 I guess to begin this whole thing, unlike every other presentation I've given over the last couple of decades, I actually really want to say thank you to one person, obviously Agent X, because he was a genesis of this whole talk last year at DEFCON 15. So that made it really nice for me. The other thing that's kind of interesting is at the beginning of this year, I was completely unable to give any talks whatsoever. I had contracted a pretty insane illness. It left me fairly paralyzed and everything else. And so in this instance, for the first time ever, probably for me, I'm actually thanking someone outside this community, just for the medical care that I received that pretty much got me back to normal. So thank you, Dr. Lee, on this one. What we're going to talk about today is open source warfare. And it's a topic that I think all of us know about, and it's something I really, really enjoy talking about quite a bit. So to begin with here, I really like the graphic with the teddy bear, the balloons, and the bomb, because that kind of gives us a little pictorial representation of what open source warfare is all about. Just a crazy thing. It's really nice. It's innocuous, and yet it's dangerous at the same time. So what is open source warfare and who uses it? Essentially, what we're going to look at today are how armies behave in the battlefield, but more importantly, from the open source warfare perspective, what do insurgents use? What are we, for example, in the United States facing in Iraq? What are the Indians facing throughout their country? What are the Sri Lankans facing with the Tamil Tigers? It just goes on and on and on. There isn't a country on earth that doesn't experience some form of this. What I really like about doing this one at DEF CON is it really kind of speaks to you guys too, because computer skills, computer knowledge in a way, not just in the security arena, but also in the communications arena as a whole, really impacts all of us. And it's used every single day. Some of the stuff that you develop amazingly winds up on a battlefield. And I don't know if anyone's been to a battlefield anytime recently, but it has changed a little bit. But you know, battlefields are battlefields. It doesn't really matter, you know, for better or for worse, for me, I've been to a number of zones in my lifetime. And it doesn't make a dog-on-bitter difference. It's still as gruesome and as gory and as terrible, it's still as ethically or morally compromised as you can imagine. And every side still has the same issues. You know, at least some armies around the world actually recognize the ethical implications of what you do, and some armies don't. Some insurgents do, some don't. But all of them, regardless of the side that they fight on, actually believes that they're ethically correct, that they're morally correct. And it's a very interesting one. And it comes down to some of those questions as the end justify the means, et cetera, et cetera. Thankfully for us, we're not going to explore ethics or morality today. So that's a good one. And because we're in Las Vegas especially, we're not going to really explore this topic at all. So there are a couple of things I want to say at the beginning of this. And you know, last night, when I was kind of going through this presentation with a friend of mine, not only did he suggest I pull a couple of slides, but he also suggested maybe I want to kind of tidy this presentation up a little bit and not show any graphic pictures of what happens in warfare and what the actual results are. For anyone who's curious, they're freely available just about anywhere on the internet. But it's too early in the morning and I don't think we need to be compromised with that type of stuff. I do want you to know, however, that there are a lot of things that when you do, they can go wrong pretty badly. You can wind up in jail. And that's really not the worst thing that could happen to you. There are a million things. But be very, very careful. However, that haven't been said, the exploits that you come up with, the exploits that we come up with across the board are tremendously important. And the fact that they're somewhat open source, and what I mean by open source in this instance, is open source in the context that everybody shares information with everybody else and it's rarely segregated to a degree or a firewall to a degree that it can't be looked at by just about any person. So if you post something to a server in New York, it just as well might be seen by a militant in Bangladesh. So it's interesting and it's very important because the armies around the world, not just in the United States, actually spend a tremendous amount of time taking a look at this stuff and sometimes developing counter strategies or at least, as we'll see in one instance, at least to be prepared for what is coming up. That having been said again, we're going to keep the examples a little bit generic. And I just want to stress this one thing again. This is really a value neutral presentation. Okay, we're not going to talk about who's right and who's wrong. All right, it has nothing to do with that. I don't care what side of a debate you're on. We're only looking at the pure science, the pure technology here. We're not going to look at any ethical dimension. I guess the biggest misconception about open source warfare is that it's a little bit, and in some ways, in a funny way, it's a little bit like MacGyver, where you get a toothpick and you've got 30 seconds and a tube of toothpaste and some floss and all of a sudden you can save a bomb from exploding or blow one up yourself based on you do this, this, and this. In a way, it is, and in a very fundamental way, it isn't. And I also want all of you guys and girls this morning to remember open source warfare has come, it has as long a tradition as warfare itself. Some of the earliest examples, just so you know historically, go back thousands and thousands of years to battles, even concepts like