Massachusetts Bay Transportation Authority v. Anderson et al

Filing 56

DECLARATION re 50 MOTION for Preliminary Injunction Third Supplemental Declaration of Ieuan G. Mahony by Massachusetts Bay Transportation Authority. (Attachments: # 1 Exhibit 1, # 2 Exhibit 2)(Mahony, Ieuan-Gael)

Download PDF
EXHIBIT 1 Subject: Call for papers proposal: The Anatomy of a Subway Hack: Breaking Crypto RFIDs and Magstripes of Ticketing Systems Date: Thu, 15 May 2008 02:38:45 -0400 From: Zack Anderson <zacka@mit.edu> To: talks@defcon.org Attached is my submission for a talk at Defcon 16 this year. Please let me know if you need anything further. Thanks. Looking forward to Defcon, Zack Anderson * THE ANATOMY OF A SUBWAY HACK: * * BREAKING CRYPTO RFIDs AND MAGSTRIPES OF TICKETING SYSTEMS * * * * A Proposed Talk for Defcon 16 * * * Zack Anderson * Alessandro Chiesa RJ Ryan * * General Info Date of Submission: May 14, 2008 Primary Speaker Name: Zack Anderson Primary Speaker Title: Student at the Massachusetts Institute of Technology Additional Speaker Titles: RJ Ryan and Alessandro Chiesa, both students at MIT Primary Speaker Email: zacka@mit.edu Primary Speaker Phone: 310-270-3995 Has The Speaker Previously Spoken At Defcon: No Specific Day Or Time To Speak By: No, but an 11am slot is preferred Not Submitting To BlackHat MBTA0001 Presentation Information Presentation Name: "The Anatomy of a Subway Hack: Breaking Crypto RFIDs and Magstripes of Ticketing Systems" Time Requirement: 50 minutes Is There a Demonstration: Several Are We Releasing a New Tool: Yes Are We Releasing a New Exploit: Not exactly an "exploit" Is There Audience Participation: Haven't decided yet... perhaps. Has This Presentation Been Given: Not at a public venue, but a short (15 minute) version was given to MIT students in May, 2008. This talk at Defcon will be more in-depth, cover other subway systems, and have several live demos. Equipment Needs: Projector and a power source More Than 1 Projector: Not necessary, but the redundant dual projection used at many Defcon talks would be nice so that the entire audience can see the slides. Wireless Internet Access: Nice, but not necessary. Whiteboard Requirement: No Other Special Equipment: No, we will bring our own hardware for the demos. Detailed Outline I. Overview of subway fare collection systems II. Description of Boston T subway system III. Our Attacks On The Boston T A. Physical Security B. MIFARE RFID card attacks (on the CharlieCard) 1. Using the USRP and GNUradio to sniff raw data [code release] 2. Brute forcing attack on 48-bit key (using FPGAs) [POSSIBLE demo and code release (possible because as of today, the Verilog is not finished)] MBTA0002 3. Crafted challenge-response attack 4. Algebraic attacks [code release] C. MagStripe Card Reverse Engineering and attacks (cloning and forgery attacks) on the CharlieTicket 1. Reverse engineering the data on the card [automated magstripe reverseengineering tool release] 2. Forging a card (AKA how to get a lot of free money) [python script release and demo] 3. Cheap ways of cloning the card 4. How these techniques apply to other subway systems, and how some magcard systems differ D. WiFi, Network, and Wireless Device security audit of the system 1. WiFi analysis of Operations headquarters 2. Using a frequency counter to identify wireless devices 3. WARCARTING: you've seen wardriving, warwalking, and warflying, but I guarantee, nobody has ever seen this - a shopping cart retrofitted with seven types of radio transceivers and high-gain WiFi antennas E. Social Engineering Attacks on Personnel IV. Emphasis on how these attacks can apply to several other systems Abstract Want free subway rides for life? In this talk we go over weaknesses in common subway fare collection systems. We focus on the Boston T subway, and show how we reverse engineered the data on magstripe card, we present several attacks to completely break the CharlieCard, a MIFARE Classic smartcard used in many subways around the world, and we discuss physical security problems. We will discuss practical brute force attacks using FPGAs and how to use software-radio to read RFID cards. We go over social engineering attacks we executed on employees, and we present a novel new method of hacking WiFi: WARCARTING. We will release several open source tools we wrote to perform these attacks. With live demos, we will demonstrate how we broke these systems. Supporting Files MBTA0003 Sample Slides About This Talk Note that these slides just cover some of the work we have done, our talk will touch on other subway systems as well. http://web.mit.edu/zacka/www/bostont/hackingTheT.pdf Whitepaper About The Material In The Talk http://web.mit.edu/zacka/www/bostont/attacksOnMBTASecurity.pdf Code And Tools Our tools are not yet released. We plan on releasing them at Defcon. Speaker Bios Zack Anderson Zack Anderson is studying electrical engineering and computer science at MIT. He is an avid hardware and software hacker, and has built several systems such as an autonomous vehicle for the DARPA Grand Challenge. Zack is especially interested in the security of embedded systems and wireless communications. He has experience building and breaking CDMA cellular systems and RFID. Zack has worked for a security/intelligence firm, and has multiple patents pending. He enjoys building systems as much as he enjoys breaking them. RJ Ryan RJ Ryan is researcher at MIT. His longtime passion for security has resulted in a number of hacks and projects, including a steganographic cryptography protocol. RJ works on a number of technical projects ranging from computer security to operating systems, distributed computation, compilers, and computer graphics. He enjoys learning how things work, and how to make things work for him. Alessandro Chiesa Alessandro Chiesa is a Junior at MIT double majoring in Theoretical Mathematics and in Electrical Engineering and Computer Science. Born and raised in Varese, Italy, he came to MIT with interests in computational algebraic geometry, machine learning, cryptography, and systems security. He has authored papers such as "Generalizing Regev's Cryptosystem", which proposes