Are you a hacker on a budget? Fear not, for at Defcon, you can still pick up some powerful tools of the trade — and some fairly silly ones — for a reasonable price.
The annual conference attracts good and bad hackers alike to Las Vegas, where they can learn new skills and watch others explain how they hacked into everything from an air traffic control system to an internet-connected adult toy.
You can also buy some fascinating gear in the vendor hall to help with your hacking endeavors. Some of the tools are on the spendy side, like a $350 kit that can clone your office ID badge. But here are five things you can buy at Defcon for $100 or less, ranked from silliest to scariest:
Secret handcuff keys — two for $10
These plastic buckles contain a hidden tool: handcuff keys. Sold by SerePick, they’ll keep you prepared to escape from police custody whenever they’re within reach of your restrained hands.
As I glanced over the table where these keys were for sale, proprietor Matt Fiddler directed me to a pair of earrings with handcuff keys hanging off them. Setting aside why he thought I’d be most interested in earrings on a table that included a high-end lock picking kit, a lapel dagger and these buckles, I asked what the wire hook was made of. You know, the part that goes in your ear.
“Probably the cheapest thing I could find on the internet,” he told me.
“Pass,” I said.
I bought the buckles. Here’s how it works: you unbuckle it, turn the center prong, and pull it out. The center prong is the handcuff key. Surprise!
One of these buckles broke after I played with the mechanism a few times. Due to the speed with which I ruined this tool just by using it, and the fact that I’d likely need special training to use it in an escape, I’m rating this silly.
Ironic hacker onesie — $20
This baby outfit caught my eye because it’s silly but makes you think. It shows a lock logo and says, “This means you can trust me with your credit card info.”
You already know that lock symbol from the upper left corner of your browser. It tells you when your internet connection is encrypted, meaning it’s scrambled up so no one can read things like your credit card data until it goes where you meant to send it. You should see it when you’re shopping online.
If you see the symbol on a baby, however, you shouldn’t hand the tot your credit card. In a similar vein, you should think about whether you really want the company you’re shopping with to hang onto your credit card info. Even if it’s encrypted when you send it over, it’s up to the company to protect the information once they have it.
Lock-picking kit — $25
Sold by The Open Organization of Lockpickers (TOOOL), this lock-picking kit comes in the shape of a business card and fits in your wallet. In case of a lock-picking emergency, you can break the lock picks out of their metal frame and put them to use.
Jim Navarro, a member or TOOOL’s Reno branch who was manning the sales booth, promised me this “is not a joke.” That may be the case, but I’m still rating this partly silly, partly serious, because I don’t get into many lock-picking emergencies.
This may be due to my boring life choices.
WiFi Pineapple Nano — $100
Now we’re moving from silly to straight up scary. This device, sold by Hak5, lets you pose as the Starbucks Wi-Fi hotspot (or the airport Wi-Fi, or the hotel Wi-Fi), picking up internet traffic from nearby users. You can collect user’s credentials and read unencrypted information.
Then you pass the traffic along to a legitimate part of the internet and act real casual.
Now seems like a good time to remind you that there are laws against accessing people’s internet accounts and computers without their permission (also about breaking and entry, but I don’t have all day to remind you not to break the law).
These devices are cheap and easy to obtain, so it just goes to show you shouldn’t access or send any sensitive information from public Wi-Fi. If you do connect to it, you should use a virtual private network, or VPN, to encrypt your connection and foil potential snoopers.
Keylogger — $55
I’m rating this the scariest item on my list. Sold by Hacker Warehouse, it’s a USB drive that records your every keystroke with a program called a keylogger. You can use the program to collect a computer user’s passwords and communications, which is creepy.
You could go to a lot of effort trying to trick someone into downloading a keylogger program. Or, you could just walk over to their computer when they’re not looking and plug in this USB drive. This is an especially useful tool if your target has a desktop computer.
“Most people won’t look at the back of their computer,” said Garrett Gee, proprietor of Hacker Warehouse.
That sound? That’s the sound of people turning their desktop towers around and looking for strange USB drives.