 All right, well, since there's so many problems apparently figuring out who's in what room, not unlike the first year of college, this is the examining the changing nature of DEF CON talk. So if you're here for major malfunctions talk or the other talk that's going on at this time, they're in two or one. So if you are here and you want to know about DEF CON, then you're in the right place. Or at least you want to know one man's opinion about DEF CON to be more specific. The content of this talk can go a variety of different ways. Just kind of depends upon the audience, their level of knowledge, and, well, frankly, there are personal experiences here at DEF CON. And there's a flub in the program. It's all my fault. The DEF CON hasn't been going on for 14 years. This is the 13th year. But that's why I do qualitative research. So I don't have to really, really worry about numbers. Anyway, what's that? Yes, an off by one error. Exactly, a famous programming flaw. How many people have been to DEF CON before? Raise your hand if you've ever been here before. OK. How many people have been here since DEF CON 1? OK, I see no hands. All right. Who's been here since, so I don't know, 1998 or 1999? Either one. Either one. Who's been here since, like, say, the late 90s? Since DEF CON started in 93, now we're in 2006, at least there's a handful of people in the room who've been there. Essentially, this talk can be geared directly toward people who've never been here before. How many people are here for the first time? So some of you. Good. So this can go a variety of different ways. And the way that I'll take this is primarily focused more towards people who've had a little bit of experience with the CON. If you don't have any, that's fine. This is very much a talk for individuals who have an interest in DEF CON, who have an interest in hacking, hacking culture, and more generally, want to understand how DEF CON can provide us with some kind of understanding about the way that hacking, the quote, unquote, underground and technology are going to push things forward over time. What I'd like to do is get feedback from all of you, those of you who have been here before, those of you who have been here since the mid-90s. Please tell me what you think. Tell me your personal experiences if you don't mind sharing. This talk should be very interactive. I want to know what you've experienced. Frankly, I'm an academic. This is the third year I've come to DEF CON. And the observations that I'm going to make are very much based upon everything that's out there. All those archives that you can go to when you go to the DEF CON web page. So I have a little bit of experience with this, but I'd rather hear what it is from your point of view. And hopefully, this can at least spur some kind of discussion forward. If you use the boards a lot, if you are on the DEF CON forums, maybe this is the kind of thing that maybe will appear there. If nothing else, tell me what you think. I've been trying to do research on computer hackers for a while now. And what is essential is having someone say, I think you're wrong and here's how. Not just I think you're wrong. I love it when people say, oh yeah, I think you're on the right track. I like your work. That's great. But when somebody says something critical and makes a good point, that helps me much, much further. So if you think I'm wrong, tell me. But don't just say, yeah, you're wrong. You suck. Give me some kind of feedback. So let me kind of start with a fun kind of cartoon that's available online. When I first started doing research on computer hacking, when I first got into the whole idea of what is hacker culture? Initially, I had the same point of view that probably most everyone in the general public does. Hacker as criminal. This little cartoon depicts all of the various things that could happen if you think of DEF CON as a criminal kind of event. Oh, well, maybe we should have some kind of burglary con. Maybe we should have car breaking cons. Because from a criminologist's point of view, this is totally unique. We don't know of any other kind of group getting together and saying, how can we do this more effectively? How can we improve the way we do this? You don't see crack dealers huddled together on the streets talking about better ways to sell product. Or at least if they do it, they're probably not going to do it on the street. So having a big open convention like this is very, very fascinating, because we just don't see it. So as I started looking more and more into hacker culture, that was when I got the gist of it. That was when I finally began to understand that whole broad complex of definitions. Hacker as explorer. Hacker as someone who is enthusiastic about a specific topic. Hacker as criminal, but in a derogatory kind of sense. As cracker, as someone who is going against the general notion of what hacking is all about. And so considering this, considering the variety of definitions that are out there in terms of hacker from the hacker's perspective. And thinking about where we're at in terms of society today. It's 2006. I've got a laptop. Everybody's got a laptop. A lot of people have iPods. Technology is everywhere. It is cheap. It is plentiful. It is easy. So how has technology and the changing forces of technology affected in one way or another the shape of DEF CON? When it began, DEF CON was supposed to be a closing party for the US nodes of a worldwide BBS, PlatinumNet. It was centered out of Canada, but had nodes in a variety of different places. This quote here is from the dark tangents FAQ online. It says, I