Denizens of DEF CON are 'fed up with government'
Interview Hackers – especially Jake Braun – are "fed up with government."
Braun was one of the creators of the first-ever Voting Machine Hacking Village at DEF CON in 2017 and served as a homeland security and cyber advisor to the Obama and Biden administrations. He also co-founded the Franklin project, named for Benjamin Franklin, who founded America's first volunteer fire department and published the annual Poor Richard's Almanack – an eclectic collection of useful facts and other musings.
The Franklin project, which launched at DEF CON in 2024, enlists hackers to secure critical infrastructure, and 350 people signed up that year to donate their time and talent to securing water facilities.
Another of the project’s activities is publishing an annual Hacker's Almanack in homage to Franklin’s effort.
The second volume, the DEF CON 33 Hackers' Almanack, [PDF] landed earlier this month.
We saw society moving in the right direction for the last 500 years because of our commitment to science, human rights, and that seems to be at the very least slowing down, if not reversing
"Thinking back to Ben Franklin, we saw society moving in the right direction for the last 500 years because of our commitment to science, human rights, etc., and that seems to be at the very least slowing down, if not reversing,” Braun told The Register.
Braun said he blames government for this state of affairs – pointedly "the inability of government to continue to make the progress we saw from the enlightenment."
"This community is so committed to these principles of human rights and freedom of speech and science, that that when we see people fuck with them – or when we see the people that we elect to preserve these things not doing their fucking job – we're just like: ‘Fuck you guys,’" Braun said.
The Almanack highlights three major, all-of-society threats that governments have yet to fix: Cybercrime, AI, and - the biggie - authoritarianism. It presents a year's worth of DEF CON research on these three topics and shows how hackers are responding to each one.
AI for offense
Braun says he and the rest of the DEF CON volunteers listened to "dozens and dozens" of talks before this year's three topics bubbled to the surface.
"We started seeing lots of instances where AI was winning or placing high in these hacker competitions, and that wasn't happening last year," Braun said. "That's new and also something we're worried about: When is this going to be the case that AI is as good as humans at hacking, and way better than humans [alone] once paired with a human?"
Anthropic researcher Keane Lucas entered his company's AI coding tool Claude into seven competitions during DEF CON 33, including capture-the-flag contests. During one of these - PicoCTF - it placed in the top three percent globally, while also successfully fending off red-team attacks in the Collegiate Cyber Defense Challenge.
Claude did struggle with more difficult challenges, and also made up some of its own flags.
Still, Claude's performance and other research presented at the convention illustrate "the accelerating power of AI for offense," according to the Almanack. Meanwhile, security remains an afterthought.
"There's clearly more of a sense across the board than there was last year that we need the 20 critical controls for AI," Braun said, pointing to the Center for Internet Security's (CIS) Critical Security Controls as an example of what this would look like. "We need an industry-wide, accepted definition like what CIS has been doing, and I don't see any real movement toward that yet."
Combatting cybercrime
This year's cybercrime theme, "Hackers don cape and mask," emerged after listening to accounts of DEF CON researchers performing feats such as taking down Russian dark web marketplace Solaris and its affiliated hacker collective, Killnet, and unveiling the real-world identity of phishing scammer Darcula, who is responsible for hundreds of thousands of people losing millions of dollars.
"These guys are taking down ransomware groups, and dealing with criminals in prison, and hacking the Russian firewall - it's just fascinating," Braun said.
Global governments' effort to fight ransomware and other types of cybercrime isn't working, according to the Almanack. "To properly fight back, policymakers need to unleash the full potential of programs like the FBIs Confidential Human Source (CHS) program, so we can leverage skilled white hat hackers as force multipliers to woefully outnumbered government authorities," it reads.
Down with despots
The third theme, "down with despots," didn't come together until the end of the Almanack-writing process, as Braun saw examples of civil society methods to protect data, communications, and culture against censorship, surveilliance, and other kinds of oppression.
This included hacker LambdaCalculus's off-grid mesh network, PirateBox, along with Jason Vogt and Josh Reiter's proposal of setting up mesh networks in Taiwan to help civilians fight a future Chinese invasion.
Another talk by Saving Ukrainian Cultural Heritage Online (SUCHO) co-founder Quinn Dombrowski detailed his group's effort to save Ukrainian cultural websites – libraries, archives, museums, and community organizations – before Russia’s invasion. It ultimately helped preserve more than 1,500 websites.
"This is all about preserving freedom and democracy from authoritarians that are oppressing the vulnerable populations around the world, whether they be Ukrainians, potentially the Taiwanes,e Uyghurs, or migrants for that matter," Braun said.
To combat authoritarianism, the Almanack proposes building a Digital Arsenal of Democracy, comprised of technologies like mesh networks, digital archives, PirateBox, and DNA data storage to help oppressed communities to preserve their history and culture. Communication capabilities are also on the to-do list for the Arsenal’s creators.
This aligns with last year's DEF CON theme – access everywhere – and, as Moses writes in an epilogue to the Almanack, will carry over to this summer's focus on agency: "The ability of a citizen to have agency over their identity, data, and persona."
As Braun explains, "It needs to be a concerted effort by the human rights community and the hacker community to sit down and look at what technologies are out there today that support the preservation of human rights around the world, figuring out what we don't have, and then building those missing pieces," he said.
Braun is confident that DEF CON hackers will rise to the challenge.
"There's a certain thing in the hacker mindset that makes them a hacker: this commitment to freedom, transparency, science, very much Ben Franklin-esque," he said. "When there's threats to that, they get super riled up. I feel like we're going to see a lot more research in this space because of what's happening around the world, including here at home." ®
