 Hey guys, my name is int 80. I'm the rapper in dual core I'd like to rap for you to intro this talk I'm the rapper in dual core. Where are you from Cincinnati? And why are you here? Well, there's plenty of possibilities he's playing my guest appearance Investigating my clearance up to test my perseverance Basically, I'm here because he's feds is one of the battle we burning my brain waves against my DIY mentality Looking for the pattern of a hacker in the brain Monitoring the heart rate of a rapper in the veins eyes on the prize while they're mapping all the waves His wires make me feel like I'm shackled up in chains Keep pace try to hide and change physically too fast for reading. He's got to create the sensitivity Heart rate pressure pulse better not skip a beat out could be a science magical the wizardry Show the source. Let us see how they play Or all this disassemble and drop a zero day a red herring flaw lacking reasons for the claims Defeated in these games. So I'm seeking neon rain. Who's the best rapper with inert core in the eye tune store That's us dual core. Who makes the best beats rocking on the board to produce a high score C64 Who's the best rapper is known to spit crazy and baby kick babies Interrupt 80 and the number one hacker the infamous legend who brings the end map armageddon Gregory Evans Thank you so much. That was the best introduction ever Thank you. So without further ado, it's my pleasure and without further laptop hacks or rage or frustration It's my pleasure to introduce rain and urban monkey And they're gonna show you some really cool lie detector polygraph stuff. Make some noise for him, please Thank you so much You totally rock my world. Thank you so much. That was so awesome And thank you guys for waiting. I apologize for the technical difficulties Um, so without any further ado, uh, I assume you guys all know by now that you're in build a lie detector be a lie detector Um, I'm we were both from the neuro numerous group. Joe bear couldn't make it this year So urban monkey took the bullet and came instead Um, and as in told you this is actually my fifth year here speaking at DEF CON So five years. So, you know, some people get paper and stuff I I get a nerd core. It's a nerd core, uh, wrap traditional for your introduction for your fifth year speech So but to tell you the truth. I really almost didn't make it this year Now, I know that neuro numerous every year there comes with the madness of pulling things off at the last minute That is part of our charm But truth be told I really wasn't feeling it this year So for several reasons I become so disillusioned with the whole concept of neuro hacking that I actually wanted to Quit it completely So my dear friend and fellow member taunt and cough who I know is here somewhere Um, she told me that the problem is I've just been pushing myself too hard lately working on these Year-long projects to bring to you guys So, um, she actually suggested to me that I take this year off um, and um So since I've accidentally ended up in the shoes of being neuro numerous's spokesperson It really didn't go over well with the rest of the group that I want to take a year off Because how it works is we start working on our projects as soon as I walk off this stage We will be working on the next project So it was really unfair to urban monkey and the rest of the group that I was like I'm out So a huge argument started with how much obligation I actually had to the group And this car was a major riff the infighting was crazy Um, and the polygraph project actually ended up in the back burner For many many months. Well, this was going on So finally psychedelic bike who's painfully brilliant. By the way, he was a painfully brilliant man He came up with a solution a way that I could both take a year off and still be a spokesperson for the group And it was really simple The idea was we would just build a robot to download my memories into and no one would be the wiser While the real rain stayed home meeting bonbons and having a well-deserved rest So what point did you figure out I was lying to you? Was there something subtle that seemed off in my story before it obviously went down the path of the improvable? Did my body language tip you off? Did I show any stress gestures? Was I blinking? Swallowing too hard fidgeting. I'm always fidgeting. So I mean Um, did my story like in detail? How about my vocal pitch? Was there anything off about that too many pauses perhaps? Then again, how much would I just told you was a lie all of it? some of it none of it more than three decades of Psychological research has shown that most individuals are horribly bad at figuring out when they're being lied to The average person does barely any better than chance Um, but you don't you can't blame them because there's no universal unique tell-tale sign that someone is lying to you No matter what you've heard Uh, but don't feel too down heartened about it. Um, even if you were a police officer Or a judge who had been trained in the already detecting deception the training might improve your accuracy But it would only be a few percentage points at the most So it shouldn't come as a surprise that detecting lies is complicated because lies themselves are complicated things A lie is not in the words we say after all or even in the lack of words Is in the attention of the deceiver However offensive this concept may be to you deception comes naturally in all living things Camouflage being only one of the many examples of how nature amply rewards Successful deceivers by allowing them to survive long enough to mate and reproduce According to the calculations made by a psychologist at the university of southern california human beings will lie to you about 200 times a day That works out to