decided, what the hell? I'll invite the members of the other networks I'm attached to. See who else can come? Let's get everybody together. So essentially, this was supposed to be a party, a big get together for, in 1993, what was a relatively underground kind of thing. How many of you in the room had a computer in 1993? Good. We're kind of on the tail end of the spectrum, though, because I know most of the people I know didn't really have computers then. So individuals who are on the far end of technology are the people who had this, who maybe were involved in it then. So DEF CON began as something relatively unique. But now we're at a point in time where things have changed. As I said earlier, you now have technology everywhere. You can get a computer for $400, $500. You can get internet access anywhere. If you're staying in any hotel on the strip, you can probably get wireless from any given point and not have to pay that much for it, unless you're staying at the Hilton. There's also industry recognition. Almost every single business needs some kind of computer security. We're at a point now where the panel just before me was talking about having a national collegiate competition to train students in white hat hacking to understand the mechanisms, the methods by which you do it. The growth of ethical hacking in colleges has really begun to key into the need for people who get technology at deep levels and can understand how to utilize hacking for specific purposes. And now we're at a point where we also have tremendous law enforcement interests in computer crime. There are all numbers of the Alphabet Soup game out there who are interested in computer crime, from the mail service to DOE to the border patrol. We have chip units. If you go to any of the Meet the Fed panels, you'll hear all about that. So everyone has an interest in technology. How things are going to shape the world that we're in. And as a result, it leads us to a very interesting question. How has DEF CON changed? How has the world around this convention influenced it? How has it impacted hacker culture? Anybody out there think that DEF CON is different than how it was, say, five, 10 years ago? Step on up to the mic and tell me how. If you don't mind, anybody. You don't see what? All blind. You don't see all black anymore. All right. Yes, ma'am. Way more girls. Yeah, I wish I had some kind of sponsorship. I would totally be in and out for us. You, sir. Good. Yes, sir? OK, so hackers have grown up since DEF CON 1 in 1993. Four cycles. So go ahead. What do you mean by the cool stuff? The stuff that you mean the underground stuff? Is that a good way to characterize? So you're saying that the talks as a whole have shifted from being about how to hack a specific system to being, here are some vulnerabilities that could be exploited in a number of different systems. So there's a larger contingent of law enforcement agencies, of people who we would call feds, who are now attending. Anything else? So greater media attention or at least changing media attention over time. You, sir. OK, so it's possible that the criminal contingent of hacking has grown as well. In addition to the white hat side, maybe the black hat side's grown? Possible. So the comments that you all are making tie in really well to some observations that others have made. We can kind of move through a couple of different theoretical perspectives. Anybody familiar with Richard Thiem? Yeah, he has done a number of different wonderful kinds of pieces about hacker culture. One of the excellent things to kind of help us understand hacking from that internal perspective was a piece he did at DEF CON 11. And it was essentially addressing variations in hacking over time. So he makes an argument that there's three generations of hacking. The first generation is more or less the 80s, 90s, the people who formed DEF CON, people who were on BBS when that was the only thing that was online, people who only knew each other through those routes. There were not necessarily large cons or anything else. Maybe there was a 2600 around you. So these were the individuals who had to learn technology through trial and error, through breaking their own setup, through trying to figure out how they can overclock or work their system in some capacity or another. Then there's the second generation in the mid 90s. And this group is one that grew up with the internet. They are familiar with how things work. Information began to become available on demand. And as a consequence, they were in some ways reinventing the wheel. They thought, oh, this is brand new. This is groundbreaking. But other people already knew this information and maybe just hadn't made it public yet, which leads into the third generation. And this is what theme suggests is going on today. Some hackers are moving into or now exist in this third generation, where there is so much information available now that you must make your own truth. Assemble data as you come upon it and use that to create your own big picture that is highly dependent upon what you find when. And it's not just about owning one box. It's not just about socially engineering one specific individual. It's now about understanding how all those complex systems fit together and how you as a whole can utilize those dynamics. Simple Nomad, I believe, is the one who referred to it as meta hacking. Theme may have also referred to it in that fashion as well. So there's a shift. There are shifts that can be noted, at least internally. Turning to external observers, people like myself, the academics, have made some similar