 Good evening DEF CON! How many of you are here for your first DEF CON? Raise your hand. Me too. Isn't this awesome? Don't make it your last. Yeah. My name is Michael Shear, most famously known for the name you saw when you were looking in the program for Bruce Schneier. Haha, okay. Anyway, my name is Michael Shear, the press 98. I'm going to give a talk called Hacking Iraq. This is what I'm going to talk about. Introduction. I've got some disclaimers that I got to put out for you. I'm going to talk a little bit about my background. I'm going to talk about why the Navy is in Iraq. I'm going to talk a little bit about the communications infrastructure in Iraq. And then we'll talk about IEDs and a little bit about the future. First of all, this is stuff I have to talk about just to let you know. I'm active duty military and there are some limitations on what I can say. So how many of you are active duty military, former military? Yeah, quite a bit of you. You know what operational security is. Information that is not necessarily classified, but information that if you put a lot of it together can reveal classified information. That's a limitation of my talk because I can't tell you so much that somebody can go hurt my fellow soldiers serving in Iraq. So there's a limit on what I can tell you. The challenge, because I have to decide, is it worth me getting up here to tell you so that 50 minutes from now, can you walk out of this talk and say, wow, that was really cool, but some insurgent in Iraq can download this talk off the internet and say, well, that was 50 minutes. That 50 minutes was a waste of my time. So that's a challenge for me to be up here and I hope you appreciate that. This presentation is unclassified. If you came here expecting classified information, that's kind of silly. If you thought I was going to reveal something and I'm not going to. Nothing in this presentation is classified. Nothing's for official use only and nothing violates the Privacy Act. There's a whole bunch of DOD directives that say I couldn't work on this presentation while I was at work, so I didn't. There's a couple other presentations that say if the DOD released information, like if they had a press conference, I can use that information. Isn't that nice of them? All the information on my slides, the pictures were either obtained like I took the picture or they were obtained using unclassified search terms or from DOD press conferences. So there's not any information here that isn't already out there. By the way, I'm off duty right now. I'm not here as a representative of the U.S. Navy or the United States government. And finally, I don't care if you're for or against the war, that doesn't matter to me. This talk is not about the war per se. This talk is about improvised explosive devices. Okay, get all that out of the way. My background, I'm an active duty U.S. Navy Lieutenant. I'm actually getting out of the military in February, so I'm almost done. I'm an EA-6B electronic communications electronic countermeasures officer, licensed amateur radio operator, and I'm active on the church of Wi-Fi forums, remote exploit forums, and DEF CON and NET Stumber forums. If you're familiar with any of those places. This is what I used to do. This is a picture of the EA-6B Prowler. It's an electronic countermeasures jet that jams enemy radar and communications. So I'm an aviator. I fly for a living. This is the USS Abraham Lincoln. I spent nine months in 2003 doing a tour in the Middle East flying off of Abraham Lincoln. This is me in the back of the jet. By the way, if you're ever at an air show and you get to climb in a jet and you see anything that's yellow or black, don't touch it. For example, that handle above my head, that's the ejection handle. If I pull that handle out about two or three inches, I go through that canopy. No, the canopy doesn't come off. I go through the canopy. This is an EA-6B Prowler going off the front end of an aircraft carrier. It's about zero to 135 miles an hour in about two seconds. It's better than any roller coaster you've been on anywhere, and I've done it about 250 times. It's the best thing I've ever done. That's what I used to do. This is what I did for nine months in Iraq. If you're familiar with the video of Saddam Hussein wearing a suit, brown suit, he's got a fedora and he has a shotgun and he fires it off and the crowd's cheering. That's at his Saddam's parade ground. This is where I'm standing here. This is a picture outside of Boulod, Iraq. This is a convoy that has stopped for three hours in 130 degree heat because someone thought they saw an IED on the ground. There wasn't anything there, but we stopped for three hours in 130 degree heat. It was not very fun. This is a picture, a capture of an improvised explosives device going off. Fortunately, I was not in this vehicle at the time. I don't have a lot of videos of this stuff, but you can search all over the Internet and most of it's recorded by the insurgents. Okay, I did stop by the pool at the US Embassy once or