All Tech Considered
Mon July 29, 2013
What We're Watching As World's Big Hackers Meet In Las Vegas
Originally published on Wed July 31, 2013 9:01 pm
This week the world of tech will turn its attention to Las Vegas, where two separate conferences dedicated to hacking and security are about to get underway. Each year during the height of summer, thousands of security researchers, hacktivists, black hats, white hats and feds descend on Vegas for Black Hat and Def Con. Here are a few stories and trends we're keeping an eye on:
Gen. Keith B. Alexander Speaks
The organizers of Def Con asked feds to consider staying away from the conference this year in the aftermath of revelations of the NSA's extensive phone and data surveillance option.
But the organizers of Black Hat had asked Gen. Keith B. Alexander to speak months before the details of the NSA surveillance programs were leaked by Edward Snowden. And that speech is going ahead.
There's actually a long tradition of feds coming to both of these events, overtly and covertly. Not only do they try to keep tabs on what this community is up to, but these conferences have become a hotbed of recruiting for military intelligence, three-letter agencies and other feds.
This speech should be particularly interesting as it will be the first chance for Alexander to publicly respond to a growing chorus of voices in Washington, D.C., that are calling for legislation to rein in the NSA surveillance programs and bring more transparency to the Foreign Intelligence Surveillance Court.
And Alexander is going to have to deliver it to a skeptical, possibly hostile and technically sophisticated audience.
Barnaby Jack was one of the good guys. He spent his professional life hacking products, not for personal gain but instead to pressure companies to make them safer.
He became famous for hacking into ATMs and getting these machines to spew out piles of cash. The hack became known as jackpotting.
Jack was reportedly found dead in his apartment, and although foul play isn't suspected the cause of death is being investigated by the San Francisco medical examiner.
The hacking community is tightknit, and the announcement has been difficult for many of Jack's friends and colleagues. He was well-liked and widely considered to be a brilliant researcher.
Jack had been scheduled to deliver a talk on Aug. 1 at Black Hat on newly discovered vulnerabilities in pacemakers. He had discovered a mobile attack that allowed him to alter their function from 30 yards away, in what he described as a potentially lethal attack. Last year, Jack demonstrated it was possible to remotely attack a insulin pump manufactured by Medtronic. That research led Medtronic to make changes in the product that made it more secure.
Hacking The 'Internet Of Things'
As more and more devices are connected to the Interne, more and more things can be hacked. This year at Def Con and Black Hat researchers will be showing off attacks that let them take over everything from cars to toys to smart TVs to embedded control devices used on oil platforms.
Researchers and hackers say they worry that as nontech industries start building embedded computers and Internet-connected technologies into their products, they are overlooking security. Hopefully, they say, some of the hacks unveiled this year will be a wake-up call.
In previous years researchers like Don Bailey and Mat Solnik and others demonstrated it was possible to hack into a car remotely. This year Charlie Miller and Chris Valsek hacked into a Toyota Prius and Ford Escape. The two researchers received funding from DARPA to see whether they could take control of the embedded computers that are now ubiquitous in modern cars. They did.
Here you can see them showing off what they were able to do to Forbes writer Andy Greenberg.
MELISSA BLOCK, HOST:
It's ALL THINGS CONSIDERED from NPR News. I'm Melissa Block.
AUDIE CORNISH, HOST:
I'm Audie Cornish, and it's time for All Tech Considered.
(SOUNDBITE OF MUSIC)
CORNISH: We begin in Las Vegas, where the tech world is gathering for two different conferences. Black Hat and DEFCON are both dedicated to hacking and security. And they bring together a wide range of interested parties from security researchers to hackers, to leaders from the federal government.
NPR's Steve Henn will be there, too, and he joins us now. Hey there, Steve.
STEVE HENN, BYLINE: Hey.
CORNISH: So, why two different hacker conferences?
HENN: Well, these two conferences have slightly different traditions. DEFCON is a little bit more countercultural, has almost an anarchist feel to it. Black Hat, traditionally, has been a little bit more buttoned up. And they both attract a variety of really technically sophisticated people to Las Vegas, so it works for both of them to take place during the same week. Many people go to both, but they sort of specialize a little bit.
CORNISH: So what are the highlights?
HENN: Well, one of the big highlights will be a talk by General Keith Alexander, the head of the NSA. You might remember that the organizers of DEFCON asked the NSA and Feds, generally, not to come to the conference this year. But the organizers of Black Hat had asked Alexander to speak months before the details of the NSA surveillance program were leaked. And the speech will really be Alexander's first chance to publicly respond to, you know, a growing chorus of voices in D.C. that are calling for new legislation to rein in the NSA surveillance programs.
It should be an interesting speech, and more interesting because it'll take place before a skeptical and technically sophisticated audience. So it's one to watch.
CORNISH: Now, the other big news in the hacking community this week has been the death of Barnaby Jack. And he was a well-known hacker who was found dead in San Francisco last week. But tell us more about him and, at this point, what's known about his death?
HENN: Well, Barnaby Jack was really one of the good guys. He spent his professional life hacking products, not for personal gain, but instead to pressure companies to make them safer. He became famous for hacking into ATMs and getting them to spew cash. That hack was known as jackpotting.
He was reportedly found dead in his apartment last week. Foul play isn't suspected. The cause of death is still being investigated by the San Francisco medical examiner. And we most likely won't have any more answers for a few more weeks.
But this has been a tough time in the hacking community. It's tight-knit. Jack was widely considered to be brilliant and well liked. And he had a talk coming up this week at Black Hat on work he done on pacemakers, showing that you could attack them remotely and potentially deliver a lethal shock to someone wearing one. He did similar research on insulin pumps last year and that actually led to changes in the product that made them more secure.
CORNISH: You know, ATMs, computers, I understand that. But insulin pumps and pacemakers, why?
HENN: You know, it's actually one of the big themes at both Black Hat and DEFCON this year. More and more things are being connected to the Net and having computers built into them. And when that happens, they become vulnerable to attacks like this. So this year, we're going to see research showing that cars can be hacked, toys can be hacked, television sets, so all those things like infrastructure and oil fields and water treatment plants.
You know, the researchers and hackers I've talked to say one of their big concerns is that as non-tech industries adopt these technologies, they're not necessarily doing what they need to to make them safe.
CORNISH: That's NPR's Steve Henn. Steve, thank you.
HENN: My pleasure. Transcript provided by NPR, Copyright NPR.