I was attending a conference this spring, listening to various presentations, and hearing some speakers drone on about Jericho like he'd saved a million baby humpback fucking whales. That took Jericho from the dank, recessed and dimly lit long-term storage area of my brain into short-term memory, which is less dank and dimly lit, and more like an awesome rainbow painted room with strobe lights and constant orgies. Anyway, the more talks I attended, the more I realized that I'd heard pretty much everything said at this conference at a previous conference (DEF CON 24), less than a year earlier.
That's when I texted Jericho to tell him how I'd witnessed his name being used like a FleshLight, and also bitch about how shit never changes. He mentioned he was on the DEF CON CFP Review board (in addition to how much he misses my scent) in our brief exchange. , It all came together. Pieces of my brain that had been dormant suddenly came to life, like that lawn mower that you swear won't start on the first pull come spring, but somehow always does (with a plume of black smoke that probably leads to cancer in a few decades, admittedly.)
"So you review every CFP?", I remember writing. He confirmed. And so it began.
Everything I heard at this particular con, and every other con recently, was either about the "Internet of Things", "Ransomware", "Russia", "Machine Learning", with the requisite animal pictures thrown in for good measure, and the obligatory user shaming tossed in for color.
I decided to write a DEF CON CFP submission. It was titled: "The Internet of Ransom Pet-Fuckery". I went to work almost immediately. Once I had a rough draft, I reached out to my friend and oft-partner in crime, Dr. Larry P. Yger (or Lyger as you know him) to see if he had an interest in assisting me with this endeavor. A few hours later, we were hard at work drafting this detailed proposal to submit to the DEF CON review board.
Watching Dr. Larry work is part mesmerizing, part disturbing, and part arousing, not unlike dangling your privates above a whirling Vitamix on maximum while listening to a loop of the Bee Gees for 30 minutes straight. He is a master craftsman, of course, and when he and I get into something, beautiful things happen, so much so as to sincerely hypothesize that he and I were to somehow breed (picture it... burn that into your brain... you're welcome), the offspring would either make or break this world, but I digress.
The saddest part of this account is that we were chatting during the process in Google docs chat, which unbeknownst to me at the time does not persist, so our witty banter during the crafting of our CFP is lost to all but the fucking NSA (and probably Russia).
The intent: make Jericho uncomfortable with a glorious troll submission that subtly or not-so-subtly outs the authors as attrition.org staffers.
Here is the final version of the CFP submission for your enjoyment:
To: talks_defcon.org
Subject: DEF CON 25 CFP submission
PRESENTATION INFORMATION
Date of Submission: 4/28/2017
Presentation Title: Still talking about Ransomware and IoT? Lame. The Future: The Internet of Ransom-Pet-Fuckery.
Is there a demonstration? Yes
Is there audience participation? No
Are you releasing a new tool? No
Are you releasing a new exploit? HELL Yes!!
Are there any contingencies that might prevent releasing the exploit (e.g. vendor relationships)? Pfff huh? No.
If you are releasing vulnerabilities, clearly break them down and abstract as a vulnerability database would. Include the vendor(s), product(s), and version(s) affected. The vulnerabilities we are releasing are in our, pff no, YOUR failure to see what's right in front of you.
Length of presentation? 45 minutes of mind-blowing content.
Are you currently submitting this topic to any other conferences held prior to DEF CON 25? Might shop this shit around but we're not 100% sure yet.
Are you submitting to Black Hat USA? That shit-show? Fuck no, the guy who started that shit is an ass.
Are you submitting to BSidesLV? WHO? WTF? Grow up. This is big-time shit right here.
Is your ability or willingness to speak predicated on your talk being accepted at Black Hat USA? WTF is "predicated", we don't talk about that, that's personal. Fuck them.
Abstract: Yeah, you've gone cuckoo for Ransomware, and gaga for IoT, but your head is in the sand. That shit is so yesterday. Today -- things get real, and you needn't look far to see it - you trust it so bad it hurts, and boy will it. Lube yourself up, Planet Earth, shit's about to get real: The Internet of Ransom-Pet-Fuckery is upon us, and there's no laser or suppository that'll tighten your shit up after this.
Speaker Bio(s):
Dr. Larry Yger, LLP, MP, A2M, BBC. Presently Head Recruiter at an unnamed online dating site. "Head Recruiter"... get it?.
