 Me how? Thank you for having me So I'd like to start off with the It's a great honor to be here. I've spoken many times at DevCon and it is a double honor to be speaking in a Country that I love to visit and love to be here and also at DevCon. So thank you for that One thing to talk about When I'm how I came up with this talk I Gave a talk at DevCon 22 Called around the world native cons and basically that was a talk based on hacking culture It's like what hackers are and how we're perceived and It was really well received in the community and also in the Chinese community There was it's actually translated and it's on your video websites as well. You can watch that talk and see it and it's Subtitled into Chinese and People came up to me afterwards when I've come to Beijing and Shanghai and they've said it's like I really appreciate that talk So I thought it was as natural to do a talk similar to that but different but targeted for Here and if you'll notice we have a problem and Just like through the whole DevCon what you've heard are talks of people talking about problems And then hopefully finding a solution for that My talk is no exception, but my talk is about people and our perceptions in our culture Because if you'll notice there is a bad problem because you see here when I Searched in Google. I see the word hacker and look how negative all the images are Look how scary that looks that's frightening It's like if I would have used by do maybe I would have gotten better images But I don't know it's like but these are very scary negative connotations of the word hacker Which is not the way supposed to be and the reason why I titled it dark visitor devalued ally is because in China It's like then in the language dark visitor translates to hacker. That's what we're using the word We're using hacker to just automatically mean dark visitor. Like that is something negative, which it should not be So a little bit more about me always do it like I like to do a funny little intro You may have seen me rob a bank on the TV shown breakthrough You may have seen me in one of the videos or you may have seen me on the news Most importantly, you probably have seen me actually inside your facility robbing you because that's what my main job is is I try to test people's security by being the bad guy before the bad guys there and these are actual all Different videos of me in places that I should not be I'm very good at that. So That's all you need to know about me But let's delve into what does it mean to be a hacker? What does it mean to the to the main culture? Well in this day and age it's seen as a criminal when people on the news they say a hacker stole This much money from a company or hackers win and they attacked a train system or a water plant or an energy grid or hackers went in and Did those things that's not the right way to do it. That's not true Criminals did that Criminals stole from that company Using those tools that a hacker may have created or a methodology that a hacker uses But it was criminals who did that not Hackers not always hackers I Try to explain it to people that are not familiar with computers by talking about the analogy of the taxi driver Do everybody here think that taxi drivers is is a good profession. It is an honest profession. It is a profession that People can do to earn money for their families. It is an honorable profession to be a taxi driver What does a taxi driver do? He uses his skills his abilities to use his Equipment which is the car to drive people from one place to another for money That's what he does. That's what a taxi driver does But at the same time a getaway driver What does he do? For bank robbers a getaway driver who helps people get away from crimes. What does he do? He uses his skills and his abilities To use his equipment in a way to get people from one place to another for money correct So everybody these two people are exactly alike. So when I talk about taxi drivers I'm basically talking about getaway drivers, too And we should all look at taxi drivers suspiciously because they also may be getaway drivers You know you've ever gotten in the cab wondering like I hope he's not going to a robbery It's like I hope he's not he's not going to he's not already just gotten off of a robbery and we can stop by the but you don't think those things because You don't equate a taxi driver with the getaway driver So why do we actually equate? hackers automatically with criminals That's not the way it should be and it didn't used to always be that way It used to be when you talked hackers. You were talking about artists You were talking about creators and veners Because at the very heart of it hacking is looking at the world from a different perspective It's trying to change things for the better. That is what hacking is about I'm not going to Mangle the language. It's like I have too much respect for it to try to pronounce the names So I will point to like our first one here This is the inventor of the modern day version of paper All the programs that you have All the papers that you've been reading are based on what this Gentleman has created that was a hacker. He looked at what the paper was back in that time and he said We can do this better We can add some more compounds. We can experiment find out what are the better compounds to make paper more reliable And that's why we have paper because of him and he's from china Right here shin is like the magnetic needle compass from china That was an inventor. That was a creator. That was a hacker who did that A hacker made that happen It's like, I don't know how he decided to make the the compass, you know, it's like How do you get the first idea is like I wonder if I put a magnet and some water and see if I can tell the direction