At the end of July, I had the opportunity to attend an inspiring hacking conference in New York City. Organized by the 2600 magazine editorial staff, the HOPE Conference (for “Hackers On Planet Earth”) is an event held every two years in New York City for anyone interested in the world of hacking, IT and web security intersecting with the digital arts, electronics, robotics, amateur radio, and so much more. At the end of the three days, my brain was completely saturated by everything I learned from the talks, discussions and workshops I attended during the weekend. 

I learned a little bit more about online privacy, data encryption, Internet of Things security (or lack thereof), data leaks, popular hacking cases currently on trial (the Ross Ulbricht/Silk Road-Dark Web trial) or recently released to the public (the Panama Papers case still being dissected by a worldwide collective of journalists and IT professionals). I encountered lots of interesting people (a sizeable delegation from Montreal and the province were attending the conference), and groups (the Electronic Frontier Foundation (EFF) gang at their booth and during their presentation, Ask the EFF: the year in digital civil liberties), and picked up valuable new skills (like how to protect ourselves from metasploits and malware with Python scripts). Overall, an incredible learning experience!

As a frontend developer, some acquaintances reacted strangely when I told them that I was attending a hacking conference. I got asked the obvious question: “Why? You aren’t a hacker, you don’t hack governmental or business servers for data and privacy!” Maybe not, but it IS my job to be aware of all the inherent security vulnerabilities that come up in my field so that I can be sure our clients’ products and websites are built in the most secure way possible. There are many examples: how to counteract possible server intrusions; how to code my forms to block SQL injections in our databases, and so much more. Understanding the security issues our backend team deals with makes me a better frontend developer.

My overall thoughts:

Internet of Things (IoT) vulnerabilities

Continuing on the trendy subject of IoT (as I mentioned in my post on attending Smashing Conference NYC), HOPE’s speakers talked a LOT about the major vulnerabilities of these connected devices. Basically, any device connected to any network can potentially be hacked, their servers breached, and clients’ data leaked and sold on the Dark Web for a hefty sum of money. Just hearing the daily stream of reported exploits and vulnerabilities is enough to send most developers straight to the bar - to drown their security sorrows with a stiff drink (or ten). Luckily the hackers at HOPE aren’t the bad guys ready to exploit every possible loophole in the code. This was a bunch of good people with a strong conscience and code of ethics, ready to ‘save the digital world’ by pointing out these issues and trying to solve them, one vulnerability at a time.

Interesting panels on this subject

Online Privacy, Famous Cases and Leaks

Of course, nothing is secure on the Internet, as the black hat hacker community and governments all over the world keep “kindly” reminding us. There was a lot of emphasis on the word ‘privacy’: be it the rights to online anonymity or the right to digital privacy; data leaks and breaches (Panama Papers for example); the broken trust between major online companies (like Facebook, Microsoft, Apple, Google,...) and their users; companies abusing their users’ right to privacy by invading their private realms and over-asking their private info; un/conscious ways of intrusive data demands on users in different online services (PokemonGo app asking for rights to everything on your mobile device; or medical devices like pacemakers sending private data to online cloud servers on unencrypted wireless connections, making them discoverable and hackable). I must admit, I had a couple of moments of goosebumps and facepalms hearing about all these potential vulnerabilities.

Another interesting point was the number of American lawyers present during the events and giving talks,  presenting their legal point of views on the hacking scene, public cases they heard or even represented. Many activists for civil liberty/civil right advocate groups also presented  sessions on knowing your digital rights. While the Q&As were very informative, it was American-centric, focusing on their legal system, economy and culture. It did give us Canadians some food for thought about our own matters of online privacy at home. Since our digital economies are so inextricably linked, their issues are also ours.

There was also some great input on how to protect our sources (for journalists who want to protect their sources and whistleblowers); how to protect our identity online and browse on a more secure connection and anonymous way (from the creators and developers of TOR, for example); how, as a digital collective and tribe interested in the questions of equality, diversity, and curiosity, we can better improve our collective knowledge by sharing it to all, even the non-hackers (Cory Doctorow’s Keynote speech); and how it is still dangerous for white hat/ethical hackers to even report on major vulnerabilities of security issues to US companies (Sam Borne’s case with his lawyer Alex Muentz explaining how he was sued for reporting major security issues at a medical company).

Interesting panels on this subject

Overall, the HOPE conference was an amazingly eye-opening experience. If you are a vocal advocate for IT security, online privacy and digital rights, a better-coded Web, and a more tolerant and open-minded hacker/makers community, you should certainly attend. I know I will going back in 2018, maybe I’ll see you there!

Videos worth watching: