 A oedden nhw, fydd ym mwy o bobl, gyda'n dwyseidio. I will hand over to Robert. Thanks very much. Thank you very much. Good afternoon. Who has seen this movie? Quick survey. Great, I was just wondering about the relevance of this still. That's great. That's going to help me throughout this presentation. Hack the planet, hackers for positive change. I've been wanting to do this presentation for a long time. I'm thrilled to be here. Thrilled to get this out. I hope you enjoy it as much as I'm going to. So a little bit about me quickly. So you know my background. So I've been working in Infosack for about 20 years in the aerospace industry. In various roles, I've been pretty lucky to be able to move around quite a bit. I'm currently the founder and president of Trace Labs. I'm lucky enough to work with Adrian who you saw this morning. For the last couple of years at Defcon I've been locked in the SC Village doing the CTF there. Last year I was placed third and before that I placed third as well. So if you're thinking about that talk to me, I'm happy to work with you, tell you what worked for me and what didn't work for me as well. And I'm also a volunteer for Search and Rescue. I've been doing that for about 10 years and specifically I focus on tracking and marine rescue and that's been really rewarding for me as well. Before I go any further the standard disclaimer I'm very opinionated. And opinions and not all of those are right. So none of my ideas are reflect any employer current past or present. So what kind of talk is this? This is not a technical talk so if you're expecting that in the Canadian fashion I'm sorry. It's really a cult arms and it sounds weird but it's really hopefully will motivate you to action as I proceed through this. That's really the intent here. What I'd like to do is essentially weaponize the room and equip you all with some ideas that can then hopefully take us forward in a more positive direction. Now I'm a little bit critical of things. I know that but before I get critical I want to let everybody know that I'm also super positive. I think humans are amazing. Tons of potential. We do some amazing things. I googled potential and amazing humans trying to find an example of that. I found a picture of Paris I was lucky enough to be in Paris not too long ago and I figured that was a good example of anything, a city design for people as you can see from the picture just a beautiful scenery beautiful city but as critical as I am the big message here is that we're amazing at these problems. However we do have quite a few problems and some of those are big problems and really I contribute lack of ownership to some of these problems. We have this sort of scenario where we often think that well those big problems are getting solved by somebody else. The government is working on that. They've got a big team. They've got a big budget. There's nothing that I would need to do to get it under control. That's kind of our mindset quite often is those big issues are solved by big entities. Government or big corporations or something like that. Then we can go and do the stuff that we like to do which is good because America's got talent on TV and we all want to go watch that. We like to be entertained. We really like to spend time on these sort of things. I'm sorry if you like that TV show but it's amazing. I think there's other things that we can do besides watching that show. I'm going to get into a couple examples of some big issues. Global warming. Let's talk about that for a minute. Some people say well that's not happening the earth is flat. There's no global warming. Let's just not debate that for a minute. Let's just say it's a real issue. It's one of the big issues. This is something that you could say it's probably going to get could bite us later. It could be one of those things that's like this is totally out of control. This is really bad. But there's a lot of people working on this right now. Government's working on it. Elon Musk has made some great cars. A lot of you are driving those cars now. This is probably pretty much solved I would think. We're probably moving in a really good direction with this. It's probably pretty much taken care of. Oh no crap. That vertical line is probably not good. This is a bad example. I'm sorry I probably picked a bad one here. I got a couple others. Let's take a quick look at that. Just forget about this one. Let's look at human trafficking. Again a lot of people working on this. A lot of investment. Government's working on this. There's a lot of focus on this in the media. We see this in the news quite a bit. I'm pretty sure that this one I'm pretty sure is all almost done. I think we've got a good handle on it. I know that a lot of talented people are working on this. Oh no wait a minute. That's not good either. This is Canadian data. I'm sure the American data is better. Might be better. That's another bad example. Sorry about that. Let's get another one. I got three examples. Fake news. This was a big deal in the election. We see a lot about that in the news. That's over. This has probably gotten a lot better as well. I would expect. That's not good either. I got some crap examples here. All these things are getting worse instead of better. There's a whole bunch of these. I'm not going to go through any more examples because you probably get the idea. There's still a lot of work to do out there. This is like a checkerboard of all the big things that could keep you up at night. I'm not going to go through all them because they're really bad. Government is working on this. This guy here. He's not busy right now but I'm sure he is at some point. If you Google sleeping politician, you'll find a lot. This was one that I used because I thought it was interesting. You've got the guy at the back there. That's going to be a lot of chiropractic treatments in the future. You've got the guy on the side there. I can only see half of his face and I think his eyes are closed as well. The guy in the middle, I don't know who the gentleman is but I'm not sure what he's talking about but it doesn't give me a lot of confidence that these guys here are solving all our problems. I think that that's not a surprise to anybody I would assume. If we take a look at if we do a little research and these sources are arbitrary if you don't like these sources we can look at other ones but the idea here is that government is not necessarily set up to solve all of our problems and I don't think we