 Ladies and gentlemen, DC awards. Good morning, DEF CON. I say that because probably half of you just got out of bed, didn't you? And the other half are going right back to bed once we've emptied the bottles. Bye. We miss you. All right. Welcome to DEF CON awards. I am Russ. This is Jericho. And over here we have the invisible dart tangent. He was here year one and has been missing in action since. So if you see him in the hallways, tell him we're here. So let's talk a little bit about what the awards are, how it works. So first slide is why. Why did we do the DEF CON awards? We have people that sit around and complain or brag about accomplishments, things like that. We wanted to recognize those things, but we wanted to be a little bit different. So it's important to note that we did not vote on this. We get up here, we get to talk about it. But people in the community nominated all these individuals or organizations for the categories. We didn't vote. We had organizational input only. And we do it so that you get recognition for good things that you do when you kick ass and you get great recognition when you do really shitty stuff. And that's why we're here. These are all public nominations. We opened this up to the entire world. We've been getting steadily more and more nominations over the last few years that we've done this. We opened it up via SurveyMonkey. Now we made a mistake the first year and we actually tried to do voting. Did you try my glasses on? Did it mess you up? Yeah. And DEF. This should be fun. We tried to take the votes on SurveyMonkey as well. And hackers do an amazing job of screwing with your numbers. So we do it a little differently now. Jericho bought a sound meter and we're going to do it here. You can actually vote. And if you happen to be one of the nominees and you're in the room and you win something and you want a shot, or five, these bottles are unopened. You can crack the seal yourself if you want. I figured nobody's going to trust an already open bottle of alcohol at DEF CON, right? Just forget the whole tamper evident contest. Yeah, exactly. There is a board review. So it goes out. Everyone nominates everyone they want. Jericho and I will sit down with some other people and decide which ones are most relevant, which ones got the most votes, and which ones were just trolling us. And we'll remove all the trolls and that kind of stuff and bring you the absolute distilled best. And the public voting is done right here with the sound meter, like I said. Past years, we started this in 2011. It was a brainchild that has been slow to give birth simply because people would rather be drinking and hacking and breaking into stuff than sitting in here watching Jericho and I talk about this. It was originally called the DEF CON awards, which was slightly confusing since the closing ceremonies became the DEF CON awards. At some point when it started taking three and a half hours to close this conference down. So we renamed it to DEF CON recognize awards because we're trying to recognize people for either being douchebags or being awesome. Hi, Paul. Last two years, this was held on a Sunday and going to anything on Sunday after parties on Thursday, Friday and Saturday is probably not going to happen. So we had about a dozen people in the room the last couple years. So Brian and I spent a lot of our time drinking on our own. This year we moved it to Saturday. Everyone's awake, right? Yeah, we're all awake. So DEF CON 19, 2011, these were our categories. We had worst media coverage. We had most interesting malware, best privacy technology, best open source software response to an attacker method, best author or story that captures the hacker mindset and then we had the security charlatan of the year. As you know, Jericho may not know. If you don't know, it's sad. But Jericho does a blog and he does a lot of research and write ups on potential charlatans in the security community. And he's actually gotten a very big response. So we get a lot of input from other people around the industry, around the world that point people out that are doing a great job of trying to be something that they're not. And so that was really one of the main premises of the awards, was trying to get that information out so everyone would know who they could trust. And these were the winners. So we had Kingpin, the story by Kevin Paulson that won the best author in the story. And then we had Gregory Evans, if any of you remember him from a couple years ago because he's still around for security charlatan of the year. Now, oddly, every year we've done this, nobody that has won a Euro piece of shit award has come up and collected their award. So what we've done with those in the past is