observations. Two researchers, Jordan and Taylor, have kind of developed a conceptual framework to understand hackers and hacking. There's original hackers, the 1950s, 60s guys who were in universities, who were working with systems, to the elegant programmer, if you will. Then you have the hardware and software crackers of the 70s and the very early 80s. Then the hacker crackers of the mid-80s to today. The kind of criminal or, in some cases, white hat hackers who have various reasons to break into systems. They also talk about microsurfs. Anybody read that book yet? It's been out for a long time. Microsurfs is essentially a concept used from a book, talking about programmers who've been co-opted into corporate structures. People who were hackers, people who were good programmers, being brought into the system. Working in companies, trying to make good code, trying to do something useful. Then you have the open source folks, the people who are out there demanding good software, better than anything that you can get through Microsoft or Apple. Something that works and works well. And these are the hackers, your Linus Torvalds, if you will, your Linux, your Fedora Core fans. Those are the individuals who are seeking hacking for a specific purpose. And then finally, hacktivists. The hacker activists that we've heard about since maybe the mid-90s. These are the people who are using hacking for a specific end, be it a political agenda, be it something else. So clearly, there are numerous dynamics. Not only can people inside of the culture but people outside of the culture recognize it. We can also talk about changes in the dynamics of hacking in terms of its organization. The way that hackers interact with one another. The way that they share information. One of the only people really to look at it was a guy named Meyer. And in 1989, using just BBS and emails and maybe a few PBX messages here and there, made the case that hackers were colleagues in that they had very common networks, they shared some information, but they didn't hack together. If you got information, you were going to use it for your specific purpose. You maybe would tell somebody or show some kind of trophy, maybe what you've found or what you've been doing. But beyond that, you're not gonna get together commonly in groups. And in a few cases, he says that there are peer groups. Peer groups would be where you maybe have two, three or four hackers working together for a specific project. Nobody really looked at this. And then last year I tried to do so. And in the context of doing so, I've made the argument that hacking now constitutes a community. There are now so many different places that you can go to meet other hackers. There's local cons. There are DC groups, there are 2,600 groups. There are so many forums online it's not even funny where if you wanna learn something about hacking you can at least get started. So there's shared spaces for hackers, offline and online. And also there are resources available online or offline for hackers to get together and get whatever they need be it tools, software, clothing. Was anybody here to see the hacker porn tape about three or four years ago? So yeah, there you go. You can get pretty much anything you want. And so this is the kind of thing that suggests hackers work in or exist as a community. And communities from a theorist point of view form for very specific reasons either because they are people trying to hide what they're doing from law enforcement which you can very easily say is still going on today. But based on some of the points people have raised earlier it may be that hacking is in some ways be something that's becoming legitimized. Maybe in one capacity or another we're getting to a point in time where hacking has some acceptability. Now of course your mileage is gonna vary if your boss found out you were a hacker at some point in time maybe you'd get fired. But it doesn't necessarily perhaps have that negative connotation it once did. So as a result things are changing in terms of organization culture and individual status which brings us to the point that if society has changed, if technology has changed, if hacker culture has changed in some extent. How have these things impacted DEF CON? How has hacker culture and the shifts that go on there and the computer underground? How can we observe those things dynamically through DEF CON? And ask the more difficult question is DEF CON still representative of the underground? If things have changed, if we now have more feds here, if we now have people who are talking about penetration testing forensics and yada yada is it still the same way that it was in 1993? If it is, if hacking and DEF CON is still representative of the underground, then what does that mean about the underground as a whole? So that's why I said earlier, this is not anything that we can just answer here. These are very high level, hard questions to get at. But what I was hoping to do is at the very least address some of this. Go through everything that's out there and try to understand at varying levels what's going on with DEF CON. So I went to the websites, went to everything that's out there for DEF CON. Went to the archives, listened to the audio, read all the pre-con stuff, all of the calls for proposals, went to the various links and performed qualitative analyses of this data, read through everything, tried to make counts, tried to understand what each piece means. And I used grounded theory techniques. So what that means is that I wasn't going out there thinking, okay, I'm gonna find A, B, C and