twice. It's actually very nice. So why is the Navy in Iraq? I'm an aviator. Why am I standing there with an M16 wearing army camouflage and 60 pounds of gear including armor plates and body armor? Why? Well, first of all, is the threat from improvised explosive devices. The army says or the military says that the bleeding cause of injury and death to soldiers in Iraq is improvised explosive devices. Yes, there are snipers. Yes, there are suicide bombers, but IEDs are the number one cause of casualties in Iraq. The numbers vary 65, 70, 75% of casualties are caused by IEDs. Well, what's the second part of that equation? The second part is that the army asks for help. At the end of the Cold War, the army basically shed their electronic war for capability and they just don't have that capability anymore. This is, you won't be able to read this, but this is a letter written from General Turelli, who was in Iraq at the time, to Admiral Mullen, who was the CNO of the Navy, and in set the next month will become the chairman of the Joint Chiefs of the Staff. And this is basically explaining what I said, that army needed the Navy to help with electronic warfare. The last part of the equation is that the Navy already had an indigenous electronic warfare capability. People like me who are used to flying, except I didn't think my electronic warfare capability was going to be deployed to Iraq for nine months. There's another pick, like E-86B Prowler. It's ugly. The result is JCCS-1, and that's an acronym for Joint Crew Composite Squadron 1. How the military loves the acronym. From the JCCS-1 homepage, here's the mission. Suppression of the RC-IED threat, now RC-IED, I'm going to have to explain all these acronyms to you. Radio-controlled, improvised explosive device to coalition forces and reduce casualties through enhanced electronic warfare coordination and J-Crew operations training and readiness. J-Crew, Joint Counter RC-IED Electronic Warfare. How do you like that? You know somebody got a reward for writing this. So what does this mean? This means that we are using electronic warfare against IEDs. In other words, we're using RF energy to try to prevent an IED from going off. That's what you can read out of that. Before I talk about the IEDs, I had given a version of this talk at Shmukan in March and a lot of people asked me some questions about the internet in Iraq. So I added a good section and I found a lot of decent information about the Iraqi communications infrastructure because it does relate a little bit to my talk. So I want to talk about that a little bit. First of all, we'll talk about the landline network or perhaps the lack of the landline network in Iraq. Secondly, we'll talk about cell networks. And lastly, we'll talk about the very short history of the internet in Iraq and satellite-based communications. The landline network in Iraq was heavily damaged following the Gulf War and the Iraq War in 2003. That's not to say that there was much of a landline network. Even now, there's less than a million out of 27 million people in Iraq that have a physical landline connection, literally copper going to their house. So about three out of 100 homes actually have a landline going to their home. And of those, they estimate less than 50% of the time they actually work. The estimated cost to rebuild the landline network just back to its current state before the Gulf War was over a billion dollars. So the answer is, do we want to spend a billion dollars rebuilding a very poor landline network, or do we want to spend less than that and install cellular networks that more people have access to? And of course, that was the answer. Here's an example. This telephone mainlines per 100 people. A mainline is a connection from your home to the telephone network. So you can see that it peaked in 1990 with almost four per 100. Since then, it's stabilized to about three per 100. So still, not very much. To compare industrialized nations are typically in the 60 to 70 and above range, like for example the United States. Cell networks. Cell networks in large scale began introduction in Iraq after the war began in 2003, after the mission was accomplished. I shouldn't have said that. I'm not criticizing the president, honestly. Iraqi cell phone providers, there are five or six. The first two in bold, Iraq and Asia cell are the two major providers, but there are additional ones. The networks are GSM 900 and although they are installing, they are upgrading probably this year and next year. By 2004, there were 1.4 million subscribers and as of last year, over 7 million. So 7 million people in Iraq have cell phones. Less than a million actually have a phone in their house and there's 27 million people in Iraq. So one out of every three or four people has a cell phone. Everybody's got a cell phone. This is a coverage map of Iraq now, which is actually the major cell phone provider. It doesn't necessarily look like a lot to you, but if you know the population density of Iraq, you know where the cities are located, this actually covers a large portion of Iraq. Large population area in and around Baghdad and then the spots in the south cover the major cities, as well as Bajra down there just north of Kuwait. This is an Asia cell coverage map, which covers mostly the eastern half of the country, as well as most of the northern Iraq, which is commonly referred to as Kurdistan or the Kurdish area of Iraq. We're going to talk a little bit about the history of the internet in Iraq. Prior to 1999, it's estimated that perhaps 10,000 people had dial-up access to the internet. 