just Jericho has taken those out and auctioned them off and collected the money and given it to EFF. Right? I think that was right. Yeah, so hackers for charity are EFF. So if a douche bag wins it, we still take the award out and auction it off and get the money to somebody that needs it. Yeah, we actually had trophies that year. This year you're getting inebriated. Next year we'll have trophies again, promise. All right, DEF CON 20, last year, our categories, worst media person or outlet. This was for print. We separated out the media that year and it was a mess. So we had worst media person or outlet for broadcast where we had no nominations at all. You all love Fox News, apparently. I got two laughs from that. Everyone else is like, what's a television? Best privacy enhancing technology, tour one, of course, your best sec or hack Twitter feed, your non-news, it's still very popular. We renamed the next award. No offense was intended by this originally. This was more of a European thing or we were calling somebody at Ding Dong. But we've renamed this award this year to the knit twit. We have a Captain Obvious Award for last year that General Alexander won and oddly here we are a year later and it's been proven. We have the security charlatan of the year for last year was Ankit Fadia. So I'm going to hand it off to Jericho to do what he does best and I'm going to interrupt and make fun of him and heckle him along with you as we go through these categories. So this is interactive. Please be involved and if you are in the room and you do want something and you either want to wash away the pain or share in the victory, please come up and have a shot or two. Cool, thanks. Yeah, like he says, interactive. Feel free to heckle him. So real quick, the categories. Best media coverage. This time we went back to any media. Best privacy enhancing tech since DEF CON 20. Notice that on a lot of these categories. We're not looking for the best in the world ever and some of the nominations we had to rule out because they were a lot older than some of you in the room. Worst privacy enhancing tech. Best security or hacker feed. Now the knit twit award. Best DEF CON group project that was approved and that was an interesting, we'll get to that anyway, sorry. Worst or most meaningless security buzzword. I'm sure we all know some of those. Biggest law enforcement blunder since DEF CON 20 once again. And the security charlatan of the year. So we'll start out with best media coverage. This is the only one where we'll really get to have some good visuals. There are quite a few nominations and by the way the slides for this will be up on attrition.org next week and it has the full list of nominations down in the notes below that you can't see on the screen. So you can look at our work and see which ones we decided to pick out of the list and put up and all that. And call us out for it if you want, I don't care. So the nominees are Brian Krebs, Glenn Greenwald, the Registrar of Security Week, RT.com and Kevin Poulsen. Actually it's the worst media coverage that we get the good visuals, not this one. So are any of these names new to anyone? Thank you. Okay. So based on that, let's see if I can make this damn thing work. Testing. That's probably good. So one at a time, based on their work in the past year or so, which of these people do you think deserve the award? Brian Krebs, I'll make sure you can see it. 83-2. That was pretty loud. Okay, how about Glenn Greenwald and from the Guardian.co.uk? He can see. That's cool. What? The Reg. It registered the same as me. The one thing I will give the Reg, though, they usually have some fun titles for all their articles. Even if the articles kind of limp, the titles are usually good. So, yeah, Masters of the Unverified Single Source News Story. Okay, so how about Security Week? Apparently I was a little less loud on that one. They didn't even register as much as the last. RT.com, specifically for their Snowden coverage. And then last we have some guy named Kevin Polson. I think he's been in the scene for a year or two. Yeah, he probably did some time. I don't know. His work at Wired, and this one was actually submitted by the guy that just told you we didn't vote. Anyway, yeah, someone's got a drink. So anyway, Kevin Polson. Weasel. You don't clap very loud. Okay, so based on that, RT.com. Yay. Is there anyone here from RT.com? He runs up with a camera. I mean, come on. I've got to assume you're with RT.com now. You've got to take a shot. For the next five minutes, you're with RT.com if you'd like a shot. And you can take a picture if you take a shot. Now while he's figuring out the tamper evidence seal over there, we'll go to the worst media coverage of hackers, and