But it worked. So I'm happy with the results even though I don't know how it operates Uh, and also the professor here Help create fiber optics One of the main reasons why we're able to communicate the reason why we have the internet the reason why Uh, we have a global community is based off of his work And he's a hacker When you look at something and you try to make it better you try to change something when everybody in the world Tells you this is the way we always do it This is the way it's always been and you say really How about if we do it this way That's hacking We were all born hackers Trust me. We all were born hackers Everybody remembers being a kid trying to like get away with something or building something and uh, Dan Kaminsky, I just heard him say a really great thing that I'm going to steal from him But give him credit, uh, where he said, uh, one of the main things that a child does is ask why That's universal, I'm sure You all have children and one of the main things they learned to say when they're little is why Well, it's because of this why Well, it's because of this why It's because of this why It's like and we have to answer those questions if we're hopeful if we do that because that's hackers That curiosity that wanting to know how things work That's not just settling for the main answer that you give but wants to delve deeper and find out the main reason That's what it means to be a hacker Another thing it's like some other hackers that are are also even more famous because in the security we always joke about people Who use uh, too many, uh, sunzoo quotes and the reason why is because there's a lot of great sunzoo quotes I was in the brazilian airport just, uh, a few, uh, like a month ago And there was a portuguese language book of sunzoo the art of war Because it is still to this day used for strategy thinking it is used for businesses It's like because of the things that can be translated. This is hundreds and hundreds of years old But he revolutionized The way we conducted warfare and was able to translate that into business That's a hacker He took what everybody said this is the way you're supposed to do it and he was like No, let's try it this way And that's one of the key things it's like you have to be able to do that You have to be able to think outside the box Soon ben also is one of that Created another book of the art of war took the work from sunzoo and worked with it and actually Added to it and expanded the knowledge base, which was an amazing thing at that time It's like to actually say like let's try to go forth and it is still a work that it's like well respected to this day the 36 stratagems My first company that I found it was actually based on stratagems one Stratagems one is to cross the sea by folding the sky In other words a familiar sight provokes no notice And basically that's what I do. I walk into someplace and look like I'm supposed to be there when I'm not supposed to be there And I break things I use stratagems one very often and I also use stratagems 36 sometimes when I get caught If you don't know what stratagems 36 is stratagems 36 is run away. So I use that quite often too sometimes so And I actually have that book right there signed by galleon. It's like which is one of my favorite books so There is a lot of resources That come from china There's a lot of innovation That comes from china There's a lot of hackers that come from china You just don't normally label them that way Instead you call them entrepreneurs or you call them inventors or you call them creators But in actuality what they're doing is hacking the process. They're actually innovating They're coming up with something new and trying to make something happen. And that's an important thing so When we talk about hackers, that's one thing Okay, because people tell us like yeah jason, but are you a white hat hacker or a black hat hacker? Or are you a gray hat hacker or purple hat or green? I don't know just whatever hat hacker right And unfortunately my head's too big to actually wear hats. So I always tell them i'm a no hat hacker Because that's the way it should be because When you go to a banker And if you look at all these stories, these are all bankers that committed crime All these bankers committed embezzlement all these bankers committed fraud So why don't we have black hat bankers? Why isn't there a black hat banker? Why don't I go to my bank and when i'm trying to get a loan from the company Do I tell the bankers like well you're a white hat banker, aren't you? Because I don't want a black hat banker working with my funds. I want a white hat banker They would look at you silly like what do you mean? Well, that's the way I look at hacking There is no hat You're either a hacker or you're a criminal or they or sometimes you can be a hacker that is a criminal But there's a there's no such thing as making hacker equate it with the crime if I know how to create a gun And I create and build guns And someone else then takes that gun and then commits a crime with it Does that make them a gunsmith? Do they know how to build a gun? Do they know how to create that gun and make the bullets or anything like that? No, they're using a tool to commit a crime Back in the ancient days People got robbed people got stuff stolen from them by someone with a sword Someone had a sword and said give me all your money Because that was a better way to commit a crime because before they only had stones But now they have swords so give me your money Well, then bows and arrows came around Which were way better at you to use to commit crimes And so the robbers started using bows and arrows saying okay, give me your give me your money It's like then Guess what happened crossbows came over And now people started