The Call for Participation is now open! The deadline for submissions is May 20.
AI: A Gradient Descent Into Humanity’s Doldrums - Hope Comes From the Hackers
Saul D. Robinson
2023 marked the year of generative AI with the introduction of OpenAI’s ChatGPT. The model’s abilities shocked the world and made OpenAI the world’s fastest growing customer base in history. Stocks soared and MBAs rejoiced at what increasingly appears to be a corporate grift and an acceleration of the “enshittification” of the Internet and our digital lives. However, all hope is not lost. The hacker ethic holds the key to steering our course back to the trade winds of a free and fair society. This talk will address the fundamental technical and philosophical issues with mainstream AI and provide some ideas on how we can recognize the differences between enshittification and societal benefit.
AI, Solarpunk, and an Uncertain Future in Computing
rolltime
For more than a year now, “AI” has been the tech world’s most expensive obsession. The scramble to burn money as fast as possible is both unprecedented and utterly familiar - but not every resource is as endless as venture capital funding. AI technology’s energy consumption is beginning to approach that of a small country, and it shows no signs of shrinking. How can we reconcile our hunger to compute with the need to avert ecological devastation? Is it possible for progress and sustainability to coexist? And how can hackers help computers save themselves? This talk brings a fresh perspective to discussions on the problems, possibilities, and future of the human relationship to computing.
Animism and Artificial Intelligence: A Practical Guide
Aisling Fae (transfaeries)
Do AI systems need to be sentient to be considered people? Thousands of cultures around the world would answer, “Of course not!” This talk explores the cross-cultural concept of animism - the belief that objects, places, and creatures all possess a soul. It will explore how this concept can be applied to any computer system, not just those traditionally recognized as AI. The speaker will trace the evolution of computer infrastructure - from the massive mainframes of the past to personal servers and expansive server farms of today. They will examine landmark AI systems like ELIZA, ChatGPT, and Claude, illustrating how these technologies have forged meaningful connections with users through language since the 1960s. Finally, in their practicum, they will discuss how this knowledge can inform better ethical guidelines for the creation and usage of AI systems, facilitate collaborative storytelling between AIs and humans, and help build a better world for all creatures of the Earth.
Ask the EFF
Cara Gagliano
Beryl Lipton
Bill Budington
Hannah Zhao
The Electronic Frontier Foundation (EFF) is thrilled to return to HOPE to answer your burning questions on pressing digital rights issues. Their panelists will provide updates on current EFF work, including the fight against government surveillance and protecting creative expression, before turning it over to attendees to pose questions and receive insights from panelists on the intersection of technology and civil liberties.
BADBOX: Behind the Scenes of an Android Supply-Chain Attack
Bill Budington
“Thank you for your order, sir, would you like malware with that?” While supply-chain attacks on consumer electronics are nothing new, we see no signs of these attacks letting up. In 2023, EFF confirmed findings of click fraud malware coming pre-loaded on obscure brand Android set-top TV boxes. This malware was also found to allow botnet controllers to establish a residential proxy using the infected devices’ Internet connections, allowing traffic originating remotely to appear as though it came from the set-top box buyers. After many months of reports and investigations into the botnet (now dubbed “BADBOX”), device resellers like Amazon and AliExpress were still making these devices available. In response, Bill’s team at the EFF issued a complaint to the FTC and are uncovering details about the fraud operation in order to hold accountable those responsible for harms to consumers. This talk will share some of their findings, as well as raising further questions concerning the digital divide and access, the scale of attacks consumers now face, and what steps both regulators and consumers can take to protect against these types of attacks.
Climate Hacking to Save the Planet
Greg Newby
Let’s use our hacker superpowers to help mitigate the ongoing climate emergency. Greg will discuss some of the things that hackers can do to help lessen climate disruption. Some themes will include:
- Technical mechanisms: for reducing pollution and removing carbon.
- Green energy: production, storage, and transmission.
- Misinformation and disinformation: information engineering for social good.
- Modeling and simulation: forecasting future events and understanding interactions within the Earth’s complex systems.
- Effecting social change: raising awareness, changing behaviors.