Dee Dee Winters. Alumnus at some website that starts with an A, ends with a .org, and where people don't play well with others. Period. I'm "retired", which means my shit is practically vestigial, but it also means I'm crabby, unsatisfied, and ready to BLOW...YOUR...MIND.
Detailed Outline:
We begin by walking through the storied history of ransomware -- like how that shit started before Jay-Z...not JC, although maybe him too, and how it came to a serious high point with Liam Neeson's multiple blockbusters, and then just sort of got weird when I had to pay a ransom to get my dick-pic collection back from that Romanian cockbag who wanted the Bitdollars or whatever the fuck. Whatever, it was worth it.
Then we go into how the Internet of Things (IoT) is AMAZING, with shit like my Fitbit bubbling up because I swear Putin is using it to molest me, to my WiFi blueteeth door lock and shit.
Now we have a connection with people -- because everyone loves the blueteeth and has probably paid some Romanian fuckhead for their dick-pics or whatever. Right? Right.
So we USE that connection to BLOW THEIR DICK^H^H^H^HMINDS.
Now we walk through the scenario, slowly, patiently, even gently because we know you have to be gentle. You have to be. Want the rough stuff? No... no, you don't want the rough stuff... GENTLE. Smoooth. Like a fucking TED talk. And we're not talking about the movie with Wahlberg and the stuffed animal, although that shit was the BOMB. Funny as hell. We digress. Go buy a copy.
BAM. Slide. Picture of a dog.
BAM. Slide. Picture of Mr. Robot in a hoodie (YEAH BABY).
BAM. Slide. (all the while...silence from us...minds are exploding) Pictures of random nudity flash real fast on the screen all subliminally... THEN... the chip.
The computer chip, that the hacker puts in a juicy steak and leaves on the lawn. Then... I let the dog out. (INSERT RANDOM WHOLETTHEDOGSOUT JOKE -- (totally off-the-cuff I won't rehearse that so much better ala DONALD J. TRUMP #MAGA!@)).
BAM. Slide. Dog eating steak with chip embedded.
Then BAM. Slide. Dog orgy in my living room (Don't have this slide, not sure how I'm gonna do it but I can hire peeps if this talk gets picked I guess).
Then, we slow it down. Real. Slow. Snaaaaails pace. Now we start to work it. Like a surgeon, cuttin' for the very first time. Audience needs time to piece it together. Minds are BLOWN. WTF? What's with the dog orgy?
Now, we walk them through what they clearly have missed:
Russians visit house, put chip in steak, dog eats steak. Chip makes neural connection with dog, chip logs into WiFi because it takes password from dog's memory, because you KNOW your dog knows your WiFi password, right? You told Auntie fucking Edna, and she told your inbred cousins, and your dog was there the whole time, dumbass. She knows EVERYTHING (your dog, not Auntie Edna), but because she hasn't got opposable thumbs she hasn't hacked your shit sooner. But now? Fuck that, she and the Russians now have full access to your shit.
It starts subtly... you come home, and fucking Animal Planet is playing on your appleTV. Huh? You change it, but it changes back, right away. WTF? You call support, they like..."dude we swamped with this same problem, it is being looked into". Dog looks at you funny... like funny haha, not funny peculiar. You still don't get it.
Next thing you know, your dog is on the Facebook, friends with other dogs on the Facebook, and YOUR house becomes a big fucking canine key-party. You get home from work and WHOA SHIT WTF, massive doggy orgy, middle of your living room floor, yo. That blueteeth lock was hackz0red by a poodle with a chip lodged in its shit 3 miles away.
Whatever, right? Then your phone buzzes, and again, and again, and BAM, your Tinder is going crazy with dogs all over your hood swiping right on your ass. Some like it hot, and some sweat when the heat is on.
Before you know it, they've cashed out your 401k, hacked your Amazon Prime and you're swimming in doggy-bacon treats from the two-day delivery, because fucking bacon is interspecies awesome (and you know that).
Don't have a dog? Whatever. The Chinese know this, and your cat is on the list too. So is your goat, because them shits are agile AND sexy. You're not getting around this. Back to cats.
BAM. SLIDE SHOWING CAT IN NINJA COSTUME (again, don't have this yet, but will...if accepted)
BAM. ALTERNATE SLIDE:
That's Night, evil cat h4x0r. He would have been part of the Keebler Elves back in the day, but he's only 7 and not too bright. He still has his own email address though, so whatevs.