10,000 out of 20-some million. You can also imagine that most of these people are either bathists, which were Saddam Hussein's party, loyalists, or the very wealthy. So we're talking about a very small percentage of the people having dial-up access, so very few people that actually have cell phones. And of course that internet was heavily censored so that these people couldn't access anything outside of, you know, whatever Iraq thought, whatever Saddam Hussein thought was appropriate. Between 1999 and 2003, there was a bit of liberalization in the internet policy. Perhaps 75 internet cafes operating throughout Baghdad and Iraq. Perhaps 25,000 users. And again, heavily censored so that these people couldn't really get anything outside of what the bathist party wanted them to see. Since the war began, now over 100,000 users estimated 500% increase in users over the next five years. You can see the graph here. It's going to be explosive as the landline network starts to rebuild. Also, a lot of that internet is satellite-based, which is, if you see a home in Iraq, it's generally made of dirt. They have maybe one or two rooms. They may or may not have electricity. Well, they probably have electricity for their satellite dish. Everyone in Iraq has a satellite dish. Uruk Link is the primary provider of internet in Iraq. It was originally part of the Ministry of Information, so it's kind of a pseudo-state entity. But there are other providers. And there's a lot of private companies that do provide satellite access to Iraq. And that is where most of the access is coming from. That's where you'd get broadband, really, if you wanted access in Iraq. Provided primarily by Middle Eastern and European companies. Very interesting. Almost every country in the world has their own domain except Iraq. .iq domain was owned by a company called Infocom, run by a gentleman in Texas, until 2005. So Iraq had no home on the internet. By 2005, this domain, the gentleman in Texas, I won't go into the backstory, but he had some problems with the law. And the domain was finally assigned to Iraq. However, there's perhaps 500 sites on the internet. If you do a Google search for site.iq, you see perhaps 500 sites on the internet that actually are under the iq domain. And in fact, most government sites in Iraq are still using .com, .org, .net sites, or just generic sites like that. Very few, perhaps one or two ministries in the Iraqi government are actually using the .iq domain. There's also a smattering of satellite-based communications for both internet and telephone. Iridium, Thoraya, intersputnik, I wonder who that is. IntelSat gives you an idea of what's available. So there is pretty good coverage in all of the Middle East for satellite-based communications. I want to spend the majority of my talk talking about improvised explosive devices and a couple of things. First of all, what makes up an improvised explosive device? And then secondly, how can we start to get rid of these things? We're not going to eliminate them. It's like risk. You can't eliminate risk. You manage risk. You manage the IED problem. What makes up an improvised explosive device? Well, it can be complicated, but really it comes down to three basic components. The initiator, the detonator, and the explosive charge. The initiator is a device. Well, let me go back into the initiators. There are four basic types of initiators. There's the command wire. This is the Wiley Coyote wire that goes from the device all the way winds to the Wiley Coyote holding, pushing the button or pressing the plunger down, sending the signal through the wire to the bomb to go off. That's a command wire. The second type is victim operated. Victim operated is a booby trap, perhaps a pressure wire or a trip wire. In other words, something that the victim, the intended person who the device is intended for, is actually tripping some sort of signal or physical device to set off. A mine is a victim operated device. Third would be vehicle born. Vehicle born is either a suicide bomber or perhaps just a car bomb that maybe perhaps no one is actually driving, but a car bomb. So a suicide or what's referred to as a V-bed. The last area was really my focus, and that's radio controlled IED. In other words, someone's pressing a button on some device or sending some sort of signal through our radio frequency signal to another device and that is actually setting off the IED. Radio controlled initiators, the most common, the one you press, the key fob