When DEF CON partners with the U.S. Army
305 comments
·August 13, 2025sylens
px43
This was my 23rd DEFCON, and was just as counterculture as it was decades ago if you know where to go, and don't get distracted by the big pretty signs. DEFCON has always been about feds, policymakers, corpos, kids, and straight up black hat criminals partying together and shaping the future of infosec.
The author of the article decided to wander down the Military Industrial Complex track, and seems to be complaining that it had too much Army stuff. I didn't see any of that this year, because that's not what interests me. I met up with a large number of cipherpunks and activists that I don't get to see very often, and had some extremly productive conversations regarding various projects we're working on for the next year.
jvanderbot
I'd love to go to defcon, but I fear it'll end up like every other conference I go to: wandering around, watching a few talks, ending up at a few semi-boring cocktail hours, etc. Maybe I'm that anti-cool enough to get auto-filtered?
I joined a local discord / defcon chapter, and it was mostly reminiscing about the good old days and most people saying they weren't going this year.
jszymborski
I went maybe 7 years back as an undergrad doing a biochemistry degree and met plenty of cool people both on the con floor and at random parties.
People were generally super friendly and willing to hang and chat.
busterarm
Find a village or contest that matches your interests, spend the whole weekend there and you will have an incredible experience.
busterarm
As a longtime attendee myself, this is absolutely true.
Also, DEFCON and DT specifically have not shifted anywhere. A large demographic of attendees shifted hard to the left, mirroring our culture in general. They are also not "counterculture" as these are mainstream/televised points of view.
I had to stop dealing with certain parts/people of DEFCON and infosec in general because of this intense noise. That's not pegging myself as being on the right, it's just that my DEFCON experience has always been about expanding my worldview and fun... this very loud and influential group isn't about either of those things.
BLKNSLVR
From what I see and hear, the US is moving to the left in a similar way to gravity lifting objects from the ground.
As far as I can tell both sides have their intensely loud groups, but only noticing one means you're closer (by varying degrees) to the other. And that's OK, but slightly less OK if you're not aware of it.
sitzkrieg
been going since forever but dont tell anyone that asks. cant stand it anymore
StefanBatory
If you don't mind, I have a genuine question. (as in, I'm not looking for a fight and I won't comment furthermore even if I can't agree.)
But genuinely, what do you define by saying that American culture has shifted hard to the left and what do you define by left.
I am really not looking into fight, but that's not a take I've heard often and I want to hear you out.
protocolture
>A large demographic of attendees shifted hard to the left, mirroring our culture in general.
I had always identified hacker culture as principally left. Maybe the US is specifically different.
msgodel
Yeah that's the thing about counterculture, eventually large portions of it end up mainstream culture so if you like being contrarian you have to constantly be on the move.
mattmanser
No where else in the world would describe anything in American politics as going hard left.
All of your politics and news has been swinging hard right for over a decade.
iwontberude
Feds and criminals coming together is the point for many clandestine operations
Scrounger
> Feds and criminals
How does one tell the difference?
Palomides
"it's counterculture if you ignore all the military/mass surveillance stuff" doesn't strike me as a strong defense
giantg2
If that's your mindset, the internet must be similarly disappointing to you. In either domain, you can select where you want to go and what you want to do.
tucnak
Kool-Aid man lives in the world of corporate logos...
lucasRW
Yeah... shots of water is as "counter-culture" as it gets...
tedivm
Once they scared off the people running the Sky Talks, which were always awesome, and messed with groups like the lockpicking folks ability to fundraise, I think the idea of it being a hacker con really died and it turned into just another corporate convention.
px43
Skytalks happened this year and was better attended than ever. Getting a seat was extremely competitive, people lined up for several hours for a single talk token. I would have loved to go to some, but unfortunately there was a ton of other stuff I wanted to see so I didn't have time to stand in line.
They were a side conference to a side conference, but the structure let them run things the way they wanted, which is important.
nebula8804
Scared them off? Is there any documentation of that? My understanding is that the split was amicable. SkyTalks has immunocompromised people on staff and they chose to voluntarily leave defcon because they wanted to continue masking mandates while Defcon did not. Bsides welcomed them with support in their conference(helping with Token Drops and scheduling) and Skytalks occupies a space that is physically separated from Bsides(as in a different hotel on its top floor).