committing crimes with crossbows And then people started committing crimes with guns Then Several, you know decades ago people started committing crimes with computers Just because the means of crime or the means of tools for the crime have changed Doesn't make them anything more special. They're just criminals They did not bought they did not create the hacking methods They don't usually create the hacking tools. They download them off the internet usually for free They watch a video trying to how to use it and then they execute the crime That doesn't make them hackers That makes them someone who knows how to follow the instructions It's like so that's one of the things that you have to understand It's like when you talk about that so there's no black hat hackers It's like there's no black hat. There's no white hat There's just people who are trying to make things better people who are trying to discover vulnerabilities And and improve society and then people who exploit those knowledge For crime and those are the ones that are the criminals Because hackers provide a valuable service To society by discovering vulnerabilities and reporting them basically what that means is There has not been one major vulnerability Uh that has come out that was created by a hacker Hackers do not create These uh vulnerabilities. They do not create these defects in the software or the hardware They do not make those vulnerabilities. What they do is they discover them That vulnerability is always there It was already there when it was made No one knew about it It was always there, but someone who was searching someone who was looking to make things better discovered it And that's the important part. Um I'm going to actually uh, uh talk to about dan once again because uh, Dan can basically like Several years ago. There was a huge vulnerability in our internet That affected the world It affected the world it could have effectively taken down the internet as we know it today Dan Kominsky discovered this flaw He saw this flaw was bad Did he profit off of it? Did he try to exploit it? No What did he do? He reported it. He coordinated with the help of others It's like and he got several other people and other groups and other companies involved to work together Silently in in secret So it wouldn't become public and be damaging and he coordinated this whole discovery So it could be patched and fixed And that's the reason why the internet was still working was because he found us a problem that was already there just not discovered And he made it public the responsible way by working with the people to help fix the problem Does that sound like a criminal? But he's a hacker Is that something that a hacker would do? And the answer is yes, that's exactly what a hacker would do We're here to make things better this last two days of def con You should see you should have seen that by now It's like that we were actually trying to make things better We're trying to come up with solutions and we'll talk about vulnerabilities But at the same time we also talk about how to fix them The best thing though that's been going on is that we now have blue armies We actually have now Places where you can actually report those bugs Report those vulnerabilities to companies and you actually get money for it That's actually pretty cool It's like so now instead of just being seen as an outsider As a crime a possible criminal It's like we're actually helping make software and companies more secure by actually developing A resource to actually have those discoveries Reported responsibly to the company. There are several companies. I have to apologize I know there are some chinese companies that i'm not familiar with Here are some of the western ones that you can contact and get bounties for And they will contact you and they will work with you and help you responsibly disclose Those uh vulnerabilities and this is an important service that is provided It's like not just for the hackers that are getting money But more importantly it's helping the companies that are trying to respond It's like they're trying to make their products safer that are trying to make their their customers more secure This is what it's used for It's like it is not a barter exchange. It's not some kind of dark web Uh, you know secret place where they're trying to sell and exchange vulnerabilities for money to exploit And damage those companies. It is actually used to actually help and better those companies And that's one of the key things You also have companies that have realized they have come together and they've realized we need better security So they are reaching out directly to the communities and I have been at several conferences here where Microsoft or apple have been here and have interacted with the local hackers to actually work with them to help discover vulnerabilities it's like um Not everybody is on board with creating these uh vulnerability programs Uh, I think they should and I just put sysco there because you know, we all like to pick on sysco. So, um There should be more involvement with more major companies It's like who are dealing with these kind of security vulnerabilities They should have a way for it to be reported to them in a responsible manner and reward the person who discovers it That is a key thing Now I want to uh, take a moment because I want something we're talking about what hackers mean it's like now I want to talk a little bit more locally about the the local culture here and uh, the uh, the history of how I got here and how Defconn groups from the global community and how we're working Um, and I'd like to start with a story. I did not get my passport till uh 10 years ago Uh, I will not say how old I am but let's say I was middle-aged When I first