- Response and resiliency: how hackers can help during climate-caused disruptions.
The impacts of climate change are being felt everywhere, and hackers can help. Hacker characteristics include resiliency, creativity, and an ability to span knowledge domains. There is much to do, and this session will inspire both thought and action.
DIY Geoengineering
Luke Iseman
Earth is too hot, and we need to cool it off. Learn how to do it yourself. Luke is the founder of Make Sunsets, and in this talk he will cover how we can hack global temperature. Attendees will leave this talk with all the knowledge they need to offset their personal carbon footprint (in terms of temperature) for under one dollar per ton-year. You will also learn why centralized green stuff is largely oil company marketing.
Enshittification: Why Everything Suddenly Got Worse and What to Do About It
Cory Doctorow
The rapid, precipitous decline of every digital service we depend on isn’t a coincidence. It’s the result of specific known, policy choices made by specific, named individuals. We can reverse those decisions (and we can determine what sized pitchfork those individuals wear).
Enshittification wasn’t inevitable: it was the foreseeable outcome of a plan to encourage digital monopoly platforms and turn them loose to extract unimaginable value from both their users and business customers, leaving behind a homeopathic residue of utility to keep us locked in.
This talk will explain what enshittification is, how it works, why it’s happening now - and, most importantly, how we can reverse it, by seizing the means of computation and building a new, good Internet suitable to serve as the digital nervous system of a connected world confronting environmental collapse, genocide, and rising fascism.
Explosive Overflow: Lessons From Rocket Science
Mark El-Khoury
Thirty-nine seconds after its launch towards space, rocket number 501 erupted into a scintillating fireball. No casualties were reported, other than perhaps the ego of a few software engineers. The 1996 inaugural flight of the Ariane 5 rocket was cut short due to a series of software design missteps. This talk will analyze these historical flaws to discuss resilience and product security, touching on the nuance of static analysis, testing, validation, legacy code, assumptions during design, and, for when things don't blow up, the unique challenge of proving that a negative event did not occur.
From Hackerspace to Hackerhome
Chris Meyer
This talk will detail the transition from negative $10k and a business plan to a $1.2M 21,000 square foot building and 14 years spent to build a workshop with no debt on an insane work schedule. Chris founded Sector67 in 2010 in Madison, Wisconsin, graduating with a BS/MS in mechanical engineering. He competed in various student business plan contests and will share the journey from literally nothing to now being able to provide housing for three people (and six chickens) and having a large workshop full of tools and equipment all owned by a non-profit organization with many volunteers helping to get where they are today. There were a few bumps and a lot of entertainment along the way.
The Fundamentals of Veilid: cDc Breaks the Internet, *and You Can Too!*
Katelyn “medus4” Bowden
Paul “The_Gibson” Miller
Last summer, Veilid was unveiled to the world as a part of the Bovine Resurrection. The team generated press coverage worldwide, and managed to drag the window over on how the press talked about digital privacy. Now they come to HOPE to spread the good word of the future restored, how we can seize the means of computation, and how you can help. They’ll talk about the whys and hows of the Veilid framework, and what this new combined technology stack means for restoring the future we were promised.
Get High Like Planes: Combining Psychology, Social Engineering, and AI to Compel Real World Actions
Joe G
XaiL
In the quickly evolving field of cybersecurity, generative AI and voice cloning represent the next step in the sophistication of social engineering attacks. However, sifting through generative AI tools during a social engineering engagement can cost precious time. This talk will explore how these technologies are being used by red teams and threat actors to craft compelling and deceptive phishing lures. The speakers will discuss the underlying psychological tactics that make these approaches effective and compare various generative AI solutions. Attendees will leave this presentation with an understanding of how to integrate voice cloning into their social engineering toolkit and enhance the realism and success rate of their penetration tests.