SkyTalks are as awesome as they always were, I'd argue its even better since now you dont have to sacrifice other things at defcon to see skytalks. You can now have dedicated time for skytalks.
jayess
That Skytalks still requires masking is absurd. I saw the organizers at DEFCON walking around with no masks. The last skytalks at DEFCON a couple of years ago was pretty bad anyways, really disappointing.
ghostpepper
what happened with the lock pick village?
tedivm
From my understanding they were told they were no longer allowed to fundraise in the village, which meant they could not afford to continue coming.
busterarm
Nothing DEFCON-related that I know of. A few years back TOOOL's co-founder resigned and (unrelated) they were defrauded & had 20k stolen from them, but neither of those had to do with DEFCON.
tptacek
I was at Defcon in the 1990s and it was never a counterculture conference. It has always been Nerd Spring Break Daytona Beach.
prettyblocks
Felt like counter culture to me when I went to my first one (DC11). I remember punk kids selling manuals and lineman sets they stole out of the back of telco trucks outside the entrance of Alexis Park.
ferguess_k
Would CCC and Recon be better? TBH I never understand why people (not companies) need to go to Vegas. It's expensive, corrupting and hot during the summers. Montreal is a much affordable place.
ecshafer
Vegas (and Orlando) are probably the two cheapest places to travel to in North America. Hotels and flights are both plentiful and cheap. Before Covid you could get like $60 a night hotels on the strip and $150 flights.
ferguess_k
Ah I don't about know about that, thought it is extra expensive. Guess summer is actually the low season due to weather?
bluedino
You still can, depends on where you go and where you stay. I'm seeing $300 for two nights and round trip flights from the other side of the USA right now if you don't mind staying at the Flamingo, Luxor, or Linq. Add $50 for something like Park MGM or Paris.
__alexander
CCC would be better but REcon is kind of niche because it’s focus is reverse engineering and not “hacking”in general.
aakkaakk
CCC still have this crazy way of selling tickets, where you cannot know more than month in advance if you will be able to get a ticket, i.e. impossible to book hotel/flight that late.
tptacek
REcon is as much an exploit developer conference as it is a reversing conference.
tptacek
CCC is just Euro-Defcon. It's fine if you prefer Europe over Vegas (understandable!) or winter to summer, but otherwise: it's the same thing.
wkat4242
Yeah and CCC is in one of the most expensive seasons (between Christmas and New year) in the most expensive country in Europe.
I've considered going there once or twice but the hotels were ridiculously expensive. It was around €200-250 a night, for me that's way too much. And the travel on top of that (i don't drive and live in southern Europe so I make less than most Germans). And I'm too old for shared room hostels. Here in Spain I can get a 4* hotel for 70€ most of the time.
It's a bit similar to DefCon in that sense. Except that it's held in real cities and not a casino resort.
rsynnott
I mean, you wouldn't catch the CCC partnering with the German army.
sugarpimpdorsey
Something something discreet hookers and a company credit card.
ferguess_k
I thought they are more into techs.
zevon
Congress may be considered "better" in the sense that the MIC would not find a forum there (and would be relentlessly made fun of). More importantly and as to your point about the expensiveness: The Club and all the volunteers put an inordinate amount of work in making Congress as accessible as possible on many levels.
lrvick
I go to CCC and Defcon every year and they are night and day.
CCC actively discourages companies from advertising unless they are fully open source community driven orgs. Governments are even less welcome.
While even the Privacy Village at Defcon asks you to agree to the terms of service of Discord, Slack, Youtube, and other corpos... CCC self hosts everything including Voip, IRC, Matrix, 3G, 4G, and DECT, all linked together in various ways.
While Defcon has strictly controlled talks approved by sponsors and appointees of the Defcon corporation that themselves work for mostly proprietary corporations, CCC is an entirely volunteer driven organization from top to bottom and you can give a talk anywhere you want about anything 24 hours a day as long as someone else has not already reserved that spot.
While Defcon has villages reserved and approved by committee and corporate sponsors, at CCC any community can apply for table or an area and almost all are granted as space relative to the size of the community. You can do basically anything you want with your space. You can also access the event and your space 24/7 so the hacking and party never fully stops.
I go to Defcon because it is the corporate paid excuse a handful of actually capable hackers I like to hang out with have to hang out. And maybe two or three talks worth seeing.
I go to CCC because it is the nearest place I can go experience thousands of actual hackers that believe in making the world better through open source, right to repair, music, art, and maximizing sharing and collaboration. Almost every person I talk to is an instant friend. People who largely agree technical talents are meant for more than raising shareholder value.
I love CCC and I keep going in hopes I can bring some of that back with me to silicon valley.