actually got a passport And the very first country I went to was China It's like it was in november of 2008 Uh, and it was right after the olympics Excon had uh changed their schedule from being in the august of being in november because of the olympics And so I was like and I was doing research On hackers around the world and what they're like and I was like, you know what there's a problem in the west Where people like to talk about What it means to be a hacker in china or what hacking in china is like without ever have gone to china Without have ever seen it. We get all these perceptions of what it's supposed to be like And I told myself i'm not going to be that person. I'm a hacker I want to find the truth and I want to find it on my own So I literally within like two months. I got a passport for the first time And I got a ticket got a hotel and I flew to china Well my first day in beijing 11 o'clock at night I figured out that you're not supposed to go into the cabs where the guy comes and tells you and walks you into the parking lot That's not the best way to to get to your hotel Uh, and I'm sitting in my hotel And I'm scared And I and I'm I'm being honest. I was scared. It's like I had not been scared in a very long time I used to be homeless. I used to live behind a dumpster in my high school dropout I was I I'm and it's been a very long time since I've actually felt frightened But I was because I was I didn't know what are you doing? Why are you here? It's like you don't know anybody you don't know the language It's like you've heard all these stories about what it's like It's like why did you come here like this? It's just because I wanted to know And so I woke up that morning the next morning And I went to wangfuzing. It was right off of wangfuzing is where I was staying And I started people seeing people I didn't see Chinese. I started seeing people Walking about doing their business Taking their children to school Going to work for the day And I started understanding what the problem was The problem was I was letting other people's perceptions And others people fears Dictate how I saw what it was supposed to be like I was using other people's references To tell me this is what I should be afraid of. This is what it's supposed to look like. This is what you should know As soon as I started getting out and looking at china, I walked for 11 hours all the way around The forbidden city the zidane district all the way back up around near beehai lake In between ho hi lake and all the way back and curved all the way back to wangfuzing 11 hours I walked It was amazing Because I got to see people doing business. I got to see what china was like and I loved it And then I went to the conference after three days going to great wall to summer palace do all the tour of things Summer palace still takes my breath away. It's one of the most beautiful places in the world that I've ever been I always go back to the summer palace But I go to the conference Not knowing one but one person And you know what happened I was greeted by casper And he didn't greet me as an american He didn't greet me as a foreigner He greeted me as a friend that he just met He greeted me as a fellow hacker I was instantly at ease at that conference. I may not have known the language But I knew the people I didn't know what the customs were But I knew I was with other hackers And that's what meant the most to me And that's why I keep coming back every year. That's the reason why I keep visiting because I'm at home here It's like because that's what casper and them bring out They actually bring out that spirit of of packer and community And so I wanted to share that with everybody So I've come more and more and I've spoken here at several times But what else I wanted to do was I wanted to when I was asked by the dark tangent Jeff moss to be the global ambassador for def con groups My first mission Was to come to china to come to asia And make sure that we got def con groups involved here Because this should be a global community and that's the way I think I think globally I've gone to over 40 countries. I've never met a foreigner It's like we're all the same kind of people. We have different, you know money We may look different or talk different, but when it comes down to it, we're the same people And so I wanted a def con groups to be an actual global community not just mostly in the west And we've done a lot of things like that. We've Expanded by leaps and bounds With different groups everywhere. We've got a recently we've got a new group in algeria. We got a new group in saudi arabia Another one in south africa. It's like they're and several just as you saw yesterday that are flourishing here in china And that's amazing because that's what it's about. It's a global community I tell people that there's nothing worse Than letting invisible lines on a map get in the way of making a new friend Because when you look at the earth from space It's like you don't see lines You don't see borders Because it's just people And that's what global community is about. It's about going to a conference like this And no matter where you're from you have something in common You're here to learn I hope so you're here to make something Some people are just here to party, you know, it's like especially at the def con in los vegas It's like uh, but that's fine too because you also learn while you're there You can't help but learn if you keep an open mind and you're curious And that's what our global community should be about. It should be the connecting of everyone No matter what country in a common goal of education Of learning something new Because when I look at a picture like this I don't see businessmen I don't see hackers I don't see bankers I don't see