roughly one untruth every five minutes. So figure out what the last one. I just told you was So throughout history the truth has been a slippery thing for us to put our fingers on And the progress of the human race has always been darkened by the self-made horrors of humans designed found within severe mental and physical pain The one group of human beings can seemingly without remorse or judgment Put another group of human beings too in the name of justice so From ancient times to the middle ages dramatic laws were essentially Unwritten trouble customs that evolved from popular practice that move with the tribe If property was stolen or someone was injured or killed a payment would be made To the guilty person to pay the victim or the family's the owner of property This payment was a price that was considered a mens. I'm sure you've all heard of blood money So that was to pay off to make amends It was within dramatic law that the ordeal came to be a means by which the accused may clear themselves Traveller ordeal was a practice that the guilt or innocent of the accused was determined by subjecting them to unpleasant Usually a dangerous experience In some cases the accused was considered innocent if they survived the test of their energy if their injuries healed And other cases only death was considered proof of innocence The reasoning went that those who had done nothing wrong would be kept from harm by divine intervention Even if the accused happened to die during the ordeal It was still considered at the time to be entirely fair because everyone knew that they'd go onto a suitable reward or punishment in the afterlife Traveller ordeal became rarer over the middle ages because it was often replaced by confessions under torture So you can decide whether or not that was a trade-up But the practice was discontinued only in the 16th century So sorry about my slides being cut off. Um, nobody reads them. Anyway, we all know that Child by combat was a method of dramatic law to settle accusations in the absence of witnesses or confession And which two parties in dispute fought against each other in combat and the winner of the fight was proclaimed to be right So it remained in use Throughout the middle ages gradually disappearing in the course of the 16th century like trial by ordeal But interestingly enough trial by ordeal is generally known in one form or another in many cultures worldwide And um trial by combat was probably a custom of the dramatic people Now to the greeks and the romans the truth was something impersonal separate from And greater than an individual and most certainly greater than an individual who is of low status Or had been born into a captive birth The truth was thought to be to reside not only in the witnesses words But to be locked within their living flesh And it was the torturer's task to pry out It through the medium of pain Now I note to you that the belief of extreme pain was a guarantee the truth seems crazy counterintuitive Uh Because to us today because our instincts tell us that a tortured witness would agree to absolutely anything But what you need to understand that is that our present view is rooted in the very modern philosophical sense That the individual self as an autonomous being is in the possession of its own truth Now the invention of the police Do not come without growing pains and early uh american police departments were typically brutal and corrupt During the early part of the 20th century The routine torture used by american domestic police when it came to dealing with deception was given the quaint nickname of the third degree Confessions obtained by using such techniques as bright lights deprivation of food physical discomfort long isolation and beating with instruments that didn't leave marks Were usually admissible in court as long as someone signed a piece of paper that was a waiver saying that they had done it voluntarily between the 1930s and the 1960s a national uproar actually began And that They started cracking down on police tactics And gradually changed the practice of police interrogation So by the 1950s The confessions were considered involuntary not only if the police had actually harmed the suspect But I had also caused what they considered mental harm by depriving them of sleep food water or bathroom facilities I promised them some benefit if the subject confessed or threatened them with harm if they didn't confess In the world today, we rely on a legal system to sort our liars from our truth tellers To the most commonplace legal systems are the adversarial system and the inquisitorial system In the adversarial system two or more opposing parties gather evidence And present the evidence. This is a bad stiggling job Present the evidence and the arguments to judge or Jury the judge or jury knows nothing of the the litigation until the parties present their case to the decision makers The defendant in criminal trial is not required to testify But in the inquisitorial system the presiding judge is not a passive Recipient of the information rather the presiding judge Is primarily responsible for supervising and gathering the evidence necessary to resolve the case He or she actively steers the search for evidence and questions the witness including the respondents or defendants Uh attorneys play a more passive role and they suggest roots of inquiry for the presiding judge to follow The judge questioning and then they follow it with a tiny bit of questioning of their own The reason the attorneys don't question too much is and is very brief is because the judge tries to ask all the relevant questions So they're kind of just add-ons So basically the adversarial system, which of course is the system in america Seeks the truth by pitting parties against each other in