If anyone goes to CCC be sure to visit the Church of Cryptography which I am usually around.
dashdashu
ah, the almost rhytmic background sound of club mate bottles falling down
ramesh31
>Defcon is no longer a counterculture conference, and arguably hasn't been for a while.
This happens to literally every convention ever, not surprising at all. The broader question is is something like the original spirit of DefCon even still possible? The industry (and the stakes) are so much higher now that it seems impossible.
ajsnigrutin
You do 10 things at a small conference, everyone says "we need more of X{0}..X{9}", you have more things next year, more people, everyone wants more of whatever, more people, more problems with more people (security, cost, sponsors,..), more attention of mainstream media, more people next year, more push for politics, more people, more issues with more people, etc., and in the end, you get a boring business conference like many others.
I'm pretty sure that each of the niches could make their own conference now, at some small venue where a 100, 200, 500 people would come... SNES hacking and development? Sure, a small, really nice conference... but then someone would want NES too, and N64, and sega, and PS1, and corporate sponsors, and you end up with E3 instead of 50 retro developers and 150 curious people doing interesting stuff.
sylens
It is but you have to intentionally keep it small and limit tickets. I think one of the issues that Defcon has is that they just don't cap tickets; historically they could not, because you could only buy a badge with cash so there was no way of predicting how many people would show up.
null
woodruffw
I don't think it's really a matter of limited attendance. Smaller hacker conferences in the US are not much different in terms of baseline acceptance of government/defense presence. It's more of a cultural thing, and not a new one.
(That's not to say that there aren't conferences that are explicitly anti-MIC, because there are. But if you just sample by size, I suspect you'll find no correlation there.)
tptacek
There are plenty of quieter, smaller conferences.
AndrewKemendo
CCC might be able to survive because it’s European and multi lingual
adornKey
[flagged]
sunaookami
CCC is not counterculture for ~10 years now. They have also become way too big and the vast majority of presentations are (extremely left-leaning) politics.
sneak
> This happens to literally every convention ever, not surprising at all.
The CCC would never.
Europe, for all its authoritarianism and infringements of human rights (even in relatively liberal places like Germany) still seems to be trying to not backslide into full-on military-industrial complex like the US is/has.
lenerdenator
If you honestly think that they're not either backsliding into the full-on military-industrial complex or benefiting from the American military-industrial complex, I have some nice ocean-front property in Kansas City to sell you.
EDIT:
If you don't believe me, ask the USMC about their nice new H&K service rifles. Did we need to do that? No, we could have thrown a nice piston upper on M16 lowers, but that doesn't keep the bier flowing in Oberndorf am Neckar. Or ask someone in the Pentagon about their partners at BAE.
sugarpimpdorsey
That's easy to do when you have the US on speed dial.
CalRobert
Maybe What Hackers Yearn or CCC?
dogleash
Defcon went fed when Jeff Moss went fed. But the crowd size has done way more to change the vibe. The 30% crowd post-covid year was a short return to old defcon.
tptacek
This implies that you believed Moss was somehow a black hat before he got involved with Homeland Security Advisory Council, which is pretty funny. People just make these things up and state them confidently.
wkat4242
Being white hat is a very different thing to being aligned with the government. Especially with all the secret spying they do which many white hats don't agree with because most of them are also strong privacy advocates. The whole white hat hacker community was very upset about the Snowden revelations. And I don't think that lost trust every returned.
colechristensen
I went, while I enjoyed myself this year I feel it's gotten too big and too disorganized. Also I went to a couple of talks that would seemingly have been bread and butter talks for defcon that were very sparsely attended and I just wondered where everybody was.
This might just be FOMO with the organizers. It's probably time for DefCon to drop in person registrations, get smaller, and return to a hotel. Villages and village talks need to be better curated and basically the focus needs to be tightened up.
busterarm
DEFCON talks are for watching on Youtube when they get uploaded weeks/months from now. It's always been about contests/challenges and partying. It's a con of cons.
colechristensen
Talk attendance was much higher the last time I went, but that might have been 10 years ago.
giantg2
"still issues with things like sound equipment"
For the $500 entry fee you would think they could provide earphones and someone would hack together an app that would let you listen through those earphones based on some sort of proximity detection. No doubt the first year someone would find a vulnerability in it and would need parallel deployment to the existing infrastructure, but still.
spydum
Would be a great idea, except they couldn't even operate WiFi with any stability (to which I heard was a LVCC problem, but I don't know that for sure).