this is the one where we have some fun visuals. So the nominees are from Read-Write. They're an article titled World War III. Actually, we'll just go one at a time. So there we go. That's the visual we got with the article. And if you want to take a minute to read that top paragraph, every day the pentagon is attacked 3 million times. And that's kind of amusing because, Weasel, was that 95 or 96 we got the article about the pentagon being attacked 250,000 times? Yeah, because they were counting ping. Yeah. Okay. So anyway, we have that good visual that, you know, World War III is right here and we're already losing. I said, you get a shot. Oh yeah, solidarity. I'm good at something. Okay, so next up we have Marie Claire, when geeks attack. So look at that picture. Those are apparently programmers. Can anyone tell the difference between that and a DEFCON crowd? Yeah, there's females in that picture and there's no females at DEFCON. Yeah, good call. You want to take a sip so that you're more coherent? Next we have Meet the Press. This douchebag, David Gregory, basically says, Mr. Greenwald, shouldn't we be charging you with a crime for, you know, doing your job as a journalist and covering a story? And he actually grills them. It was pretty embarrassing for Gregory. Man, I failed. I didn't even put the YouTube link down in there. If you don't have to Google it or something, I don't know. Next, the Maniche. Maniche? Okay, yeah. NPA. So there's a little backstory to this one. Yeah, they basically write an article and they didn't quite use the best wording so everyone thought that what they said was the law and that the law was going to do something and it ends up they didn't. And by the time they issued the retraction or apology, everyone was in a panic. So yeah, they really screwed the pooch on that one. Next we have Info World. Confessions of a Cyber Warrior. This is a very recent one. I don't know. Yeah. Who actually read this article? Who read this article and kept a straight face? Liar. Okay, yeah. So if you want a good, good laugh, grab a bottle, read this article. It's hilarious. What? Okay, so we're going to vote now. This time make some noise, bitches. Okay, read right World War III. Got triple digits on that one. Yeah. Marie Claire when geeks attack. Good effort, sir. No. Good effort, good effort. Meet the press, David Gregory. Yeah, so this is, this is revealing. Yeah, if any of you, if any of you are really wanting to vote, yeah, come up closer and you have more influence. That's how this works. And the only reason that someone's not stacking the vote is because he actually forgot his air horn. Sight your source. Yeah. Okay, the Maniche and the correction. Yeah, that was limp. Info world. Confessions of a cyber warrior. Yeah, who was that making most of the noise back there? Come on, one of you raise your hands. Who made all that noise back there? The harbor seal back there? Okay, so the winner, thanks to these two fine gentlemen is Read Right and World War III, which we are losing. It was in the print, it's fact. Yeah, so best privacy, do I skip one? No, okay. Best privacy enhancing technology since DEF CON 20. We actually had, I think we had more than that. Yeah, we had a lot of nominations, but only four of them count. So ghostry, anyone use that? One user. You better be loud. Disconnect two. Any users? Does anyone here care about privacy? No? Okay. Yeah. Twitter, two factor authentication, anyone actually use that on Twitter? Two people and we wouldn't want to hack your accounts anyway. Come on. It did. Yeah, okay. So, and who uses onion pie? The NSA thinks all of you. The reason the other products did not make it on the list are that they are not recent or new since DEF CON 20. And that's really the key. We need things that are new over the last 12, 14 months is kind of what we're using. Use the microphone. It's not on. It is now. What he said. Thank you. Anyway, since DEF CON 20, thank you esteemed. Yeah. Hat. Okay. So, ghostry. This is going to be fun because none of you people know what any of this shit does. And they don't care. See, next time you need to nominate whatever crappy tool you're using for privacy, you know, paper and pencil or something. Microsoft Word. Yeah. I hear that zip encryption is pretty strong. I love Jason Scott. Yeah. Disconnect two. Disconnect two with some hot shit based on that vote. Twitter, two factor authentication. On two of you. Oh, none of that little UK golf clap. They had the most supporters in the room and is not winning. You guys limbered up. You ready? They're getting ready. Okay. Onion pie. That was a noble effort while charging bear. That's officially the highest number we've ever seen in three years. Now, which of you