back to article US military swoops into DEF CON seeking a few good hackers for debut aviation pwning village

For the first time, Vegas's annual DEF CON hacking conference has an "aviation hacking village", and the US military is scouting around there for a few good hackers to find bugs that its own hackers have missed. "We've got some great hackers on our team and we're proud of them," Dr Will Roper, assistant secretary of the Air …

  1. Christian Berger Silver badge

    That's what you get when you ignore ethics

    Essentially DEF CON seems to sell out to the highest bidder. In European conferences not even sponsors are well visible. A recruiting event for the military would be absolutely unimaginable, and even if it happened, most people would try their best to sabotage it.

    In fact a few years ago during the CCC congress, some artists hired actors to act as recruiters for such organizations. Most people downright rejected those, while some people turned up to the arranged meeting with hidden microphones and cameras. Nobody took the offer.

    1. DougS Silver badge

      Re: That's what you get when you ignore ethics

      So it is better in the Euro conferences you refer to to have military/spy agency recruiters in the shadows? Surely you're not naive enough to believe they aren't present! Maybe the "artists" in your example simply didn't fool anyone into believing they were who they portrayed and that's why nobody took the bait. That doesn't mean there weren't real recruiters there also, who aren't going to tell anyone whether their recruiting efforts met with success or not.

      Isn't it better if this sort of business is conducted out in the open? Those who aren't interested can more easily stay away if everyone is on the up and up about who they represent. And isn't a laudable goal to try to harden military aircraft against hackers? Hijacking a jet would be a terrorist's dream, hopefully that is as difficult as possible (though I'm still very leery about this idea of giving them an IP connection in flight, that's just asking for it)

    2. Pascal Monett Silver badge

      Re: most people would try their best to sabotage it

      You mention a pseudo-recruitement thing that was done as a stunt by non-military people and you take a negative result to mean that people would want to sabotage any such thing ?

      Don't you think you're pushing it a bit ?

    3. Anonymous Coward
      Anonymous Coward

      Re: That's what you get when you ignore ethics

      as a 5 time attendee (very fortunate my job sent me), clearly you have never been involved in a DefCon - you are are a fricking idiot Chrissie to make a comment like that.

      You should attend next year, just to understand. But I'm sure you will be doing your hair or something other really cool thing...

  2. Will Godfrey Silver badge
    Unhappy

    Doing a deal with the Devil?

    Remember kids, the Devil can re-write the contract at any time without warning.

    1. NickSkyland

      Re: Doing a deal with the Devil?

      Who is afraid of the Devil? Not me. I pwnt that Bastard.

    2. NickSkyland

      Re: Doing a deal with the Devil?

      Time doesn't exist, clocks do, k, now(). Oops =X

    3. NickSkyland

      Re: Doing a deal with the Devil?

      Living Jesus is the one to be afraid of. He can end time itself without any warning and drop the city of heaven on everyones face, splat. Insect bugs, Lolololol

  3. imanidiot Silver badge

    The most secure system

    "So we're looking to build security systems around them to lock off potential threats."

    The most secure system is still unplugging it from remote control interfaces and posting some guys with m16/m4 rifles and guarddogs around.

    1. amanfromMars 1 Silver badge

      Re: The most secure system

      It's an ages old product which needs to be comprehensively addressed and radically modified, imanidiot. ...... and popularly identified in the initialism, PEBCAK.

      A software user rather than hardware mechanical problem for solving.

    2. Anonymous Coward
      Anonymous Coward

      Re: The most secure system

      This is exactly what the SCADA vendors will tell you, you can keep running our 1980's kit air-gapped from the world with zero software changes but when top need to change configuration settings you better use a laptop which is used for this one purpose and is wiped after every connection. They would rather you replace the kit with our newer connected model but for gods sake never ever connect this to anything but a private network.

      Unfortunately there are a large number of companies flogging interfaces with cellular connections to allow you to remote control valves, switch-gear etc 'securely'. Unfortunately once you get through the 'connectivity kit' there is bugger all security preventing you from performing mischief. The military may be able to station guard with m16s but the security of a sluice-gate on the Norfolk fens is another matter.

  4. Mike Moyle Silver badge

    Is it just me...?

    Or does this "village" sound like one of those "contests" that companies continue to run where they invite artists and designers to redesign their logos / websites / headquarters with a few-hundred-dollar prize* for the winning entry -- getting hundreds of people to do work for them for free...?

    * That's, at best, the prize. Otherwise, the "prize" is EXPOSURE!

    https://theoatmeal.com/comics/exposure

    1. DougS Silver badge

      Re: Is it just me...?

      More likely the top prize is a job offer. Even if you aren't interested in working for the military, that exposure can't hurt a security professional looking for a job involving say connected cars or SCADA type systems that would have some similarity as far as threat models and exploit methods.

      No one is forcing anyone to participate, so if they need to be paid they should start looking for those $1 million iPhone exploits.

    2. Anonymous Coward
      Anonymous Coward

      Re: Is it just me...?

      Village is more of an open (just walk in and participate) lab. You don't give your name, you don't say who you work for. Unless you want to... The voting system village last year did a world of good for voting systems. There are several villages, these are not contest. However, there were plenty of CTF events that are contest, with very awesome prizes. But it takes top notch skills to win. less than .01% of attendees win. - because there can be only one (team).

  5. A Non e-mouse Silver badge
    Facepalm

    Management Motivational Techniques

    We've got some great hackers on our team and we're proud of them [...] But we may not have the best

    That's a great way to support your current team: Yeah, you're OK, but we think we can do better.

  6. Anonymous Coward
    Anonymous Coward

    Money, Power, Respect

    I'd love to fix the world but they wont give me the source code.

    Seriously though, I am the greatest. You could spend decades "port scanning" for vulnerabilities, or I could spend weeks examining the schematics for "short sighted" holes. EVERY vulnerability and bug boils down to faulty software design, either caused by incompetence, lack of funding, or lack of time before deadlines. That being said, FU Pay me. I dont give a crap about hacking planes, I care about getting paid, getting laid, and not losing my pay or lay to criminals. Show me some commas, plural $,$$$,$$$

    If I can solve homeless and fix the economy, you bet your ass I can build unhackable software and cryptography.

    You know where to find me, I dont hide.

    1. JCitizen
      Facepalm

      Re: Money, Power, Respect

      "You know where to find me, I dont hide." ---- Sez the guy behind the AC mask!

  7. Dr.Flay

    Who still uses F-15s ?

    It occurs to me that they have been allowed to hack the systems of an old plane the US don't use much anymore, and have mostly offloaded to other countries.

    Other countries which may or may not (mostly not) get the same fixes (damn those supply chain issues eh).

    If they want to be able to hack the planes they sold off to their "allies" years ago, this seems like a good way to get the advantage needed.

    If they want to improve the security of the F-35 then the hackers should be hacking that.

    However all anyone needs to do to scupper an F-35 is pick a fight in bad weather, make it fly "too fast", make them have to take off and land a few times and use up their tyres (damn those supply chain issues eh.), or hold up a mirror and just shame it into killing itself.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019