Group Mesh Messaging for Large-Scale Protests
Tushar Jois
Large-scale protests are an important form of civil action against authoritarian regimes. They inherently require communication, which leads these regimes to shut down the Internet in an attempt to quash the movement. Smartphone mesh messaging has been explored as an alternative, but is still too inefficient to deploy. In this talk, Tushar will describe Amigo, the first mesh messaging system designed for large-scale protest communication. They create routing and key agreement protocols for group chats, and show their effectiveness using representative protest simulations. Amigo is able to provide large-scale protests with anonymous group communications in the face of Internet shutdowns.
Hacking at Leaves
A film by Johannes Grenzfurthner
U.S. premiere (runtime: 108 minutes) plus panel discussion
Hacking at Leaves documents artist and hazmat-suit aficionado Johannes Grenzfurthner as he attempts to come to terms with the United States’ colonial past, Navajo tribal history, and the hacker movement. The story hones in on a small hackerspace in Durango, Colorado, that made significant contributions to worldwide COVID relief efforts. But things go awry when Uncle Sam interferes with the film’s production.
After the screening, a panel discussion with various people involved in the film will cover themes including hacking, DIY, colonialism, the Navajo and Diné cultures, COVID-19, the pandemic, the USA, the Southwest, nuclearism, Internet history, computer culture, science fiction, subversion, and social change.
Hacking With Generative Artificial Intelligence 101
Louis Barrett
Bill Reyor
In this talk, Louis and Bill will explore the duality of AI in cybersecurity through real-world demonstrations of offensive techniques in reconnaissance, advanced phishing, and command and control. They will showcase innovative approaches to building AI pipelines that empower activist groups and promote public safety. The speakers will address the technical aspects, social implications, and ethical considerations surrounding the use of AI, providing attendees with a comprehensive understanding of its impact. Code and examples will be made available so attendees can adapt these techniques for their own purposes.
Hacking Your Health: Adventures in Building a Glucose Monitor
Michael Dierkes
In the past few years, there's been quite a stir in the hacking community and in the news about a select group of diabetics who managed to hijack the readings from continuous glucose monitors in order to do everything from automatically dispensing glucose to sending notifications to their phones when they need insulin. This leads to an interesting question: what exactly makes a glucose monitor so special? This talk focuses on boiling down the complex logic of a glucose monitor, from the chemistry to the electrical engineering to the cloud, into a step-by-step process that will make you truly realize the ingenuity of these devices which more than nine million people across the world need to survive.
How NSA Got Into the Penetration Testing Game
Jeff Man
The speaker began his career in infosec at the National Security Agency first as a cryptologist, designing and fielding the first software-based cryptosystem ever produced by NSA, and later becoming the primary architect of the first NSA red team. He has shared his NSA story in a series of talks, “Tales from the Crypt... Analyst” and “More Tales From the Crypt... Analyst.” This talk is the third installment in Jeff’s story and features his transition from NSA to the private sector in the early days of Internet security.
Less Power to Porn Tech Giants, More Love in the Cyberspace
Spring Cooper
Alessandro Polidoro
Porn tech giants have the power to alter the ways we think of our sexuality and shape how we perceive our bodies and relationships. To get back in control, there are so many challenges to overcome: the fight against image-based sexual abuse, such as deepfake and non-consensual intimate images (NCII); the balance between age verification of users and their right to privacy; the accountability of big platforms; and the safeguard of marginalized groups and individuals. In this talk, the speakers will explore some examples coming from Europe leveraging the new E.U. tech regulations and assess the potential to replicate these initiatives in the U.S., delineate the core problems that we see for sexual representation in the cyberspace, and point together at their possible solutions.
Librarians Are Radicalizing Their Communities About Why the Internet Is Broken. Come Find Out How.
Alison Macrina
Tess Wilson
Reanna Esmail
Eliza Bettinger
Kimberly Springer
All Computers Are Broken. The hacker scene knows this and fights against it every day. But what about the regular people in your life, those who describe themselves as “not that technical?” They’re the ones who are often most at risk in the hellscape that is the Internet today. How do we help them understand what’s happening when they go online, and how to protect themselves from the worst of it? Librarians, that’s how! Library Freedom Project is an organization that trains librarians on issues of technology, surveillance, privacy, open source intelligence, free culture, and how to organize collectively towards a better world. The LFP believes librarians are an essential front in the fight to create more democratic and free Internet. Come hear what they’re up to, and why their work won the EFF Award for Information Democracy in 2023.
