Experiences from Disobey 2019

On the second weekend of January, I participated in Disobey in Helsinki. Disobey is a community-driven gathering for all kinds of hackers, makers, and breakers, that offers a place to share information and to learn from others. I had heard and read stories beforehand about Disobey being “the best hacker event in Finland”, but this was my first time when I could finally participate. Here's a short summary of the experience.

It is quite hard to categorise the event participants, but my guess would be that a good part of the visitors are so-called white-hat hackers, many having a day job in the ICT or information security industry. One thing that is sure is that all the participants are driven by a passion for learning something new and for having a deep understanding of how things really work under the hood. 

What Disobey has to offer?

The official conference program offers a good amount of talks and workshops around security and hacking, many of them presenting the results of work that may have taken several years to complete.

Disobey offers also several hacking challenges and puzzles to crack. First of all, the conference badge is not a typical name tag but a circuit board with a microcontroller and you can even load and run your own programs on it. Traditionally, there is a puzzle challenge related to the badge, which was the case also this year. Then there is the official capture the flag (CTF) hacking competition where the contestants get points by solving different challenges. 

In addition to talks and puzzles, there was a possibility to do HW hacking at the Hacklab.fi hacker village, and visit booths of sponsoring companies, individuals, and organizations. You could even practise your lock-picking skills if you wanted to. Disobey is also a very good place for networking as you can easily find like-minded people who are happy to discuss things openly.

The Disobey 2019 badge

My first Disobey

As a first-timer, I tried to sample as much of the different things on the menu as possible. For the challenges, I teamed up with a couple of old friends and we started by having a go at the badge challenge. We also tried our skills in the CTF competition, which again taught me some new tools and techniques. The challenges and puzzles took place not only on the local, dedicated "hostile" network but there was also some RF signal hacking and open source intelligence (OSINT) tasks included.

From the talks and presentations, my favourite one was "Ghost in the Locks" by Timo Hirvonen and Tomi Tuominen, which was about a design flaw that allows opening hotel room doors across the world without being noticed. The "TEMPEST" HDMI signal eavesdropping demo was also very impressive. Hopefully many of the talks will be soon available on the Disobey YouTube channel for everybody to enjoy.

There has been a small amount of mystique and rumours surrounding the event, some are even recommending to take only burner devices with you, but I found the atmosphere and people to be very friendly - of course certain amount of awareness and cautiousness is always good in IT. Overall, I found that going to Disobey was a trip that was well worth making and I would recommend it for anyone who is interested in these topics, beginners and experts alike. Especially for hackers, tinkerers, and the doers in information security, Disobey is the number one event in Finland.