do… Web Application Development and Security

Posts Tagged ‘ShmooCon’

ShmooCon Memories

Wednesday, March 26th, 2008

I’ve been procrastinating on writing about the ShmooCon hacker convention, and today the thought bugged me enough to finally do something.

I signed up at Hackers for Charity, formerly known as, after originally committing at ShmooCon. I ran into the founder and legendary hacker Johnny Long in the hallway.

Factoid: It may be illegal to possess Kevin Mitnick’s business card in DC because it doubles as a lockpicking kit.

GSM encryption technology (specifically, the widely used a5 algorithm) is essentially broken. At the time of presentation, a research team had gone 1 month into a 3 month process of calculating the full rainbow table needed to accelerate the process of cracking session keys. With custom hardware, it will be possible to decrypt a conversation after 30 minutes (one FPGA and laptop) or 30 seconds (16 FPGAs and solid state drives at total cost around $500K). This is well within the reach of some criminals, wealthy organizations, and governments.

I knew that voting machines (especially, but not only, the electronic touch-screen type) had security issues, but I had no idea just how shockingly bad. If you were to research the subject now you might find some reports that were redacted and otherwise watered down. But at ShmooCon I saw a presentation given by Sandy Clark, one of the top investigators chartered by the state of Ohio. She presented specific examples of how, with the right knowledge, a few simple tools in some cases, and the wrong intentions, it would be fairly easy to abuse commonly used voting machines and thereby alter the results of elections and the integrity of the counting & recounting processes. For unethical and ruthless politicians and their supporters, this provides a powerful means to influence or steal the vote. For anyone who doesn’t want more unethical and ruthless people running our country, it’s critically important to get those machines fixed, and that means overcoming the inertia of government bureaucracies and entrenched interests.