Hacker #conference keeps #cybersecurity workers up to #date on #skills and #threats

SOUTH CHARLESTON — Dozens of computer hackers got together Friday in South Charleston, but for a good cause, they say.

“We are good guy hackers,” said Bill Gardner, an organizer of Secure WV Hack3rCon Ocho. “We’re trying to find the flaws so we can fix them before the bad guys exploit them.”

Gardner’s day job is being an assistant professor of digital forensics and information assurance at Marshall University, but every year he participates in the cybersecurity conference that draws people from several states.

One of those was Steve Truax of Parkersburg. Truax was one of the conference’s presenters on the topic of home network security.

He brought with him a programmable wifi processor that’s about half the size of a business card. The processor cost about $9. A battery for it costs about $5. So for less than $15, a knowledgeable bad guy hacker can hide enough equipment in a ceiling to do a lot of damage, Truax said.

“You can make your own friendly looking wifi spots for people to connect to and basically hack them or get information if you wanted to, or if someone is on a wifi spot, you can basically kick them off and then use another tool to have them connect to your bad hot spot so you can collect data using a man-in-the middle attack,” he said.

In a man-in-the-middle attack, a hacker intercepts a wifi signal and relays it to the destination the person intercepted thinks it is going straight to, Truax said.

“If you type in your bank account number, I’ve got your bank account number. If you type in your passwords, I’ve got your passwords. It may look like you went through, and I might even let you go all the way through to the bank and back, but I’m still collecting your information,” he said.

“Yes, people think of these things.”

Also at the convention was a voting machine that attendees were invited to hack, Gardner said.

“They did a similar project at DEFCON, which is the big hacking conference out in Las Vegas. We’re going to try to replicate the stuff they did and take it further,” he said.

The “Ocho” in this year’s conference name signifies that it’s the eighth year for the conference in West Virginia, Gardner said. Most of the people attending the conference work in the cybersecurity industry, he said.

“They’re working for companies whose job is to defend networks or they work inside corporations as network defenders,” he said.

“We got one guy last year, he’s actually paid money to find bugs. You can sign up for programs called bug bounties, and he’s making a lot of money, and he donates it all to charity. As he finds bugs to these programs, he discloses them to the vendor, the vendor fixes them and they pay you a little bit of money.”

Hack3rcon has training sessions, speakers and hands-on activities for attendees.

The conference began Friday and runs through Sunday. Knowing how many people will attend is always tricky, Gardner said.

“The problem is some people won’t register until the day of the conference. There are a lot of people who are privacy advocates in the hacker community. They don’t like the idea that they’re being tracked in any way, so they’ll show up and pay cash. It’s part of the whole hacker mentality, that they don’t want to be surveilled. It’s not that they’re up to anything nefarious. They’re just privacy-conscious,” he said.

Benny Karnes of Charleston, president of 304 Geeks, a technology networking and peer support group that helped organize the conference, said Hack3rcon is about three times larger now than it was three years ago.

“We’re now looking at 175 people total, with speakers, trainers, the forensic track and attendees,” he said.