Inside Defcon: What Happens at the Annual Hacker Convention

Ruben Santamarta sauntered into our Las Vegas hotel suite looking more like a sleep-deprived 32-year-old than a highly-regarded international security researcher.

He’s not thrilled with the culture in this desert oasis.

“Too hot, too many parties,” Santamarta, who’s here to deliver a speech, told us in broken English.


The Spanish hacker and his press agent Craig Brophy are in high demand at the myriad of parties going on around Black Hat and Defcon, two conferences that make up a week dedicated to the art and science of hacking.

Santamarta hit parties for Facebook, Google, Rapid 7 and IOActive, among others, but he really just wants to give his talks and then vacation with his girlfriend in Los Angeles.

Why the interest? Santamarta recently released cutting-edge research on how he was able to hack into an airplane navigational system via the airplane’s inflight Wi-Fi signal and entertainment system. The Spaniard also published a 25-page report called “A Wake-up Call for SATCOM Security,” that provided details on what he said were multiple vulnerabilities in firmware used in satellite communications, including aviation, military, maritime transportation, energy and even media communications.

We caught up with the Madrid-based IOActive security researcher right after he spoke at Black Hat, a high-end security conference geared toward corporations, security professionals and FBI types. It costs about $3,000 to get in the door. 

The topic of Satellite vulnerabilities alone was enough to raise concern within the security industry and earn adoration within the hacking world.

Santamarta is something of a rock star. He’s got fans and followers. Many of those acolytes descended on Las Vegas for a chance to see him speak at the Black Hat convention.

Thousands more who want to emulate his skills were in town for Defcon – a very different type of security conference that’s held the first week of August in Las Vegas and stands in stark contrast to the high-priced corporate event.

Nearly 16,000 eager hackers of all ages showed up for Defcon 22 at the Rio Hotel. Some of the attendees include white hat hackers (good guys) and black hats (unscrupulous guys). These hackers mingle with National Security Agents (NSA) and Federal Bureau of Investigations (FBI) agents and other government guys who listen to the speeches, but really want to recruit talent.

Images from Defcon 22

The Defcon conference, which is the ultimate assembly of paranoia, costs $220 in cash. No credit cards. No debit cards. No real names.  These are hackers after all, and nothing electronic is safe from the prying eyes of their sniffer programs – bots whose only purpose is to latch onto your personal data.

We were told to put our IDs, credit cards and other chip-embedded cards in some form of protective RFID shielding case while at the conference.

A fast food restaurant nearby the hotel was hacked while we were there. And one Rio hotel staffer told us that employees there were warned not to bring their cell phones, credit cards or anything else for the four-day conference because they could be breached.

For those looking for a Defcon souvenir that has not been hacked from someone, the chaotic vendor area has it all: artists hawking Defcon T-Shirts, security companies pitching the latest and greatest hacking equipment, how-to books and lockpicking kits. And this year an unexpected participant was Tesla, apparently looking to recruit some computer geniuses.

Participants must go through a rigorous review panel of their peers, before earning a coveted spot to speak at Defcon. And while the speeches are a highlight of the event, there are plenty of other unique and unusual things to do at Defcon.

To be precise, there is a lot of hacking to do.

Organizers of Defcon like to challenge attendees with puzzles – either to hone their skills or perhaps to distract them from infiltrating nearby sandwich shops. The first puzzle comes in the form of the coveted electronic Defcon22 badge.

The Defcon conference badge is a miniature circuit board, which lights up in various sequences and many hackers spend the entire conference trying to “crack” the code on the badge.

The most prestigious challenge to win at Defcon is Capture The Flag (CTF). Attendees call it the World Series of hacking and not everyone can play. Competitors must pre-qualify in order to play.

Teams of hackers try to attack other team’s computers by solving complex codes, while also defending their own computer, each time gaining or losing a flag. Many of these hard-core hackers are known as the superstars in the hacking world. And the game is taken so seriously, that many of these players don’t leave the Capture the Flag Village the entire conference. The winners are awarded no cash but the coveted black badge that allows them free entry to Defcon for life.

One guy that some would argue should have a pass for life: Ruben Santamarta.

The unassuming humble hacker who has no idea that he has groupies and that his fan base includes everyone from university professors to aspiring hackers. 

Contact Us