🕵️

Understanding Deception at DEF CON

Nov 19, 2024

Lecture Notes: Deception and Counter-Deception at DEF CON

Introduction

  • Speakers: Tom Cross and Greg Conte
  • Focus: Deception and counter-deception
  • Historical Context: Early DEF CON days and the internet's societal impacts
    • Early perceptions of internet's promise and peril
    • Concerns about data privacy and control
    • Internet's reality vs. initial expectations

Themes and Concepts

Human Nature and Deception

  • Internet as a "massive deception engine"
  • Funhouse Mirror Business: Seeking validation over knowledge
  • False narratives prevalent at multiple levels (social media, phishing, malware)
  • Difficulty in trusting digital information

Importance of Engaging with the Internet

  • Current DEF CON theme: Improvement and engagement with the internet
  • Role of hackers in identifying and combating deception

Speaker Backgrounds

Tom Cross

  • DEF CON veteran
  • InfoSec career
  • Projects like FeedSeer for Mastodon

Greg Conte

  • Cybersecurity educator
  • Background with West Point, NSA, US Cyber Command

Key Points of the Talk

Military Insights on Deception

  • Deception as a historical tactic
  • Importance of understanding offensive deception for defensive countermeasures
  • Deception principles are applicable beyond military contexts

Deception Examples

  • Historical: Trojan horse, Civil War tactics
  • Modern: Fake cannons, Cuban Missile Crisis, Gulf War, Russia-Ukraine conflict
  • Targets: Humans, code, AI

Deception Principles

Principles and Methods

  • Magruder's Principle: Easier to reinforce existing beliefs than change them
  • Exploitation of Sensing Limits: Human and machine sensory exploitation
  • Jones's Dilemma: Quantity of false vs. true narratives
  • Careful Sequencing: Tell a story through pieced-together evidence

Counter-Deception Strategies

  • Intelligence Collection: Monitoring adversaries
  • Disruption: Interfering with deceptive capabilities
  • Analytic Processes: Critical analysis of deception
  • Deterrence: Demonstrating ineffectiveness of deception

Analytic Processes and Human Bias

  • Devil's Advocacy: Questioning beliefs and evidence
  • Biases: Selection and confirmation bias
  • Mental Discipline: Overcoming intuition and assumptions
  • Spidey Sense: Intuition to detect deception

Methods to Prevent Deception

  • Multiple sensor deployment for cross-verification
  • Disruption of deceptive asset husbanding
  • Feedback monitoring
  • Pre-bunking false narratives

Future Directions

Tool Development

  • Triangulation of Information: Tools for validating narratives
  • Curating Expert Networks: Machine-readable expert endorsements
  • LLMs and Biases: Structured data creation and verification

Educational Approaches

  • Media Literacy: Emphasizing critical thinking
  • Educational Resources: Programs like Media Literacy Now

Conclusion

  • Encouragement for DEF CON community to innovate solutions
  • Call to Action: Inspire attendees to tackle deception issues
  • Open invitation for discussion and collaboration with the speakers

Contact Information:

  • Tom and Greg's emails provided for further inquiries and collaboration opportunities.
  • Encouraged to discuss post-session.

References & Resources

  • Mention of various resources and frameworks like disarm framework and misinformation village, which provide further learning and development opportunities.

Full transcript