a new cryptosystem based on shortest vector problems in cyclotomic fields. He is currently working with Oracle's Database Security group. ================= Legal Stuff ================= Copyright Use Grant I warrant that the above work has not been previously published elsewhere, or if it has, that I have obtained permission for its publication by DEF CON Communications, Inc. and that I will promptly supply DEF CON Communications, Inc. with wording for crediting the original publication and copyright owner. If I am selected for presentation, I hereby give DEF CON Communications, Inc. MBTA0004 permission to duplicate, record and redistribute this presentation; including, but not limited to, the conference proceedings, conference CD, video, audio, hand outs(s) to the conference attendees for educational, on-line and all other purposes. Yes, I, Zack Anderson, have read the above and agree to the Grant of Copyright Use. Terms of Speaking Requirements If I am selected to speak, I, (insert your name here), understand that I must complete and fulfill the following requirements or I will forfeit my honorarium: 1) I will submit a completed (and possibly updated) presentation, a copy of the tool(s) and/or code(s), and a reference to all of the tool(s), law(s), Web sites and/or publications referenced to at the end of my talk and as described in this CFP submission for publication on the conference CD by noon PST, June 30, 2008. 2) I understand if I fail to submit a completed presentation by June 30, 2008, I may be replaced by an alternate presentation or may forfeit my honorarium. This decision will be made by DEFCON and I will be informed in writing of my status. 3) I will include a detailed bibliography as either a separate document or included within the presentation of all resources cited and/or used in my presentation. 4) I will complete my presentation within the time allocated to me - not running over the time allocation. 5) I understand that DEFCON will provide 1 LCD projector, 1 screen, microphone, and video switch box. I understand that I am responsible for providing all other necessary equipment, including laptops and machines (with VGA output), to complete my presentation. 6) I will submit, within 5 days of the completion of the conference, any updated, revised or additional presentation(s) or materials that were used in my presentation but not included on the conference CD or conference proceedings. I, Zack Anderson, have read the above and understand and agree to the terms as detailed in the Agreement to Terms of Speaking Requirements. Terms of Speaking Renumeration 1) I understand that I will be responsible for my own hotel and travel expenses. 2) I understand that DEFCON will issue one payment per presentation. 3) I understand that in order to be paid, I must provide a valid name and snail mail address. US citizens will be paid with a company check. Non-US citizens will be paid via money order or company check. MBTA0005 4) I understand that the name and address that I provide to the onsite speaker liaison is where the payment will be sent. 5) I understand that I will be paid $200 USD, 30 days from the end of the conference, after I have completed my presentation. I may choose to waive my $200 speaking fee in exchange for 3 DEFCON Human badges. 6) I understand that should my talk be determined to be unsuitable (e.g. a vendor or sales pitch, a talk on the keeping of goats, etc) after I have presented, that I will not receive an honorarium. I, Zack Anderson, have read the above and understand and agree to the terms as detailed in the Agreement to Terms of Speaking Remuneration or I will forfeit my honorarium. MBTA0006 Subject: RE: Call for papers proposal: The Anatomy of a Subway Hack: Breaking Crypto RFIDs and Magstripes of Ticketing Systems Date: Thu, 15 May 2008 13:32:28 -0700 From: Nikita Caine <barkingkitten@gmail.com> To: 'Zack Anderson' <zacka@mit.edu> References: <482BDA75.4080600@mit.edu> Hello, Thank you for submitting your talk for DEFCON 16, if you have any questions, please feel free to contact me. After we have completed the selection process, we will contact you with your status (denial or acceptance). Call for papers will not end until May 15, You should be hearing from us by June 1, 2008 if not earlier. Please be aware that if you are accepted we require full materials (slides, whitepapers, etc) submitted to us for publication by June 30, 2008. Please be sure to monitor your email for requests, periodic updates and reminders. Nikita Caine, Administrator Of Khaos, Defcon. http://www.defcon.org [e] Nikita@defcon.org [t] +1 206.280.2294 PGP ID: Ox3550AC2D "Like Shuffleboard only a lot less violent." Original Message From: Zack Anderson [mailto:zacka@MIT.EDU] Sent: Wednesday, May 14, 2008 11:39 PM To: talks@defcon.org Subject: Call for papers proposal: The Anatomy of a Subway Hack: Breaking Crypto RFIDs and Magstripes of Ticketing Systems Attached is my submission for a talk at Defcon 16 this year. Please let me know if you need anything further. Thanks. Looking forward to Defcon, Zack Anderson MBTA0007 Subject: Recieved Acceptance letter? /DEFCON Speaker Info Date: Wed, 28 May 2008 21:17:46 -0700 From: Nikita Caine <barkingkitten@gmail.com> To: <Nikita@defcon.org> Hello Speakers, I'm just checking in with you to make sure that each of you have a copy of your acceptance letter for DEFCON 16. If for some reason you do not, please email me. There have been many speakers selected this past week and I want to make sure that everyone is on the same page. Also a few important things to note: · Some of you are asking about the schedule, The schedule is not ready yet and will take us some time before we get a first draft online. I will message you again when the schedule goes online. · If you have a specific time you cannot speak or need to speak by, please let me know now so we may arrange it best we can. · If you submitted a paper with multiple time requirements and do not know which you have been selected for please message me. I cannot tell you when you are speaking but I can tell you for how long. · If you have a Co-Speaker who is NOT listed on your CFP