DEF CON

History

Founding

DEF CON was founded in 1993, by then 18-year-old Jeff Moss as a farewell party for his friend, a fellow hacker and member of "Platinum Net", a FidoNet protocol based hacking network from Canada. The party was planned for Las Vegas a few days before his friend was to leave the United States, because his father had accepted employment out of the country. However, his friend's father left early, taking his friend along, so Jeff was left alone with the entire party planned. Jeff decided to invite all his hacker friends to go to Las Vegas with him and have the party with them instead. Hacker friends from far and wide got together and laid the foundation for DEF CON, with roughly 100 people in attendance.

The term DEF CON comes from the movie WarGames, referencing the U.S. Armed Forces defense readiness condition (DEF CON). In the movie, Las Vegas was selected as a nuclear target, and since the event was being hosted in Las Vegas, it occurred to Jeff Moss to name the convention DEF CON. However, to a lesser extent, CON also stands for convention and DEF is taken from the letters on the number 3 on a telephone keypad, a reference to phreakers. The official name of the conference includes a space in between DEF and CON.

Though intended to be a one-time event, Moss received overwhelmingly positive feedback from attendees, and decided to host the event for a second year at their urging. The event's attendance nearly doubled the second year, and has enjoyed continued success. For example, in 2019, an estimated 30,000 people attended DEF CON 27.

Documentary

DEFCON: The Documentary For DEF CON's 20th Anniversary, a film was commissioned entitled DEF CON: The Documentary. The film follows the four days of the conference, events and people (attendees and staff), and covers history and philosophy behind DEF CON's success and unique experiences.

DEF CON China

DEF CON China In January 2018, the DEF CON China Beta event was announced. The conference was held May 11–13, 2018 in Beijing, and marked DEF CON's first conference outside the United States. The second annual DEF CON China was canceled due to concerns related to COVID-19.

COVID-19

DEF CON Safe Mode In 2020, due to safety concerns over COVID-19 the DEF CON 28 in-person Las Vegas event was cancelled and replaced with DEF CON Safe Mode, a virtual event planned for the same August 6–9 dates as DC 28.

In 2021, DEF CON 29 was held on August 5–8 in-person in Las Vegas and virtually (via Twitch and Discord). In-person attendees were required to wear masks in conference areas and to show proof of COVID-19 vaccination. Attendees with verified vaccine records (verified by a third party) were given a wristband which was required for entry into the conference areas.

Components

Handles

Attendees at DEF CON and other Hacker conferences often utilize an alias or "handle" at conferences. This is in keeping with the hacker community's desire for anonymity. Some known handles include DEF CON founder Jeff Moss' handle of "Dark Tangent". A notable event at DEF CON is DEF CON 101 which starts off the conference and may offer the opportunity for an individual to come up on stage and be assigned a handle by a number of members of the community.

Badges

Villages

Villages are dedicated spaces arranged around a specific topic. Villages may be considered mini conferences within the con, with many holding their own independent talks as well as hands-on activities such as CTFs, or labs. Some villages include Aerospace Village, Car Hacking Village, IoT Village, Recon, biohacking, lockpicking, ham radio, and the well known social engineering and vote hacking villages. In 2018 the vote hacking village gained media attention due to concerns about US election systems security vulnerabilities.

Internal conferences

DEF CON has its own cultural underground which results in individuals wanting to create their own meetups or "cons" within DEF CON. These may be actual formal meetups or may be informal. Well known cons are:

• Queer Con, a meetup of LGBTQ community members.
• Linecon; any long line has the potential to turn into a con.
• QuietCon, a meetup to hang out or talk quietly away from the hustle and bustle of the rest of the conference attendees.

Workshops

Workshops are dedicated classes on various topics related to information security and related topics. Workshops have been held on topics such as digital forensics investigation, hacking IoT devices, playing with RFID, fuzzing, and attacking smart devices.

Fundraising

Since DEF CON 11, fundraisers have been conducted for the Electronic Frontier Foundation (EFF). The first fundraiser was a dunk tank and was an "official" event. The EFF now has an event named "The Summit" hosted by the Vegas 2.0 crew that is an open event and fundraiser. DEF CON 18 (2010) hosted a new fundraiser called MohawkCon.

Parties

Social groups and companies also organize unofficial parties during DEF CON, including some large and extravagant events, although fewer in later years. A party in 2012 featured a private cell phone network operated from a van, the NinjaTel Van.

Contests

Within DEF CON there are many contests and events, including Capture the Flag, Hacker Jeopardy, Scavenger Hunt, Capture the Packet, Crash and Compile, and Hackfortress.

