Visiting Las Vegas can feel a bit like being a metal sphere in a pinball machine—you’re tossed from bright lights to blaring shows and back again until you eventually (hopefully) emerge out a hole at your home airport. When you visit Vegas with a swarm of hackers and security researchers, the dizziness gets amped up tenfold and can be laced with a dose of dark mischief.
This year marked the 23rd DefCon, the hacker conference that began as an informal gathering for hackers to meet in person and party in the desert. Since its beginning, it has grown from fewer than 100 attendees to reportedly more than 20,000 all of them jammed into two hotels this year—Paris and Ballys—to learn the latest hacks and swap techniques. Jason Larsen is one of the country’s top SCADA hackers and has been researching and designing proof-of-concept attacks against critical infrastructure for years, first for the Idaho National Laboratory and now for IOActive, a global security consultancy.
He has a special interest in digital-to-physical attacks—ones that, like Stuxnet, use malicious code to cause physical destruction to equipment. This year in DefCon’s ICS Village, focusing on hacks of industrial control systems, he directed his destructive talents at a 55-gallon barrel, which he imploded with code that simultaneously vacuum-packed the target and increased its temperature, resulting in a powerful boom! that reverberated through the room. An attack like this could be used to cause a chemical spill in a plant. If done to multiple tanks or barrels in a facility, it could also result in unsafe chemicals mixing for a combustible and toxic chain reaction. Here’s a gif of the momentous event.