giantg2
Doesn't have to be wifi. There are many different ways to communicate. It's a matter of finding the best one. Unfortunately, the largest drawback is the potential for malicious/mischievous actors to interrupt them given the crowd. Something as simple as FM transmission, like at a drive-in, could be an option.
mi100hael
When I went to Defcon a few years back, one of the speakers started his talk by saying:
"When I first started coming to Defcon, it was full of hackers and we played spot-the-fed. Now you're all feds and we play spot-the-hacker."
ganoushoreilly
I think many would be surprised how many people 20+ years ago were feds.. or became feds
taviso
In 2022, Google TAG were awarded a "lamest vendor" award at defcon for fixing a Chrome vulnerability they discovered was being exploited in the wild... without asking for permission from the NSA first. That was the turning point for me.
wkat4242
Ok that's weird indeed. Here at European hacker events this action would be applauded. Getting permission from spy agencies before fixing something would be a surefire way to get lamest vendor, lol.
Most there don't trust government. And besides security holes can be used by all sides so it's imperative to fix them asap.
leoh
I think this award was satire, not to defend defcon, but yeah
tsujamin
A Pwnie for "unilaterally shutting down a counterterrorism operation”
cess11
It's not exactly new. Mudge is the current CIO of DARPA, and other people around the L0pht went on similar trajectories. Feds openly participating in DEFCON is itself a rather old flashpoint.
Way back in the times of hippies and yippies many were subsequently recruited by the empire. While he was troubled in other ways Abbie Hoffmann was, as far as I know, a notable exception.
carom
The top two winning teams of that xTech AI pitch competition were not even AI solutions. It just seemed like a vehicle for the Army to now be able to award those companies non competitive contracts.
dogman144
Not a new topic - few years ago, the Jen Easterly-era CISA made a hard recruiting pitch at defcon. Patriotism and service-messaging one might recognize from their own time in the military.
What was surprising was the intense applause from a hacker con to this pitch.
Given what was to come, also notably absent discussion from the audience or speaker about how working for CISA did or did not mean working for DHS. Assurances of firm segmentation on this aspect from speakers after the formal talk ended were similarly a bit weak.
Not that anything was inherently bad about her recruiting pitch, but for a hackercon, it was a bit close to the flagpole. And notably that CISA crew is “no longer at CISA” and under prosecution, or intense social pressure, or otherwise.
Feels worth evaluating!
null
tucnak
Spooks have been doing keynotes for a few years now. The so-called hackers are on toes, because deep down they wish to be daddy'd up to get to do some silly, secret-type shit. Contrary to the past, when spooks despised computer people (that's how cypherpunk came about.) On the other hand, Clearances are not what they used to be, too; every fart having to do with computers, analysis, collection is classed TS by default.
cushychicken
Is it really surprising that DEF CON went where the money was?
Most cybersecurity work in the US, by volume, rolls up to one of about five organizations - all of whom are US government entities.
Most cybersecurity work has nothing to do with keeping Russian bot farms out of outdated WordPress installs.
brohee
Hammond didn't protest during a talk but clearly after its end if https://www.reddit.com/r/Defcon/comments/1mlaw4s/jeremy_hamm... is to be believed. And removed by venue guards not DefCon goons.
And he seems really well loved, as evidenced by https://www.reddit.com/r/Defcon/comments/1mlaw4s/comment/n7p...
tptacek
Hammond is very well loved by the kind of people who think that Stratfor was a shadowy mercenary private CIA, and not a glorified Substack.
OrvalWintermute
There are two key truths:
Hackerdom has always had a relationship with Defense, Intelligence & LE.
Most hackers are deeply benevolent and care greatly about the world, and insecurity at large, mostly fostered by Business.
Building relationships with defense & intel are often the best avenues towards moving towards a more secure future, working within the system for positive change. Our way of life, and our freedoms are not secure with imminent threats on the horizon.
Please, disabuse yourself of the notion that Mainland China is not weaponizing their hackerdom against us simultaneously.
null
null
theginger
The x files def con was always a defense conference
Defcon is no longer a counterculture conference, and arguably hasn't been for a while. It's a place for security professionals to go to hang out in Vegas for a few days on their company's dime, or to extend their stay after Black Hat.
The conference has gotten too big for its own good. It now inhabits the Las Vegas Convention Center, which is less convenient than when it was in one of the hotels (or multiple hotels clustered together). The one positive of the LVCC is that it has a ton of room but there are still issues with things like sound equipment that plague the villages and their talks/workshops.