Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bill Blunden's Rejected DEF CON Presentation Posted Online

Posted by timothy on from the what-I-was-going-to-say dept.

Nicola Hahn (1482985) writes "Though the Review Board at DEF CON squelched Bill Blunden's presentation on Chinese cyber-espionage, and the U.S. government has considered imposing visa restrictions to keep out Chinese nationals, Bill has decided to post both the presentation's slide deck and its transcript online. The talk focuses on Mike Rogers, in all his glory, a former FBI agent who delivers a veritable litany of hyperbolic misstatements (likely to be repeated endlessly on AM radio). Rather than allow the DEFCON Review Board to pass judgement as supposed .gov 'experts,' why not allow people to peruse the material and decide for themselves who is credible and who is not?" "Squelched" seems a little harsh (only so many talks can fit, and there's no accounting for taste), but it's certainly good to see any non-accepted DEF CON presentations made public.

40 comments

  1. So where's my chinese tesla then?? by Anonymous Coward · · Score: 0

    Since the chinese are stealing all of our intelz

    1. Re:So where's my chinese tesla then?? by B33rNinj4 · · Score: 1

      Whoa, whoa! Slow down, Ace. You don't just copy the Tesla overnight. You start small. China's already taken over World of Warcraft. Soon, they'll have League of Legends. Hell, it'll probably take them another year or two before you can score a Tesla knock-off.

    2. Re: So where's my chinese tesla then?? by Anonymous Coward · · Score: 0

      Tecent already owned league of legends

    3. Re:So where's my chinese tesla then?? by Anonymous Coward · · Score: 0

      Let the US engineers work out the technology first. Then it's ready to be stolen.

    4. Re: So where's my chinese tesla then?? by B33rNinj4 · · Score: 1

      My God, it's already too late...

  2. Actually RTFA by bradorsomething · · Score: 4, Insightful

    This is a conjecture talk, I can see why they rejected it. Bill, if you happen to read this comment, I think your talk was refused because it uses a lot of "could" and "might" to build a global picture of corruption, landed back in the banking system and corrupt government, failed to point out any non-obvious outcomes or opportunities, and didn't suggest any ways an attendee could constructively effect or participate in the problem. Generally you can expect DEFCON talks to be based on hard facts, with bonus points when it teaches you something or shows you a technique or process you can apply later.

    The book plug at the end also seems like a split purpose for making the talk.

    1. Re:Actually RTFA by Sarten-X · · Score: 3, Informative

      This is a conjecture talk ... it uses a lot of "could" and "might" to build a global picture of corruption, landed back in the banking system and corrupt government, failed to point out any non-obvious outcomes or opportunities, and didn't suggest any ways an attendee could constructively effect or participate in the problem.

      ...so in other words, it's perfect for Slashdot.

      --
      You do not have a moral or legal right to do absolutely anything you want.
    2. Re:Actually RTFA by Minupla · · Score: 2

      Agreed, as a DC attendee I'd give it a miss, and if there wasn't anything on that was more interesting in the slot use it to fulfill some of the 3-2-1 rule of attending Defcon. The talk is an interesting read, and there are other confs I've attended where it would be a fit, but DC isn't it.

      I think the review committee made the right call on this one.

      Min

      --
      On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
    3. Re:Actually RTFA by rudy_wayne · · Score: 1

      This is a conjecture talk, I can see why they rejected it. Bill, if you happen to read this comment, I think your talk was refused because it uses a lot of "could" and "might" to build a global picture of corruption, landed back in the banking system and corrupt government, failed to point out any non-obvious outcomes or opportunities, and didn't suggest any ways an attendee could constructively effect or participate in the problem. .

      He starts off good and makes quite a few good points, nothing terribly new or exciting but valid points still. But then about 3/4 of the way through he goes off the rails and starts ranting about corrupt banks and ends up sounding like just another crackpot.

    4. Re:Actually RTFA by tnk1 · · Score: 1

      This. He takes one person't inflated statement about hacking being the biggest economic issue out there and instead of stating matter of factly that the banking crisis probably flushed more money, he went off on a rant. If he'd have kept it to one slide, he could have probably garnered a better response with that one slide showing a pie chart or a bar graph showing the vast difference between the monetary losses, stayed silent a moment, and then given the crowd a significant look and moved on. Everyone would have understood what he was saying. Instead, rant crescendo-ing into Bilderberger conspiracy theory. Ugh.