Stego go all the way back, thousands of years, which are far of hidden communications as well. But on the modern battlefield, what we see now is a very heavy degree, an extremely almost over reliance on technology. Whether it's the United States or the Israelis of conventional armies that have recently been engaged, we're actually seeing somewhat of a parody what's taking place right now in Osesia with Georgia and Russia. But the counterinsurgents, however, have changed the tactics just a little bit. And they use things like microwave ovens, mobile phones. We see examples of that every day. Remote controlled aircraft, toy robots, digital cameras, sniffer tools, you name it. I was a little bummed out that I missed the war ballooning demo, but I know when I went over there it had been canceled. We're gonna look at one war rocketry example too in a little bit. So to get us started on this whole topic, I'm gonna show one other slide here to begin with and we'll end the presentation after the night's teasing. But it's gonna tell you everything you need to know about open source warfare. It's funny in a way, and it's kind of tragic comic in another. And yet it's deadly serious in the most fundamental way. What we're looking at on the left hand side is a big project done by DARPA. And the center picture, as you can see, was done by a company called Boston Dynamics, and they work with DARPA on this whole thing. To provide a type of pack mule automation system. Essentially, it's a very sophisticated robot that works on four legs, walks around as you can see it carries packs, etc., etc. And what that is, is an adaptation of probably one of the oldest forms of military transportation known to man, which is a camel. Elephants also qualify in this instance, but this is a camel. A couple of things come to mind immediately. And the first one, since many of you are taxpayers, that I'll remind you is, I'm guessing the one on the top left is fundamentally far more expensive. A lot more expensive. And by the time it's actually ready to use in the field, it will have been astronomically expensive to develop. There are benefits, there are shortcomings. I know when you look at the specs of the whole thing, it looks really pretty cool. It'll be able to walk so many miles, it can carry so many pounds, etc., etc., at a very, very high cost. Also for troops potentially operating in the field, what you're looking at is breakdowns, mechanical maintenance, detectability, which is extremely important. So these are also going to be issues. But then again, when you look at a place like Afghanistan that has a lot of very challenging terrain, you can see the track vehicles aren't going to work here. So something like this is actually not too bad. Now, another adaptation of that, of course, is the camel. Whether it's horses, camels, elephants, you name it, mules, just go down the line. Very cheap, detectability, yeah, of course. But they're generic generally to the region in which they're used. So in this country, we'll use horses or mules. And in other countries, they'll use elephants or they'll use camels. So they actually fit into the terrain, so the detectability is something kind of low. The other thing that's a little interesting here for us to consider in OSW is the fact that when you see a robot, for example, the top two pictures, you know automatically it's a war machine. So right away there's a predefined notion that once it's detected, you know automatically what it is. It must be destroyed, it must be hindered, it must be hurt, and a story. Whereas the other one, there's a low degree of ability to detect. Look at the packs on the sides of both of them. Are they, which one is most likely to be carrying a weapon, for example? Which one is most likely to be carrying explosives? It goes back to the suicide bomber concept, same issue here. So we all face that. And now, of course, we have a very gratuitous photo coming up, which is going to be nice. And I just thought I'd throw that in because we're here today. But I also want to talk, because there's really no fundamental reason for this one to be here, I guess, other than to show animals can carry something else other than weapons. But I do want to talk for just a very brief moment about a very important concept, and it's one that I've been exploring recently. And it's this whole concept of the narrative of myth, narratives of a nation and elements of myth and things like that. Warfare in many respects, and open source warfare in particular, really does appeal to certain paradigms. When you think of the narrative of the wars the United States is currently involved in, there are particular subtexts, there are particular narratives that are extremely important. I know one of the groups that I belong to is called the National Military Intelligence Association, and they just published really a very lengthy article, and it's very unusual in terms of what they actually do, that only discussed elements in the narrative of warfare, how warfare is presented, all these concepts of sacrifice and transcendence, death and transformation, is very, very interesting actually when you think of it in those terms, and it's also very interesting when you look at it in terms of what motivates people to do things, whether it's fight a war as a conventional army, or actually to run into the counterinsurgency or coin as the acronym is known. We're going to take a quick look at Lebanon. There's been a lot going on there in the past couple of years, and I think many of you are really important, importantly involved in some respects in this one. I'm showing you a slide from actually one of the more influential members of the Lebanese coalitions, although he's not a government member, and this is a gentleman named Nasrallah, and I love this slide because it actually talks about something that's fundamentally important across the board in the emerging battlefield, and if you look at the two things that he's saying, it's really, really important. Many