should necessarily wait for them to do so. If that's true then what's the alternative? How can we help this situation? I'm going to switch gears a little bit here really quick and start talking about what hackers are. There's a lot of where at a hacker convention a lot of hackers here but what is this? If you google hackers you get something like this for pictures you get a lot of grey hoodies which I guess is the uniform for hackers so we've got the grey hoodie we've got some electronics in the background if we just google the definition of hacker we get this definition here which maybe that's a little more helpful a person who is unskilled in an activity, no that's not us an expert programmer solving problems that's kind of getting closer right person who illegally gains access yeah I don't know so I think this is a pretty crap definition so let's take a look at some examples that I found this is the no face hacker this is very common you'll see him on the internet a lot this is the scary mask hacker so this is a hacker who's very committed to his craft you have to wear that mask a lot it's warm and itchy with a lot of monitors in the background then you've got the anonymous multitasking hacker this guy can poop and hack at the same time so I'm being silly but our image on the internet is a bit ridiculous so it's no wonder the media talks about us and has the picture of the grey hoodie all over the place so let's get a little more realistic we all have a much better idea what that looks like I tried to trace out what would all the attributes be of a hacker and these are some of the things that I came up with this is not a 100% accurate list of course it will vary but when you look at this some pretty good stuff right if I was a hiring manager and you came to me with a candidate with a person with these attributes I'd be like yeah okay when can they start so sometimes we're a bit toxic but overall these are great attributes if you had a team of people with these attributes they could probably solve a lot of problems but our daily life we spend with this sort of drama we have the customized logos for every vulnerability we have the news that comes out with all the breaches there's all these all these fires burning there are all the CVEs that we have to continually fix and so our day to day work is this kind of like you know hamster wheel of activity where we're like close that vulnerability go patch those systems so you combine that with our kind of public image and we've got this weird thing going on I think as hackers so I think it's time to kind of take matters into our own hand a little bit and stop letting everybody else define us and really start to define what hackers are ourselves and we're much more than grey hoodies and patching systems it's much more than that we have red teamers and blue teamers and we're getting more sophisticated in our language but I think really we have much more to contribute than just that so I'm going to switch gears again real quick there's a great YouTube video it's TedEx by this gentleman here and he talks about being successful it's a really short video it's about 10 minutes if you times to the speed it's even shorter but I'll save you the trouble of watching it he indicates that timing is the most important factor there's a bunch of other things here like team, the idea but timing is the most important thing and I would say that in our evolution as hackers as we've progressed along that timeline now is a really good time to start looking at what else we can do out there here's some examples of that so you can see Tesla cars that run on batteries there was a time not too long ago where we would have thought that was ridiculous learning on demand YouTube has completely changed the way we learn bringing strangers into our home to sleep like who would have done that Airbnb random people giving you lifts in their cars endless drinks with people that look better online all these things we would have thought were crazy just not too long ago and of course today if you look at what's happening there's even more exciting things and all of these things we don't think of them as hackers the people that are contributing these ideas but I bet if you meet the people that are doing this they're going to have those same attributes so now let's talk about my attempt to make some positive change here so this picture here is my team in search and rescue you can see my hand on the boat there and you can notice that they're in no hurry to get me out of the water they're funny guys we're doing some exercises on the river there so I've been doing search and rescue for about 10 years now it's really exciting they train me in some really interesting things and one of the things that we do is we look for missing persons but there's a lot of people that go missing that I don't look for and I've always wondered why that was and if I'm not looking for them then who is and the answer to that is quite often nobody so then I got into it even more and I wanted to research the extent of that problem and I found that it's quite large actually there's a lot of people that go missing and not many people are actually looking for them so to put that in perspective if you look at everybody that went missing in the US last year that was basically the same as the population of Las Vegas so if we take Las Vegas today that's all of us everybody at DEF CON just make them disappear you've got 2018 covered that's a lot of people so a lot of those people come back yes but still the volume of people there that's pretty large so that brings me to the crux of that problem so you've got all these people that go missing you've got the idea that those people are going to return back they're going to come back home within a week you're going to see a lot of those people return but then you've also got that sensitive time period that if they don't you've only got a few hours or a few days rather to get them back and then after that point it becomes much more difficult so that's the problem you're expecting them to come back so therefore you're not perhaps investing a lot of resources and then if they don't then that's really bad news so to understand the problem this is kind of what it looks like you can see the prioritization of missing persons pretty much near the bottom and that's not a surprise when you look at violent crime as opposed to missing persons that's to be expected violent crime you pretty much want immediate investment immediate