Black Badge

The Black Badge is the highest award DEF CON gives to contest winners of certain events. Capture the flag (CTF) winners sometimes earn these, as well as Hacker Jeopardy winners. The contests that are awarded Black Badges vary from year to year, and a Black Badge allows free entrance to DEF CON for life, potentially a value of thousands of dollars.

In April 2017, a DEF CON Black Badge was featured in an exhibit in the Smithsonian Institution's National Museum of American History entitled "Innovations in Defense: Artificial Intelligence and the Challenge of Cybersecurity". The badge belongs to ForAllSecure's Mayhem Cyber Reasoning System, the winner of the DARPA 2016 Cyber Grand Challenge at DEF CON 24 and the first non-human entity ever to earn a Black Badge.

Capture the Flag

The first instance of the DEF CON Capture the Flag (CTF) contest was held in 1996, at the 4th DEF CON, and has been held since then every year. It is one of few CTFs in an attack/defense format. The prize of the winning team is a couple of black badges.

Capture the Flag history

In 1996, the first DEF CON CTF was organized, with a couple of servers for participants to hack, and judges to decide if a machine has been hacked, and award points accordingly.

In 2002, the company Immunix took part in the game under the moniker "immunex", to benchmark the security of their Linux-based operating system, with modifications including StackGuard, FormatGuard, OpenWall's non-executable stack, SubDomain (the ancestor of AppArmor), ... Confident in their defense capabilities, they even opened access to their servers to other teams, and even spent some time taunting them. The team got the second place, and all their services deployed on their Immunix stack were never compromised. It was also the first year the contest had an organiser-provided services infrastructure connected to a real-time scoreboard.

In 2003, the game had become so popular that a qualification round was introduced, with the previous winner automatically qualified.

In 2008, the Sk3wl of Root team took advantage of a bug in the game (privilege dropping and forking were inverted), allowing them to have such a massive lead that they spent most of the CTF playing Guitar Hero.

In 2009, it was announced that "Diutinus Defense Technology Corp" (DDTEK) would be the new organisers, but nobody knew who they were. It was revealed at the end of the game that the team playing as sk3wl0fr00t was the organizer. "Hacking the top hacker contest seemed like a fun way to introduce ourselves to CTF organization. The yells of "bullshit" from CTF teams during the DEF CON 17 awards ceremony were very gratifying." said vulc@n, a member of DDTEK, on the topic.

In 2011, the team "lollerskaters dropping from roflcopters" used a 0day in FreeBSD (namely CVE-2011-4062) to escape jails, causing havoc in the game's infrastructure.

In 2016, the 15th edition of the CTF was done in partnership with the DARPA, as part of its Cyber Grand Challenge program, where teams wrote autonomous systems to play the game without any human interaction.

In 2017, the Legitimate Business Syndicate came up with their very own CPU architecture called cLEMENCy: a middle-endian with 9 bits bytes CPU. With its specifications released only 24 hours before the beginning of the CTF, it was designed with the explicit goals of both surprising the teams, and leveling the playing field by breaking all their tools.

Groups

DEF CON Groups are worldwide, local chapters of hackers, thinkers, makers and others. DEF CON Groups were started as a splinter off of the 2600 meetup groups because of concerns over politicization. Local DEF CON groups are formed and are posted online. DEF CON Groups are usually identified by the area code of the area where they are located in the US, and by other numbers when outside of the US e.g., DC801, DC201. DEF CON Groups may seek permission to make a logo that includes the official DEF CON logo with approval.

Notable incidents

Following are a list of high-profile issues which have garnered significant media attention.

Entertainment references

• DEF CON was also portrayed in The X-Files episode "Three of a Kind" featuring an appearance by The Lone Gunmen. DEF CON was portrayed as a United States government–sponsored convention instead of a civilian convention.
• A semi-fictionalized account of DEF CON 2, "Cyber Christ Meets Lady Luck", written by Winn Schwartau, demonstrates some of the early DEF CON culture.
• A trip to DEF CON for a hacker showdown figures into the plot of The Signal. Director William Eubank came to Las Vegas and screened the film at DEF CON Movie Night.
• A fictionalized version of DEF CON called "EXOCON" is the setting for the climax of Jason Bourne, the fifth film of the Bourne film series. The primary antagonist of the film, a fictionalized CIA director, played by Tommy Lee Jones, is a keynote speaker at the event, mimicking DEF CON 20's controversial keynote speaker, NSA director Keith B. Alexander.
• In the Mr. Robot Season 3 opener "eps3.0_power-saver-mode.h" Elliot and Darlene visit a qualifying tournament for the DEF CON Capture the Flag (CTF) contest. DEF CON's smiley-face-and-crossbones mascot Jack is visible among the set decorations, and the scene is accompanied musically by a track from DEF CON 24's official soundtrack; 'Razorgirl' by Dubvirus.
• Documentarian Werner Herzog included DEF CON in his 2016 film Lo and Behold, Reveries of the Connected World, a film described as a "playful yet chilling examination of our rapidly interconnecting online lives".