of our members died as martyrs because of landline and mobile communications, fair enough, and our communication network is the most important weapon in any resistance. I think these two statements actually sum up the narrative across the board from country to country, I mean, whether it's Sri Lanka or Colombia, these two actually very succinctly sum up what's the issue. It's just absolutely incredible. So let's take a slightly deeper look here at Lebanon so we get a better sense. A couple of months ago, there was yet another flare-up in Lebanon. There was fighting in the streets, actually the fighting had spread outside to the countryside, and it really resulted in the fact that the government itself attempted to quash third-party communications networks, telecommunications networks. The other thing that complicated this fight is that actually from the Lebanese perspective, some very, very major players in their political and cultural lives, Syria, which to some extent could be argued really is that Lebanon is just an extension of Syria, at least as serious as we believe so. Iran, of course, who were all pretty aware of Iranian involvement in Lebanese politics and actually warfighting capability. And Israel, of course, who's declared war a couple of times. And there are extremely interesting lessons here. I'm going to speed this up a little bit. So what happened in this instance is that the third parties, meaning the Salas groups, went ahead and established communications networks. What they did is they to start with, at least, they piggybacked on top of the copper networks within Lebanon itself. They extended the copper networks, they created new optical networks, which is very, very interesting itself. And they piggybacked, and I probably should have said in there, they created completely new mobile cell towers and mobile networks for communications. They did this for a number of reasons. And one of the reasons they did this is because copper networks are permanently traceable and they also require warfighters to go, or I should say counterinsurgents to go to a particular point in order to make a phone call. So they were easily detectable and hence killed. Other things here in which they've done enormously interesting work that's really a DEF CON caliber and they didn't forget a visa, I think, to come here and talk about it. But as far as VOIP goes, some enormously interesting things. They've really taken some of the open source protocols of encrypted communications one direction to another on VOIP and taken that to the next level and created an incredibly secure communications network. So it really became an unsolvable issue for the government and it led to war, as you can imagine. Now we're going to take a look at two little maps here. One is kind of a, on the top right, it's just kind of a topological map to give you general orientation. You can see Syria, Israel's down, you know, lower left, meta training on the top. So very interesting little one. Now if you look at the red lines though in the lower left, what you're seeing are those copper networks that we see and those were set up originally by the government. Now I want you to basically imagine fingers and nodes emanating two colors of fingers and nodes. It's up to your imagination emanating from those lines and parroting those lines. And that'll give you some sense of parallel networks that have been created. But overlay onto that, a third one of circles and dots of mobile networks that were created. So what happened is it really became impossible for them, A, to dismantle any third party from the government network. Big problem because it had been so co-opted. And, you know, in the other instance, it really became impossible to shut down that network because so many variants of it came to exist. I'm going to skip undersea cable disruptions as much as I'd like to talk about that one here. Now I'm going to take a look at some just basic, you know, however you feel about Web 2.0, but I want you to get a sense of a little bit of triangulation and how things are found in the Web 2.0 world in areas that we use. You know, on the right hand side, we're taking a look at something from Sense Networks. And it's a really nice little application that actually helps you find the hotspots downtown in San Francisco. You can see pretty much based on protocol where people are and what they're doing, what they're congregating around. And Sense came up with this idea, great people by the way, but they came up with this idea that if people are congregating around certain clubs and restaurants, those are the hotspots. So fine. And Luke on the left-hand side has met with a slightly less energetic response, but they have a fairly similar one that's for a couple of phones, the iPhone included, that works on this same concept. Now in a military context, we look at this and we begin to see the emergence of targeting maps that are actually fundamentally very important. Now we're not talking about targeting infrastructure, we're actually targeting either groups of people or a particular person. This has very important ramifications for law enforcement, very important ramifications obviously for militaries. So you begin to overlay these maps with different colors and they get more and more and more specific and it becomes very, very interesting. When you think, and I had a really interesting talk with the Cisco guys a couple of months back, when you start thinking about the number of protocols now in terms of what we carry around every day and what we utilize every day just in my own pockets and computer, I'm already a number of protocols deep in wireless communication, things start getting very, very, very specific. Tremendous opportunity if you're a military person here. Now this is a little company that is emerging and they're building on concepts that already exist and that's why I'm using them actually, SageTech. They're working on something that's already in the field. Obviously on the US side, we