that you open your car with, very popular use for IEDs early on in Iraq. Not a lot of distance on that thing though. When they realize they have a stand 50 feet or less from the road and they know you're looking for them, maybe they want a little bit more distance. Motorola, walkabout, talkabout, radios, FRS, all over the place. Long range cordless telephones, not very prevalent in the United States because of power restrictions set by the FCC. Very similar to the cordless telephone you have in your house, but imagine if it was good for 20, 30 or 40 kilometers. They're all over Iraq and Europe. Imagine taking your home phone when you went to work, driving around wherever. Lastly, the cellular telephone. We talked about the rapid growth of cellular networks in Iraq. There's cell coverage almost everywhere people are. That means you can detonate an IED anywhere people are. What's the second portion of an IED? Well, it's the detonator. It's the thing that receives the charge from the initiator and sets off the explosive device. What's a detonator? Well, it's a blasting cap. It's a debt cord. It's some sort of device that sets off the explosive charge. And the third portion of the IED is the explosive charge. This is the thing that goes boom. There are lots of this stuff all over the place. So back in 2003, what was everybody talking about? WMDs, WMDs, WMDs, WMDs, weapons of mass destruction, biological nuclear. You've heard all that stuff. That was the focus. That's what we were looking for. What weren't we looking for? The tons and tons and tons and tons and tons times infinity of conventional weapons all over the place in Iraq. Artillery shells, mortar shells, landmines, unexploded ordnance that we dropped and didn't go off. All of this stuff is all over Iraq. We found some of it. We found perhaps a lot of it, but there's still a lot of it left. Not much of a focus on this stuff. So now we know the three basic components of the IED. You have the initiator, the detonator, and the explosive charge. So it could be more complicated than that, of course, and probably most of them are, but those are the basic components. So let's talk now about attacking the IED problem. And if you think about this, it's, like I said earlier, it's like risk. You can't eliminate risk. You can only manage it. I'm a penetration tester, by the way. I'm a penetration tester of enemy air defenses. Think about that one. My high-speed anti-radiation missile is your metasploit. At least a few people laughed. Attacking the IED problem. There are five steps to attacking the IED problem. This was outlined in a press conference by the DOD. So it's not like, wow, this is really, I mean, this is cool information to me and hopefully it's cool to you. But it's not like I assembled this and, wow, he revealed some classified information. The first step is to eliminate source materials. We just talked about the source materials, the radio-controlled devices, the initiators, the detonators. All three of those things are source materials. So initiators, the first step of source materials. Well, of course, all this stuff is dual-use technology. You've all heard of dual-use technology. It's technology that can be used perhaps in a good way or a bad way. A cell phone. This thing could be used to detonate an IED in Iraq. Or it could be used for me to talk to my wife. It's a dual-use technology. So we're not going to stop people from using cell phones in Iraq because we just installed their cell phone network. Well, not we, but... So many of these devices are designed for non-military purposes. So we can't just ban them. We can't really control them either. The problem is they're being exploited as devices for IEDs. There's a plentiful supply. Do you really have any doubt that cell phones won't get to Iraq or Motorola radios won't get to Iraq? Virtually impossible to track. And they're required for basic government functions. Remember, those three out of every 100 people that have landline telephones in Iraq, that includes the people who work for the government, too. So they have cell phones. The government operates on cell phones. You can't just eliminate them. When somebody talked about this, a landline network is virtually non-existent, extremely costly to rebuild. Lots of people. Here's the map again. Why did I show that twice? Detonators, the second source material. Detonators are also dual-use technology. What are we talking about doing in Iraq? Rebuilding, rebuilding, rebuilding, rebuilding. How do you rebuild? Well, sometimes you've got to blow stuff up to rebuild it. You know, it's part of the construction process. Detonators have legitimate uses in construction. Of course, they're being exploited for IEDs. Again, plentiful supply, almost impossible to track. Finally, the explosive charges. Huge caches left over from Iran-Iraq war, the Gulf War, 2003 Iraq war, everything, all over the place. When I say all over the place, really, there are huge bunkers, underground bunkers, everywhere filled with stuff. And it's not even sometimes