critics was all bitching and whining like a whore about the unscientific process we used? I heard it from right here. Neither is the rest of our industry. And we have alcohol. So anyway, we give you people many ways to influence this. We use Survey Monkey. We let you come here and make noise, run up, filet the damn thing if you want. So if you want someone to win, next year you have some good guidance. Wasari Airhorn. Okay. So the winner on that one was the onion pie because of the esteemed gentleman down here. Since you are obviously users, I think you need to come up and partake. Designated drink or two shots. Good man. Worst privacy enhancing technology since DEVCON 20. Newly disclosed. It may be old but it's got a new name. It's got a fancy new power point I hear. So the first one is prism. If anyone's ever heard of prism, yeah, okay. Yeah. Good stuff. Cypher cloud. And these are the reasons we were given. I've never heard of this tool until the nomination. Bogus security claims abusing DMCA as a defense. That's interesting. I'll have to look into that one. Gmail. No reason given. I thought that was prism. Prism light. And last one is Wi-Fi sugar. Proof is in the website which I haven't read either. Anyone use Wi-Fi sugar? Any Wi-Fi sugar developers? Get a better name. Thank you. No. Wi-Fi sugar. I can get me some Wi-Fi sugar. I can see a bad SNL skid off that. Okay, so. Can you move to the other side of the stage? So they have to at least. Prism. Go for prism. No, no. Rules say I have to have it. Nope, nope. That was 10 less than you two actually making noise on your own. Serves. Serves, the fail panel was a few hours ago. Oh. Yeah, I got it. Yeah. Cipher cloud. If I can't be loud, I'll make the other fuckers be quiet. It doesn't go backwards, people. Okay. Gmail. I actually think that was the most popular. And it was actually quite nice. That was pretty swell. And I think we're going to just discount these fuckers down here in favor of that. Use the microphone. Okay. So if you want to keep prism, if you had brought your own microphone, that would be a different story. I like your style. Let's end up on that 89 5. Yeah, about 10 less now. And last, Wi-Fi sugar. Remember, it doesn't go backwards. Hey, somebody. That's the lowest number we've had today. All right. So we have prism. They'll be quiet. And we have Gmail. And we had more energy on Gmail. So if you want to vote for prism, use your voice right now. That's nice. All right. Gmail. Go. I think you went backwards. Yeah. You didn't even meet your previous one. Okay. So it's prism. Is General Alexander in the room to take this award? Shot, General. We didn't have to ask that question earlier. They knew. Yeah. Are there any feds to spot? No. So I heard that after his black hat talk went swimmingly where people were calling out bullshit to interrupt him, that he beeline straight from a Karen. Yeah. That was actually planned before his talk ever. No, the eggs got confiscated before they made it to the room. Yeah. Yes, that happened. Brian sounds pissed. Jared goes like, I paid a lot of money for those eggs. Let the eggs through. Come on. Okay. So now we're getting into the fun stuff. You didn't tell them who won. Prism. Don't worry. They know they won. Where do you think this goes? So best Twitter feed. IO error. Make some noise right now if you follow these people. IO error. Moxie. Uranon news. Spaceroog. You want them to make noise on the next. You know, it's really hard. I just recognized him without the blue hair. I'm sorry. I'm sorry, dude. I haven't seen you in forever. So I apologize. I'm sitting up here like, who's the guy with the beard? I was going to say now you're sporting the post office poster beard. Yeah. Have you seen me? $20,000 reward. It's good to see you, sir. Okay. So this is the one time I think that I had moderator influence. The hacker news was nominated. They're plagiarists. So they're not going to win in the story. And hacker huntress. Okay, other than Spaceroog, are any of you other nominees in the room? Yeah. 87% of the room is anonymous probably so, yeah. Okay. So can we mix it up a little bit? How many of you have actually been in this community and following DEF CON for at least 10 years? All right. So not even half the room. So here's the thing. If you know Spaceroog and you follow the hacker news network in the day, they were the... The hacker news network H&N is not the hacker news. Right. This is a little lame want to be ripped off. So what I'm trying to do is draw, there's a line there. There was the original H&N, which was Spaceroog. And now there is the facsimile of such, which is kind of like candy cane dipped in bird shit. And so, yeah. Someone's going to win the arbitrary insult award. So