Anatomy of a Hacker Con Media Leak

Thursday, August 30th, 2012

Last week, videos from Black Hat USA 2012 hit the internet. Three days later, videos from Def Con 20 made their electronic debut. Only problem is, these videos were not meant to be distributed online.

Black Hat and Def Con conference videos for any given year usually retail about $400 USD for a set of DVDs. The DVD’s are relatively basic and consist of MOV files and a few PDFs to constitute a program. While Def Con videos are generally put up online for free a few months after the con, Black Hat videos don’t make such an appearance. Ever.

So here I was, perusing the internet for videos from these conferences on Youtube, when I noticed some new directories pop up on a familiar site: I have few moral conflicts about sharing where to get this “pirated” content since the site in question will be shutting down tomorrow. For the unacquainted, is a strange hosting company which currently hosts darkoz’s “BlackHat/DefCon” mirror after it took up too much space on the last host (easynews for the detail-hounds). I’ve been archiving it, in parts, for almost a year. It gets updated every so often and is probably one of the single best sites for hacker media.

Anyway, these new directories for Def Con 20 and Black Hat 2012  originally came up unpopulated but slowly filled with content over the course of a few days. The Black Hat videos were mirrored and posted to Reddit where they spread and generated so much traffic the mirror went offline and removed the videos due to DMCA violation. This all took about 24 hours. After this, torrents started to pop up with the Black Hat videos where they remain primarily. More interestingly, a few days ago the videos actually went back up on as though nothing happened. The Def Con videos were pumped out in a similar manner. They popped up on and were torrented a day or two later.

Let’s talk about the videos themselves. Not the content and quality of the talks, but the actual files. This MOV format seems standard from checking out disc dumps of previous years (like so). No surprise there. However, the videos seem to have little care put into their production. From Def Con alone, I noticed only about half of the videos seemed to have correct metadata and two videos had aspect ratio issues. A handful of videos also suffered from video problems, meaning either the video camera failed, or the screen capture did. Further, the file names leave something to be desired. Looking up the presentation names to go with the files or playing guess-and-check is annoying, but tolerable for freed videos.

I’m not the only one who got in on the idea of downloading all the videos. If you do just a little bit of looking, you can see where people made download lists to feed into wget (here and here) and even a handy looking renaming script.

So where did the videos come from? It’s no stretch of the imagination to believe someone dumped their discs, and I’m sure this is the case. The archive at aggregates content from tons of active media archives and submissions (some stuff I put up actually got mirrored there). I’d wager that darkoz got the files as a donation. If he dumped the discs himself, why wouldn’t he include a program for the Def Con videos?

Though will be closing its doors, this hacker con mirror usually finds a new home.While I’ve done my best to mirror it, I cannot have foresight for any videos that might be added to it in the future, and hope the collection continues to grow. Where there are conference videos, there are people out there willing to share them, whether they be pricey or free.

Let’s see what slips through the cracks next year.