submission, please contact me immediately so they may be added to the speakers list. · Presentation Materials are due JUNE 30Ath . · Book Signing information due by June 15Ath . Thanks much and as always if you have any questions, don't hesitate to ask. Nikita Caine, Administrator Of Khaos.Defcon. http://www.defcon.org [e] Nikita@defcon.org <mailto:Nikita@defcon.org> [e] BarkingKitten@gmail.com <mailto:BarkingKitten@gmail.com> [T] 206-280-2294 (SMS preferred) "Like Shuffleboard only a lot less violent." MBTA0008 MBTA0009 Subject: Defcon slides Date: Mon, 30 Jun 2008 23:57:16-0400 From: Zack Anderson <zacka@mit.edu> To: Nikita Caine <barkingkitten@gmail.com> The slides for our talk are here: http://web.mit.edu/zacka/www/subway/DefconSubwayHack.pdf Zack MBTA00010 Subject: Re: Revised abstract Date: Tue, 05 Aug 2008 22:29:35 -0400 From: Zack Anderson <zacka@mit.edu> To: Nikita Caine <barkingkitten@gmail.com> References: <48988CC7.5060901 @mit.edu> <5dba3ce20808051926m7555b2c5o4cb74c1ddda11117@mail.gmail.com> Thanks so much! Zack Nikita Caine wrote: This should be updated on the website soon if not already, however do note the webmaster is in las vegas at the moment, and your previous abstract will be what is printed on the program. On Tue, Aug 5, 2008 at 10:24 AM, Zack Anderson <zacka@mit.edu> wrote: Hi Nikita, We met with a Sargent Detective of the Intelligence unit at the MBTA and a Special Agent of the cybercrimes division of the FBI yesterday. The meeting went well, and our legal counsel has advised us that we can definitely proceed with the talk. If you don't mind, can you change our abstract on the website to this: "In this talk we go over weaknesses in common subway fare collection systems. We focus on the Boston T subway, and show how we reverse engineered the data on magstripe card, we present several attacks to completely break the CharlieCard, a Ml FARE Classic smartcard used in many subways around the world, and we discuss physical security problems. We will discuss practical brute force attacks using FPGAs and how to use software-radio to read RFID cards. We survey 'human factors' that lead to weaknesses in the system, and we present a novel new method of hacking WiFi: WARCARTING. We will release several open source tools we wrote in the process of researching these attacks. With live demos, we will demonstrate how we broke these systems." Thanks, Zack Original Message Subject: Revised abstract Date: Tue, 05 Aug 2008 13:24:23 -0400 MBTA00011 From: Zack Anderson <zacka@mit.edu> To: Nikita Caine <barkingkitten@gmail.com> Hi Nikita, We met with a Sargent Detective of the Intelligence unit at the MBTA and a Special Agent of the cybercrimes division of the FBI yesterday. The meeting went well, and our legal counsel has advised us that we can definitely proceed with the talk. If you don't mind, can you change our abstract on the website to this: "In this talk we go over weaknesses in common subway fare collection systems. We focus on the Boston T subway, and show how we reverse engineered the data on magstripe card, we present several attacks to completely break the CharlieCard, a Ml FARE Classic smartcard used in many subways around the world, and we discuss physical security problems. We will discuss practical brute force attacks using FPGAs and how to use software-radio to read RFID cards. We survey 'human factors' that lead to weaknesses in the system, and we present a novel new method of hacking WiFi: WARCARTING. We will release several open source tools we wrote in the process of researching these attacks. With live demos, we will demonstrate how we broke these systems." Thanks, Zack Original Message Subject: Re: Defcon CD Date: Thu, 31 Jul 2008 22:33:37 -0400 From: Zack Anderson <zacka@mit.edu> To: Nikita Caine <barkingkitten@gmail.com> References: <5dba3ce20807010045o46a72b5bi6700c97871711870@mail.gmail.com> <489231 BD.6030209@mit.edu> <5dba3ce20807311734n416e4aa6pd03a9c6b6728a838@mail.gmail.com> We still plan on giving the talk. We left out a couple of key details from the slides, so for now I think we will be alright. We are meeting with the MBTA and legal counsel on Monday. I will keep you posted if anything changes, but expect us to give the talk. Zack Nikita Caine wrote: Zack, The CD's have been printed and are on their way to Vegas, There is no way to change it at this point. Please let me know if you will be MBTA00012 canceling your talk because of the investigation. -Nikita On Thu, Jul 31, 2008 at 2:42 PM, Zack Anderson <zacka@mit.edu> wrote: Hi Nikita, I was wondering if the Defcon CDs have already been produced. The MBTA informed us today that the FBI has mounted an investigation regarding the work we are going to present at Defcon about hacking subway systems. If still possible, we may want to adjust a couple of slides from our slide deck. I understand that in all probability, the CDs have already been made, but please let me know. Thanks, Zack Nikita Caine wrote: This is just a confirmation to let you know that I received your presentation materials and you are checked off my list. I appreciate you meeting the deadline, if you come across any changes (typos,etc) please let me know, I will be compiling the presentation CD over the next few days so I may be able to slip in your updated materials. For those of you that sent in your choices in regards to badge vs check, I will be sending out an additional confirmation email within the next few days as well. Thanks again, Nikita Original Message Subject: Defcon CD Date: Thu, 31 Jul 2008 17:42:21 -0400 From: Zack Anderson <zacka@mit.edu> To: Nikita Caine <barkingkitten@gmail.com> References: <5dba3ce20807010045o46a72b5bi6700c97871711870@mail.gmail.com> Hi Nikita, MBTA00013 I was wondering if the Defcon CDs have already been produced. The MBTA informed us today that the FBI has mounted an investigation regarding the work we are going to present at Defcon about hacking subway systems. If still possible, we may want to adjust a couple of slides from our slide deck. I understand that in all probability, the CDs have already been made, but please let me know. Thanks, Zack Nikita Caine wrote: This is just a confirmation