Editing DEF CON (section)

==Notable incidents==
Following are a list of high-profile issues which have garnered significant media attention.
{| class="wikitable" style="border:1px solid #BBB"
!Year
!Description
|-
!1999
|On July 10, 1999, the [[Cult of the Dead Cow]] hacker collective released [[Back Orifice 2000]] (later discovered to be infected with the CIH virus) at DEF CON 7,<ref>{{cite web |last=Nuttall |first=Chris |date=1999-07-13 |title=Back Orifice is child's play, say virus firms |url=http://news.bbc.co.uk/2/hi/science/nature/392526.stm |access-date=2024-10-21 |website=[[BBC News]]}}</ref> in what was, at the time, the largest presentation in DEF CON history.
|-
!2001
|On July 16, 2001, Russian programmer [[Dmitry Sklyarov]] was arrested the day after DEF CON for writing software to decrypt [[Adobe Systems|Adobe's]] [[e-book]] format.<ref>{{cite web |date=2001-07-19 |title=Russian computer programmer arrested at hacker conference |url=https://www.cbc.ca/news/science/russian-computer-programmer-arrested-at-hacker-conference-1.276671 |access-date=2024-10-21 |website=CBC}}</ref>
|-
!2005
|On July 31, 2005, [[Cisco Systems|Cisco]] used legal threats to suppress Mike Lynn from presenting at DEF CON about flaws he had found in the [[Cisco IOS]] used on routers.<ref name="Lamos">{{cite web
  | url = http://www.securityfocus.com/news/11263
  | title = Exploit writers team up to target Cisco routers
  | work = [[SecurityFocus]]
  | date = 31 July 2005
  | access-date = 2004-07-31
  | last = Lamos
  | first = Rob
  | archive-date = 2012-07-28
  | archive-url = https://web.archive.org/web/20120728132402/http://www.securityfocus.com/news/11263
  | url-status = dead
}}</ref>
|-
!2007
|In August 2007, Michelle Madigan, a reporter for ''[[Dateline NBC]]'', attempted to secretly record hackers admitting to crimes at the convention. After being outed by DEF CON founder Jeff Moss during an assembly, she was heckled and chased out of the convention by attendees for her use of covert audio and video recording equipment. DEF CON staff tried to get Madigan to obtain a press pass before the outing happened.<ref name="Cassel">{{cite web 
 |last=Cassel 
 |first=David 
 |url=http://tech.blorge.com/Structure:%20/2007/08/04/transcript-michelle-madigans-run-from-defcon/ 
 |title=Transcript: Michelle Madigan's run from Defcon 
 |work=Tech.Blorge.com 
 |date=4 August 2007 
 |access-date=2007-08-15 
 |url-status=dead 
 |archive-url=https://web.archive.org/web/20070908114514/http://tech.blorge.com/Structure%3A%20/2007/08/04/transcript-michelle-madigans-run-from-defcon/ 
 |archive-date=2007-09-08 
 }}</ref> A DEF CON source at NBC had tipped off organizers to Madigan's plans.<ref name="Zetter">{{cite web
  | url = http://blog.wired.com/27bstroke6/2007/08/media-mole-at-d.html
  | title = Dateline Mole Allegedly at DefCon with Hidden Camera – Updated: Mole Caught on Tape
  | work = [[Wired News|Wired Blog Network]]
  | date = 3 August 2007
  | access-date = 2007-08-15
  | last = Zetter
  | first = Kim
  | quote = According to DefCon staff, Madigan had told someone she wanted to out an undercover federal agent at DefCon. That person in turn warned DefCon about Madigan's plans. Federal law enforcement agents from FBI, DoD, United States Postal Inspection Service and other agencies regularly attend DefCon to gather intelligence on the latest techniques of hackers.