action so when we look at this and I look at it globally I don't look at it regionally like we would with most of the from a law enforcement perspective but it's not a priority of course it's not consistent so when you look at it globally it's going to be different because it's of course regional with law enforcement not transparent by design because it could be a criminal activity not scalable of course because you have to pay people to go do this work and it's not really cost effective so if you throw 100 people on salary at each one of these knowing they're going to come back anyway that's not cost effective so overall it's not really it's missing then you should be concerned right so how do you solve what solution could you apply to this so thinking about it from a hacker perspective so the first thing you would want to do is ignore the suggested process the current process instead seek to understand the problem and then of course let's try to hack that so the problem you know talk to many different people there's many hackers who helped guide this initiative one person I want to mention which doctor he's done a lot of work for that industry for missing persons and provide a lot of ideas around that buy in those copies for law enforcement and talk to them about how this works currently and talk to families and loved ones of people that went missing and of course that's very emotional and was also very enlightening and speak to anybody that would listen about the idea and collect all the feedback of course that you can as well and then ignore reasons why it won't work so and of course at the beginning there's always lots of reasons why your ideas won't work so we then created a website and we created Trace Labs online with the idea of crowdsourcing for missing persons so bringing the information security into that sort of law enforcement or search and rescue world we started off sort of MVP minimal viable product we started very small to see if that would work and slowly grew from there and it slowly gained more and more success to the point where we are today the structure around Trace Labs was we wanted to make sure that it was going to be effective and that it was going to work so we thought about what's the best way to do that of course with the hacker ethos one of the fundamental lines there is make it free, make it open so Trace Labs is a non-profit no one gets paid it's free labour via crowdsourcing we don't charge law enforcement for anything we do so that allows them to scale up it's cost effective for them schools we're working with schools now where we're engaging students with OSINT whereas they wouldn't have had that opportunity before especially for hands on exercises we go to conferences like this one and do CTFs where we offer a non theoretical OSINT CTF with companies we've done a few companies where we work with them to provide their employees with OSINT training through our CTF as well that's been very successful and then ease of entry so there's no cost people don't have to pay for this to participate all you need is a computer and an internet connection then of course make it fun right so I talked about America's got talent our desire to be entertained you know that's undeniable so we wanted something where not only are we going to do a lot of good to the community but you're also going to have fun as part of it right so capture the capture the flag style contest that CTF you're very familiar with that the gamification of that of course helped with the motivation for contestants to bring them in and then of course celebrating with prizes and over social media as well so a lot of social media during the event and after the event talking about how successful it was especially when teams do really great jobs making it transparent and open was also really important to us so we wanted to get as far away from that closed system as possible so people can have the transparency you can see what's going on we wanted it to also be globally consistent so right now what you'll see is it's very regionalized on how it works as far as process so if we can make that more consistent globally that would be really good we do event debriefs to continually improve in social media announcements to be completely transparent on what we're doing and how it's working out and then finally really following that hacker ethos as much as possible we wanted to and I struggled with this title of this slide and I went back and forth on several words there but making it beautiful so if any of you are thinking about an idea or a project I would try to focus on this this will usually keep you on the track of both ethical but then also something that's really great so the global aspect of what we do means the ultimate mix of people so to me that's wonderful you have anybody that can participate the virtual presence abstracts race, age, gender so in most cases we don't even know who you are crowd sourcing allows scale so that's really cost effective we can go from one to a thousand people barriers to entry are really non-existent so there's no reason somebody can't really participate if they don't have a computer or internet connection they can borrow one or go somewhere where there is one most people now have that and then finally the beautiful part about this and being in search and rescue I get to experience this quite a bit is the uniting of families so there's something really special when you see those two people come together where they thought they would never see each other again it's very emotional it's one of the most amazing things you can witness so some of the challenges that we've had so recently you may have seen a video that came out by Freethink a great video it kind of introduces what we do at Trace Labs but it became so popular it was 2.7 million hits it started to kill our website so we had to do some upgrades there so something as an entity as a non-profit where we were starting to build and grow there's things like this that we weren't really prepared for which has made our journey even more interesting some concerns and questions that we often get as an entity these are the top ones how do we fund our operation as a non-profit it's all donations how do we reduce the chance of causing harm so this is a fantastic one that we've really struggled with a lot we want to contribute as much as we can and make this problem better but at the same time we have to also be very careful because that process has developed over many years