a hope that competition will reveal The truth and it places for a premium right like a premium of the individual's rights But the inquisitorial system seeks the truth by questioning those most familiar to the events In dispute and placing the rights of the q secondary for the search of the truth so As you can see our efforts as a society have changed through the years in the way that we treat those that we believe To deceive us But since the early 1900s science has endeavored to create more human A more human method to unravel the tells of deceivers The modern polygraph as we know it was developed near the end of the 1920s And would change very little over the coming decades Its creators were not the first people to use scientific instrumentation as an aid in detecting lies Or monitoring blood pressure during questioning In fact, they weren't even the first to use the word polygraph to describe the device They were however the first to put in a portable form for use in the field and the first to Design and market specifically for police application Another thing that made this particular polygraph attractive Was that it could potentially replace the existing brutal third degree method Which had been brought to the public's attention through media during the first couple decades of the 1900s Such bad publicity had been putting a great deal of public pressure on police departments Initially the polygraph was limited to a small number of police departments, but its use slowly spread along with its reputation There was little attention focused on the polygraph by the general media in the 1920s Though a few articles published were almost always positive During the 1930s Use of the lie detector began to slowly move into other areas of use With a ghoulish example being its use on death row inmates Being given exams as a consideration when determining a stay of the execution The use of the machine though was still mainly limited to a small number of police agencies And some minor use through other government agencies But it was beginning to see an increased use in a small number of businesses in the private sector During the 1930s most of the media accounts were still full of praise for the polygraph with very little criticism And attention being devoted to its level of accuracy or reliability This despite the fact that the developers and proponents of the device were all members of the academic world Concerns on its effects to rights to privacy and the right to not self-incriminate were arose very rarely As the 1940s began so did the polygraphs growing amount of public publicity and media coverage Though the majority of the number numbers released on how successful the machines were Coming from the polygraph industry itself The accuracy of the device was still rarely challenged One of the reasons for this was its continued rejection of polygraphs in the court system With all the major names in the field either shifting their attention away from or dying Combined with the court's rejection of its results the polygraph may have been expected to continue to fall out of favor However as the middle of the 1940s marched into the 1950s Use of the device by businesses and governments would soon substantially increase As the paranoia over the cold war and McCarthyism spread Now as we all know the middle and late 1950s was a time of great distrust and false accusations This environment would bring a sharp increase in use of the polygraph Especially by the federal government and then slowly spreading to other levels of government That in turn led to more media attention of the instrument and a small but growing number of critical articles And began to question the fundamental principles behind the polygraph itself The days of its complete uncritical acceptance were passing As demand grew so did the number of private polygraph firms And most of the numbers generally cited as proof of the instruments Accuracy were still industry generated During this time we also saw the emergence of challenges being issued to submit to the machine For the first time attention was being paid to the use of the polygraph for intimidation and political political ends Rather than as a deception detecting means Through the 1960s The use of the polygraph would continue to spread especially in the federal government and private sector Both its usage and complaints of its use Began to increase as the extent to the extent that congress became involved By holding hearings issuing reports and making recommendations on the polygraph Individual states began to limit the use of the instrument and to license operators As in the past though courts continued to reject results as evidence And business use began to dramatically increase Especially in the pre-employment Testing of job applicants as this group of people were not unionized and had no protection against it whatsoever A greater portion of attention was becoming critical as opponents began to point out Neglaring faults and deficiencies of the instrument And the fact that the rapid increase in use had been based on little more than claims of the polygraph industry itself Many articles during this period were definitely in favor of the machine But even those writers felt compelled to at least mention Some of the faults and some of the criticisms Although the government continued to use The instrument the 1970s saw media interest mainly focused on business use of the device As employee polygraph screening screening became a multi-million dollar industry The attraction of the polygraph for businesses seemed to be its relatively low cost And quick speed in comparison with traditional investigation of job applicants Legal activity continued as more states took action and the federal government threatened But failed