that we can't, that we don't know where this stuff is. We don't have the resources to go get it all. It's everywhere. Again, the focus was on major conventional weapons, Skud missiles, WMDs, all that sort of stuff, and the conventional ordinance was kind of left over. Okay, so we talk about trying to eliminate the source materials, and we see that that really is a very difficult, if not almost impossible problem. So what's the next step? Well, let's target the IED network. So perhaps we can locate and eliminate the financial backers behind the network, or locate and try to eliminate the actual people, try to round up the people that are actually building these things. You can see that JIAIDO stands for Joint IED Defeat Organization. There's your next acronym. Their budget for offensive operations, which they really won't say what that means. I can't tell you what it means, grew from 13% of their budget to 31% of their budget. So a considerable increase in their budget went to offensive operations. In other words, going after something. This nice little graph over here shows you the number of tips that are called in to the coalition forces. Because when people call in and they give tips, and perhaps if it's a good tip and someone's rounded up, then you slip them a few hundred dollars, they might call again. So how do we eliminate the network? Well, there's an organization called SEXY. This is really how they pronounce it, SEXY. Combined Explosives Exploitation Cell. There's your next acronym. What does that mean? Well, it means Coalition, IED, Forensic Investigation, and Hardware Hacking Group. That's basically what they do. I can't really go into more detail. They really have a sign on their door that says CSI Baghdad. And I say that half jokingly and half serious, that that's really what they do. They're CSI Baghdad, they really are. If you want to find a word about SEXY, search from Google, you won't find all that much. Here's one thing I did find. They provide the technical and operational analysis of bombs, so basically what I said. They try to figure out how the devices operate. They're in Iraq, so that's kind of the front line of the CSI part. The back part is called, it's a program called TDAC, Terrorist Explosive Device Analytical Centers. This is a big database run by the FBI and ATF. So all this stuff, they kind of get in Iraq and Afghanistan and all over the place. They go back to the states and they have this huge databases, so that maybe you can perhaps fingerprint who's doing a certain bomb or something like that. There's a couple links down there. That's about all the only thing on the Internet about TDAC. Really, they have like a website, but there's really nothing else. That's about all you can find. They are .gov sites, too. So we do have a little bit of a capability in eliminating the network by seeing how their devices operate and seeing how... I mean, it's almost like, if you're doing analysis of crimes and somebody has the same description of the same person who's doing a certain crime, we have a series of robberies going on back in State College, Pennsylvania, and all the robberies are white male, five, six to five, nine, 170 pounds, wears black, brandishes are black. The description is pretty much the same in all of them. So you can almost do that sort of thing with a bomb. You can take a look at a bomb and almost tell who makes it. You may be able to say, all these bombs are made by this guy. Maybe. So we do have a bit of a capability there. Third step is eliminate the bomb in Placer. This is the guy who actually goes out, takes the bomb, puts it on the road, maybe digs a hole or whatever he wants to do. So he places the IED at the target location. He may or may not be part of the network. He may be part of the group and his job is to put them out there or they may come into your house, point a gun at your head and say, you will go put this out on the road and here's $20 or $50. And thank you very much for your help. So he may or may not be sympathetic to the insurgents. He may be, people who are sympathetic to the coalition forces. You can't really say. But perhaps we can eliminate the person who's actually placing the bomb there. Let me go back. This person may or may not actually arm the device. They may have someone else come about somebody later and arm the device. So one guy puts it out there, another guy comes and arms it. They may be involved in videotaping the operation. Most of the IED videos you see on the internet where they play the Haji music is actually filmed by the insurgents. They love videotaping. There's almost always somebody videotaping. So how do you eliminate the bomb emplacers? Well, you get tips, community pressure and money. If they pay $50 for them to replace it then we'll pay them $100 not to replace it. Sometimes money talks. So let's say we've gotten to this point and we've been unsuccessful in eliminating the source materials. We can't figure out who's behind the bomb and we can't figure out how to stop the guy from placing the bomb. So