when a government has the ability to disable the Internet and does so, as Syria, Egypt and China have, to quell dissent. The "Come at Me Bro" part is a reference to Season 1 of Jersey Shore, when some dude and his girlfriend tried to start a fight with cast member Ronnie. Although Ronnie was totally down to thump skulls, he didn't want to throw the first punch. So, he threw out his arm and yelled, "Come at me, bro!"

In the ToorCon context, Ronnie is Drew "RedShift" Porter, a Phoenix-area hacker who's daring the government to just try to shut down his access to Reddit. His project, dubbed "DuskNet," is a black box the size of an old typewriter case, packed full of servers, routers and other computer stuff. If you deploy one every, say, 10 kilometers, you can create an anonymous and independent cellular and Wifi network. That is, people can connect to it by computer or phone and therefore continue to plot a resistance or Tweet about their lunches.

 Porter's keeping the project open-source, which means the ingredients and instructions are available to all for free. The prototype cost him $4,000, but the next version should be able to be assembled for less than $1,000.

Later, I caught a talk by Carl Sue, a 2010 Mira-Costa College graduate, who presented his talk under the rule that he had to drink from his Moscow Mule every time he said "Uh." He said it a lot. Between sips, he revealed the work he'd done for a North County-based "reputation management firm." His job was to game sites like Yelp, CitySearch, Rate MD, and Google Places; he'd create scores of fake online users, imbue these fake users with attributes that made them seem more real (including having fake conversations with one another) and therefore have higher influence ratings, which they could leverage to boost the num- ber of stars for their clients' businesses (often restaurants, doctors and car dealerships). He'd use other techniques to eliminate bad reviews for his clients, while posting fake bad reviews against the competition. Sue calls it "Digital Synthetic Oxytocin," the hormone supposedly linked to human trust. Sue says you can't put any faith in online reviews, though he still uses Yelp, but with a salt block.

I spent most of the convention surveying the eccentric things about ToorCon: the helium-shark drone swimming through the air, the hackers learning traditional lock-picking techniques on disembodied dead- bolts, the table of supposedly tamper-proof boxes and the instructor handing out syringes and chemicals to show you how to bypass the safety tape. 

To be honest, there isn't a lot at ToorCon that I was able to comprehend. Most of the talks were technical to the point of being almost a foreign language, where I was left with only the vague overall impression that the person speaking had the ability to royally fuck my shit up with a couple of key strokes.

Or a bowlful of gummy bears.

Dave Maass also presented a panel on investigative journalism and hacking at ToorCon. 

Email or follow him on Twitter @DaveMaass.


See all events on Friday, Dec 2