to let you know that I received your presentation materials and you are checked off my list. I appreciate you meeting the deadline, if you come across any changes (typos,etc) please let me know, I will be compiling the presentation CD over the next few days so I may be able to slip in your updated materials. For those of you that sent in your choices in regards to badge vs check, I will be sending out an additional confirmation email within the next few days as well. Thanks again, Nikita Original Message Subject: Re: Badges or Honorarium? Date: Wed, 02 Jul 2008 23:56:42 -0400 From: Zack Anderson <zacka@mit.edu> To: Nikita Caine <barkingkitten@gmail.com> References: <014e01c8dcbf$86081500$92183fOO$@com> We'd like an honorarium, please. You can make it out to: Zack Anderson 3 Ames St., #259 Cambridge, MA 02142 Thanks! Zack Nikita Caine wrote: Hello Speakers, This is a mass email to let you know I do not have anything selected for you in regards to your choice between Honorarium or three Defcon badges. Please let me know your choices as early as possible, the earlier I know the better, I would prefer to know by this weekend. If you have already made your selection, I apologize for my disorganization in MBTA00014 adding your name to this list by mistake. If that is the case, please let me know your choice again, and I will send you a separate confirmation email within the next few days. If you will be accepting a check I will need to know the name it shall be made out to and a mailing address in case we fail to deliver it to you in hand at the show. If you change your mind at the show we can shred the check and give you badges, however we cannot write you a check at the show and you may have to wait up to 6 weeks to receive it via post. Twenty Minute Turbo talks are excluded from this list, so if you found yourself on this list accidentally, please disregard. Also, please note you have one choice per full length talk. Thanks much, Nikita Original Message Subject: Defcon slides Date: Mon, 30 Jun 2008 23:57:16-0400 From: Zack Anderson <zacka@mit.edu> To: Nikita Caine <barkingkitten@gmail.com> The slides for our talk are here: http://web.mit.edu/zacka/www/subway/DefconSubwayHack.pdf Zack Original Message Subject: Re: Please Confirm. Date: Sun, 29 Jun 2008 17:12:17-0400 From: Zack Anderson <zacka@mit.edu> To: Nikita Caine <barkingkitten@gmail.com> References: <01b301c8d802$9abad990$d0308cbO$@com> <FECC7303-81C544CO-B704-42915C7D9555@mit.edu> <5dba3ce20806271349kd6a5013l13e6a5f74356bd4b@mail.gmail.com> <48670CF3.4020604@mit.edu> <5dba3ce20806291401o425ccc14l26ae581009c3b313@mail.gmail.com> <5dba3ce20806291407g73279183n2f1538c9c17d72d3@mail.gmail.com> Hey, MBTA00015 1pm on Sunday is great. Thanks. Zack Nikita Caine wrote: Perhaps I spoke too , I have you for a 1pm slot. I did not really want your talk that late in the day so i hope this works out. -Kita On Sun, Jun 29, 2008 at 2:01 PM, Nikita Caine <barkingkitten@gmail.com> wrote: This registers a latent memory with me, sorry about that. The only thing I can do as of now is switch you with the last talk in that track that day. Things are crazy with the schedule and I'm sorry about that, I truly am. I hope that helps. On Sat, Jun 28, 2008 at 9:17 PM, Zack Anderson <zacka@mit.edu> wrote: Hi Nikita, I just checked the schedule and spoke to Alessandro (the other speaker in my talk). He has a family obligation Saturday evening, and won't be back in Vegas until 10am on Sunday. That's going to be pushing it for an 11am talk. Is there any way we can reschedule for a 12pm slot on Sunday, or slightly after that? Really sorry about the inconvenience. Also, can you fix my name on the schedule from "Zac" to "Zack." Thanks! Zack Nikita Caine wrote: Thanks much. :-) On Fri, Jun 27, 2008 at 1:46 PM, Zack Anderson <zacka@mit.edu> wrote: Hi Nikita, You'll have our materials by the 30th. Zack On Jun 26, 2008, at 11:05 PM, "Nikita Caine" <barkingkitten@gmail.com> wrote: Seemed as if my first attempt bounced to you, must have been formatting errors on my end..although could've also been entirely imaginary as well. Thanks much. From: Nikita Caine [mailto:barkingkitten@gmail.com] MBTA00016 Sent: Thursday, June 26, 2008 7:47 PM To: 'Nikita@defcon.org' Subject: Please Confirm. Hello speakers, This is a Mass Mailing to let you know that I have gotten the schedule approved, I am working on it now so it should be online very soon. I know you are all very anxious. If you are concerned about not getting the slot you requested please let me know and I will verify your time slot for you. You should also be aware that the deadline to make changes to your abstract & bio is fast approaching, in four days we will take the information from the defcon speakers page to prepare the printed program. Please review it and let us know if you need to make any changes to your description or bio. Also, I need everyone to reply to this email to confirm the following: You know you are speaking, and you know the presentation materials are due in four days. 6-30-08. I expected a higher amount of presentation materials turned by now, so I am just making a final reminder and checking in with you to make sure we are on the same page. Please reply, with a simple or ack or be as elaborate as you would like. I hope everyone is doing well, and I look forward to your response. Thank you very much in advance for your response and for all the hard work you do making this Defcon filled with great content! -Nikita Caine 206-280-2294 Original Message MBTA00017 Subject: Re: Please Confirm. Date: Sun, 29 Jun 2008 00:17:55-0400 From: Zack Anderson <zacka@mit.edu> To: Nikita Caine <barkingkitten@gmail.com> References: <01b301c8d802$9abad990$d0308cbO$@com> <FECC7303-81C544CO-B704-42915C7D9555@mit.edu> <5dba3ce20806271349kd6a5013l13e6a5f74356bd4b@mail.gmail.com> Hi Nikita, I just checked the schedule and spoke to Alessandro (the other speaker in my talk). He has a family obligation Saturday evening, and won't be back in Vegas until 10am on Sunday. That's going to be pushing it for an 11am talk. Is there any way we can reschedule for a 12pm slot on Sunday, or slightly after that? Really sorry about the