D and look, that's what I found. Now instead, this is a way in which you identify your concepts based upon their appearance. If 500 times someone says that DEF CON is all about hacking, then reasonably you can say, DEF CON's all about hacking. However, if no one says it, then it's not there. You can't actually make that argument. Now there's a huge weakness in all of this. And that weakness is that what I've got is not necessarily representative of every single con. It's only what has survived. So that's why coming here and presenting this information is a good way to kind of augment and push it further. If you've had practical experience with this, tell me if you think this is right. Tell me if you think it's wrong. Tell me if you think I am way off base. So let me start just by going through some of the basic conceptual elements. First, and this is probably the most obvious thing is that the number of talks at DEF CON have increased. We can say there's been about a 925% increase over time. It has pretty much just gone up and up and up. Some of that's pretty obvious. Same is true with the number of speakers. There's been about a thousand percent increase in the number of speakers over time. So you now have multiple person panels, individuals presenting multiple concepts at a time. Somebody said there's more feds here now than ever. There's more law enforcement agents. And this appears to be true. Whether they are on the EFF side, whether they are with DOJ, whoever they are, the number of people has increased. It's interesting though, and that when you look at it as a percentage, it kind of goes up and down and up and down and doesn't really tell us a lot. The only thing that we can glean, and this is the percentage of speakers with regard to each CON. So the total number of speakers divided by the number of speakers who fall into this category. So there's been some shifts. Initially it was a lot higher than it is today. Now we're looking at something on par with less than 20%. But that still is significant overall. When we talk about DEFCON generally, someone was saying that before it was about, here's how you hack this specific instrument. Now it's interesting in that the number of talks relating to either security or hacking have increased significantly. It's no longer a talk about, say, IRF guns and information warfare. Now the majority of talks are focusing on specific vulnerabilities, specific weaknesses, how to, as another talk is going on right now, how to hack Magstripes. So there's all kinds of unusual, interesting talks that are going on and they all relate in one way to another with regard to security and hacking. There's no easy way to separate this out. Whether it's just specifically about hacking, whether it's just about security, but one way or the other, those two are inextricably linked. We can talk about professionalism as a whole. And it appears as though the number of people who talk about their professional credentials has increased tremendously. Since 2001, more than half of all the presenters give some kind of professional address. They say, here's what I do for a living. Here is the kind of work that I do. Here's the certifications that I have. We can also tell that there's been a tremendous amount of academics that are now attending. You have people like myself who are interested in hacker culture. You have people like the presenters before me who are professors at various universities. And when you look at it in terms of percentages, the number of speakers who have either an advanced degree, be it a master's degree, a PhD, a JD, excuse me, or the number of people who have a certification of some type. Those have all increased with time. There have been some small fluctuations specifically with regard to certifications. So this is only based on if someone says IMAC, ISSP, I have an MCSE, what have you. Every year, just taking those counts, it appears as though now we're at a point where it's much higher than it was before. Tremendously so with regard to advanced degrees. Those of you who work in the security industry, would you say that this reflects your experience? Are more people getting these kinds of certifications or degrees? Raise your hand if you think so. So this may be reflective more of just general trends with regard to the process by which we cover security. That's very true. In fact, they're now talking about, what is it, 30,000 people who have CISSPs today. And that's increased significantly since it started in the late 1980s. So yeah, it appears to be something more reflective of say computer security generally. When you look at the specific speakers, you can see some fun kinds of trends too. Somebody said that now hackers are getting jobs. We've seen iterations and iterations of people who go from hacking to legitimate jobs. If you know anything about DEF CON or you've got your program in front of you, maybe you can pick out who these specific speakers I quote from are. First guy, I've actively secured, pardon me, explored both sides of computer security, but the grass was greener with a paycheck as a security professional. The other person says that he's known for the cannonball run and his passion for Tivo hacking. And after getting caught doing the evil computer things, he's been working for large streaming media providers. So if you have any clues as to who these may be, ask me afterward and I can tell you who these people are exactly. But they're referencing their hacking past, their behavior in the underground. And now, well, now I have a legitimate job. When we look at the hacker groups that have