Welcome To Def Con — You've Already Been Hacked

What happens when a civilian shows up at the world's longest-running hacker conference? One victim shares her story.

The first rule of Def Con, the conference attended by some of the world's most talented hackers, Black Hat and all: Don't use the Wi-Fi.

Just ask this woman. Her email and partial password were projected on a wall along with those of dozens of other unsuspecting victims. Adding hacked passwords to the so-called "Wall of Sheep," aka the wall of shame, is one of the conference's weirder traditions. The organizers offer one-on-one tutorials to victims, but none came forward.

We emailed a bunch of emails on the wall. This 28-year-old graphic designer from Utah agreed to tell her story on the condition that we preserve her anonymity — or what remains of it.

I went in honor of someone who normally keeps me from doing stuff like connecting to Wi-Fi at Def Con. But he wasn't there this time. It's been one of those crappy years.

I heard that I was on the Wall when I got your email. I had no idea. I was like, "Oh shit, shit, shit. I need to call some of my hacker friends to make sure I cover my tracks."

I was with a hacker for 10 years, so I could ask his friends. I called a few and said, "Don't judge me, but I just found out I was on the Wall of Sheep." They said, "Uh-oh. Yeah. You might want to change all your passwords and security features. Don't do that again." They said, "You should have known better."

There are black hats out there who will steal from you, but the main purpose [of the Wall] is for fun, and so that people can gain awareness of what is going on and how easy it is to get corrupted, and [so that they] learn to watch their backs. I haven't seen anything too terrible.

It doesn't look like anything got out of hand that I can't handle, but it's just embarrassing. It's the one mistake you don't make. I'm not in the industry. I can at least blame that.

I went into it like, "turn it all off," but I think it [happened on] the first night when I went to my hotel and went on to the hotel's Wi-Fi. Then I went back [to the conference] the next day and hadn't turned the setting off. It was only on for a few hours. It was Vegas, and I wasn't completely coherent all of the time, which is why I didn't remember.

I just kept it off the rest of the trip. Most people I know don't turn on their phones the entire time they are down there. Some have been hacking since they were 14 or younger and work in the industry; they know this stuff a little better. Some bring laptops that can easily be corrupted so they can see how it was done.

At past Def Cons, I didn't really have to worry about it, because someone else was always there to take care of it. When we would get close, he'd say turn stuff off, don't let any of your wireless devices accept any open Wi-Fi or anything. Turn off Bluetooth, anything that connects to you. So I had someone watching out for me before, but since this was my first one on my own, I didn't take precautions.

I got my alert on my cell phone [saying] that I was using too much data. I knew something wasn't right, so I started making changes when I could. I left on Saturday, so I spent most of that night and the next day cleaning up my accounts that may be associated. I totally got owned. It's just such a rookie mistake.

But I had a good time. It's always a good time. As long as you remember most of it. Or maybe you don't want to remember. It just kicks your ass. But once a year? It isn't the worst thing for your liver.

Skip to footer