HOPE Hacker Conference Shows Off New Tricks

Reverse engineering the Iridium satellite network, a home pharma reactor, and a new censorship-resistant file-sharing system were all demoed in NYC


In a steaming July in New York City, hackers from around the world gathered for The Eleventh HOPE, the latest installment of the biannual Hackers on Planet Earth conference organized by 2600 magazine. As in previous years, it was a gloriously grungy affair, with attendees wearing black T-shirts (adorned with geek references) crammed into the worn corridors and ballrooms of the Hotel Pennsylvania as they chugged on specially imported bottles of the caffeinated Club-Mate drink. But there was also a new emphasis on inclusion for women and the LGBT community, appropriate for a conference that has always styled itself as politically conscious.

This atmosphere was all the background to some eye-opening technical sessions. On the first day of the conference, Michael Laufer displayed a working prototype of an automated home-brew reactor for small-batch pharmaceutical production. The goal is to free patients from the kind of commercial price spikes made infamous when entrepreneur Martin Shkreli raised the price of the widely used antiparasitic drug pyrimethamine by over 5,500 percent in 2015. The prototype was essentially a mason jar with a modified lid. Temperature and pressure can be controlled as reagents, and catalysts are fed in via an Arduino-controlled syringe, but the real innovation is in the chemistry: Published drug-synthesis recipes are often intended for large-batch production by pharmaceutical companies, but Laufer and his colleagues have partnered with the company Chematica, which uses expert systems to find pharmaceutical recipes that are simple, have a large margin of error, and use cheap ingredients.

Another session focused on reverse engineering the Iridium satellite communications network. Stefan Zehl and “Schneider” from the Munich Chaos Computer Club (CCC) used software-defined radio systems to look at and decode the signals streaming down from orbit. Each Iridium satellite uses beam antennas to illuminate roughly 400-kilometer-wide spots as it passes over the Earth, so a message intended for a recipient anywhere in that area is broadcast over the entire spot. When Iridium was originally designed in the 1990s, the difficulty of receiving signals without the network’s own hardware made amateur surveillance impossible, so much of the traffic on the network is not encrypted. But now the CCC hackers claim a modified GPS antenna and a software radio is all that’s required to pick up and demodulate signals. By studying packets on a byte-by-byte basis, they were able to identify and decode a number of the different types of messages transmitted by the satellite constellation—including pager messages, emails, and even voice calls, albeit not yet in real time—and presented several samples of each. (Iridium will soon begin launching a new generation of satellites, but they will be backward compatible with existing equipment, so a lot of unencrypted traffic is still likely to flow over the network.)

Finally, a talk by Paul Kernfeld that may give movie and record executives pause marked the release of his Exandria decentralized file-library software. Current peer-to-peer networks like BitTorrent solve the problem of decentralizing file storage and exchange, but in order to find information, they still need centralized indexes. This has meant that those pirating movies and films—or exchanging information that repressive regimes don’t want shared—have relied on sites like The Pirate Bay, which are visible targets. But Kernfeld has created a system that stores the index in the Bitcoin blockchain, which is increasingly being used for applications beyond actual cryptocurrency. The system tries to guard against spam and fakes by requiring users to “burn” some bitcoins before adding content to the index, which means sending them to a specific Bitcoin address that is the financial equivalent of a black hole—you can verify that bitcoins have been sent to the address, but they can never be spent again by anyone.

This article appears in the September 2016 print issue as “Hackers Show Off New Tricks.”