}}</ref>
|-
!2008
|{{Main article|Massachusetts Bay Transportation Authority v. Anderson}}[[Massachusetts Institute of Technology|MIT]] students Zack Anderson, R.J. Ryan and Alessandro Chiesa were to present a session entitled "The Anatomy of a Subway Hack: Breaking Crypto RFIDS and Magstripes of Ticketing Systems." The presentation description included the phrase "Want free subway rides for life?" and promised to focus on the Boston T subway.<ref name="CB1">{{cite web| last=Lundin|first=Leigh |title=Dangerous Ideas |url=http://criminalbrief.com/?p=1892 |work=[[MBTA]] v DefCon 16 |publisher=Criminal Brief |access-date=2010-10-07 |date=2008-08-17 }}</ref> However, the Massachusetts Bay Transit Authority (MBTA) sued the students and MIT in United States District Court in Massachusetts on August 8, 2008, claiming that the students violated the [[Computer Fraud and Abuse Act]] (CFAA) by delivering information to conference attendees that could be used to defraud the MBTA of transit fares.<ref name="EFF">{{cite web| last=Jeschke|first=Rebecca |title=MIT Students Gagged by Federal Court Judge |url=https://www.eff.org/press/archives/2008/08/09 |work=Press Room |publisher=[[Electronic Frontier Foundation|EFF]] |date=2008-08-09 }}</ref><ref>{{cite court
|litigants=Massachusetts Bay Transit Authority v. Zack Anderson, RJ Ryan, Alessandro Chiesa, and the Massachusetts Institute of Technology
|court=United States District Court District of Massachusetts
|url=http://cryptome.org/mbta-v-zack/01-complaint.pdf
}}</ref> The court issued a temporary restraining order prohibiting the students from disclosing the material for a period of ten days, despite the fact the material had already been disseminated to DEF CON attendees at the start of the show.<br>
In 2008's contest "Race to Zero," contestants submitted a version of given malware which was required to be undetectable by all of the antivirus engines in each round. The contest concept attracted much negative attention.<ref>{{cite web |url=http://www.racetozero.net/concept.html |title=Race to Zero |access-date=2008-06-09 |archive-url=https://web.archive.org/web/20111118024142/http://www.racetozero.net/concept.html/ |archive-date=2011-11-18 |url-status=dead }} Contest concept.</ref><ref>{{cite web |url=https://www.computerworld.com/article/2535498/antivirus-vendors-slam-defcon-virus-contest.html |title=Antivirus Vendors Slam Defcon Virus Contest |first=Robert |last=McMillan |publisher=IDG News Service |date=April 2008  |access-date=2024-03-19 |archive-url=https://web.archive.org/web/20240319232009/https://www.computerworld.com/article/2535498/antivirus-vendors-slam-defcon-virus-contest.html |archive-date=2024-03-19}}</ref>
|-
!2009
|WIRED<ref>{{Cite magazine|url=https://www.wired.com/2009/08/malicious-atm-catches-hackers/|title=Malicious ATM Catches Hackers|first=Kim|last=Zetter|magazine=Wired |via=www.wired.com}}</ref> reported that an [[Automated teller machine|ATM]] kiosk was positioned in the conference center of the [[Riviera (hotel and casino)|Riviera Hotel Casino]] capturing data from an unknown number of hackers attending the DEF CON hacker conference.
|-
!2011
|Security company [[HBGary Federal]] used legal threats to prevent former CEO Aaron Barr from attending a panel discussion at the conference.<ref>{{cite web |title=Legal Threat Pushes Former HBGary Federal CEO Out Of DEFCON |url=https://threatpost.com/en_us/blogs/legal-threat-pushes-former-hbgary-federal-ceo-out-defcon-072711 |date=August 10, 2011|first1=Dennis |last1=Fisher|first2=Paul |last2=Roberts|work=Business Security |url-status=dead |archive-url=https://web.archive.org/web/20110810110924/http://threatpost.com/en_us/blogs/legal-threat-pushes-former-hbgary-federal-ceo-out-defcon-072711 |archive-date=2011-08-10 }}</ref>
|-
!2012