Before you know it, we've lost billions, and our pets are social networking. And you don't want your cat social networking (see above). It already wants you dead, but with a crew? YOU...ARE...DONE.
BAM. Slide with a gravestone with "[INSERT YOUR NAME RIGHT HERE] on it
BAM. Slide with a mushroom cloud. Kim Jung WTF has nothing on this shit.
BAM. BLACK EMPTY SLIDE. After 6.708 seconds (the square root of 5 multiplied by 3, calculated for maximum effect), huge words in white font pop up one at a time: WE DIE YOUNG.
Silence...another 6.708 seconds...we drop the mic...E...O...FING-F.
NOW OPEN FOR Q&A, WILL TAKE ALL COMERS.
SPECIAL REQUESTS
4 large format bottles of Evian.
2-YES TWO handheld mics, preferably Shure 57s.
1 bottle of 21 year Balvenie with appropriate glassware bought here: http://tinyurl.com/2fcpre6
1 Puppy, any breed but under 10 lbs. because Larry has a bad back.
Jericho realized what we'd done pretty quick-like, and the rest of the CFP board followed suit in a hurry. A week passed, so we decided to make a cheesy trailer video and submit it to the review board with this email on May 5th:
From: d2d_protonmail.com To: nikita_defcon.org Subject: Re: DEF CON 25 CFP submission Where's my acceptance letter? Trailer vid in case you aren't sold: https://vimeo.com/216177156 Love, d2d
Here's an embed of the trailer for your giggles:
Which spurred this exchange:
From: nikita_defcon.org To: d2d_protonmail.com Subject: Re: DEF CON 25 CFP submission Pray tell would you be submitting this to Sundance under the "groundbreaking independent documentary" category? Such an informative trailer, If I were Ken burns It would certainly be shaking in my (cyber-shot steady cam mounted) boots. Acceptance letters are sent by a fairly unreliable pigeon carrier. We don't start feeding them until June 1st, a good 5 out of 6 of those flying rats decide to revolt and run off instead, as a result we call the remaining letters "limited edition". I'd expect to hear SOMETHING by then. With warm regards, Nikita
From: d2d_protonmail.com To: nikita_defcon.org Subject: Re: DEF CON 25 CFP submission I told you...BIG LEAGUE. Sundance? Pfffff. Oscars. Nothing less. Defcon or bust. Add a bowl browns M&M's for my patience. KTHX. LOVE, Dee Dee P.S. Dr. Larry Yger says 'heyyyy' P.P.S. Pigeon revolts are rare but historically indicative of societal disfunction and/or extreme climate change.
As well as this CFP feedback request exchange:
To: d2d_protonmail.com
Subject: Re: DEF CON 25 CFP submission
A member on the review board has some feedback on your submission, they'd like your response before they make their vote.
"Chip makes neural connection with dog, chip logs into WiFi because it takes password from dog's memory, because you KNOW your dog knows your WiFi password, right?"
"The meat of this talk is centered around extracting wifi credentials from a canine. Can they expand on this technique? This could be a great primer into the field, and provides something new and novel in an entertaining format. "
Thanks,
Nikita
To: nikita_defcon.org
Subject: Re: DEF CON 25 CFP submission
Thank you for the thoughtful and relevant questions. After consulting with thought-leaders (ourselves), we have derived the following response:
Following general guidelines for the safe and ethical treatment of animals (and by the way, saying "the meat of this talk" is HAHA funny given the abstract), there would be no chemical extraction used by the chip, which would clearly have to be battery-charged. The chip would extract visual and aural memories from the ANIMAL's (not specifically canine) brain, in a way similar to but not patented by the *glorious* Robin Williams movie "The Final Cut" (this is where the innovation comes in, and the technique would be used by potentially malicious state actors and not for private gain -- oh and don't get confused, we're talking MOVIE, not Floyd, keep up!).
Given the time from ingestion to elimination, 24 hours would be enough time to non-invasively invade (wait, WHAT?) the animal's brain, extract the memories, and transmit them back to the Command and Control center where next-gen analysis and machina-learning evasion would occur. Since this could be considered to be a race condition (like...the original race condition, pre-next-gen if you will), shit literally happens - animals may not understand this, but most humans over the age of 45 probably do (or consumers of Fiery Doritos Locos Tacos...you feel me). Once the extraction is complete, YOU ARE FUCKED. And pwn3d. And whatever you kids call it these days.