to enact any legislation During the early 1980s Court use of the polygraph began to see some minor gains Despite the fact that criticism against it had dramatically increased In addition to being widely reported that polygraph results were being used by prosecutors In determining who to prosecute and in plea bargains and a number of jurisdictions rape charges would not even begin to be investigated Until the victim had submitted to and passed a polygraph exam Federal use of the polygraph increased during the 1980s drawing a great deal of media coverage Most of it highly critical It took until 1988 until use of the polygraph in most business applications was curtailed by federal law Even though criticism and of the accuracy and validity had been building for years One may have expected that the polygraph would begin to fade away with a passing of the employee polygraph protection act All but abolishing the private sector's ability to use it, but it didn't Government continued to use the device through the 1990s and in 1998 A supreme court ruling left it up to individual jurisdictions Whether polygraph results could be submitted as evidence in a court case if both parties agreed to its use And at the judge's discretion But it was really the unfortunate tragedy of september 11th and that would really breathe new life into the continued use of the polygraph Last year as a group the neuro numerous group built a sleep lab and we built it from scratch For the project this year It was decided that building and designing schematics from scratch is just a lot of work And we wanted to do what we could do to avoid doing it again So after some quality time with google a keyboard and some coffee Rain came across a project out of cornell university by jordan crittenden and entered live There is a url. You just can't see it. Sorry So it was decided that this would be a good opportunity To use as a starting point for our project Since they built theirs for less than 50 dollars And that fit our budget of paper cut pretty well Jordan edwin's designed measured pulse rate galvanic skin response or gsr Breathing rate and stress of the The individual's voice Ours was built mostly from their schematics Although an existing piece of hardware generally provided by seth hardy was used for reading pulse rate And we also didn't measure Voice stress level We also ended up using a slightly different method to record breathing rate The cornell design initially used a thermistor mounted on a dust mask Which we also included in our initial build out Which psychedelic psychedelic bike did however we decided to add our own touch Another member ol grover designed a breathing band That works pretty much like the commercial machines do by going around your chest At the core is a simple slide potentiometer, which is probably the most Single most expensive part of the device The rest is simply a plastic box a spiral Phone cable phone jack an elastic band and ribbon with cable with straps To help hold it around the chest and of course to make it trying to compliant hot glue You can't really see the The at the bottom of this the slide is where the the phone cable plugs in Initially the band itself Was designed with an elastic band all the way around the chest But there was a tendency for that to bind And it didn't really have the tension to properly pull on the slider for the potentiometer After some experimentation you see the result on the screen there. It's just ribbon and elastic band The spiral phone cord was used again because it's cheap But it was also thought that it would helpful be helpful for people moving around Just to get the stretch out of the cable, which was dead bang on We also decided that instead of laying out all of the components on a single board like the cornel guys did It would be sleeker to have a box like you see There's a pain in the ass What we didn't think about was that opening and closing the box all the time Would cause movement on the wires causing signal crossover, which gave us some really odd results at times So if you do end up building one, uh, don't use a box. It's just it'll be easier for you After getting it built and tested If you see at the bottom there that micro control is an at mal controller That it is labeled, but you can't see the label unfortunately Um after we built it we found that jordan and edwin recommended not to power the machine from a wall and to use a battery to power it It was something about safety Even after figuring this out after reading it we totally ignored it If you do decide to build one Please read their web page just so that you understand the safety concerns that they had in powering it from the wall The software that we the cornel team used was written in matlab Although another numerous member christian gruber wrote ours in java because that's what he knows It also allowed him to develop on his mac and easily deploy it to our bunty box that we used While it is possible to run the software on a mac because data is sent over a serial port You'll need to use a usb to serial adapter running at 384 Some of the cheaper ones don't do that speed. So just be careful if you do end up buying one, which what you buy If you're doing this on windows the software wasn't designed for windows. So it At your own peril The user interface was built using jcc kit and java builder swing Overall the software can be built with the apache maven projects We were using version 2.2.1. Although any version higher should work With as long as well as java 1.6 The source code is available as you see Code.google.com slash p slash neuro numerous It's built using the mercurial source control system and all of our software is open source Once this was built running and collecting data. We were quickly running out of time