      Otherwise, some interesting points about China, although I'm not sure if he was saying that China was better off under Mao, or just less dangerous.

  3. Poor Analysis. by Anonymous Coward · · Score: 1

    Sorry, but I have to agree that this was rightly rejected (even if the stated reason seems odd to me). Allow me to explain:

    In short, what he has done is show a lot of circumstantial evidence that suggests it's possible that Chinese hacking is being done by either foreigners in China, or by non government criminals.

    The problem is that on the other side are some very concrete accusations. Mandiant traced the attacks in their APT1 report back to the very building belonging to a specific unit. The USA Govt. Has indicted named hackers associated with that. While I'm not exactly inclined to accept that blindly, any counter argument needs to be much better than Blunden's.

    For one, he fails to address any of the concrete accusations, and instead selects the rather easy target of a politician, who by nature is full of bs. His argument is not that Rogers is a windbag, or that Alexander used weasel words ("my opinion" etc), but rather the larger topic. It is entirely possible that the Chinese Gov't is behind most of the attacks, and Rogers et al are still dirtbags.

    Posted ac due to being on my mobile.

    1. Re:Poor Analysis. by Anonymous Coward · · Score: 0

      You keep saying concrete accusations with nothing to back it up. The US Government is hardly a reliable source as proven by the Snowdon releases including how the US government has been spying for US corporations. Mandiant profited greatly from their 'accusations' so is also not a reliable source.

      Any of the 'accused' parties could be behind it but so far the only actual evidence of any of them actually engaging in this kind of behavior is the US Government.

    2. Re:Poor Analysis. by Anonymous Coward · · Score: 0

      Posted ac due to being on my mobile.

      ...and you used up all your brain cells in your posting and unfortunately overlooked that you can just type out your slashdot nickname?

      You make an excellent point though that the only government in the world engaged in cyber-espionage are those Chinese bastards.

  4. Follow the money. by Larry_Dillon · · Score: 1

    What you're saying may be true in regard to it being accepted to DefCon, but on the whole his analysis sounds about right. I don't know if civilians have the information to prove what he says, one way or another, but the economic motivations sure line up nicely.

    --
    Competition Good, Monopoly Bad.
    1. Re: Follow the money. by Anonymous Coward · · Score: 0

      He may be going in the right direction, and the Defcon review said as much, but it still needs more meat to it. Show some technical details, give us a hacking incident that was thought to be Chinese but turned out to be criminal when you investigate further. That's what I would expect for a good debunking. All the current one does is establish that it was possible, not that it did happen the way he says.

  5. Disagree /w DEF CON decision. by Anonymous Coward · · Score: 0

    The presentation is more about the US trying to frame China as the boogeyman, I am pretty disappointed that the presentation didn't make it to DEF CON as there are more facts on those slides than what's passed on as news these days.

    1. Re:Disagree /w DEF CON decision. by databeast · · Score: 2

      so you've personally seen the other 600 submissions for Defcon this year, and can unequivocally say that this deserved to be at the top of the pack?

      No. this dude is just making a song and dance about being one of the 550 people who get a rejection letter every year.

  6. it was rejected for obvious reasons. by nimbius · · Score: 1
    call me paranoid but this talk had the potential to piss on quite a number of parades. Bill essentailly confirms that china is at worst a lawless tech threat, and at best a moneyhole into which the government forks cash to various 'cyber' threat mitigation projects shuffled along by government contractors and agencies in search of stable budgets. bills correct: once you preface any attack with "cyber" then tricky things like investigations, justifications, risk assessments and the like all sublimate into thin air and the cash to fix it lands in your lap. and to quote from TFPPT:

    There are aspects of your submission that is entirely true, but they are also common knowledge. We can agree that China plays a large part as 'boogeyman' it's a popular discussion point, however we don't think it's the right fit for DEF CON main stage. Some of the reasons we feel that way are that your presentation is heavy on opinion , current news and personal perspective , but for it to be considered for the DEF CON stage we'd need more official intelligence such as .gov. backing it up .