school teachers I don't see chinese I don't see koreans I don't see americans. I don't see canadiens or people from parrot way What do I see I see people Why do we put the labels on ourselves? Why do we make just saying a hacker automatically makes a person bad? Why do we all would automatically say being a banker is somebody bad? Why do we always say being a lawyer is bad because trust me in most of every culture I've been to there's always lawyer jokes It's like everybody makes likes to make lawyer jokes But it's like but why being a lawyer is bad It's like why are we letting that label Change the fact that we're dealing with people We're dealing with humans and that's the way it should be Because there's a lot of myths out there When you hear about The ctf capture the flag when you hear about some of the things that go on at conferences They learn about how to break into Wi-Fi or they're learning how to steal cars or they're learning how to lockpick It's like and I'm breaking the doors Oh my gosh, that's scary Right They're learning where the flaws are In Wi-Fi They're learning where the flaws are in the car They're learning where the flaws are in the locks so they can make them better So they can make them more secure And by making those things more secure They make you more secure They make the network more secure The best thing that we have between us and criminals Are handlers Because they're the ones that are trying to strive to make things better to learn where the vulnerabilities are To learn where the flaws are and get them fixed It's like And this conference is encapsulated to me. I think by Confucius It's like I think he understood it Some of the quotes that I picked out were the man who asked a question is a full For a minute the man who doesn't ask is a full for life. I think that's pretty true Every truth has four corners as a teacher. I give you one corner and it's for you to find the other three Reviewing what you have learned and learning a new you are fit to be a teacher Acquire new knowledge whilst thinking over the old and you may become a teacher of others Education breeds confidence confidence breeds hope and hope breeds peace The ideal teacher guides his students but does not pull them along He urges them to go forward and does not suppress them. He opens the way but does not take them to the place Have you not experienced that here at DEF CON? That's what it's about at the hardware hacking village Are they giving you those uh electronics those happy jacks and are they assembling them for you? Are they saying here Buy this one and it's already finished. It's already blinking lights No They're giving you that one corner They're giving you that one section and then they're giving you an avenue to find the other three They're showing you they have a village there to show you how to soldering to show you how the wiring works To show you how to make it light up to be the way it's supposed to be Because that's what it's about to be at DEF CON. We can't just give you the answers We can't just hold it onto a plate. You have to want to search You want to have to question you have to be curious You have to be asking why? And that's what's a good teacher and is a good student It's like someone who's always going to ask why But also we have a problem in the reverse with perceptions I have a problem with It's not just me having problem with what I call normal people It's like I have a problem with hackers as well sometimes And one of the biggest problems is when we get upset that people think that hackers are criminals People in security people in hacking think that executives and users are stupid Or that they're dumb or they don't know what they're doing Well, guess what? That's just as wrong We cannot meet in the middle ground Unless we're both open to understanding that the person that we're talking to Though may be different in a different profession Still wants the best thing An executive in the company that you work for Wants the company to be profitable They want the company to do well You as a security researcher Wants the company to do well That's a common goal you can find You may have disagreements on how to get there You may not fully understand each other's methods on how you get there But the goal is always the same That's what should bind you So when you're thinking and you're dealing with people who may not understand what it means to be a hacker You don't dismiss them You don't just say well, you're an idiot. You don't understand. I don't need to waste my time with you You teach them It's like when we hear about people in the hacking community and I get questions all the time How do I become a hacker? How do I get involved in security? And I always say the same thing If you ask me these questions, you're already a hacker. I can't make you one If you want more resources resources to how to get better I can help you with that If you need avenues on how to learn more I can help you with that But I can't make you one You have to be one It's like so I'm gonna go and say where do we go from here to me. This is a big question and I love this path This is the 99 dragon path off of tinman mountains. I was there and it was really and it Is a perfect thing the way we're going and reaching the future because this is a very scary bus ride Down down the hill I have taken it and But it's a beautiful ride It's breathtaking and it's awesome to do But you do get a little nervous on the journey and that's where we're at right now We're starting this path down and it's up to us to work together to make sure that it's to a great destination There's nothing that we do alone It's all together as a community So I want to end it with the community. I want to end it with you by saying let's ask questions