Our cry for lab rats was thankfully answered by 16 people including myself through mid july of this year Giving psychedelic bikes the gentleman who built the machine about one week to go over data that was written out by hand by rain So now you've seen our beautiful ghetto polygraph, you know, that's very beautiful So uh, what we took special care to try and make sure That our testing environment would be as close to the polygraph industry standards as possible Right because you know, we we totally wanted to be able to Have data that would be comparable Um, we tried to keep the environment quiet with few distractions. We limited the amount of people allowed in the room during the time The examination took place. So that was a variable that wouldn't interfere Standards dictate that the room temperature should be between 70 to 75 degrees Fahrenheit for the Americans we had in the room That works out to 21 to 24 degrees Celsius for the rest of the world Unfortunately at the time we were doing testing the city that we both live in was in the midst of a heat wave So if you remember that we told you that galvanic is a variable that works on sweat So we um We did try to make sure we didn't take any polygraph testing during the worst of it But it'd be disingenuous. Well, it would definitely feel disingenuous to me If I didn't tell you that during the worst of the heat wave, there were times that uh, Our testing environment could be up to three degrees hotter than what was recommended by the industry But we didn't see any major change between the times that it was hotter and what it wasn't um But I did want to tell you that just so you know a full disclaimer Now because the standard polygraph actually takes up to three hours to complete We kept it really simple by instead going with a common pretest by polygraph examiners known as the numbers test So how the numbers test works is that you're asked to lie to the examiner about a number um So the polygraph examiner gives you a piece of paper and a pen and he says I want you to write down a number that's in between these three numbers pick four five or six And so you write your chosen number down on the piece of paper And the polygraph examiner can see what you've written down. It's no secret To what you've written down So after you've written your number down, you're hooked up to the machine. They let you get comfortable and then the examiner Will So the examiner tells you I want you to answer no to every question I ask So of course the examiner will say Did you write down the number one and then of course you're supposed to say no So the examiner will say no about 25 seconds later the examiner will ask Did you write the number two and of course you say no So so on and so on and so on until the examiner progresses up to seven So if you remember you wrote down four five or six, which is actually Quite close to seven as a variable for where he's looking So this is supposed to give an idea what the data would look like if the examiner was telling the truth Compared to what your data looks like if the examiner is lying So a neuro numerous came to the agreement that we would run our own version of the numbers test to collect data Uh, we just decided that would make most sense for our purpose Is that uh, we do two tests We did what we would do one is a control group of what the polygraph data looks like if you just ran the numbers test, right? on someone And the second we would see what happened is if we ran counter measures against the machine Uh, so the person who's playing the part of the examiner in our home brew test Who was me because I actually ended up losing a game of rock paper scissors lizard spocked urban monkey Yeah, I was frickin paper disproving spock But anyway, uh before the first test started I would hook a person up to the machine And I asked them to visualize in their head. I didn't have pen of paper So I asked them to visualize in their head a number between one and ten So, uh, they would be told when we start the test that, um You know, uh, they would be hooked up. They would get comfortable. We wouldn't start the test until they were ready um, and so I would pause for seconds second several seconds so they could get comfortable for the next question so um The second test was run the same as the first but at this time when they answered no to every question in the number sequence We had, uh, the subject run counter measures to try to fool the machine Um, now a counter measure can be broadly described as anything that an examiner might do in order to distort or defeat a polygraph test So literature suggests that all polygraph counter measures can be grouped into four categories So you have physical counter measures mental counter measures chemical counter measures and behavioral counter measures So how it works is as a rule any method that involves muscular movement as a central feature can be considered a physical counter measure Some counter merger movements would include increasing or releasing of muscle tension actions that induce pain Uh, muscular activities that deplete the body's energy resources and alterations in your breathing Uh mental counter measures are those that drop on a psychological manipulations exclusively in order to alter the physiological responses Uh, the company deception Manta counter measures can be further so divided into the following techniques Hypnosis biofeedback the sebo's desensitization mental disposition rationalization dissociation and cognitive overloading Now chemical counter measures are exactly what you expect them to be You rely on drugs to heighten or dampen physiological Arousal during the polygraph examinations and when it comes to behavioral counter measures Their principal function is to convince the examiner that