Fear and hacking in Las Vegas – ground rules for the uninitiated

I’ve just barely arrived in Las Vegas at 8 p.m. local time and the weather app on my phone says it’s 100 degrees outside.

I’m less concerned about the stark contrast from the temperate mid-60-degree climes I’ve grown accustomed to and more wondering whether I should put my iPhone back in airplane mode for the duration of my visit – wireless and cellular signals are easy to hack.

I’m in town because I’ve got a press pass to Def Con 2012, the 20th anniversary of the annual hacker free-for-all that draws curious code-writers, the security-obsessed, high-tech recruiters and, this year, the head of the National Security Agency, who is acting as the event’s VIP speaker.

At last year’s Def Con conference Jay Radcliffe, a diabetic and cyber threat intelligence analyst at IBM, hacked his own insulin pump live on stage. He demonstrated that he could remotely infiltrate and manipulate it without leaving a trace.

As medical devices become increasingly software-driven and more of them transmit data via wireless connections, it was only a matter of time before someone decided to take a peek at the code and test the defenses. What security gurus and researchers are increasingly reporting is that medical devices are woefully lacking in cybersecurity.

This year’s event features a couple of talks directly tied to the growing integration between biology and technology and the conflicts created when your high-tech pacemaker can talk to a computer that’s 200 feet away. As MassDevice.com’s resident geek, I eagerly packed some light clothing and headed to the desert.

Def Con follows its more professional brother, the Black Hat security conference that is already underway, and which draws a more corporate crowd, partially because of a rather steep $2,600 on-site ticket price.

Def Con charges $200 – cash only at the door, no paper trail – for a 4-day festival during which technophiles from all walks explore computer security, expose weaknesses and discuss how to protect individual privacy in an increasingly vulnerable digital world.

My paranoia, which begins to well as I draw nearer to the Rio hotel where Def Con is held, isn’t an homage to immortal writer and journalist Hunter S. Thompson – nor is the cliche title of this blog. I’ve been warned that I’m entering "one of the most hostile environments in the world."

Being in the same room with a cadre of enthusiastic hackers has certain risks, even if they’re merely the curious, exploration-minded type (known as "white hat" hackers) who prefer to expose cyber-security loopholes, not exploit them.

The convention organizers are going out of their way to create a haven for members of the media, providing a sort of safe-room for press that offers secured internet connections and access to event staff, known as "Goons," who can act as guides.

Nevertheless, it’s ultimately up to me to protect my digital self and ensure I’m not a walking target. To that end, the Def Con Goons provided me with a list of self-defense suggestions, as well as friendly tip to avoid using "Fear and hacking in Las Vegas" in any serious sense. A clutch of other publications have been there and done that, so to speak.

The rules of keeping oneself safe during Def Con include shutting off potential access points to cell phones and computers (past attendees have set up fake cell phone towers), keeping off of wireless internet connections and avoiding any and all ATMs in the general area.

What’s perhaps most disconcerting is that the vulnerabilities I’ve just been made aware of aren’t isolated to Def Con or any other gathering of cyber-security enthusiasts.

Check out the Def Con ground rules for the uninitiated to see why I’m taking the stairs from now on:

1. Get ready to hack and be hacked!
2. Keep your hotel key card deep in your wallet, not in a pocket.  It can be scanned by the touch.
3. Do not use the ATM machines anywhere near the conference.
4. Bring cash and a low balance credit card with just enough to get you through the week.
5. Keep your RFID credit cards and IDs at home or in a special wallet.  They can be scanned from over 200ft away.
6. Turn off File Sharing, Bluetooth and Wi-Fi on all devices before entering Las Vegas.
7. Do not use the Wi-Fi network at the Vegas Airport or DEF CON unless you are a security expert or have consulted with the Wall of Sheep experts.  We have wired lines for you to use in the press room.
8. Make sure you have strong passwords on ALL your devices. Don’t send passwords "in the clear," make sure they are encrypted. Change your passwords immediately after leaving Vegas.
9. Do not use public phone chargers.
10. Do not leave a device out of sight, even for a moment.
11. Do not use the elevators.  Just kidding…kind of.
12. People are watching you/listening to you at all times, especially if you are new to the scene.  Talk quietly. Conduct confidential phone calls off site.
13. Don’t accept gifts, a USB thumb-drive for instance, unless you know the person very well.