|The director of the [[National Security Agency]], [[Keith B. Alexander]], gave the keynote speech.<ref name="Greenbergdenied">Greenberg, Andy. "[https://www.forbes.com/sites/andygreenberg/2013/06/06/watch-top-u-s-intelligence-officials-repeatedly-deny-nsa-spying-on-americans-over-the-last-year-videos/ Watch Top U.S. Intelligence Officials Repeatedly Deny NSA Spying On Americans Over The Last Year (Videos)]." ''[[Forbes]]''. June 6, 2013. Retrieved on June 11, 2013. "Eight months later, Senator Ron Wyden quoted[...]"</ref> During the question and answers session, the first question for Alexander,<ref name="Greenbergdenied" /> fielded by [[Jeff Moss (hacker)|Jeff Moss]],<ref>Wagenseil, Paul. "[https://web.archive.org/web/20160306025944/http://www.nbcnews.com/id/48429672/ns/technology_and_science-security/t/hackers-dont-believe-nsa-chiefs-denial-domestic-spying/#.UbnytdiaKSo Hackers Don't Believe NSA Chief's Denial of Domestic Spying]." ([https://web.archive.org/web/20160306025944/http://www.nbcnews.com/id/48429672/ns/technology_and_science-security/t/hackers-dont-believe-nsa-chiefs-denial-domestic-spying/ Archive]) [[NBC News]]. August 1, 2012. Retrieved on June 13, 2013.</ref> was "Does the [[National Security Agency|NSA]] really keep a file on everyone, and if so, how can I see mine?" Alexander replied "Our job is foreign intelligence" and that "Those who would want to weave the story that we have millions or hundreds of millions of dossiers on people, is absolutely false…From my perspective, this is absolute nonsense."<ref name="Greenbergdenied" /> 
On March 12, 2013, during a [[United States Senate]] [[United States Senate Select Committee on Intelligence|Select Committee on Intelligence]] hearing, Senator [[Ron Wyden]] quoted the 2012 DEF CON keynote speech and asked [[Director of National Intelligence]] [[James Clapper]] if the U.S. conducted domestic surveillance; Clapper made statements saying that there was no intentional domestic surveillance.<ref name="Greenbergdenied" /> In June 2013, NSA surveillance programs which collected data on US citizens, such as [[PRISM (surveillance program)|PRISM]], had been exposed. [[Andy Greenberg]] of ''[[Forbes]]'' said that NSA officials, including Alexander, in the years 2012 and 2013 "publicly denied–often with carefully hedged words–participating in the kind of snooping on Americans that has since become nearly undeniable."<ref name="Greenbergdenied" />
|-
!2013
|On July 11, 2013, [[Jeff Moss (hacker)|Jeff Moss]] posted a statement,<ref name="WhitneyDEFFeds">Whitney, Lance. "[http://news.cnet.com/8301-1009_3-57593225-83/defcon-to-feds-we-need-some-time-apart/ Defcon to feds: 'We need some time apart']". [[CNET]]. July 11, 2013. Retrieved on July 12, 2013.</ref> located on the DEF CON blog, titled "Feds, We Need Some Time Apart". It stated that "I think it would be best for everyone involved if the feds call a 'time-out' and not attend DEF CON this year."<ref>[[Violet Blue|Blue, Violet]]. "[https://www.zdnet.com/article/feds-not-welcome-at-def-con-hacker-conference/ Feds 'not welcome' at DEF CON hacker conference]". [[ZDNet]]. July 11, 2013. Retrieved on July 11, 2013.</ref> This was the first time in the organization's history that it had asked federal authorities not to attend.<ref name="WhitneyDEFFeds" /> Actor [[Will Smith]] visited the convention to study the DEF CON culture for an upcoming movie role.<ref>{{cite web |last=Constantin |first=Lucian |date=2013-08-05 |title=Will Smith makes unexpected appearance at Defcon hacker conference |url=https://www.pcworld.com/article/453202/will-smith-makes-unexpected-appearance-at-defcon-hacker-conference.html |access-date=2024-10-21 |website=[[PCWorld]]}}</ref>
|-
!2016
| On August 4, 2016, DEF CON and [[DARPA]] co-hosted the [[2016 Cyber Grand Challenge]], a first-of-its-kind all-machine hacking tournament. Competing teams had to create a bot capable of handling all aspects of offense and defense with complete autonomy. Seven finalists competed for a US$2M grand prize.<ref name=":1">{{cite web |last=Pellerin |first=Cheryl |title=Three Teams Earn Prizes in DARPA Cyber Grand Challenge |url=https://www.defense.gov/News/News-Stories/Article/Article/906931/three-teams-earn-prizes-in-darpa-cyber-grand-challenge/ |access-date=2024-10-21 |website=[[U.S. Department of Defense]]}}</ref>

The winner of the Cyber Grand Challenge was "Mayhem", an AI created by ForAllSecure of Pittsburgh, Pennsylvania.<ref name=":1" /><ref>{{Cite web|url=https://forallsecure.com/|title=ForAllSecure &#124; Mayhem Security &#124; Application Security|website=ForAllSecure}}</ref> Mayhem then went on to participate in the previously humans-only DEF CON Capture the Flag Contest,<ref>{{cite web|url=https://blog.legitbs.net/2016/09/2016-def-con-ctf-final-scores.html|title=DEF CON Capture the Flag Final Scores|publisher=blog.legitbs.net}}</ref> where it finished in last place, despite pulling ahead of human teams often in a contest for which it was not specifically designed.
