Right now the world’s biggest hacker conference DEF CON 27 is in Las Vegas like playful malware, spreading itself across the gigantic hotels of Paris, Ballys, and Planet Hollywood (August 8-11). That’s a lot of walking and a lot of expensive taxis. That’s a lot of hangry. And it’s a lot of fun if you know a few insider tips.
No doubt you’ve heard a lot of cautionary tales about how to prepare. Guides are written every year, and many like to scare you. This guide is just the tips. I’m going to tell you how to stay safe, survive, and get the most out of a very complicated (and quite wonderful) conference.
Personal digital security is a primary concern. It should be — as it should be every day, but at DEF CON it comes with immediate consequences. Read this post. It explains what high-risk behavior looks like and how not to get hacked. Do the things that post recommends if you can — but don’t freak out if you can’t. Personal digital security is unique to each of us. Only you will know what you’re at risk for, and there’s no one-size-fits-all for security.
Do use a VPN whenever you connect to wifi. Don’t pick up USB sticks of the floor and plug them in to your computer. Would you eat food off the floor in a casino? Ew, no. If your phone randomly reboots/updates without your consent, consider it unsafe for sensitive information until you can safely check all your accounts for unusual activity.
Yes, this conference has some of the best security professionals in the world working to make sure attendees are not attacked — but also know how very attractive this makes the conference to attackers. You are at risk. You will also walk away with better everyday security habits.
The most helpful way to think about digital security, especially in this atmosphere, is in terms of harm reduction. This is where you learn about the risks you’re taking and take steps to reduce those risks. Do the things that make the most sense for you and your specific situation and needs.
DEF CON digital security is just life coming at you fast.
You will be in the city of Las Vegas, with all its cultures and predators, packed into spaces with thousands of people who normally don’t spend time around lots of people. There will be a lot of hacker families, who are diverse and weird and cool, and also brigades of bros from major companies whose sugar daddies in management sent them to get pumped and blow tons of cash on hyping their teams and whatnot.
Trust me when I tell you that the Uber and Facebook private parties are worth missing, unless you want to feel sickened about dude-on-dude hero worship at shitty companies patting each other on the back while the world is on fire — I’m just saying, you’ll hear about special parties, and they’re not worth the FOMO.
Your absolute best time is going to be spent with the people you unexpectedly meet, and what you do while all the “special” people are name dropping and comparing watches, or especially, comparing that time they fooled the public about how the basic-bitch security mistakes they made didn’t go public.
DEF CON is actually about people who don’t belong finding each other. People who are smart and gifted in misunderstood ways — who give a shit. This means one of DEF CON’s truths is that at its heart, it is comprised of all colors, all backgrounds, all genders, all orientations, all body sizes and abilities, and all levels of skill and knowledge. The people who count will assess you by how much heart you put into it.
If someone brags about dangerous or illegal shit, name-drops for social currency, or has to tell you about how they “save” people, avoid them. They’re likely lying, and probably dangerous.
You will make plans and they will change — a lot. Roll with it. There’s a weird magic to DEF CON where your plans don’t work out and something cool happened instead. Strange, but always true. This is a "roll your own" experience. If you realize you're having a bad time, stop what you're doing and change the channel.
I once described the hacker conference experience to my therapist. Days of walking, often without water and while hungry; bright lights on all the time with no sense of daylight or outside light to give a sense of time of day; constant loud sounds even in my room; constant time spent with other people, often asking questions or doubting me, often having to be with people I need to reinforce my boundaries with over and over. In addition to being on guard in Las Vegas casinos, with the specialized predators in those spaces.
My therapist said: “Oh. This sounds like standard stress techniques used for interrogation. No wonder people break down.”
You’re going to walk miles, so go easy on yourself and drink lots of water. Sounds basic, but it really does help you think better. This is going to be like four days of day-hikes (with a lot of fun and inspiring stops). Be extra proud of your boundaries, like when you say “no, I need to eat.”
Room security last year was problematic, to say the least. Hotel security was on high alert and violated guest privacy, among other things. Vegas hotel security behave like their own police force. This DEF CON forum post talks about what happened last year, and has the official update about hotel security room checks. It’s not a very satisfying statement, and I expect we’ll have more room drama this year. You may have hotel staff going in your room to “check” it while you’re gone (or when you’re in it): be aware.
Take a minute to mess with the thermostat in your room. On Twitter, @deviantollam wrote “My annual reminder for everyone attending @DEFCON who hates heat and doesn’t want their room to get warm when they’re downstairs at the con. Turn on “Limited Environmental” mode to keep the A/C running if you wish.”
People — yes, including men — get roofied at conferences, and DEF CON is no exception. On Wednesday, researcher Jake Williams made a very personal disclosure and publicly discussed the time he was roofied at a security conference that was held at a casino location. If you poke around the thread, you’ll see a lot of people (of all genders) chiming in about their experiences with this at infosec conferences as well. It’s a thing that happens everywhere, and it’s far more common than we are led to believe. His advice: “Keep your head on a swivel. NEVER leave a drink unattended. Keep your drink in view.”
Feeling a bit stressed about sex stuff? Check out the BADASS CYBER SEXURITY meetup Friday from 3-6pm at Planet Hollywood in Sin City Theatre.
Just as I’m encouraging to you make best friends with your boundaries (and don’t apologize or feel bad for making them, no matter what), do the same with other people’s. Don’t take photos without permission. Not of the room, and definitely not of people, their screens, their kids, their tattoos … Ask first. Appreciate an honest “no.”
Stuff to do
Finally, there are actually four actual tracks at DEF CON.
Two: The parties, official and in elevators, in your room, or at the hotel bar.
Three: Hallways — hallwaycon is lit.
Post image via Star Trek Minus Context.