I just want to draw that line. If you've been around for 10 years, it's not the same H&N. That's why. Okay. So now we're going to vote. IO error. It's better than nothing. No, it's not. Actually, it's not better than nothing. That was actually, I think a little quieter than the idle room is. Someone goes, oh. Sorry, Jacob. Now, Moxie. I forgot to hit a button. User incompetence, my fault. Anyway. You're paying on news. Hey, don't laugh at women right now. You're in. Someone's, we can have fun with this. Oh, yeah. Enos. Bactic drop table. We need an award for that. Absolutely awesome. Yeah. Designated drink or drink that. He's our designated drinker for the stage two. Okay. And last, hacker huntress. No one important. Okay, fine. Space rock. So by popular vote, the hacker news went, no. No, we're going to make you come up here and drink since you won. Are we close to end or did you guys get promised free shots? All of you that just came in? Free shots? Yeah? Well, your only chance of getting a free shot is to come down here and make noise when you're told to. So real quick, seriously, space rogue's been doing the hacker news for a long time. He would actually wake up at some obscene hour and I know because I was up from the night before. And there's something you need to know about him that my friend Carol and I, we would do editing for him. Caroline Mino? No. Okay. Different Carol. Yeah. So he has his own form of English called space Ronix. And every morning he would write these great articles minus the, I don't want to say clever use, I want to say fisting of the English language. But the content was there and that's what was important. And that's why Carol would be up and I would wake up early and I would be up from the night before and we would actually take the time to edit his crap. So anyway, thank you very much, space rogue. You've done a great thing for the community for a long time. So we just had the good. Now we need the bad. I forgot to change the title of that one. During Kino. Oh man. You don't get to designate that one either. That's purely on you. Yeah, if you want the free shots, you have to first come up here and make noise when you're told come sit down, come help vote. There's a celebrity on the front row too. Okay, so the nit-twit award because someone forgot to change the name on this slide. We're voting for the Twitter feed that is considered the worst. The first nominee is the jester. Who follows the jester? Who nominated the jester? Just one person. We only got IP addresses and last I heard they're a little untrustworthy. Yeah. Number two, white rabbit. Anyone follow him? It. There's a debate on the front row whether it has genitalia. Yeah. Third, Asher research. Anyone? No? Okay. Gregory D. Evans. I know most of you don't follow because his account's been locked for a long time because of me. Yeah. And last, Ada initiative. Hey, Val, you in the room? I want to talk to you about some dongle. You know, there's a certain irony that they're on the twit twat award. We did change that name, I swear. That's my mistake. It is the nit-twit award. I'll get in trouble for that. Okay, we got to speed this up a little bit too. Okay. So the jester. Make noise if you think it's the worst Twitter feed. He's getting louder. You want more? Asher research. I was wrong. You can't make it go backwards. Gregory Evans. White rabbit, thanks you. Everyone's still really confused about that one. Yeah. Ada initiative. You said you couldn't rig the votes. Alcohol will rig anything at DEF CON. Sorry, that was a little muscle spasm, nothing else. And then the side little, sorry. Yeah. Okay, so. It was Ada. Ada initiative. Val or the other chick, and you want to come up here and we can discuss your financials that have been leaked out? No? Ouch. Anyone? Anyone? Yeah. You can have a shot, too. Yeah. A shot. Consensual shot. Okay, fine. We'll send your award later. I'm not going to spend time on this one. Best project by an approved DEF CON group. We had two nominees. One of them had like 87 votes, and the other one had one. So honeypot that can bite. Anyone involved in that? Anyone hits free booze. Yeah. It's a DEF CON group something. I don't know. You're supposed to be here. Fuckers. You can lie. We don't have whiskey, though. Okay, yeah. So anyway, that one was an obvious rig to vote, but hey, we'll give it to them because they're spirited. Congrats. Worst security buzz word since DEF CON 20. I mean, it really took a hold of the news. Remember, some of these were nominated. It's not mine. It's the laptop owner drinks. Okay, so you're going to go down these real quick. APT, buzz words plural, shut up. Security community, duh. Cloud. That one we probably shouldn't have included. Okay, I'll