Skip to main content

A Newbie's Introduction to DEFCON

Lock picking draws a crowd

One thing that surprised me at DEFCON was the lock picking talks and competition. I hadn't thought about the usefulness of lock-picking to a hacker. But the speakers pointed out that while being able to break into someone's computer over the Internet is fine, you can do a lot more damage if you can actually gain physical access to a system.

An interesting story was how one lock company made a popular lock that a lock picker found a flaw in and told the company about it. Instead of trying to sue the picker or cover up the flaw, the company designed a new core for the lock and released it - much like a software company would release a patch. This story once again showed the value of hacking, uh, "flaw exposure", as a means toward the goal of higher security. Along with lock picking were also discussions on safe cracking.

Even though these discussions were about breaking into things, they stressed the importance of using these tools to make better designs. Speakers also stressed that they do not promote use of the information they provided for illegal activities of any kind. Some even pursue these activities as a hobby, which was demonstrated during the lock picking contest.

The contest had about seventy contestants in all, with only three of those contestants making it to the second round. The event organizer said that last year, locks were being picked after five or six seconds, causing him to go through dozens of locks. So this year, he decided to step up the level of difficulty, but didn't realize just how big a step he made.

Figure 4: Gandalf wins the lockpicking contest

For the first round, competitors had ten minutes to pick a lock. The people who did it successfully completed the challenge in around three minutes. For the second and final round, the winner - a picker by the handle Gandalf (Figure 4) - picked the lock in about six seconds. The other two competitors continued their battle for over an hour until second place was decided. Not only were there a lot of contestants for the lock picking contest, but the turnout for people watching the contests and the talks was huge, with the Parthenon Ballroom packed with attendees.

The vendors selling lock picking supplies also sold out of all their merchandise. Lock picking was definitely popular and people are very interested in a hobby that they can afford and get into with a low degree of difficulty to start. It is also one of the few things at DEFCON that didn't use a lot of technical jargon, in addition to being a fun activity to participate in.