the bomb's out there. Our next step is to prevent detonation. So we want to stop this IED from going off. This was my primary job in Iraq. Electronic warfare, jamming. IEDs, try to prevent them from going off. There's that statement again that somebody got like a really good award for writing that. Jammers, RF energy. You know how... This is how jamming works. There's a receiver that's being jammed. There's two people jamming it. The guy trying to set off the bomb and me. Jamming works by who gets more power into the receiver. So if I can get more power into the receiver the device doesn't go off. Very simple. How do you get more power? How do you get more power into the receiver? Well, perhaps you have more power or you're closer. Those are the two primary things. There's lots of jammers. Airborne, vehicle mounted, dismounted. Different models, different manufacturers. Different capabilities. That's all I have to say about that. I can't go into any more detail. Honestly, I don't want to and that's because if I reveal capabilities that we have then they can adapt their tactics to perhaps harm people that I know who are still in Iraq right now. So I'm not going to tell you. I hope you can appreciate that too. Okay. We haven't been able to eliminate the source. We haven't been able to eliminate the network. We haven't been able to eliminate the bomb being in place and we couldn't prevent it from going off. So this IED is going to go off. The last step, protection against explosion. How can we protect our soldiers not just the United States but there's, you know, you hear mostly the United States, yes, but there are quite a few countries who have soldiers in Iraq who are putting their country's soldiers or putting their soldiers in harm's way every day. Armor protection. It's not just about more. The easy answer is well, let's just put more armor on the Humvee. Well, there's a couple problems with that. First of all, there's a couple different types of armor. There's one type of armor called high hard steel. There's another type of armor called rolled homogenous armor. The problems with these things are one armor may be good against stopping bullets. Okay? But perhaps doesn't do so well against explosions. The other type of armor is quite the opposite. It does well against explosions but doesn't do so well against bullets. So we can't just put more armor on. This is a short little video and this just shows you the effect of something called spalling. Spalling is where armor is hit by a projectile and actually breaks off part of the armor, not only going through the armor, but causing the armor to actually fracture and sending more shards of armor into the vehicle. Spalling very dangerous and very casualty causing in Iraq. So really you have to find it's not just about more armor, it's about finding the right type of armor, the right combination of types of armor. Also consider this and this is, to me, when I read this slide you're going to say this stuff's obvious but we don't always think about it. More armor means more weight, a lot of weight. You're taking a 14,000 pound or 13,000 pound Humvee and adding perhaps a thousand more pounds to it. What does this do? It decreases the maneuverability and speed of the vehicle. It increases the roller potential because it raises the center of gravity. The private or the sergeant who's been driving this vehicle for six months knows every inch of that vehicle. He knows exactly how to drive it. You've just changed the center of gravity of his vehicle. You've just decreased the responsiveness of his gas pedal. You've put more of a strain on his engine you've added more stuff and now his vehicle is stretched to the limit. He may roll this vehicle over the first time he takes it out because he doesn't understand that that thousand pounds did all that to his armor. So it's not just about adding more. The second point about protection against explosion is the underbody versus the sides of the vehicle. As in every mythical sense, the underbody of a vehicle is always the most vulnerable portion and it's often the most or the least protected portion of the vehicle. It's great to have stuff on the sides but what happens when that IED blows up right underneath the tire or right underneath the engine block? You'll see really in the next year that the U.S. military is going to V-shaped hulls. We say V-shaped like literally looks like the bottom of a boat and the idea of this is the explosion going up into the vehicle to direct it outward to protect, basically giving a better underbody protection to soldiers. This will probably be the biggest life saver of troops in Iraq. The last thing I want to talk about is a little bit about the future and these are some things that are somewhat being implemented in Iraq some not being implemented in Iraq kind of a hodgepodge of things that I found that were a problem. The first is a very interesting project being done at the University of Missouri RALA that has no connection with the military. This was in their automotive