been coming here regularly, that have been giving big talks or have had specific events that they've been a part of, initially it seemed as though it was more the loft and the CDC. And now it appears as though the Shmoo Group is making more appearances as a whole. The Nomad Mobile Research Facility is another big one. We can talk about hitting misses from certain groups, but as a whole, you go from say, the release of Back Orifice to the release of BO2K, then to Pika Booty. So the CDC, which was huge, now there are still speakers who are here this year. They don't appear to have as much of a presence as big panels, as say these two groups. In terms of the other talks that are at the con, the other issues that get covered. There's always cryptography, there's lock picking, privacy, social engineering. We can talk about freaking particularly in this age of voice over IP, that's something that people are getting a little bit interested in. But it appears as though their prominence in the panels and in the convention as a whole has started to go down. Now we're paying a lot more attention to the security side of things, as well as how the security side can be hacked. So the focus has shifted somewhat, whereas at the second DEF CON, Phil Zimmerman was a keynote speaker, the person who invented PGP. Things have changed a bit. Not that Phil is not still a huge person, but there's not as many crypto talks. There's not as many things about malware. Sorry. And then a final issue to address is the relationship between Black Hat and DEF CON. Who here goes to Black Hat each year? Do you hang around for DEF CON afterwards for fun? Or do you hang to see the stuff that doesn't get covered at Black Hat? Both? Both? Raise your hand if it's both. How many people, how many of you stay because you get free entrance to DEF CON by paying to go to Black Hat? Good point. No, that's all right. That's all right. It is to some extent. So the dynamic of the presentation shifts tremendously. Good, that's good to know. The first year I came, I heard a lot of people grumbling about Black Hat. And maybe I was talking to the wrong people, but they were saying that, you know, oh, Black Hat's changed the whole dynamic of this place. It's all about Black Hat and DEF CONs now this way. It's loaded with scene horrors and yada yada. So that okay? Well, taking those comments, let's see what's really going on. Let's track the variations in time. There are speakers who are present at both, as you were saying. The content may change a bit, but in terms of the same speech being given, it doesn't appear to be tremendously significant. The percentage of speakers who appear at both Black Hat and DEF CON has not necessarily just gone straight up over time. It has again kind of had its peaks and valleys. Now we're at a point where it's about 25%. There have been years where it's more, there have been years that it's less. So there's no consistent relationship here. Or at least nothing that I can statistically test to talk about significance. Going from this stuff, which is very interesting, I think the more relevant data to address, the more significant questions that we can get at can be examined by going through each CON specifically. Let me just take you through a few of the things that I think highlight some of the more important elements. The stuff that pushes beyond the simple statistics. Here's where we can see some of the transitions in action. This is a quote from Dark Tangent from the first DEF CON. You wanna meet the other members of the so-called computer underground. You've been calling BBS for a long time. Well, here's your chance to meet everybody in the flesh. Meet celebrities of the underground computer scene and those that shape its destiny. So this is an essential way to bring that underground community together. People who never have met before can do so here. At DEF CON 2, pardon? Oh, I'm sorry, something. I thought somebody in the audience was saying something. Anyway, at DEF CON 2, we can still see that kind of underground element there. There was a conversation or a letter read from the Coder decoder of the CDC. It was a very interesting thing to hear. In fact, one of the things that Armitage says is, or at least the Coder decoder wrote, is that don't be afraid of prison. He was arrested as part of Operation Sun Devil. Avoid it. I don't wanna hear about any more goddamn narcs. So this relevance of hacker as criminal or at least hacker as someone who we should fear. Maybe a little bit going on here. You have Phil Zimmerman giving a talk about PGP. Big event. You also have Padgett Peterson presenting about antivirus programming or cleaning up after other people's messes. So that's in 1994. Very early, very interesting kind of topics, specific to malware. Move on to the next year. This is where you can kind of note an initial shift. This is again from the dark tangent. It's great to meet and party with fellow hackers, but we try to provide information and speakers in a form that can't be found at other conferences. This is not just another excuse for the evil hackers to party and wreak havoc. So it's not about being a bad criminal hacker. It's something else. People come to DEF CON for information and making contacts. We distinguish the con from others in that respect. And this is the first year that you see an ex FBI agent get up and give a talk, sort of in a meet the fed style kind of panel. So it's more than just spotting the fed. Now it's about coming out and meeting them. The same thing happens at DEF CON 4 when you have the San Francisco FBI computer crime squad give