give you that. CEH, that's certified ethical hacker. That's a respectable number off laughs. I'll make sure I tell Jay Bavisi, head of the EC council about that one. No, I'm not. I'm not really missing it at all. Ada initiative. Damn, you're loud. Okay. Anonymous. That's another one we probably should have dropped since. Yeah. Okay, we'll skip that one. Cyber. For me, of course, is that all of you should be drinking for that. Shut up. China. That's all you got. Oh, yeah. Nice. Okay. And last, Snowden. So the award is cyber and we're all losers for that one. Everyone drink. Okay, we got, we got, we got five minutes. We got to really do this quick. Biggest law enforcement slash legal system blunder since DEF CON 20. We're not going to take votes. We're going to call all of these the winner on that one and how law enforcement fucked up in big ways. So real quick, unofficial awards. Best con award show, the ponies. If you missed them at the black hat, catch the video. They're funny. We're not. Most clever, some funniest security Twitter feed. Security humor. Really, really clever. Follow. Best book on freaking this year, exploding the phone. If any of you are interested in telephone and freaking history, get the book. Internet hacker security historian of the year. Jason Scott. By the way, if any of you use the Internet, go donate to archive.org. If you have any old hacker stuff sitting in your closet, old paperwork, whatever, work with Jason to make sure it gets into the right hands. While many people ship stuff to him, he also makes sure it goes to the right places. Certain museums or whatever initiatives that are dedicated to collecting that information. Awesome work. Yes. And most prolific Twitter that was most desperate for an award. So last, how much time do we have? Two minutes? Three? Hey, goon. You have 15. Russ said 15. I like his answer. I can roll it a little bit, probably. Who's going to pull somebody with free booze off the stage? I'll fight him. Come at me, bro. Okay, security charlots and award nominations. And once again, I did not nominate any of these, but I did note which ones I have worked with my team to publish information on. So first one is Anka Fadia. Anyone know of him? Yeah? Okay. Oh, no. What did he do this year? He gave the same presentation he's been giving for the past 13 years, where he still uses back orifice as his example for a remote access trojan. Okay. So on that note, is anybody, aside from space rogue, here that was involved in any of the back orifice stuff, because I'd like to give them a shot, too. Do we have dildog in here or death veggie? Any of you loft bitches, get up here. Okay. Rahul Tiagi. Anyone heard of him? He's kind of like a Fadia light. Yeah. Kim. Dot com, Schmitz. So yeah, most of you have heard the news about him for the last few years in his antics and mega this and mega fuckwad and all that. Right. So he's got a long history before that of fraud and all kinds of other interesting stuff. Make sure you read up on that. I do not know the story behind this one, but it got votes. Fortinet security. He just wants a shot. Yeah. Afterwards, if you know why they should be nominated, please let me know. And same with this one. Chris Russo. Anyone? Chris? Chris, are you in the room? Can I buy you a shot and get your secrets? Bottle? Okay. So based on that, and I know it's a little blind, because if you did your homework, you would have read about all these people in advance. So on confadia, this thing is complicated. It is. Yeah, there's two items. Well, by that, I mean that it's not easy to reset. Thank you. Rahul Chagi. Yeah, I'll make sure to mail him and say he sucked it at this award to Kim dot com Schmitz. I don't care if he wins. Get another get another shot and designate his shot. Fortinet security. Yeah. Listen, people, if you're going to nominate someone, give us some details, some juicy dirt that I can spill on stage. Or at least show up so you can vote for him. Right. Yeah. And last, Chris Russo. I wish we had a cricket soundtrack. It'd be too loud. Okay, so we'll really test your interest in the community just for fun. Also nominated, but not on this list. Fernando Gaunt. That was intentional. I was just curious. Thank you. Thank you. Yeah. Okay. So Kim dot com Schmitz is the winner of the security charlatan of the award this year. So everyone, take this PowerPoint presentation. Highlight his name and upload it to his mega service. Next year we'll have more nominations. We'll have different categories maybe. We will actually have trophies and more booze and hopefully we'll have more people. All of you that came in for the free shots. Defconn parties is ready to give them to you later tonight. Thank you. Thanks, guys.