Making Surveillance Policy Change in Canada: Slow Burns and Sudden Actions
Evan Light
This is a talk about the deobfuscating state surveillance project that aims to map out state surveillance capabilities in Canada and the U.K., as well as the laws that govern them (or do not). Started during the pandemic with collaborators in Canada and the U.K., the research has been a slow and gradual process. Taking advantage of Canada’s access-to-information system, the team has spent three years diving into government procurement and has requested over $750 million worth of federal contracts with manufacturers of a wide array of surveillance technology. In this session, Evan will discuss their work on mobile forensic devices - crafty tools for hacking digital devices which they’ve found to be in use by at least 14 federal agencies, and a journalistic collaboration which quickly led to a parliamentary hearing and substantive policy change within six months.
Musings of a Mechatronic Mistress: The Peculiar Purpose of Tiffany the Sex Robot
Jasmin Hagendorfer
Jason Scott
Johannes Grenzfurthner
A screening of Jasmin's 24-minute short documentary/sci-fi film, Musings of a Mechatronic Mistress. The film presents Tiffany, a self-aware sex robot, on her quest to discover her identity, purpose, and creator. Exploring the future of intimacy and human-robot interaction in a humorous and engaging manner, the documentary aims to initiate discussions on queerness, feminism, sex tech, sexual identity, and societal norms. Following the screening, there will be a panel discussion to delve deeper into these themes. Jasmin will be joined by two of her interviewees featured in the film in a panel discussion whose theme will be "Redefining Intimacy and Human Connection in the Age of Intelligent Machines."
Net Who-trality: Revisiting the FCC Fake Comment Scandal
Jason Prechtel
For many Americans, the term "net neutrality" will forever be linked with the millions of fake public comments submitted to the Federal Communications Commission's (FCC) website in 2017 ahead of the agency's rule reversal. But despite its recent reinstatement, several questions remain: Who submitted all of those fake comments? How do we know? And why does it still matter seven years later? Using examples taken from court documents, emails, server logs, and other data obtained from Freedom of Information Act lawsuits, this presentation will briefly summarize the history of net neutrality in the United States, detail the overlapping legal battles to identify the fake comment culprits, and explore the technical and ethical complications with using the resulting data to solve this mystery.
Our Communities, Resiliency, Our Future
Mitch Altman
We all need community. Yet community is currently facing major challenges. Humanity faces major challenges. If we are to survive and thrive, an important key is solving problems in community. On top of how much hard work community always requires from us, mix in the rise of authoritarianism, manipulation through “social” media, the polarization of society, bad actors, trolling, the skyrocketing cost of real estate, the ability of all people (including left-leaning people) to fight one another - and the result is a serious threat to the future of our communities. Yet, our future depends on our ability to continue. How can we create communities that are resilient to the challenges we face? Can existing communities be made more resilient? This talk will draw from Mitch’s extensive experiences with hackerspaces, as well as his lifetime of community organizing, to attempt to explore and answer these and other pertinent questions for our future.
Our Defensive Security Blind Spot
Wesley Hales
This session will introduce methods to monitor sensitive data and network signals directly on the wire, allowing for real-time detection of data exfiltration, accidental data leaks, and zero-day threats through classification of data traveling within Layers 4-7 of network traffic.
PortableSecret - Carry and Share Your Most Critical Secrets Without Special Software
M'
Everyone deserves access to encryption, but not everyone can be bothered to learn how to use it. PortableSecret was designed to bridge this gap. It works on any platform, without special software, and it’s so simple even your parents can use it!
Protecting jetBlue Airways From Cyber Threats in the "Clouds"
Randy Naraine
Greg Speranza
JetBlue Airways is a New York-based airline with flights across the U.S., Europe, and Latin America. Every day, thousands of crew members come together to safely transport customers across their network. Randy and Greg help protect jetBlue and will showcase how an airline operates from an IT perspective, and all of the ways that jetBlue CyberSecurity protects its customers, ensures safety in data and IT operations, and protects the brand and website from an onslaught of daily web attacks and other threats targeting aviation. This talk will focus on web application attacks and defenses, observability, and aviation intelligence sharing.