a talk. This year you see Ira Winkler give a talk about hackers moving from criminality to becoming security professionals. This begins to hit at that notion of hackers changing their dynamic going from criminal to something else. He talks about the ways that computer hackers can go from being criminal, being wannabes, to becoming a security professional. And you also see a talk by a group calling themselves the institution or at least they talk about this thing called the institution. A way to share information with other hackers. A way to make sure that we can bootstrap individuals into hacker culture. We don't give them everything, but at least we give them some kind of information. Here maybe we can see the beginning of the rise of the script kitty. Since in 1996, hackers came out, which a lot of people really, really love, right? That's a good movie about hacker culture, right? Yes, exactly. It is a great film. Very possible that's pushed a few people into hacking at this point. Maybe that's why we're beginning to see the need for this deviation between criminal hacker and non-criminal hacker. Then in DEF CON 1997, we can again see some interesting things here. This is an invitation to the underground elements of the computer culture. We try to target hackers, freakers, hammies, vierite coders, programmers, crackers. This is just a huge list of individuals. And also it seems the books about the culture are becoming popular, so of course reporters are welcome. Hitting right on that topic you mentioned earlier, that the media kind of comes and goes. DEF CON is also known for letting the suits mix with everyone and get an idea of what the scene is all about. So more of that injection of business, of corporate culture, perhaps, into hacking. This year there's also more of an emphasis on technical talks. This is a very specific point about the structure of the CON, what we want to see. In fact, he says, I'll load a tech heavy so when people drop out, there'll still be plenty of meat for the propeller heads. DEF CON 5 is also the first year that Black Hat takes place. So there is a little bit of overlap. And Ira Winkler gives something called the Lamer Test. This is a panel specifically talking about the skills that hackers have. He talks about the ways that the, quote unquote, clueless hacker can improve. Again, kind of referencing maybe that's the start of script kitties and noobs, the people who don't know what hacking is all about. And this year the CDC have their 12th anniversary party, a really riotous event. Then going into DEF CON 6, we've lasted six years. I never planned for DEF CON to last this long. It just sort of happens. Same thing can be more or less read in this year's program. An interesting transition. You have Super Dave giving a talk about intellectual property. At a time when intellectual property is a relatively interesting or at least a new term in our dialogue. Jennifer Granick gives a talk about the important computer crime cases of the last few years. And big thing I would be remiss if I didn't mention is the release of back orifice. If you can watch this video, if you don't know the first thing about hacker culture, this is something to see. Ira Winkler gives another talk about hackers and there's an interesting article by a gentleman named Matt Richel. He talks about the hacker convention taking on a corporate tone. Maybe it's during this phase that we begin to see this real influx of hackers into professional security. And also there's a quote in there that says the DEF CON shirts that you read, I miss crime. Can anybody validate that? Is that actually true? Yeah. Okay. There you go. Does any of this make sense? Does any of this jive with what you know? Okay, good. Hopefully I'm someone on the right track. So moving into DEF CON 7. Yes, DEF CON 7. Here, we're not trying to teach you how to hack in a weekend. We are trying to teach you, pardon me, what we are trying to do is to create an environment where you can hang out with people from all different backgrounds. All of them interested in the same thing. Computer security. Security being an important component of this. Referencing people without skill, people who don't know what they're doing. Hey, we're not here to train you. We have a specific reason why we're here. There's even a third track added this year for newbie talks to hit the 101s, the basics of certain issues. This year, back orifice, BO2K is released. Again, another huge party by the CDC. Ira Winkler gives another talk about the myths associated with hiring hackers. And you can see the beginnings of really specific security talks here this year. There's three different talks about firewalls, how to build them with open source tools. There's a few talks about security and one about enemy profiling. The bad, malicious hacker. Gail Thackeray gives a sort of ask the prosecutor kind of event. And there's a talk by Philip Larranger from the Army about the ethics, morality, practicality, patriotism of hacking. So referencing maybe things are changing. At DEF CON 8, they talk about the conference being unique. This is from the call for proposals. We want topics that hackers wouldn't normally come across. New things like back orifice. And this year we're going to increase the quality of talks by screening people and topics better. There's also a very interesting quote here. There's been an awful lot of press written about DEF CON over the years. Some of it good, most of it too fixated on attendees' green hair. I've heard green hair from many different people over the short time I've been here. And I can only