DEF CON 19 - hackers get hacked!

Fri Nov 29 17:30:24 PST 2013

On Thu, Nov 28, 2013 at 8:14 AM, rysiek <rysiek at hackerspace.pl> wrote:
> ...
> So could we have the context now, please? :)

timeline:

- 04/Aug/2011 DEF CON 19 begins!  LulzSec, Anonymous, many other lower
profile independent security enthusiasts and hacktivists (read: FBI
and $TLA targets of interest) in attendance.  presumably the large
numbers of foreign attendees, the "exigent circumstances", and
whatever other fig leaf legal justifications were applied, allowed the
following events to occur on US soil against US citizens without
warrants.

- 05/Aug/2011 08:00 AM-midnight-+2hrs, 06/Aug/2011 08:00
AM-midnight-+2hrs, 07/Aug/2011 08:00 AM-midnight, 08/Aug/2011 08:00
AM-noon, DEF CON 19 hackers targeted en masse via active MitM on
2.5G/3G/4G bands.  traditionally WiFi most hostile, this marked a
distinct change in threat landscape at the conference.  custom exploit
automation and ex-filtration via DRT tech at high power levels on
site.  the MitM position was specifically leveraged for secondary
attacks against vulnerable applications, update mechanisms,
communications, and core OS functionality spanning PC and mobile
systems.

- 10/Aug/2011 attacks disclosed on full-disclosure list; we had been
running custom ROMs and SDR kit through the conference, in addition to
"performance analysis" on the MitM exploit system (spoiler alert: it
was trivial to DoS via spoofed network endpoints and leases leading
for "fork bomb" effect of exploit threads launched to service attacks
against newly joining client on the network.  among other weaknesses
:)

- 24/Jul/2012 coderman arrives in Las Vegas for DEF CON 20, clear view
of Alexander's military transport on the tarmac.  immediately upon
landing all exceptionally hardened mobile test devices pwned via
baseband attacks while in airplane mode.  SDR and power monitoring
gear confirms exploitation and ex-filtration.  this was just the first
in a series of impression baseband and sensor level attacks.  coderman
never hacked so hard nor so thoroughly before; proper fucked. (months
and months of effort at Android kernel, system, and application level
hardening for naught)

- Jun+Jul+Aug+Sep+Oct+Nov/2013 the year of discontent, details emerge
on $TLA offensive operations against domestic targets, the role of
third party contractors and infosec industry collaborators in same.
singular events once considered anomalies or inscrutable now viewed in
the overall framework of understanding around pervasive in-security
and offensive operations as national security imperative.

... which leaves us where we are now: with networks, systems, and
software unable to defend against many of the attacks now
unambiguously and entirely clear to the public at large.

the ending to this tale yet to be determined!  [choose your own
adventure *grin*]