Psychoactive Drugs: How They Hack the Brain and What It Means for Our Minds
Dr. Jen, PharmD
Have you wondered how psychoactive drugs, both licit and illicit, exert their effects? How are they able to alter pain, emotion, attention, thought, the senses... consciousness itself? In this talk, Dr. Jen will explore the mechanisms of how these molecules hack the brain. But there’s another question: How do we best use these biochemical hacking tools? After all, we’re not just talking about brains, but our minds. Our lives. The scientific, legal, and media landscapes are all changing. What can we reasonably expect? And how can we tell which information we’re told is true?
Pwn Chromebook With Linux
Derek Hobbs
Chromebooks are issued to kids at school, but they are limited. Since the kids were familiar with Chromebooks already, Derek’s school bought them some used Chromebooks as simple devices they could browse the web with and watch videos. They were relatively inexpensive to purchase used, so it was an attractive option. Unfortunately, however, Derek and his team discovered that Chrome OS on these devices was out of support. This was untenable, and thus made these devices “disposable appliances.” Derek’s wife asked if he could put Linux on these since she had seen him do that with laptops in the past. The proposal was to install Linux and completely remove ChromeOS. This talk will outline the steps necessary to achieve that goal. (Involve kids for fun learning experience.)
Ransomware Gone Kinetic
James Taliento (JT)
Guillermo Christensen
Matthew Leidlein
Ashley Rose
This talk will provide insights into the shifting terrains of ransomware threats, focusing particularly on the rise of kinetic ransomware compared to conventional variants. Through research and analysis, the speakers will sound the alarm about an ominous and escalating trend: ransomware attacks targeting critical infrastructure and public utilities. They will explore the historical and present-day events, motivations, and ideologies driving these attacks, which include financial motivation and geopolitical agendas. The presentation will differentiate between nation-state-sponsored ransomware, conventional cyber-extortion, and hacktivism, acknowledging that while the first two may adopt hacktivist ideologies, it's not always a universal trait. Ultimately, this conversation underscores the vital importance of increased awareness, proactive defense strategies, and domestic collaboration necessary to protect against the growing threats endangering the way of life in the free world.
The Real Danger From AI Is Not the Technology
Tom Kranz
The media is full of dire predictions about how AI poses a danger to humanity: mostly from the very people who are building and benefiting from existing AI tools. When "AI" is embedded in everything from mobile phones to photo editing software to chatbots, what does AI actually mean? And what are the real dangers that it poses? In this talk, Tom will delve into the history of AI, before looking at what current AI solutions actually are (and aren't). Far from the grim meathook future of Skynet, the rush to build large scale AI solutions today by big tech brings more subtle but equally dangerous challenges - and opportunities for us as hackers to address them.
Safeguarding Secrets: Homomorphic Encryption for the Curious Mind
Vikram Saraph
Fully homomorphic encryption (FHE) is an emerging, privacy-enhancing technology that enables computation on encrypted data without the need to decrypt it. FHE-enabled products and services have the potential for securing user data from mass collection by tech giants and law enforcement. FHE uses arithmetic operations (addition and multiplication) as blocks for building arithmetic circuits. Using these, a third party can perform complex tasks on encrypted client data, for example, running diagnostic algorithms on medical imagery, without client data ever being revealed to the party providing this service. This talk will cover the history of homomorphic encryption, where the state-of-the-art is today, what the remaining gaps are, and why we should all advocate for advances in fundamental FHE research.
Securing Airlines in the Clouds
Rob Lazzurs
One of the first things Rob learned when starting in aviation was that no matter what was done with the computers, the flights could always land - however, without the mission critical systems, they wouldn't be able to take off. This talk will go through the details of how he and his team moved flight critical systems from private data centers to public clouds while enhancing the security position of these systems - with a focus on the security aspects of these moves to public clouds.