    TL;DR: DEF CON sponsors and the government alike both cash in on the bogeyman. if this year we feature a talk about moderation and responsible reaction to FUD, more than a few vendors booths might start looking a little foolish. We elect to keep the CON front-and-center this year.

    --
    Good people go to bed earlier.
    1. Re:it was rejected for obvious reasons. by Anonymous Coward · · Score: 0

      TL;DR: DEF CON sponsors and the government alike both cash in on the bogeyman. if this year we feature a talk about moderation and responsible reaction to FUD, more than a few vendors booths might start looking a little foolish. We elect to keep the CON front-and-center this year.

      Which Defcon sponsors are you talking about? I looked all over their site and couldn't find any major companies that sponsor them.

      Perhaps you could clarify, before spreading your own FUD.

    2. Re:it was rejected for obvious reasons. by nimbius · · Score: 1

      %s/sponsors/vendors

      --
      Good people go to bed earlier.
    3. Re:it was rejected for obvious reasons. by databeast · · Score: 3, Interesting

      yes, because the vendor booths selling TShirts, make up the bulk of Defcon funding.

      you've never actually been to Defcon, have ya.
      .

    4. Re:it was rejected for obvious reasons. by ediron2 · · Score: 4, Informative

      My kingdom for some modpoints... someone mod this up.

      Black Hat = The Marketing and Money of Security.
      Defcon = The Tech of Security
      BSides = small con, feels like old Defcon.

      Don't get me wrong, there's some amazing researchers and tech funded by Black Hat money. An unlimited project expense account can let you do fun stuff like functional x-ray lithography as a reverse-engineering tool. But Black Hat isn't thousands of engineers, scientists, and hackers getting their geek-freak on.

    5. Re:it was rejected for obvious reasons. by sinnergy · · Score: 1

      You haven't the faintest clue what the fuck you are talking about. I know what the costs are to rent tables, and let me tell you, they're maybe enough to cover the costs of the rental of the room that hosts all the vendors. Period. I greatly doubt it would in any way go to cover any other expenses of the event.

      Yeah, the NSA had a table a few years ago (right next to the EFF!) and other governmental and un-popular organizations have had a table in the past, but overall it's small business and publishers who truly are friends of the hacker community.

      I would be vending there this year had I been able to logistically make it happen.

  7. What's that formula on the slides? by Anonymous Coward · · Score: 0

    -K b Sigma(P i) LOGe(P i)....

    what's that all about?

    1. Re:What's that formula on the slides? by retchdog · · Score: 1

      it's the Gibbs entropy.

      i guess it's there because entropy is cool.

      --
      "They were pure niggers." – Noam Chomsky
  8. Terrible Presentation by Anonymous Coward · · Score: 2

    The presentation is a bunch of conspiracy theory bullshit, chock full of pedantic analysis of out-of-context quotes from politicians and various other talking heads. There's no data, facts, or real references. It obviously should have been rejected.

  9. India is more dangerous than China by Anonymous Coward · · Score: 0

    Indians have no moral values, from ancient history til now. China has 3000 years of Confucian values rooted deep in their culture.

  10. Harsh, but necessary by Anonymous Coward · · Score: 1

    The submission simply would not have made it to the front page of this site unless "squelched" (or some similar word like "silenced" or "censored") was used.

    1. Re:Harsh, but necessary by databeast · · Score: 1

      exactly, this was just rejected.

      not like he couldn't still submit it to Skytalks, we don't record those talks either, so he's got a lot more scope to speak off the record there too.

  11. Black market baby powder - Banks? by Molonel · · Score: 1

    This talk reads like the tech equivalent of airplane contrails. It's a bunch of loose conjectures strung together from headlines and some casual Google searches. As a tech, I would have liked to have seen more technical meat pointing to more than maybe, possibly, could be. It sounds like he submitted a pretty crappy talk, and is going to try and milk his rejection to pimp his book. I think there are valid questions to be asked. Mandiant, for example, has profited mightily from the business thrown at it from the U.S. government. But it's a long reach from "black market baby milk powder" to "It's the fault of the banks!"