inconvenience. Also, can you fix my name on the schedule from "Zac" to "Zack." Thanks! Zack Nikita Caine wrote: Thanks much. :-) On Fri, Jun 27, 2008 at 1:46 PM, Zack Anderson <zacka@mit.edu> wrote: Hi Nikita, You'll have our materials by the 30th. Zack On Jun 26, 2008, at 11:05 PM, "Nikita Caine" <barkingkitten@gmail.com> wrote: Seemed as if my first attempt bounced to you, must have been formatting errors on my end..although could've also been entirely imaginary as well. Thanks much. From: Nikita Caine [mailto:barkingkitten@gmail.com] Sent: Thursday, June 26, 2008 7:47 PM To: 'Nikita@defcon.org' Subject: Please Confirm. Hello speakers, This is a Mass Mailing to let you know that I have gotten the schedule MBTA00018 approved, I am working on it now so it should be online very soon. I know you are all very anxious. If you are concerned about not getting the slot you requested please let me know and I will verify your time slot for you. You should also be aware that the deadline to make changes to your abstract & bio is fast approaching, in four days we will take the information from the defcon speakers page to prepare the printed program. Please review it and let us know if you need to make any changes to your description or bio. Also, I need everyone to reply to this email to confirm the following: You know you are speaking, and you know the presentation materials are due in four days. 6-30-08. I expected a higher amount of presentation materials turned by now, so I am just making a final reminder and checking in with you to make sure we are on the same page. Please reply, with a simple or ack or be as elaborate as you would like. I hope everyone is doing well, and I look forward to your response. Thank you very much in advance for your response and for all the hard work you do making this Defcon filled with great content! -Nikita Caine 206-280-2294 Original Message Subject: Re: Please Confirm. Date: Fri, 27 Jun 2008 16:46:30 -0400 From: Zack Anderson <zacka@mit.edu> To: Nikita Caine <barkingkitten@gmail.com> References: <01b301c8d802$9abad990$d0308cbO$@com> Hi Nikita, You'll have our materials by the 30th. Zack On Jun 26, 2008, at 11:05 PM, "Nikita Caine" <barkingkitten@gmail.com <mailto:barkingkitten@gmail.com>> wrote: Seemed as if my first attempt bounced to you, must have been formatting errors on my end..although could've also been entirely imaginary as well. Thanks much. MBTA00019 *From:* Nikita Caine [mailto:barkingkitten@gmail.com <mailto:barkingkitten@gmail.com>] *Sent:* Thursday, June 26, 2008 7:47 PM *To:* 'Nikita@defcon.org <mailto:Nikita@defcon.org>' *Subject:* Please Confirm. Hello speakers, This is a Mass Mailing to let you know that I have gotten the schedule approved, I am working on it now so it should be online very soon. I know you are all very anxious. If you are concerned about not getting the slot you requested please let me know and I will verify your time slot for you. You should also be aware that the deadline to make changes to your abstract & bio is fast approaching, in four days we will take the information from the defcon speakers page to prepare the printed program. Please review it and let us know if you need to make any changes to your description or bio. Also, I need everyone to reply to this email to confirm the following: You know you are speaking, and you know the presentation materials are due in four days. 6-30-08. I expected a higher amount of presentation materials turned by now, so I am just making a final reminder and checking in with you to make sure we are on the same page. Please reply, with a simple or ack or be as elaborate as you would like. I hope everyone is doing well, and I look forward to your response. Thank you very much in advance for your response and for all the hard work you do making this Defcon filled with great content! -Nikita Caine 206-280-2294 Original Message Subject: Re: Recieved Acceptance letter? /DEFCON Speaker Info Date: Thu, 29 May 2008 01:42:44 -0400 From: Zack Anderson <zacka@mit.edu> To: Nikita Caine <barkingkitten@gmail.com> References: <001e01c8c143$Oaed42bO$20c7c810$@com> Hi Nikita, I did not receive the acceptance letter. Please forward it when you get a chance. Thanks! MBTA00020 Zack Nikita Caine wrote: Hello Speakers, I'm just checking in with you to make sure that each of you have a copy of your acceptance letter for DEFCON 16. If for some reason you do not, please email me. There have been many speakers selected this past week and I want to make sure that everyone is on the same page. Also a few important things to note: · Some of you are asking about the schedule, The schedule is not ready yet and will take us some time before we get a first draft online. I will message you again when the schedule goes online. · If you have a specific time you cannot speak or need to speak by, please let me know now so we may arrange it best we can. · If you submitted a paper with multiple time requirements and do not know which you have been selected for please message me. I cannot tell you when you are speaking but I can tell you for how long. · If you have a Co-Speaker who is NOT listed on your CFP submission, please contact me immediately so they may be added to the speakers list. · Presentation Materials are due JUNE 30Ath . · Book Signing information due by June 15Ath . Thanks much and as always if you have any questions, don't hesitate to ask. Nikita Caine, Administrator Of Khaos.Defcon. http://www.defcon.org [e] Nikita@defcon.org <mailto:Nikita@defcon.org> [e] BarkingKitten@gmail.com <mailto:BarkingKitten@gmail.com> [T] 206-280-2294 (SMS preferred) "Like Shuffleboard only a lot less violent." MBTA00021 Original Message Subject: Re: Revised abstract Date: Tue, 5 Aug 2008 19:26:19 -0700 From: Nikita Caine <barkingkitten@gmail.com> To: Zack Anderson <zacka@mit.edu> References: <48988CC7.5060901 @mit.edu> This should be updated on the website soon if not already, however do note the webmaster is in las vegas at the moment, and your previous abstract will be what is printed on the program. On Tue, Aug 5, 2008 at 10:24 AM, Zack Anderson <zacka@mit.edu> wrote: Hi Nikita, We met with a Sargent Detective of