assume this is the scene horror that people are talking about. That first rise of people who don't know why they're here, they just know, hey, I can get drunk and hang out with people and go to a rave. They're the blue hairs. Oh, okay, thank you. Thank you, it's good to know the... Oh, really? Yeah. Okay, so there's a specific kind of hey, look at me kind of freakiness that they were focusing on. And now maybe that's not necessarily here in the same amount that it was before. Okay, so there's been a change in the emphasis of media here. How many of you are, oh, and this may get me shot, how many of you are over 30 and are willing to admit it? Okay, how many of you are over 25? Those of you who didn't raise your hands earlier, okay? So pretty substantial amount of the audience here is in a little bit of a different demographic than say the 16-year-old I just got my new laptop. Let me see who I can hack with Sub-7. You sir, did you have something to say? Okay, thank you. Yeah, this is kind of thing. So, hey, AV guy, AV guy, I need a little microphone. Oh, okay, so I'm Agent X, I'm one of the DEF CON staffers. You guys have gotten a lot of mellowers, you've gotten older and we've noticed it and we appreciate it. Back at like nine, I started doing this at six and that was wildly out of control. Six was bad, yeah. And as the situation has changed, as everyone's gotten a lot older, you've all gotten a lot more mellow and now you go to bed at like two as opposed to five and it's not so much, you know, hookers and blow, it's great. But yeah, we definitely noticed that everybody started to mellow out recently, I mean, in five years. Yeah, but that wasn't our fault. You can't pin that one on us. Isn't there a great story about someone doing something with a plumbing one year? Oh, well, you have to be more specific. Okay. Well, that's my fault though. It's a hacker con full of big guys. Things happen. Thank you. Say that again. Well, you know, you can't really, they've pretty fortified the fortress phone now so it's not as bad. And, you know, there's lots of freaks in the house now. So it's all hacking, it's all corporate hacking. That wasn't our fault. We didn't have anything to do with that. It just got there somehow. Yeah, there's just so many great things and this is why I was hoping that at least some people have had some experience come because hearing it from your perspective is tremendously important. Since I'm really running through my time, let me just try to very quickly move through just a few other pieces. Okay, was anybody here for Dodge and Shell? The year they conducted their study of computer hackers? Raise your hand if you were here to do that survey. Yeah, they tried to conduct a study looking at hacker psychological characteristics, which is now a book called The Hacking of America. Interesting, they tried to do it here because, hey, this is a great place for hackers. Maybe we'll get some black hats. This is the first year also that we see somebody from the Assistant Secretary of Defense, Arthur Money, comes and he talks about the need for hackers to come help secure government networks. And this is pretty much an exact quote from it. If you are extremely talented and you're wondering what you'd like to do for the rest of your life, join us and help us educate other people. So a real call to the hacker community. Stop doing whatever it is that you're doing that's underground, let's do something different. There's another Meet the Fed panel and that's what it's all about here. Limo says that there's a lot less rubber-necking this year, less blue hair, less body piercing, exactly what you're talking about. Then at DEF CON 9, the call for proposal says we want more demonstrations on new tech, new tools. You're going to get into the show free, you're gonna get a badge. Many people who speak find that this is a good way to get a job. I should rename DEF CON to headhuntercon. There you go, getting more into that whole notion of hackers becoming professionals. From the pre-con site again, this year I want to get more and more technical talk. Some people don't care about that, they just want to meet new people. But as the con grows and more people get into computer hacking, it's changed. While we're not sure what it will change into this year, I do know it will be different than last year. So the recognition that this is a very dynamic kind of thing. This year is also the year that HK, pardon me, H2K2, the big Hope conference, goes on and it's bigger than hope. This is a point that's made in the DEF CON program. There's another tutorial kind of session that's held for noobs. And there's also a discussion about the laws, the DMCA, which I'm sure many of you really appreciate, and the European Cyber Crime Treaty. This year is also the year that CDC talks about hacktivism. This is a really important event because this is one of the few times aside from say the Electronic Disturbance Theater, stuff comes to the fore about hacktivism. Dmitry Skylorov is also arrested for cracking e-books. Big issue all about the DMCA. Lemos, again, makes a note of saying that DEF CON is getting older and the crowd appeared to be far more professional. It's more laid back this year. Things are changing with the audience. And I don't know how many of you have read an open letter to the community, the Dark Tangent Road, a couple of you. This is a very fascinating piece because it can kind of help us understand how the CON has changed. Essentially it is a call for input, a call for help because it's a recognition that DEF CON is changing, the audience is changing, hacker