    1. Re:Black market baby powder - Banks? by databeast · · Score: 1

      yeah, I got the same feeling too, the meat of the presentation seems to be stuff that those of us that do this for a living have know for years (there is no head of the dragon, but there are a lot of snakes out there). Kudos to someone standing against the warhawk cyberwar types, but the whole preso, while interesting, seemed more like a book pimping session, wrapped up in a lot of pandering to people's existing knowledge.

    2. Re: Black market baby powder - Banks? by Fire_Wraith · · Score: 1

      Yes, exactly. I'd be more interested to see someone try and go at some of the hard analysis that Mandiant etc have published. That would make for an interesting talk.

    3. Re: Black market baby powder - Banks? by databeast · · Score: 2

      speaking from experience, it comes down to this. the people with a critical eye to all this stuff (like me) don't have access to the big picture. I can only speak to the stuff I've worked on personally, and it doesn't add to what people are telling us.

      Conversely, the people who *do* have access to the bigger picture stuff, have no vested interest in giving us the unfiltered truth (or any truth at all), so although they're in a position to know that's actually happening a little more clearly, we have no reason to believe that they're telling us anywhere near the truth of the matter

      (remember, Mandiant told us the Chinese Sky Is Falling for *years* before they finally decided to 'show their work' with the APT1 document, until that point, their whole proof was "Trust us, we see more than you do". The government wonks take the same approach.)

    4. Re: Black market baby powder - Banks? by Fire_Wraith · · Score: 1

      Yes, it's pretty unfortunate. I hope that they'll come to realize that they need more than conjecture. That goes for anyone, be it Mandiant, the US or other governments, etc. I'd much rather this be about real data, not just opinions and innuendo. There's certainly a lot of bad traffic that comes from China, but the same is true of other countries. Show us why, don't just tell us, it is (or isn't) government sponsored, and why that's important so I can make the right security recommendations to protect the networks I'm responsible for.

    5. Re: Black market baby powder - Banks? by Lost+Race · · Score: 1

      Conversely, the people who *do* have access to the bigger picture stuff, have no vested interest in giving us the unfiltered truth (or any truth at all),

      Of course not. If we knew everything they know, then they wouldn't be special any more.

  12. Exposes All The Lies by Anonymous Coward · · Score: 0

    This presentation does readers the service of showing, very clearly, how boldly we're being lied to by supposedly 'credible' .gov/.mil types.

    Of course the folks at DEF CON aren't going to like this, they and their corporate twin Black hat (both led by Jeff Moss) host intelligence officials like Keith Alexander and James Clapper (you know, the guy who perjured himself on camera). Hosting a talk like Blunden's might embarrass, and hence anger, the same high-level (high-profile) liars. This is all about getting attention, and nothing gets attention like a spy master. So DEF CON and Black Hat roll out the red carpet and silence criticism.

    I'd don't get all the claims that there is 'conjecture' or 'conspiracy.' This presentation is loaded to the gills with facts. Facts that make Mike Rogers, Kieth Alexander, and James Clapper just a little uneasy.

    1. Re:Exposes All The Lies by databeast · · Score: 1

      You're an idiot.

      Jeff hasn't been a part of Black Hat for years now, and the last connections between BlackHat and Defcon were broken last year. ,there's nothing about 'silencing' this guy, he's just another one of the many hundreds of CFP submissions that don't make it to the top of the pile.
      and No, it's loaded with *quotes*, not facts.

  13. Just too damned long by docwatson223 · · Score: 1

    Seriously, that's Death by PowerPoint!

  14. No partiot enough? by manu0601 · · Score: 1

    I just had a look at the 94 slides. The content is interesting, and contrary to what was said, it is quite well sourced.

    That presentation dismiss China spying being led by the government, then notes that damage claims on US economy are crazily high and not well backed. The last part of the presentation deals with US spying, how it got out of US People control, and how banks also ran out of US People control.

    IMO this was turned down because it criticize the US political system. No patriot enough, or not patriot the way our masters want us to be. At least it is interesting about DEF CON organizers' minds

    1. Re:No partiot enough? by databeast · · Score: 1

      ...or it was turned down because other people submitted better, more technical, talks, that included actual data and demonstrations
      (All three of which are what the Defcon CFP team actually look for in a talk, if you want to know how their minds work)