the Intelligence unit at the MBTA and a Special Agent of the cybercrimes division of the FBI yesterday. The meeting went well, and our legal counsel has advised us that we can definitely proceed with the talk. If you don't mind, can you change our abstract on the website to this: "In this talk we go over weaknesses in common subway fare collection systems. We focus on the Boston T subway, and show how we reverse engineered the data on magstripe card, we present several attacks to completely break the CharlieCard, a Ml FARE Classic smartcard used in many subways around the world, and we discuss physical security problems. We will discuss practical brute force attacks using FPGAs and how to use software-radio to read RFID cards. We survey 'human factors' that lead to weaknesses in the system, and we present a novel new method of hacking WiFi: WARCARTING. We will release several open source tools we wrote in the process of researching these attacks. With live demos, we will demonstrate how we broke these systems." Thanks, Zack Original Message Subject: Re: Defcon CD Date: Thu, 31 Jul 2008 17:34:22 -0700 From: Nikita Caine <barkingkitten@gmail.com> To: Zack Anderson <zacka@mit.edu> References: <5dba3ce20807010045o46a72b5bi6700c97871711870@mail.gmail.com> <489231 BD.6030209@mit.edu> MBTA00022 Zack, The CD's have been printed and are on their way to Vegas, There is no way to change it at this point. Please let me know if you will be canceling your talk because of the investigation. -Nikita On Thu, Jul 31, 2008 at 2:42 PM, Zack Anderson <zacka@mit.edu> wrote: Hi Nikita, I was wondering if the Defcon CDs have already been produced. The MBTA informed us today that the FBI has mounted an investigation regarding the work we are going to present at Defcon about hacking subway systems. If still possible, we may want to adjust a couple of slides from our slide deck. I understand that in all probability, the CDs have already been made, but please let me know. Thanks, Zack Nikita Caine wrote: This is just a confirmation to let you know that I received your presentation materials and you are checked off my list. I appreciate you meeting the deadline, if you come across any changes (typos,etc) please let me know, I will be compiling the presentation CD over the next few days so I may be able to slip in your updated materials. For those of you that sent in your choices in regards to badge vs check, I will be sending out an additional confirmation email within the next few days as well. Thanks again, Nikita Original Message Subject: Badges or Honorarium? Date: Wed, 2 Jul 2008 20:47:28 -0700 From: Nikita Caine <barkingkitten@gmail.com> To: <talks@defcon.org> Hello Speakers, MBTA00023 This is a mass email to let you know I do not have anything selected for you in regards to your choice between Honorarium or three Defcon badges. Please let me know your choices as early as possible, the earlier I know the better, I would prefer to know by this weekend. If you have already made your selection, I apologize for my disorganization in adding your name to this list by mistake. If that is the case, please let me know your choice again, and I will send you a separate confirmation email within the next few days. If you will be accepting a check I will need to know the name it shall be made out to and a mailing address in case we fail to deliver it to you in hand at the show. If you change your mind at the show we can shred the check and give you badges, however we cannot write you a check at the show and you may have to wait up to 6 weeks to receive it via post. Twenty Minute Turbo talks are excluded from this list, so if you found yourself on this list accidentally, please disregard. Also, please note you have one choice per full length talk. Thanks much, Nikita Original Message Subject: Thank you for submitting your presentation materials Date: Tue, 1 Jul 2008 00:45:53 -0700 From: Nikita Caine <barkingkitten@gmail.com> To: talks@defcon.org This is just a confirmation to let you know that I received your presentation materials and you are checked off my list. I appreciate you meeting the deadline, if you come across any changes (typos,etc) please let me know, I will be compiling the presentation CD over the next few days so I may be able to slip in your updated materials. For those of you that sent in your choices in regards to badge vs check, I will be sending out an additional confirmation email within the next few days as well. Thanks again, Nikita Original Message Subject: Re: Please Confirm. Date: Sun, 29 Jun 2008 14:07:55-0700 From: Nikita Caine <barkingkitten@gmail.com> MBTA00024 To: Zack Anderson <zacka@mit.edu> References: <01b301c8d802$9abad990$d0308cbO$@com> <FECC7303-81C544CO-B704-42915C7D9555@mit.edu> <5dba3ce20806271349kd6a5013l13e6a5f74356bd4b@mail.gmail.com> <48670CF3.4020604@mit.edu> <5dba3ce20806291401o425ccc14l26ae581009c3b313@mail.gmail.com> Perhaps I spoke too , I have you for a 1pm slot. I did not really want your talk that late in the day so i hope this works out. -Kita On Sun, Jun 29, 2008 at 2:01 PM, Nikita Caine <barkingkitten@gmail.com> wrote: This registers a latent memory with me, sorry about that. The only thing I can do as of now is switch you with the last talk in that track that day. Things are crazy with the schedule and I'm sorry about that, I truly am. I hope that helps. On Sat, Jun 28, 2008 at 9:17 PM, Zack Anderson <zacka@mit.edu> wrote: Hi Nikita, I just checked the schedule and spoke to Alessandro (the other speaker in my talk). He has a family obligation Saturday evening, and won't be back in Vegas until 10am on Sunday. That's going to be pushing it for an 11am talk. Is there any way we can reschedule for a 12pm slot on Sunday, or slightly after that? Really sorry about the inconvenience. Also, can you fix my name on the schedule from "Zac" to "Zack." Thanks! Zack Nikita Caine wrote: Thanks much. :-) On Fri, Jun 27, 2008 at 1:46 PM, Zack Anderson <zacka@mit.edu> wrote: Hi Nikita, You'll have our materials by the 30th. Zack On Jun 26, 2008, at 11:05 PM, "Nikita Caine" <barkingkitten@gmail.com> wrote: Seemed as if my first attempt bounced to you, must have been formatting