But the fun isn't over just yet. Russians know biology, so prior to final elimination, grapple deploys from cylindrical casing of chip, firmly (but not painfully) lodging into animal's colon ensuring an advanced persistent threat. An industrial lubricant deploys from a bursa-like sac within casing to minimize any adverse symptoms of having this thing lodged "up-in-there", as we're fond of saying. Defense-in-depth ain't got shit on that lube.
A few variants in the device are introduced to account for different power availability. One charges itself kinetically, say, during a dog walking session. Another variant is charged via thermal energy, say, for a cat nap, but ultimately most of the process takes place in the first 24 hours anyways (pre-poopage) -- additional time spent "online" is, well, gravy. So to speak. #nuggs
The fundamentals are illustrated in the attached animated GIF.
To: d2d_protonmail.com
Subject: Re: DEF CON 25 CFP submission
Thank you for that thoughtful, detailed, and animated response. I will let you know if the board has any more questions, I sincerely hope that your talk is accepted.
Nikita
We had already begun work on the sequel, which was finalized and submitted on May 9th in this email:
To: nikita_defcon.org
Subject: Re: DEF CON 25 CFP submission
Dear Nikita,
We now bring you: "Defcon Trailer 2 - Trousers - We Die Young".
Inspired by extensive readings of GLBA, The HIPAA Privacy Rule, FISMA, and ISACA. The latter being my favorite, not because it's all that applicable (nor is it something you read), but I just love the way it rolls off Lyger's tongue. EYE-SACK-A.
Feel free to tweet out, you know, if you need more attendees. #NoShaveTilDefcon
https://vimeo.com/216761211
Trailer 2 - May 8th
She did end up tweeting it out, too:
And then...we went nuts, and made these additional trailers, one a week or every few days:
Trailer III - May 16th
Trailer IV - May 25th
Trailer V - May 26th
Lyger and I could probably save real lives, and find solutions to real problems like hunger, poverty, and disease in this world, but somehow our combined energy usually focuses on shit like this filth. I wouldn't have it any other way.
Somewhere along the way, we realized that our troll was actually under consideration for a real slot at Con. Jericho was giving us little tidbits of information, but "Mr. Integrity" was being rather tight-lipped (he's that way in bed too, tight like a fucking bow string), and divulging only obscure and redacted references. For example, we know someone called us "hardened veteran professional trolls". I still beam with pride when I relive that moment. Whoever you are, we've been called a lot of things, but that's right up there on my mental pedestal of achievements with being called "deeply and profoundly disturbed" from my third shrink back in '99, or Lyger being called an "Anal Minotaur Prince" (whatever the fuck that means).
We began making plans to actually give the talk. We had even begun planning and scripting a prepared "Bio" piece. It went through two iterations, the first describing our chance encounter meeting in a Thai prison, and the second, a slightly less prostitution-oriented skit about Las Vegas. I even ordered a sensory deprivation mask to film it (and... maybe because I've always wanted one.) The format was to be ala Charlie Murphy and Rick James from the infamous "Brother Darkness" skit from The Chapelle Show
At a certain point we conferenced with a veterinarian to get their perspective on our research in terms of animal welfare and whatnot. Here's the transcript of that discussion:
Attrition: Thank you for your time today Doctor. Let's get right to it. What would the ramifications be if, say, a pet... like a dog or a cat, maybe a guinea pig, maybe a bird... ate or ingested some food with an electronic chip in it?
Veterinarian: (confused) What do you mean...
Attrition: OK... for instance... let's assume a dog could eat maybe a pound of ground beef. Even the small ones, they just hog it back, you know, right? All NOMNOMNOM... there's a little "thing" in it, they don't know, they don't care, they're just all NOMNOMNOM, wait, what's this... NOM, gulp. How bad would that be?
Veterinarian: Well, how big is the chip or "thing"? Different animals have different digestive tracts, so that would be a key issue...
Attrition: Just a... "thing". You know...
Veterinarian: Not really... what are you asking?
Attrition: If an animal... eats a little metal-maybe-silicony-thing in some regular food, what's the potential impact on... them?
Veterinarian: ........ If it doesn't obstruct anything in the esophagus, stomach, intestine, or colon, it would probably go through a regular digestive process... wait... why are you asking this again?