know of things like the predator drones among others. Israeli military makes use of also proprietary drones, et cetera, et cetera. This is actually when you put these two slides together, really room and food for thought. It's just something to think about. Now you can take a step back and say, well, you know, great, we're going after an enemy, but also from a law enforcement perspective. When you begin, instead of shooting bullets, we're actually tracking instead of shooting rockets, we're actually able to surveil an individual based on a specificity of protocol becomes extremely, extremely interesting. Of course the battlefields we're fighting on in the Middle East, for example, right now, we're not worried too much about protocols because they don't exist to the same degree that they would in downtown San Francisco, but I do want to make you aware of the fact that things like UAV sniper aircraft have a very, very interesting little application. I'm going to just go through a couple more slides and we'll go through it, but I want you also, at the end of the talk, to realize that everything pretty much on the modern battlefield is all driven specifically by mathematics. I can't think of anything that's done on the modern battlefield from a traditional army's perspective that isn't driven by mathematics. And I strongly urge you, if you don't know anything about thermodynamics, believe it or not, the second law of thermodynamics and non-equilibrium thermodynamics just has an enormous thought impact on what we're on these problems that we're all working on right now. So I'm going to show you really quickly something I ran into randomly, which is a surveillance helicopter. It wasn't intended as such. It was shown at Infocom just to do nice little aerial shots in HD, but it's actually pretty interesting. I will take a look at this one and start thinking of those. Actually, let's go back. And I just want you to see a couple of the capabilities. It's a non-US company that makes this one. The price is about 400 bucks off the shelf, including an HD camera. It has a one mile radius, 20 minute battery life, and encrypted comlink, which I find extremely interesting. But I want you to now think about something like this in the hands of a counterinsurgent flying it at dusk in the mountains in Afghanistan. 400 bucks and that's a US price, so therefore inflated by Taiwan, by that in Burma. It's a little cheaper. But all of a sudden you start to see the logistical problems for surveillance of established armies. What begins to happen when there's cheap technology out there that people can use very easily, very, very easily, and it becomes a little scary. And let's see we'll go ahead and pop through. I guess this will be the last two or three things I'll talk about in this presentation. But one of the emerging things that's kind of interesting is the use of microwaves in the battlefield. And we're not talking about huge microwave towers or generators or anything else, but we're actually talking about people who are starting to think about it, and I haven't seen deployed yet in any battlefield, but the usage of a conventional microwave oven that's been disassembled, you know, you put a little hood on it, direct the beam, and you can begin to defeat some of the IED sensors that exist on current military vehicles. Now I want to really be clear it's not in use right now. The military is aware of it, so I wouldn't get too worked up, but it actually shows a level of innovation, and I included a link in here that you guys can go click on. There's a whole bunch of stuff there that will give you a good idea of what's capable with this technology. And again, you know, just people like all of us really who like to tinker, like to figure stuff out, put things together in a new way and use them against something else. It's enormous, and you know, every morning when I make my tea and I use the microwave to heat the water, I actually think of this technology because it's a really good reminder of, oh my god, what else in this kitchen can kill? You know, it's really pretty amazing. The little picture you see there is just a really cheap solution to defeat LED surveillance cameras. Extremely cheap, it's been carried on a lot of websites, how you can do that. There's some counter measures. I actually know a couple of guys now that have variants on this technology in order to defeat this technology, but it's a little expensive and it's not very widely deployed. So, you know, railroad yards, for example, use LED technology for surveillance cameras. So, if you're up to no good, thankfully they're transitioning. But if you're up to no good, chances are using this type of stuff. Again, easily searchable, easily findable for things to think about. And then yesterday I also wanted to give just a little shout out to the CV org people who actually opened my eyes to a particular hardware trojan that they were able to implement on Linksys routers. And it was actually so innovative, so simple, and so unique that I got really, really stoked. And, you know, as just a little side note, through their technology, what they were able to do was their officials to get a Linksys router to broadcast Morris code. And I think that's really kind of interesting when you start thinking about very, very discreet communication systems. It becomes very, very scary when you start thinking about hidden embedded communication systems that can be implemented from afar and surveilled from a safe distance and communications being transported that way. So, it becomes extremely, extremely interesting. This is just yet another example of really good information on how to do a high energy radio frequency directed weapon. Once again, you're interested in this stuff. TopSight has your information. So, you know, keep in mind, I'm actually being told I have time. So, I guess there's a Q&A afterwards directly across the hall, but in 104. But thank you guys very much and I'm really, really grateful to you all. Thank you.