errors on my end..although could've also been entirely imaginary as well. Thanks much. MBTA00025 From: Nikita Caine [mailto:barkingkitten@gmail.com] Sent: Thursday, June 26, 2008 7:47 PM To: 'Nikita@defcon.org' Subject: Please Confirm. Hello speakers, This is a Mass Mailing to let you know that I have gotten the schedule approved, I am working on it now so it should be online very soon. I know you are all very anxious. If you are concerned about not getting the slot you requested please let me know and I will verify your time slot for you. You should also be aware that the deadline to make changes to your abstract & bio is fast approaching, in four days we will take the information from the defcon speakers page to prepare the printed program. Please review it and let us know if you need to make any changes to your description or bio. Also, I need everyone to reply to this email to confirm the following: You know you are speaking, and you know the presentation materials are due in four days. 6-30-08. I expected a higher amount of presentation materials turned by now, so I am just making a final reminder and checking in with you to make sure we are on the same page. Please reply, with a simple or ack or be as elaborate as you would like. I hope everyone is doing well, and I look forward to your response. Thank you very much in advance for your response and for all the hard work you do making this Defcon filled with great content! -Nikita Caine 206-280-2294 MBTA00026 Original Message Subject: Re: Please Confirm. Date: Sun, 29 Jun 2008 14:01:09 -0700 From: Nikita Caine <barkingkitten@gmail.com> To: Zack Anderson <zacka@mit.edu> References: <01b301c8d802$9abad990$d0308cbO$@com> <FECC7303-81C544CO-B704-42915C7D9555@mit.edu> <5dba3ce20806271349kd6a5013113e6a5f74356bd4b@mail.gmail.com> <48670CF3.4020604@mit.edu> This registers a latent memory with me, sorry about that. The only thing I can do as of now is switch you with the last talk in that track that day. Things are crazy with the schedule and I'm sorry about that, I truly am. I hope that helps. On Sat, Jun 28, 2008 at 9:17 PM, Zack Anderson <zacka@mit.edu> wrote: Hi Nikita, I just checked the schedule and spoke to Alessandro (the other speaker in my talk). He has a family obligation Saturday evening, and won't be back in Vegas until 10am on Sunday. That's going to be pushing it for an 11am talk. Is there any way we can reschedule for a 12pm slot on Sunday, or slightly after that? Really sorry about the inconvenience. Also, can you fix my name on the schedule from "Zac" to "Zack." Thanks! Zack Nikita Caine wrote: Thanks much. :-) On Fri, Jun 27, 2008 at 1:46 PM, Zack Anderson <zacka@mit.edu> wrote: Hi Nikita, You'll have our materials by the 30th. Zack On Jun 26, 2008, at 11:05 PM, "Nikita Caine" <barkingkitten@gmail.com> wrote: Seemed as if my first attempt bounced to you, must have been formatting errors on my end..although could've also been entirely imaginary as well. MBTA00027 Thanks much. From: Nikita Caine [mailto:barkingkitten@gmail.com] Sent: Thursday, June 26, 2008 7:47 PM To: 'Nikita@defcon.org' Subject: Please Confirm. Hello speakers, This is a Mass Mailing to let you know that I have gotten the schedule approved, I am working on it now so it should be online very soon. I know you are all very anxious. If you are concerned about not getting the slot you requested please let me know and I will verify your time slot for you. You should also be aware that the deadline to make changes to your abstract & bio is fast approaching, in four days we will take the information from the defcon speakers page to prepare the printed program. Please review it and let us know if you need to make any changes to your description or bio. Also, I need everyone to reply to this email to confirm the following: You know you are speaking, and you know the presentation materials are due in four days. 6-30-08. I expected a higher amount of presentation materials turned by now, so I am just making a final reminder and checking in with you to make sure we are on the same page. Please reply, with a simple or ack or be as elaborate as you would like. I hope everyone is doing well, and I look forward to your response. Thank you very much in advance for your response and for all the hard work you do making this Defcon filled with great content! -Nikita Caine 206-280-2294 MBTA00028 Original Message Subject: Re: Please Confirm. Date: Fri, 27 Jun 2008 13:49:26 -0700 From: Nikita Caine <barkingkitten@gmail.com> To: Zack Anderson <zacka@mit.edu> References: <01b301c8d802$9abad990$d0308cbO$@com> <FECC7303-81C544CO-B704-42915C7D9555@mit.edu> Thanks much. :-) On Fri, Jun 27, 2008 at 1:46 PM, Zack Anderson <zacka@mit.edu> wrote: Hi Nikita, You'll have our materials by the 30th. Zack On Jun 26, 2008, at 11:05 PM, "Nikita Caine" <barkingkitten@gmail.com> wrote: Seemed as if my first attempt bounced to you, must have been formatting errors on my end..although could've also been entirely imaginary as well. Thanks much. From: Nikita Caine [mailto:barkingkitten@gmail.com] Sent: Thursday, June 26, 2008 7:47 PM To: 'Nikita@defcon.org' Subject: Please Confirm. Hello speakers, This is a Mass Mailing to let you know that I have gotten the schedule approved, I am working on it now so it should be online very soon. I know you are all very anxious. If you are concerned about not getting the slot you requested please let me know and I will verify your time slot for you. You should also be aware that the deadline to make changes to your abstract & bio is fast approaching, in four days we will take the information from the defcon speakers page to prepare the printed program. Please review it MBTA00029 and let us know if you need to make any changes to your description or bio. Also, I need everyone to reply to this email to confirm the following: You know you are speaking, and you know the presentation materials are due in four days. 6-30-08. I expected a higher amount of presentation materials turned by now, so I am just making a final reminder and checking in with you to make sure we are on the same page. Please reply, with a simple or ack or be as elaborate as you would