Participants of the annual DEFCON security conference are competing in the event’s open source intelligence run by TraceLabs; “a challenge to hunt down public albeit potentially hard-to-find information on particular targets. But unlike other capture the flag events, this isn’t a game.”
The targets are real missing people, and hackers are gatherin the information that is authentic, all with intention to help authorities to track down the missing people. At an event in Toronto, participants found two people, Robert Sell (founder of TraceLabs) confirmed to Motherboard at DEFCON last week.
The CTF does have strict rules: all the info must be publicly available. Contact with the target, or their family or friends results in instant disqualification. This includes interacting with them on their social media posts. The hackers can’t use passwords to enter accounts, even if the login forms are publicly online.
“We’re not the police, so we’re doing zero touch. We’re not going to go talk to anybody, we’re not going to go phone the hotel, we’re not going to ask for their CCTV, we’re not going to do any of that. We’re strictly looking for public information,” Sell told Motherboard.
Doing the exercise at DEFCON was more of an idea to be tried out, Sell explained. Some people coitinued even after TraceLabs closed the event.
“You guys can stop, we’re gonna tally the points,” Sell recounted the team said at midnight on Saturday. “Nobody stopped. I was kind of confused,” he said. The truth is, the hackers didn’t really care about the prizes. Sell confirmed that “they’re still working these cases.”