and it's developed that way for a reason and we're not experts in law enforcement so we want to make sure we tread very carefully there so we reduced our scope to a very narrow focus to make sure that we didn't cause harm and everybody wants to do more everybody wants to do it better everybody wants to help and it's hard to pull that back sometimes but we had to do that to make sure that we didn't interfere with law enforcement so that brings me to what is our scope it's really the passive reconnaissance and we don't go any further so people will often say can I use this breach data to log in as them? No can I like their facebook page and interact with them? No things like that we don't break any laws but it's also a little bit more restrictive a lot of us want to go to that extra step but we can't do that and then what if they don't want to be found that's another really common question that we get and so the people that we look for we only look for people that the police have asked the public's assistance with so if there is a link on the internet where the police are saying we're looking for this person if you have information please contact us that's really our calling card because we're the public they're asking for the public's assistance and so on our intake form that's one of our prerequisites that we ask people to put in there our progress has been pretty amazing so we went from this idea to this amazing great team that I work with that's doing some great things and I'm really excited about it these are some of the events we've done this year big thanks to all those event organizers for allowing us to do that it's been more set up for future years so it's been phenomenal growth which is great there's been very few issues other than the growth problems which has been fantastic some of the challenges of course so there's always some challenges you know we didn't necessarily know how to run this business out of the gate we've got a team of people now that are really skilled in certain areas which is definitely helping with that the public didn't understand necessarily what we do and you saw the pictures of the hackers our world is a bit of a mystery to them quite often so allowing articulating to them exactly what we're doing is very important people will sometimes be negative about stuff you're going to have that no matter what you do if you have any margin of success there'll be some people that are negative towards that and we found the best thing to do was you can ignore some of it and then you can also acknowledge some of it too so if somebody is critical to taking that out okay yeah that could be a problem thanks for your guidance we're going to take those ideas and go work on that or would you like to come help us to fix it and then sometimes people also will want to take some credit for what you're doing without contributing that's some of the other issues we get and then you also become a target as well so you want to make sure you do your op sec early and make sure that she's hard to do that after the fact so to kind of start to wrap up here hack the planet was the title of my presentation to me it's really a call to arms from the movie if you remember the movie it was so many years ago now they were kind of joking when they were yelling it out but you can see there's examples of where people out in the world are actually using this as their slogan to go do good things so there's some scientists trying to turn our ward off climate change there's hack the planet that's a company out there they're doing some amazing things and there's a tv series now where they're doing some amazing things as well that you can check out so it's starting to become a growing theme so if you're thinking about this if I've motivated you in any way to go out there and look at what we can do to improve the world these are some of the things that I would recommend I mean first thing find something that pisses you off right for me this was a great one it irritated me that we were in this state it felt kind of primitive so there's a lot of technology out there that we can introduce to improve these things then seek to understand it understand the problem why is it that way there's a lot of reasons why it's that way and it usually doesn't have to be ignore the current authority on the issue so quite often people will say well it's this way because it has to be this way and I find as hackers we quite often want to take things apart and understand it and we don't need the brochure that limits us to oh it's only good for this one thing don't get stuck on making it perfect so our journey has been very iterative it's been continual improvement so and I really think that's one of the best ways to approach it don't try to make it perfect because it never will be and to make sure you always stay on the right path think about making it beautiful right would you be proud of it do you want to show it to people right is it something that people look at almost like a work of art like oh this is amazing right so if you can keep that in mind it definitely helps with your journey alright that concludes my presentation thank you very much appreciate it any any questions at all oh yes sir yeah that's a great question I would say it's your interpretation of beauty I think definitely the cosmetics of when you look at something and you interact with it does that feel good does it look good I would say definitely for sure if you can do that I think it's also bigger than that right so does it make you feel good when you're engaged with it and when others are engaged with it as soon as it starts to not feel good that way and you start to question it you probably come off the track a little bit and you need to review what you're doing and how you're doing it it's almost a philosophical way of looking at it but it's both right thank you yes sir so we are focused globally yeah yeah so I would say carefully yes I've spoken to people in different countries and they've said Rob that'll never work here and I think some countries are definitely going to be more challenging than others some countries have more risk some people some countries that are heavily populated are going to be more challenging as well law enforcement works differently in every country so very carefully I say yes because I have hope that we can improve the situation everywhere but I also acknowledge that it's going to be tricky so yeah that's a great question thank you okay great thank you very much