Lecture Notes: Deception and Counter-Deception at DEF CON

Introduction

• Speakers: Tom Cross and Greg Conte
• Focus: Deception and counter-deception
• Historical Context: Early DEF CON days and the internet's societal impacts
  • Early perceptions of internet's promise and peril
  • Concerns about data privacy and control
  • Internet's reality vs. initial expectations

Themes and Concepts

Human Nature and Deception

• Internet as a "massive deception engine"
• Funhouse Mirror Business: Seeking validation over knowledge
• False narratives prevalent at multiple levels (social media, phishing, malware)
• Difficulty in trusting digital information

Importance of Engaging with the Internet

• Current DEF CON theme: Improvement and engagement with the internet
• Role of hackers in identifying and combating deception

Speaker Backgrounds

Tom Cross

• DEF CON veteran
• InfoSec career
• Projects like FeedSeer for Mastodon

Greg Conte

• Cybersecurity educator
• Background with West Point, NSA, US Cyber Command

Key Points of the Talk

Military Insights on Deception

• Deception as a historical tactic
• Importance of understanding offensive deception for defensive countermeasures
• Deception principles are applicable beyond military contexts

Deception Examples

• Historical: Trojan horse, Civil War tactics
• Modern: Fake cannons, Cuban Missile Crisis, Gulf War, Russia-Ukraine conflict
• Targets: Humans, code, AI

Deception Principles

Principles and Methods

• Magruder's Principle: Easier to reinforce existing beliefs than change them
• Exploitation of Sensing Limits: Human and machine sensory exploitation
• Jones's Dilemma: Quantity of false vs. true narratives
• Careful Sequencing: Tell a story through pieced-together evidence

Counter-Deception Strategies

• Intelligence Collection: Monitoring adversaries
• Disruption: Interfering with deceptive capabilities
• Analytic Processes: Critical analysis of deception
• Deterrence: Demonstrating ineffectiveness of deception

Analytic Processes and Human Bias

• Devil's Advocacy: Questioning beliefs and evidence
• Biases: Selection and confirmation bias
• Mental Discipline: Overcoming intuition and assumptions
• Spidey Sense: Intuition to detect deception

Methods to Prevent Deception

• Multiple sensor deployment for cross-verification
• Disruption of deceptive asset husbanding
• Feedback monitoring
• Pre-bunking false narratives

Future Directions

Tool Development

• Triangulation of Information: Tools for validating narratives
• Curating Expert Networks: Machine-readable expert endorsements
• LLMs and Biases: Structured data creation and verification

Educational Approaches

• Media Literacy: Emphasizing critical thinking
• Educational Resources: Programs like Media Literacy Now

Conclusion

• Encouragement for DEF CON community to innovate solutions
• Call to Action: Inspire attendees to tackle deception issues
• Open invitation for discussion and collaboration with the speakers

Contact Information:

• Tom and Greg's emails provided for further inquiries and collaboration opportunities.
• Encouraged to discuss post-session.

References & Resources

• Mention of various resources and frameworks like disarm framework and misinformation village, which provide further learning and development opportunities.