culture is changing, and something needs to be done. So, in fact, this is a direct quote. I have long thought that DEF CON cannot last forever in its current form due to several factors, growth, core attendees, and the changing nature of technology underground. Yeah, that was in a direct response to just how hard we got rolled by the attendees on nine. Oh, and it was the hell of a year. I think we had huge capacity problems. I believe that was a year of fire marshal land. It was the first year with the tent, and I think the tent was on the roof. I mean, that was a little bit this way. There's a little thing that goons have on Sunday called liquid therapy, and we all drink from the Juniper Hammer, which is a gin concoction. It's very good. Yeah, there was a lot of Juniper Hammers going down that night. We didn't know if we really didn't know if we were gonna do it again. It was a bad year for us. That's why that letter came out. Okay, excellent, that helps even further. Interesting, when you look at DEF CON 10, this is the first year that you see speakers getting paid for the talks that they're giving. They want really, really technical talks unless you're giving something for the Hackfreak 101 or the Big Picture Track. So they're paying for speakers in the hopes that the quality will change. This year, kind of going back to that notion of hackers getting a little bit older, we have speakers going Friday to Sunday and we start an hour later each day than the last to let people recover. Gone are the days when we thought we could run this sucker 24 hours a day. We need sleep too. So, there you go. I'm gonna have to keep moving through this stuff really quickly. DEF CON 11, continuing this last year, we're gonna pay for speakers. We are also continuing to improve speaker quality. It's no longer enough to have green hair and an attitude. This is also the year that there's an announcement for the start of DEF CON groups. So, the importance of bringing that spirit, the notion of hacker as someone who wants to learn into the community. Theme presents hacker generations, which are talked about a little bit earlier, and then Simple Nomads rant, which is available. And he kind of goes through the same ideas, talks about the relevance of changes that are going on. After September 11th, the way that hackers are relating to one another, the way that the laws are structured, things are shifting. At least this is on the website. There's the links there. If I'm off, then perhaps that's why. But, very interesting nevertheless. DEF CON 12, how many of you are here for 12? So, the majority of you, if I'm looking at the crowd, right? A lot of people here from the call for proposals, they say, remember being attacked by flying meat. We do in sans raw meat projectiles. We wanna encourage shenanigans again this year. So, they're trying to draw out speakers from the hacker community. We want bigger groups. We wanna know who's doing what. Has that necessarily happened? Great, so things are changing a bit. Tell you what, since I've got about five minutes left, let me just real quick kind of go through a few just general ideas. It's apparent, at least from an outsider's point of view, that DEF CON has changed. The agriculture has evolved. Now at DEF CON there's a tremendous focus on security and hacking. There's also increased connections between businesses and hackers. There's greater cooperation, more professionalism, more people talking about their credentials, more people giving professional sort of talks, greater relationships to law enforcement. You've now got Spot the Fed, Meet the Fed, talk to the Assistant Secretary of Defense from the Joint Chiefs of Staff. You get a bunch of people here. Spot the Fed maybe becoming the Fed? Interesting kind of change. There's Spot the Hacker. There you go. And this kind of leads me to another question, is can we see the legitimation of hacking coming on here? Can we see this movement from hacker as criminal to hacker as professional? Hacker is probably always going to have some kind of criminal notion in most of the general populace's mind. But hacker may be changing. If you think about the panel that was just here, the university I teach at has an ethical hacking class, an ethical hacking lab. There were presenters last year talking about the end of script kitties by having junior high school students learn about hacking. How do we create a cyber program for college students? So it's possible that maybe we're making white hats for the future. So this leads me to the end. Where are we? Is DEF CON and the underground moving? Is there a shift in play? And what does it mean for the future of hacker culture? I don't have enough time to really get an answer here, but hopefully if nothing else, hey, if you found this interesting, throw something up on the forum. Tell me what you think, send me an email. I would love to hear from you all. This is the kind of stuff that fascinates me. Just my contact information, shoot me a message. I'm on the forums. If you want to start a link, start a link. I just am glad and I can't thank the DEF CON people enough for putting everything online. From a research point of view, this is great. From a new script kitty point of view, this is the place you go where you can learn everything you need to know. Thanks to a friend of mine, Mac Diesel, and thanks to my wife for showing up as well because I'd love to drag her out to these kinds of events. So thank you all for your insights, for your input. Thank you for coming. If you want to get me after this is over, I'm more than accessible. So thank you.