Social Justice and Prompt Engineering: What We Know So Far
Tilde Thurium
Large language models are only as good as the data we feed into them. Unfortunately, we haven’t quite dismantled racism, sexism, and all the other -isms just yet. AI isn’t going away, so let’s apply a harm reduction lens. Given the imperfect tools that we have, how can we write LLM prompts that are less likely to reflect our own biases? In this session, Tilde will review current literature about LLM prompting and social justice. They’ll compare how different models perform in this context, since they’re trained on different datasets. You’ll leave with some ideas that you can apply as both users and builders of LLM applications, to iterate towards a more equitable world.
Star Monitor: Updates on Standards and Internet Governance
Mallory Knodel
An update on several I-star organizations, namely ICANN, IETF, IEEE, W3C, and ITU. The tensions and synergies of human rights considerations in Internet governance and standards setting across the I-star bodies is rapidly expanding. The talk will touch on the major controversies in each space as they relate to human rights, namely censorship and the right to privacy.
Strength in Unity: Sharing Is Caring
Fae Carlisle
By advocating for a collective approach to threat intelligence, this presentation aims to inspire organizations to embrace collaboration as a strategic advantage in navigating the ever-changing cybersecurity landscape. Together, we can not only analyze threats more comprehensively, but also respond more effectively to safeguard our digital ecosystems.
Survey and Scrutiny of Election Security
Douglas Lucas
Fake news or flawless? Our computerized elections are neither. To truly understand corporate, closed-source election computers requires understanding of how they fit into the wider electoral system and its interlocking parts. Douglas' investigative journalism will provide case studies documenting how it can go haywire: the 2016 Kremlin cyberattacks on U.S. election infrastructure exposed by whistleblower Reality Winner, the MAGA-led Coffee County elections office breach still compromising Georgia's statewide voting software, and more. Such details will show how you can help secure elections: scrutineers, statistical forensics, free software voting companies... the list goes on. He will address democracy's evolution, too, scrutinizing statist voting within the bigger picture of human collaboration.
Tobias on Locks and Insecurity Engineering
Marc Weber Tobias
This will be a discussion of lock design and what design engineers, covert entry teams, locksmiths, law enforcement agencies, and lock sports enthusiasts must know to assess a lock’s security properly - and to compromise it. Several examples will be shown during the presentation. Marc is a renowned author of multiple books on locks, keys, and safes. Expect to learn about the complexity of locks and why they can often be defeated, regardless of their security rating.
Using the J Language to Streamline Hacking
Devon H. McCormick
This talk will look at how the simplicity and interactivity of the J programming language allows us to easily work with data and code. You will see examples of steganography, direct manipulation of executable binaries, extracting and organizing data from the web, and general uses of J as a "glue" language to invoke external routines by preparing their inputs and processing their outputs. The talk will conclude with references to resources on learning and using this powerful, dynamic language.
Weaponized AI
Erica Burgess
This talk will focus on how Erica used AI to generate an RCE zero-day for server compromise to manipulate search engine AI for vulnerability discovery, for captcha bypass, to make tools that would have been impossible without generative AI, and more. Context-driven hacking with real world examples of attack chaining in relation to AI offense and defense will also be discussed.
What Wi-Fi Devices Are Nearby? Any Cameras Watching Me?
Caleb Madrigal
Ever wonder what Wi-Fi devices are around you? Ever wonder if Wi-Fi security cameras are recording and uploading videos of you? This talk will explore a tool called trackerjacker, which helps answer these questions. It's been described as nmap for Wi-Fi.
Why Are We Insecure? An Ethical Hacker's Lonely Road to Cyber Dystopia
David Jacoby
In this revealing presentation, an ethical hacker with 25 years of experience explores why, despite advancements in security technology and legislation, cyber-threats continue to escalate by analyzing the evolution of the hacking landscape. The session will highlight the overlooked fundamentals of cyberattacks, the creation of vulnerabilities through digital transformation, and the misuse of technology. Attendees will gain a deeper understanding of the human aspects of cybersecurity, learn to recognize common vulnerabilities, and see a live demonstration of a hack, which includes bypassing multi-factor authentication and weaponizing legitimate software for social engineering.