|-
!2017
|At the "Voting Machine Village" event, dozens of [[voting machine]]s brought to the conference were breached.<ref>{{cite web |url=https://thehill.com/policy/cybersecurity/344488-hackers-break-into-voting-machines-in-minutes-at-hacking-competition |title=Hackers breach dozens of voting machines brought to conference |author=Joe Uchill |date=July 29, 2017 |website=The Hill |publisher=[[Thehill.com]] |access-date=2 August 2017}}</ref>

In September 2017, the Voting Machine Village produced "[https://defcon.org/images/defcon-25/DEF%20CON%2025%20voting%20village%20report.pdf DEF CON 25 Voting Machine Hacking Village: Report on Cyber Vulnerabilities in US Election Equipment, Databases and Infrastructure]" summarizing its findings. The findings were publicly released at an event sponsored by the [[Atlantic Council]]<ref>{{Cite web|url=https://www.c-span.org/video/?435437-1|title=DEF CON Hacking Warns Voting Machines Vulnerability, Oct 10 2017 {{!}} C-SPAN.org|website=C-SPAN.org|language=en-US|access-date=2017-12-08}}</ref> and the paper went on to win an [[O'Reilly Media|O'Reilly]] Defender Research Award.<ref>{{Cite web|url=https://conferences.oreilly.com/security/sec-ny/public/sv/q/1315|title=O'Reilly Security Conference in NYC 2017 Defender Awards|publisher=conferences.oreilly.com|access-date=2017-12-08}}</ref>

[[Marcus Hutchins]], better known online by his handle [[MalwareTech]], the 23-year-old British security researcher who was credited with stopping the [[WannaCry ransomware attack|WannaCry outbreak]] was arrested by the FBI at the airport preparing to leave the country after attending DEF CON over his alleged involvement with the [[Kronos (malware)|Kronos banking trojan]].<ref>{{cite web|url=https://www.theguardian.com/technology/2017/aug/03/researcher-who-stopped-wannacry-ransomware-detained-in-us|title=Briton who stopped WannaCry attack arrested over separate malware claims|first1=Alex|last1=Hern|first2=Sam|last2=Levin|date=August 4, 2017|work=[[The Guardian]]|issn=0261-3077|access-date=August 11, 2017|language=en-GB}}</ref>
|-
!2018
|In March 2018, the DEF CON Voting Machine Hacking Village was awarded a Cybersecurity Excellence Award.<ref>{{cite tweet|number=971036175514394624|user=VotingVillageDC|title=WOW! Congrats to the @defcon Team, recently honored for its innovative #VotingVillage concept &amp; the continued debat…<!-- full text of tweet that Twitter returned to the bot (excluding links) added by TweetCiteBot. This may be better truncated or may need expanding (TW limits responses to 140 characters) or case changes. --> |date=6 March 2018}}</ref> The award cites both the spurring of a national dialog around securing the US election system and the release of the nation's first cybersecurity election plan.
|-
!2020
|On May 8, 2020, the DEF CON in-person conference itself was cancelled<ref>{{Cite web|title=DEF CON 28 in-person conference is CANCELLED - DEF CON Forums|url=https://forum.defcon.org/node/232005|website=forum.defcon.org|access-date=2020-05-08}}</ref> and virtualized due to [[COVID-19]]. DEF CON Safe Mode<ref>{{Cite web|title= DEF CON Safe Mode archive site|url=https://defcon.org/html/defcon-safemode/dc-safemode-index.html}}</ref> was held August 6–9 online with a full roster of talks, villages, contests and events.
|-
!2024
|On February 4, 2024, Cesar's Entertainment cancelled the contract with DEF CON without warning<ref>{{cite news |last1=Thompson |first1=Ian |title=DEF CON is canceled! No, really this time – but the show will go on |url=https://www.theregister.com/2024/02/07/def_con_canceled/ |access-date=12 September 2024 |work=The Register}}</ref> with speculation that a [[ransomware]] attack<ref>{{cite web |last1=Khaitan |first1=Ashish |title=Caesars Ransomware Attack, MGM Hit Linked To DEFCON? |url=https://thecyberexpress.com/caesars-ransomware-attack-mgm-resorts-defcon/ |access-date=12 September 2024 |date=14 September 2023}}</ref> and bomb scare and subsequent evacuation<ref>{{cite news |last1=Thompson |first1=Ian |title=Bomb scare causes mass evacuation at DEF CON |url=https://www.theregister.com/2023/08/14/def_con_bomb_scare/ |access-date=12 September 2024 |work=The Register}}</ref> in 2023 were in part to blame. The conference was moved to the [[Las Vegas Convention Center]] as a result.
|}