Last weekend I attended the Disobey hacker conference in Helsinki. This was my first time attending an event of this kind and I was very pleased with the content and the atmosphere of the conference. Now, I want to share my experience with you.
Even though the first Disobey conference was held 2016 I hadn’t heard about it before 2017 when a friend of mine recommended it to me. I was aware of DEF CON and Black Hat which are some of the world’s largest hacker conferences and I had seen some very interesting talks from them on youtube. I saw Disobey as a unique opportunity to attend such an event, meet interesting people and learn new things. After all as a software developer who wants to build secure systems you have to learn about all the ways people are using to attack the systems we build.
Here are some interesting talks from DEF CON and Black Hat
Toying with Barcodes
Elevator Hacking - From the Pit to the Penthouse
The Art of Trolling
Genetic Diseases to Guide Digital Hacks of the Human Genome
Lessons from Surviving a 300Gbps Denial of Service Attack
Disobey has a tradition of publishing a puzzle before the event which requires various technical skills to solve. As a prize for solving the puzzle, they offer an opportunity to buy a discounted and limited HACKER class tickets. I found the puzzle fun and interesting and managed to solve it with some help from my friend. The puzzle consisted of a PNG image with hidden information followed by the second stage with a mysterious audio file leading to the final stage where the task was to find the solution by decompiling a binary executable file. With my ticket to the party secured I just had to wait until January.
The image for the first stage of the Disobey puzzle. You can find the original file here
Better safe than sorry
If you are planning to spend your weekend surrounded by hackers it might be a good idea to rethink about the digital devices you carry with you daily. I’ve heard that in the bigger conferences across the pond it is recommended to leave your personal devices home unless you want to be a walking target.
I decided to dust off my 7 years old ThinkPad x201 and install a fresh installation of Kali Linux. I chose Kali as my Linux flavour of choice as I was expecting I could have a use for the many pre-installed tools that it comes with it even though I’m not familiar with the usage of most of them. For my mobile needs, I took my previous phone (HTC M8). Even though its microphone isn’t working perfectly anymore, it was good enough for the weekend. I ran the factory reset on the device and created a new google account in order to avoid linking the phone to any of my personal accounts or credentials. I even removed all contactless payment cards from my wallet just to be on the safe side.
Was all this necessary? Probably not. What would have happened if I had just taken my personal laptop and phone? Probably nothing remarkable. Was it fun to plan for the precautions and disconnect me from the usual devices and distractions for a weekend? Definitely! I think doing all these preparations was a kind of a ritual in itself which enhanced the experience I later had at the conference.
Arriving at the Kattilahalli, the venue of the conference, I first noticed multiple signs about respecting the privacy of the attendees and about protecting one’s devices by forbidding photography and wireless networks. I wasn’t intimidated as I had done my preparations and I continued directly to the registration desk where I was handed a plain brown paper bag. Inside the paper bag with some stickers and the information leaflet was my conference badge. And oh boy what badge that was. A black PCB board covered with integrated circuits, L.E.D.s, buttons and interesting markings. Also worth a mention was the absence of my name on the badge.
The Disobey badge
Inside the venue was a big stage for the various presentations and talks of the conference. On the stage, there was something going on almost all the time. Many of the talks I listened to were very interesting. A couple that pop into my mind are a talk by F-Secure about retrieving BitLocker through a cold boot attack, a talk about the tactics utilized by people doing phishing, and a very good presentation about tor de-anonymization.
Sadly as at the time of writing, these talks are not yet available anywhere. On the Disobey youtube channel they have some talks from last year and they did record all the presentations this year, so I’m sure they will release at least some of them at some point in the future.
They also had a side room for more hands-on workshops. Some of the workshops seemed quite interesting, but I didn’t manage to attend any of them as I often missed the starting time and I found it hard to join the workshop in the middle. Next year I will aim to attend some of the workshops in order to get more hands-on experience.
During the conference, there were also two open hacker challenges for people to compete to solve. One was the Capture The Flag challenge which comprised of different kinds of challenges in the local Disobey network. The other challenge was to discover the mysteries behind the conference badge.
My friends and I decided not to use time on the network challenges but tried to have a closer look at the badge. We didn’t get too far, but found out that by pressing the buttons on the badge in the right order and then touching two badges together you could get more lights to light up on your badge.
Solving the challenges with a group of friends would probably have been quite fun but we thought that there were more interesting things to do at the conference than fiddling with our computers trying to crack the nuts.
At the Disobey there was also an opportunity to get more physical amidst of all the computer stuff. I was familiar with the principal how lockpicking works but I had never before gotten a chance to try picking a real lock. I have to say the experience was quite interesting. It’s quite hard to get the feeling about what’s happening inside the keyway and it’s hard to judge whether you are applying too little or too much force on the tension wrench and the lockpick. Even though it can be frustrating to try and fail to get the lock open, the activity is oddly calming. I’m thinking of buying a set of picks for meditation.
I greatly enjoyed my time at Disobey and I’ll be sure to attend also next year. The conference had a very nice atmosphere and there were many interesting things to do and learn. Next time I’ll probably have a stab at the challenges and I’ll aim to attend more of the workshops. I want to thank Disobey for organizing such an awesome conference and Reaktor for delicious G&Ts offered at their lounge as well for a nice after party at their office afterwards.