Attrition: We are DEFINITELY not talking about hurting an animal in any way here. PETA would put a horse's head in our bed.... SORRY, BAD JOKE. But if that were to happen, with the "thingy", you know... is there anything that would help prevent any discomfort during the.... process?
Veterinarian: Well, it would be better if they didn't swallow it at all!
Attrition: OK, right... but this is just hypothetical. IF they did... would anything make it...... easier?
Veterinarian: *sigh* If that happened, it would... probably... help... if whatever "thing" they ingested had some type of... soft outer coating, I guess. Like around a pill. That would help smooth the transition through the digestive tract and hopefully minimize any... discomfort.
Attrition: OK, so like a NyQuil gel cap, without the narcotics?
Veterinarian: ....... something like that, perhaps. I can't say for sure.
Attrition: Inside of the coating, and around the "thingy"... would anything else...
Veterinarian: I really don't understand this...
Attrition: Please, Doctor, they're just questions. Curiosity only . During the... um... "digestive process", if the outer layer broke down... would any type of inner layer serve as... maybe... "defense-in depth"?
Veterinarian: Can you explain what that means please...
Attrition: We'll get back to that...what about if it had an antenna like this (held up wifi antenna) sticking out of it, would that be ok?
Veterinarian: ...probably not!
Attrition: OK back to the "defense-in-depth"... Assuming the "thingy" is in another "thingy", which is soft and "gel-ish", should there be something between the one thingy and the other thingy that, like, cushions the thingys from each other?
Veterinarian: [blank stare]
Attrition: Work with me here. Thing. Outer thing. Something between the thing and the outer layer thing (draws concept on napkin with a Sharpie). What could the middle thing be?
Veterinarian: ....gelatins are used in some medicines, possibly glucose-based, I'd have to...
Attrition: What about AstroGlide?
Veterinarian: ... what ...
Attrition: AstroGlide. It's supposed to be non-toxic, no reported side-effects, and millions of humans have had it in their asses with no reported deaths. Would that be an option?
Veterinarian: [open mouth shock face....]
(uncomfortable silence)
Attrition: So............ is that a "maybe"?
We began discussing the logistics of actually getting to Las Vegas. Truth was, Lyger has 6 kids out of wedlock that all reside with him (hey, he's a responsible, albeit selectively practicing Catholic), and for my part, I have anxiety about flying because of my detachable penis. These factors, combined with other pre-established obligations and the fact that we never really intended to give this talk, made this potential trip a bit problematic for both of us. Still, we hadn't ruled it out and were actively preparing for giving the talk.
The date when most were notified of being accepted or declined came and went... and went. But then, something miraculous happened.
We received a call from Rahiv over at the Indian Plumbers Conference. They'd gotten wind of our talk... err, no. Truth was, at this point, we had assumed that the tides had turned, and that we were being trolled by the CFP review board. We decided to produce one last video. It was grueling, actually, partly because it was long, and partly because the song was technically difficult to time, and partly because Lyger is a fucking brutal stickler for, well, everything (he didn't become known as the "Anal Minotaur Prince" for nothing). I'd be remiss if I omitted that part of the difficulty was the fact that we were declining a slot at Con for an outright troll talk. Here's the video:
We had just finished making the video, and composing the email to send to Nikita when Jericho messaged us saying we'd been accepted and given a time slot. A good time slot. Fuck.
We reconvened and decided to decline prior to receiving "official" word, and fired off the email.
In the end, I'm not entirely sure who was more disappointed: the review board, or us? This talk may have been the "one that got away", like that flame you had in high school who just NEEDED to give oral. Question is, were we the flame? Or was DEF CON the flame? Maybe we both are the flame... one hot, unending sixty-nine of deep, moist... err, again it seems I've gone a bit off course.
We never intended to give the talk in the first place, but when the unthinkable happened, and the talk was actually under consideration, we gave it A LOT of consideration ourselves. There's a lot more to this story. Surely the CFP review board has their own interesting take on events. This is our take, and we're not done with our take just yet. We're actively preparing for the Indian Plumbers Conference, and we're gonna kick its fucking ass this fall. Then we're going to submit new research to more conferences, and maybe next time, they won't drag their fucking feet so long in responding, and maybe they'll pay for our damned flights like the fucking plumbers will.
Until next time,
Dee Dee Winters & Dr. Larry P. Yger