like. I hope everyone is doing well, and I look forward to your response. Thank you very much in advance for your response and for all the hard work you do making this Defcon filled with great content! -Nikita Caine 206-280-2294 Original Message Subject: FW: Please Confirm. Date: Thu, 26 Jun 2008 20:05:04 -0700 From: Nikita Caine <barkingkitten@gmail.com> To: <Nikita@defcon.org> Seemed as if my first attempt bounced to you, must have been formatting errors on my end..although could've also been entirely imaginary as well. Thanks much. *From:* Nikita Caine [mailto:barkingkitten@gmail.com] *Sent:* Thursday, June 26, 2008 7:47 PM *To:* 'Nikita@defcon.org' *Subject:* Please Confirm. Hello speakers, This is a Mass Mailing to let you know that I have gotten the schedule approved, I am working on it now so it should be online very soon. I know you are all very anxious. If you are concerned about not getting the slot you requested please let me know and I will verify your time slot for you. You should also be aware that the deadline to make changes to your abstract & bio is fast approaching, in four days we will take the information from the defcon speakers page to prepare the printed program. Please review it and let us know if you need to make any changes to your description or bio. MBTA00030 Also, I need everyone to reply to this email to confirm the following: You know you are speaking, and you know the presentation materials are due in four days. 6-30-08. I expected a higher amount of presentation materials turned by now, so I am just making a final reminder and checking in with you to make sure we are on the same page. Please reply, with a simple or ack or be as elaborate as you would like. I hope everyone is doing well, and I look forward to your response. Thank you very much in advance for your response and for all the hard work you do making this Defcon filled with great content! -Nikita Caine 206-280-2294 Original Message Subject: Reminder: Presentation Materials Due 6-30-08 ( This may very well be a duplicate) Date: Thu, 19 Jun 2008 20:44:45 -0700 From: Nikita Caine <barkingkitten@gmail.com> To: nikita@defcon.org I'm REALLY Sorry to spam your mail box, but I came back with 100+ failed delivery's, I did something wrong and with so many it will be hard to sort it out in a timely fashion I know a lot of you got the fist mail just fine, but I need to be sure, sorry once again. Original Message: Hello Speakers! This is just a friendly reminder to let you know presentation materials are due 6-3-08. Please let me know if you will be late, if you do not let me know and don't arrange something with me beforehand I may not be able to get your materials on the CD in time. You may continue to update your slides AFTER the deadline; the most recent versions will be made available online after the show. What you turn in on the 30th will go on the Defcon CD. Also, if you will be accepting the three badges instead of honorarium please tell me now. If you would like your check at the show, please provide me with the name it should be made out to and the address it can be mailed to in case we fail to deliver it in hand at the show. I know many of you are anxious to know when you are speaking, unfortunately I can not tell you for certain at this time. We are, I really mean it, working on the schedule. Hopefully we will have this done soon, when we do, I will send another mass mail out to you to. MBTA00031 If by some freak chance, this is the first you have heard from me and have no idea what's going on, first check your spam box, you are accepted to speak at DEFCON 16, then message me for more info :-) I hope everyone has a great weekend and I look forward to seeing you guys and gals in Vegas, only a few more months to go! Nikita 206-280-2294 nikita@defcon.org barkingkitten@gmail.com Original Message Subject: DEFCON 16 Talk Accepted! Date: Wed, 28 May 2008 23:15:03 -0700 From: Nikita Caine <barkingkitten@gmail.com> To: <zacka@mit.edu> Hello, Congratulations! DEFCON is pleased to accept you as a speaker at DEFCON 16. Please bear in mind the website is not fully updated yet. We will begin creating the schedule shortly and will be communicating with you often to give you updates and remind you of deadlines. If you have any questions please don't hesitate to ask. Please note that we require your full materials (slides, whitepapers, etc) submitted to us for publication by June 30, 2008. You may find your talk, abstract and bio online at: https://www.defcon.org/html/defcon16/dc-16-speakers.html If it is not online now, it should be up within the next few days. Once you get to the Rivera you will need to check in with me to receive your badge. I will notify you at a later date to remind you when and where. I will need a full name and mailing address that your check should be made out to for your honorarium. You can either provide me with that info now, or at your check in. If you wish to maintain your privacy there are other options. You can donate your honorarium to charity, popular choices are often the EFF, the Toxic BBQ and The Missing and Exploited Children's Foundation. Also, If you would like to exchange your honorarium for badges, please let us know. Those who wish to exchange the cash honorarium for badges will receive three Human badges which can only be picked up by the primary speaker of the presentation. MBTA00032 If you have published a book within the last 18 months and would like to be considered for a book signing, please let us know the title, publisher and date of publication. You will be notified if you are selected to do a book signing. We will need this information by June 15th. Please be sure to monitor your email for requests, periodic updates and reminders. Once again Congrats, If you need anything, don't hesitate to ask. I look forward to meeting you in Vegas again this year! Nikita Caine, Administrator Of Khaos.Defcon. http://www.defcon.org [e] Nikita@defcon.org <mailto:Nikita@defcon.org> [e] BarkingKitten@gmail.com [T] 206-280-2294 "Like Shuffleboard only a lot less violent." MBTA00033

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.


Why Is My Information Online?