engineering department. They started a project where they wanted to listen to a car engine and determine by listening to the engine kind of make a signature and be able to say well that's a Chevrolet actually make a signature of the vehicle somehow they went from that to being able to look at a device, an electronic device that is perhaps not even on or radiating, but still gives off unintended emissions. So perhaps a RC toy car or controller that is turned off. It's still giving off some emissions. They're unintended because the circuit is not perfect but it's still giving off some sort of emissions. This project is able to look at those emissions and actually determine what sort of device that is. So the device that's not even on they can look at just a receiver look at the unintended emissions of the receiver and say well that's an RC toy controller that's I mean this is a really cool project that hopefully will get picked up by the military and implemented into detection of IEDs because if it's an explosive device and it's got some sort of circuit it's going to give off some sort of emissions. The second is a project to kind of talk about the problem where he said adding lots of weight to the vehicle and this is an idea about putting like an explosive resistant coating almost like what's that stuff that you spray in the back of your truck liner type. Not exactly that but some kind of spray on material, something that would provide some explosive protection and there's some testing going on in this I mean they're not saying yes this will work but you know they're trying to what can we add to the vehicle that doesn't weigh a lot that does provide some sort of protection. The last idea is something that is very kind of interesting and the idea is instead of someone you know calling on a cell phone and calling a coalition hotline and saying the al-Qaeda is in my neighborhood I'd like you to come and get them because perhaps al-Qaeda will visit a house and look at his cell phone and know that he called the idea is to have some sort of almost like tour over cell phones where someone can call, dial and send a text message to some random number and then this message will somehow get to the coalition and it's not just cell phones, any sort of sensors that are out there that can transmit information I mean this is more this idea is more theoretical than really implementation or in any sort of implementation phase but it's an idea that's out there it's how can we get people to provide information or to inform on the coalition or to inform on insurgents but still having some protection from their self because who's going to inform when they know that someone may be coming to their house that night to visit them finally hyperspectral sensors hyperspectral sensors are so we're talking about a sensor that detects emissions over a wide range of the spectrum and can detect changes in the spectrum so you've seen those videos or those infrared videos where they show a street of cars and you can say oh that car is just turned off because the engine block is still glowing the heat from the engine block is still still on the ground the temperature so perhaps if we scanned an area of the ground and then we perhaps there was a whole dug a whole dug in the ground recently somewhere well you think we could probably tell that the temperature of the ground there would be different from the surrounding area because it had been disturbed so that's another area where we can perhaps say where something has been changed a specific kind of IED it's called an EFP or Explosively Formed Penetrator it's a very dangerous device this is a shape charge the picture on the left is a EFP that thing is probably the size of a large coffee can okay it's a cylinder and that's got a copper concave lid on it see the picture kind of on the sideways there this explosive device is designed to go off and that concave copper lid will actually invert as you can see in the picture there it's a scientific effect called the Misne Shardin Effect actually turn into a molten jet that will eat through just about any armor out there this is a recovered piece of an EFP after obviously it's not molten anymore but this thing will go through almost anything I was responded to an incident where one of our vehicles was hit by one of these devices fortunately nobody was seriously injured however there were holes all over the place in the armor where this stuff just penetrated right in cut through steel like butter these things are not new the Israelis have been dealing with them for decades if you know if you can figure out who the enemies of the Israelis are not just people in Israel but larger you can imagine perhaps where they come from they don't all come from Iraq there's some people that are very good at these things they've been doing them for a long time I'll leave a few minutes for questions here and then I will go over there's a room down the main hallway I think it's 110 or one of those rooms in the main hallway it says area 1 Q&A if you have any