Venues, dates, and attendance

Each conference venue and date has been extracted from the DEF CON archives for easy reference.

References

References

1. "Def Con 1 Archive".
2. "Defcon Onion Links".
3. "DefCon Beverage Cooling Contraption Contest".
4. Tangent, The Dark. "DEF CON® Hacking Conference – About".
5. "DEFCON about".
6. {{cite video. Jeff Moss]]. (July 30, 2007). "The Story of DEFCON". link
7. "Def Con 27 Transparency Report - DEF CON Forums".
8. "DEFCON: The Documentary".
9. "Coronavirus claims new victim: 'DEF CON cancelled' joke cancelled after DEF CON China actually cancelled".
10. "Defcon is Cancelled".
11. "DEF CON 28 Safe Mode FAQ".
12. "DEF CON 29 FAQ".
13. Oberhaus, Daniel. (September 18, 2018). "A History of Badgelife, Def Con's Unlikely Obsession with Artistic Circuit Boards".
14. McAllister, Neil. (August 12, 2015). "Is this the most puzzling DEF CON attendee badge yet on record?".
15. Evenchick, Eric. (2013-08-04). "DEF CON: Tamper Evidence, Contests, And Embedded Talks".
16. Molina, Brett. (August 14, 2018). "11-year-old hacks replica of Florida state website, changes election results".
17. "Home".
18. Oberhaus, Daniel. (2016-08-11). "Def Con Has Always Been Straight, White, and Male, But It’s Finally Changing".
19. Finkle, Jim. (2012-07-31). "Def Con hackers go mainstream but still love to party".
20. Franceschi-Bicchierai, Lorenzo. (2021-04-16). "The World’s Largest Hacking Conferences Are Back IRL This Summer".
21. Sakellariadis, John. (2023-08-12). "For U.S. officials, the world’s largest hacking conference isn’t all fun and games".
22. "Hacker Jeopardy for DEF CON 28".
23. "DEF CON Scavenger Hunt".
24. "DEF CON Crash and Compile Contest".
25. "Hackfortress".
26. Tangent, The Dark. "DEF CON® Hacking Conference – Black Badge Hall of Fame".
27. (20 April 2017). "Innovations in Defense: Artificial Intelligence and the Challenge of Cybersecurity".
28. "Mayhem Wins DARPA CGC".
29. Moss, Jeff. "DEF CON Hacking Conference - Capture the Flag Archive".
30. vulc@n of DDTek. (2023). "A history of Capture the Flag at DEF CON".
31. Riley, Eller. (2004). "Capture the Flag Games".
32. (2001-07-09). "Defcon 9 - Capture The Flag Contest Network".
33. "4/23/ Immunix & Defcon: Defending Vulnerable Code From Intense Attack Crispin Cowan, Ph.D Seth Arnold, Steve Beattie, Chris Wright WireX and John. - ppt download".
34. Crispin, Cowan. (May 2003). "Defcon Capture the Flag: defending vulnerable code from intense attack". DARPA Information Survivability Conference and Exposition.
35. Ghettohackers. "Defcon 10 - Capture the Flag (CTF) contest".
36. The Ghetto Hackers. (June 29, 2003). "Announcing Capture the Flag - Root Fu - Vegas 2003 @ DefCon 11".
37. Jordan. (2021-04-06). "A Brief History of CTF".
38. (2018-03-28). "A Brief History of CTF - Jordan Wiens".
39. (2011-05-14). "Diutinus Defense Techonologies Corp. / Home".
40. The FreeBSD Project. (2011-09-28). "Buffer overflow in handling of UNIX socket addresses".
41. routardz. "Defcon 19 CTF - CTF Inside".
42. "Cyber Grand Challenge (CGC) (Archived)".
43. Unknown. "cLEMENCy - Showing Mercy".
44. "A Brief History of CTF".
45. "Diutinus Defense Technologies Corp. / DC17".
46. "Diutinus Defense Technologies Corp. / DC18".
47. "Diutinus Defense Technologies Corp. / Home".
48. "DEF CON CTF 2018".
49. "OOO — DEF CON CTF".
50. "OOO — DEF CON CTF".
51. "OOO — DEF CON CTF".
52. "CTFtime.org / DEF CON CTF 2022".
53. "CTFtime.org / DEF CON CTF 2023".
54. "CTFtime.org / DEF CON CTF 2024".
55. "Official forums social group section for DEF CON groups".
56. Nuttall, Chris. (1999-07-13). "Back Orifice is child's play, say virus firms".
57. (2001-07-19). "Russian computer programmer arrested at hacker conference".