the subject is not being deceptive uh You're uh, regardless of what the machine is recording Another function is to affect the conduct of the examination so the data would be inadequate in order for them to render decision So with so many options to choose from um We wanted to keep our variables consistent and make everybody use the same counter measures So we went with what we hope would be easiest to do and could be picked up by the subjects immediately And it would give them enough variety that they could choose among the options for one that would actually give them a sense of comfort right The three options were biting their tongue visualizing Visualizing thoughts that would make their heart beat faster And I actually had to ask my friends to flex their anal sphincter muscle for me That tells you that they're very good friends so During the testing phase, um We did find that counter measures could affect the result of the polygraph test But because we only had seven days before I'm here like in front of you We didn't have enough time to thoroughly go through the data as much that I would Feel comfortable saying that we came to an official response um But unofficially I would definitely say that our results They didn't contradict the 2003 national academies science report That concluded that counter measures pose a potentially serious threat To the performance of polygraph testing because all physiological indicators measured by the polygraph Can be altered by conscious effort and through cognitive or physical means So really even though we're talking about a polygraph and the machine The bread and butter of all polygraph examinations is the questioning process One of the early versions they used in the early days was the irrelevant irrelevant technique Which makes they mixed questions like did you murder so and so with it's today tuesday So um, they actually had to get rid of it eventually Because even though the premise was lies in response to relevant questions would cause a physiological reaction The problem was in this context that uh The questions could be stressful enough to produce a result That showed people were lying whether or not Okay, and uh because we started late. I'm going to be talking quick as possible So the comparison question technique they got around this by making all the questions accusations A sex crime investigation for instance the suspect would be asked the embarrassing question as have you committed a sexual act that you were ever ashamed of? As well as well as the relevant questions to the case So um, the point of it was the fact that The people who were guilty Would they would get a spike for the guilty questions and everybody else was supposed to be embarrassed by these questions So they were supposed to spike at a different time The guilty knowledge question was they would show you like pictures of guns and try to figure out if you Had a spike compared to what the murder weapon was so The fundamental puzzle of this speech I'd really like you to ponder now that we spent this time together Is whether or not we at numerus numerus have actually built anything more than A machine that collects physiological data um After an year essentially of polygraph research There's not really anything else that I can tell you that you guys don't really know other than the fact that The premise is faulty and it just everything that it's on is not reliable The problem isn't that the machines don't record anything They record stuff and so does our machine if you build one you will absolutely record stuff But the problem is that the numbers are up to human Interpretation and the people are running these machines cannot be considered what one calls objective so So the thing is How the whole thing works in the united states is half of 50 states you don't have to be licensed to be a polygraph examiner um, and there's no Uh, there's no test across the board that actually That they do to fulfill the part so Depending on where we're located We're probably just as qualified as anybody else in that state and if not more qualified depending on um Depending on if you decide building your own machine that we would know it more thoroughly So the point is if you build the machine or if you buy the machine in time and practice You will beat the machine and the thing about this machine is it's just a big polygraph a big bio feedback device and as As a neuro hacker Being able to build this machine you can actually have it and say that you're doing it for good health You can learn how to beat the machine and not actually say that you're looting countermeasures Because you're actually building a bio feedback machine for good health so Basically if we could get a bunch of people together to build polygraphs or Their own bio feedback machines They would be less inclined to be using polygraphs because we'd be able to mess up with the variable of what they're using so I mean you have to realize that it's been almost a century that the polygraph has been in use so as Neuro hackers if we can actually use something that we're supposed to be using towards self-improvement And towards good health in order to be able to eventually Make the polygraph obsolete it really is In our best interest to be able to do it So sorry I had to like really speed at the end of it, but that's basically it So if you build the machine and we have all the schematics and the code online you will be able to be the polygraph There is no doubt about that But the fact that you could actually build one and say that you're doing it in the name of good health We'll definitely throw them. So thank you very much for Having your patience with me and everything's so late And thank everybody else who helped us and um, good luck with your bio feedback devices