questions at all please come down to that room I'll be more than happy to stay there as long as until they kick me out to answer your questions there's a couple of people I'd like to thank the DEF CON staff especially because I hope that in the last 45 minutes or so you think wow that's kind of a talk that I didn't expect at DEF CON this is not the thing that you would expect to come to a computer convention and see however I think it's something that would be interesting to you have you guys found this interesting thank you thank you I'm part of an organization called the church of wi-fi we're running the wireless village up in skybox 209 I've seen a lot of you up there the room has been packed all weekend and because of that it's we're likely to have the same opportunity at DEF CON next year we're going to be operating tomorrow probably from 11 or so until the closing ceremonies so please stop by the wireless village we'll have an RFID locating contest tomorrow and a breakout session so if you don't even know anything about RFID and you want to learn one of our members thorn who's up here in the front will be given that session tomorrow we even have some of the materials you need so you can show up with nothing and you can make something it'll be really cool my family I'm from Pennsylvania I've got a seven and a half month old who my wife is sending me pictures of the last night running around in her walker and so my wife is at home taking care of the kids and allowing me to be here I talked about the wireless village and the contest thank you all for coming to the talk like I said this is my first DEF CON 2 DEF CON is what you make of it so hopefully some of you if you have ideas get up here there's DEF CON I didn't expect to be sitting in Area 1 the biggest room in all of DEF CON practically full thank you it's 8 o'clock it's not going to be completely full but this is really cool question the question is are you saying are all the cell phones motorola did I really say motorola five times did I really say motorola five times there's cell phones all the cell phones are all sorts of cell phones but I have seen a lot of the talk I was just talking about the motorola talk about but yes cell phones of all varieties Siemens Nokia whatever your cell phone is there's one of them in Iraq too you're welcome question up here in the front yes it could be possible but now you're assuming that the cell phone company has advanced knowledge that all is going to be made with all calls ok the question was can the cell phone company introduce some sort of delay into the network to perhaps make the call perhaps just a little bit more inconvenient but reduce the probability of the cell phone detonating the IED at the right time was that correct I won't go into specifics detonating a cell phone IED precise time is already very difficult so I don't know if that's possible it honestly I don't know if that's possible the because we've handed over sovereignty of the country to Iraq it's their country we can kind of make suggestions to them but it's up to them whether or not they follow them yes right here the question was is the device linked to a particular cell phone or any random cell phone we're going to call a specific cell phone and perhaps have some sort of code to set it off does that make sense so yes they're going to a specific phone does that answer your question there may be there may be a cell phone to a cell phone or a landline to a cell phone the cell phone may actually be the initiator and the receiver of the signal as well second row right here I would say that in large part I will say that it's discouraged but the rank structure the rank structure in place is such that my job was not to come up with ideas so if I had an idea whether it was good or not it didn't really matter because that was not my job so in that sense the military or the concept of what I was doing was very anti-hacker in that sense does that make sense I did submit a couple ideas and they didn't go very far and I thought they were good ideas but that was not my job in Iraq so do your job his question is the military structure geared so that people can submit ideas and be very open and kind of be outside of the there's not that kind of environment sorry the light's a little bright the second row over here general his question is are we seeing more advanced techniques, detonators devices from the enemy warfare is back and forth it's always we do something they respond or they do something we respond to it they do something else we respond to that that's the history of warfare and it's no different in Iraq it started out with very simple devices and it's gotten more complicated as it's going on so yes I'm assuming that any other questions like I said if you have other questions that you haven't asked here I will go to, I'm not sure what Roman is it's the first room on the left in the main hallway when you go towards the registration desk I'll be there until they kick me out thank you for coming tonight enjoy the rest of your DEF CON