58. Lundin, Leigh. (2008-08-17). "Dangerous Ideas". Criminal Brief.
59. Jeschke, Rebecca. (2008-08-09). "MIT Students Gagged by Federal Court Judge". [[Electronic Frontier Foundation.
60. "Race to Zero".
61. McMillan, Robert. (April 2008). "Antivirus Vendors Slam Defcon Virus Contest". IDG News Service.
62. Zetter, Kim. "Malicious ATM Catches Hackers".
63. (August 10, 2011). "Legal Threat Pushes Former HBGary Federal CEO Out Of DEFCON". Business Security.
64. Greenberg, Andy. "[https://www.forbes.com/sites/andygreenberg/2013/06/06/watch-top-u-s-intelligence-officials-repeatedly-deny-nsa-spying-on-americans-over-the-last-year-videos/ Watch Top U.S. Intelligence Officials Repeatedly Deny NSA Spying On Americans Over The Last Year (Videos)]." ''[[Forbes]]''. June 6, 2013. Retrieved on June 11, 2013. "Eight months later, Senator Ron Wyden quoted[...]"
65. Wagenseil, Paul. "[https://web.archive.org/web/20160306025944/http://www.nbcnews.com/id/48429672/ns/technology_and_science-security/t/hackers-dont-believe-nsa-chiefs-denial-domestic-spying/#.UbnytdiaKSo Hackers Don't Believe NSA Chief's Denial of Domestic Spying]." ([https://web.archive.org/web/20160306025944/http://www.nbcnews.com/id/48429672/ns/technology_and_science-security/t/hackers-dont-believe-nsa-chiefs-denial-domestic-spying/ Archive]) [[NBC News]]. August 1, 2012. Retrieved on June 13, 2013.
66. Whitney, Lance. "[http://news.cnet.com/8301-1009_3-57593225-83/defcon-to-feds-we-need-some-time-apart/ Defcon to feds: 'We need some time apart']". [[CNET]]. July 11, 2013. Retrieved on July 12, 2013. {{Dead link. (August 2025)
67. [[Violet Blue. Blue, Violet]]. "[https://www.zdnet.com/article/feds-not-welcome-at-def-con-hacker-conference/ Feds 'not welcome' at DEF CON hacker conference]". [[ZDNet]]. July 11, 2013. Retrieved on July 11, 2013.
68. Constantin, Lucian. (2013-08-05). "Will Smith makes unexpected appearance at Defcon hacker conference".
69. Pellerin, Cheryl. "Three Teams Earn Prizes in DARPA Cyber Grand Challenge".
70. "ForAllSecure | Mayhem Security | Application Security".
71. "DEF CON Capture the Flag Final Scores". blog.legitbs.net.
72. Joe Uchill. (July 29, 2017). "Hackers breach dozens of voting machines brought to conference". [[Thehill.com]].
73. "DEF CON Hacking Warns Voting Machines Vulnerability, Oct 10 2017 {{!}} C-SPAN.org".
74. "O'Reilly Security Conference in NYC 2017 Defender Awards". conferences.oreilly.com.
75. (August 4, 2017). "Briton who stopped WannaCry attack arrested over separate malware claims". [[The Guardian]].
76. (6 March 2018). "WOW! Congrats to the @defcon Team, recently honored for its innovative #VotingVillage concept & the continued debat…".
77. "DEF CON 28 in-person conference is CANCELLED - DEF CON Forums".
78. "DEF CON Safe Mode archive site".
79. "DEF CON is canceled! No, really this time – but the show will go on". The Register.
80. (14 September 2023). "Caesars Ransomware Attack, MGM Hit Linked To DEFCON?".
81. "Bomb scare causes mass evacuation at DEF CON". The Register.
82. Winn Schwartau. "Cyber Christ Meets Lady Luck".
83. "Mr. Robot". Tunefind.
84. "DEF CON® Hacking Conference – Show Archives".
85. Moss, Jeff. (August 21, 2025). "DC33 Attendance".
86. "DEF CON 32 Was Canceled. We Un-Canceled it.".
87. Newman, Lily Hay. "Defcon Is Canceled".
88. (August 2018). ""DEF CON Transparency"".
89. (September 2017). ""Voting Machine Hacking Village"".
90. (September 2019). ""Norton at DefCon"".
91. (August 2015). ""Gray Tier Technologies at DEFCON23"".
92. Richard Byrne Reilly. (2014-08-12). ""Black Hat and Defcon see record attendance — even without the government spooks"".
93. "DEF CON 17 FAQ".