Friday Schedule

10:00 AM Opening Words


Welcome to the Biohacking Village!




10:15 AM Employ Cybersecurity Techniques Against the Threat of Medical Misinformation


Speaker: Eric D Perakslis Abstract: Medical misinformation has been labeled as one of the greatest public health threats of our time. Previously eradicated diseases, such as measles are occurring in clusters and causing deaths. The problem is complex with a mixture of private individuals and nation state actors all working to undermine the credibility of doctors and the US health system. In this piece, I will discuss our JAMA piece that calls for the use of an ethical cyber response to the threat of medical misinformation. Speaker Bio: Eric Perakslis, PhD, is a Rubenstein Fellow at Duke University, where he focuses on data science that spans medicine, policy, information technology, and security. Eric is also Lecturer in Biomedical Informatics at Harvard Medical School, and Strategic Innovation Advisor to Médecins Sans Frontières. T: @eperakslis




11:00 AM From buffer overflowing genomics tools to securing biomedical file formats


Speaker: Corey M. Hudson, Charles Fracchias Abstract: In this presentation we describe a previously unreported buffer overflow vulnerability in popular genomics alignment software package BWA. We will show how this exploit, combined with well-known attacks allows an attacker to access and modify patient data and manipulate genomic tests. We then show how this class of attacks constitutes a wider threat to global biomedical infrastructure and what a newly-formed team from Sandia National Labs and BioBright are doing about it. Speaker Bio: Corey Hudson is a computational biologist at Sandia National Laboratories. Corey leads teams in cybersecurity, machine learning, synthbio and genomics. His main work is modeling and simulating cybersecurity risks in realistic and large-scale genomic systems and highly automated synthbio facilities. Charles Fracchia is a bioengineer who has worked at the intersection of biology and computer science for the last decade. He is the founder and CEO of BioBright a company dedicated to making biomedical workflows more data-centric and secure. T: @coreymhudson @charlesfracchia




11:45 AM How to Level Up: Experiential Learning through Gamification


Speaker: JC Vega, Zzzomething Abstract: Want to learn how an epic clash between hackers turns into a battle of survival? How an intense, immersive experience builds critical cybersecurity skills? This talk highlights how storytelling, gamification and theater arts are used in a realistic environment to experience cybersecurity. The paradigm shift for cybersecurity crisis response training and preparation is here. Individuals, teams, and organizations can now prepare for a worst day with an intense, immersive experience that builds your critical cybersecurity and leadership skills in a realistic and gamified environment. The response and actions can have a decisive impact on the end state or the aftermath. Speaker Bio: JC is a hardened bilingual cyber human with the scars to prove it. He loves planting seeds of knowledge and flowers, and making tea leaf predictions. Greatest Professional Accomplishment: Book Club Founder “Not your Grandma’s book club, unless your Grandma is Grace Hopper.” A cybersecurity professional and a US Army Colonel (retired) with over three decades of security leadership experience and 17 years specializing in cybersecurity operations. Zzzomething is a well intentioned, model citizen with an unrequited love for all things cyber… and glitter. Lots of glitter. Three gold stars in Analytic Razzle Dazzle, and more than a decade in commercial and federal desk flying units. School of the Voiceless Dragon. Order of the Fuzzy Cardigan, 2nd Class. Auror and Unregistered Animagu T: @teamvega




12:30 PM Medical Simulations Panel


Speaker: Abstract: Speaker Bios:

Dr. Christian Dameff an Emergency Physician, Clinical Informatician, and researcher. He is currently the Medical Director of Cybersecurity for UC San Diego Health. Published clinical works include post cardiac arrest care including therapeutic hypothermia, novel drug targets for acute myocardial infarction patients, ventricular fibrillation waveform analysis, cardiopulmonary resuscitation (CPR) quality and optimization, dispatch assisted CPR, teletoxicology, clinical applications of wearables, and electronic health records. He has published in internationally known journals such as JAMA, Resuscitation, Circulation, JAMA Cardiology, Academic Medicine, and others.

Dr. Dameff is also a hacker and security researcher interested in the intersection of healthcare, patient safety, and cybersecurity. He has spoken at some of the world’s most prominent hacker forums including DEFCON, RSA, Blackhat, Derbycon, BSides, and is one of the cofounders of the CyberMed Summit, a novel multidisciplinary conference with emphasis on medical device and infrastructure cybersecurity. Published cybersecurity topics include hacking 911 systems, HL7 messaging vulnerabilities, and malware.

Dr. Dameff’s unique perspective has allowed him to perform some ground-breaking research and be covered by news publications such as Popular Science, The Washington Post, ABC NIGHTLINE, and WIRED.

Leslie Saxon, MD is a professor of medicine and clinical scholar at the Keck School of Medicine of USC. She specializes in wirelessly connected implantable and wearable devices that treat and diagnose heart conditions and prevent sudden death. Board-certified in cardiology, electrophysiology and heart failure, Saxon has authored more than 100 articles in various medical journals. She is an active member of several organizations and is a fellow at the Heart Rhythm Society.

Saxon is also the executive director of the internationally acclaimed USC Center for Body Computing (CBC). The CBC is a place for all USC schools, including medicine, engineering, business and cinematic arts, to form interdisciplinary relationships and accelerate the future of fully integrated, “connected” medicine. Saxon participates in the preclinical and clinical development and testing of wearable and implanted technology, including networked devices used in medicine, wellness and performance. Her active research programs involve connected sensors with elite athletes, military groups and patients. Her work is dedicated to providing users with continuous and protected information about their health or performance status. She leverages her clinical expertise to develop device models and software solutions that offer engaging user feedback–based real-time physiologic data.

Saxon has spoken at various forums, including TEDMED, SXSW and WIRED Health. She is regularly quoted in popular media outlets, including the Wall Street Journal, New York Times, BBC and Fast Company

Julian M. Goldman, MD is Medical Director of Biomedical Engineering for PartnersHealthCare System, an anesthesiologist at the Massachusetts General Hospital, and Director of the Program on Medical Device Interoperability based at MGH, Partners, and CIMIT.

Dr. Goldman founded the Medical Device "Plug-and-Play" (MD PnP) Interoperability research program in 2004 to promote innovation in patient safety and clinical care by leading the adoption of safe, secure, patient-centric integrated clinical environments. The MD PnP team has been recognized by multiple awards, including the Edward M Kennedy award for Healthcare Innovation.

Dr. Goldman is Board Certified in Anesthesiology and Clinical Informatics. He completed anesthesiology residency and research fellowship in medical device informatics at the University of Colorado. He departed Colorado as a tenured associate professor to work as an executive of a medical device company. Subsequently, Dr. Goldman joined Harvard Medical School and the Department of Anesthesia, Critical Care, and Pain Medicine at MGH in 2002 as a staff anesthesiologist, where he served as a principle anesthesiologist in the MGH "Operating Room of the Future".

Dr. Goldman co-chaired the FCC mHealth Task Force, the HIT Policy Committee FDASIA Workgroup regulatory subgroup, and the FCC Consumer Advisory Committee healthcare working group. He served on the NSF CISE Advisory Committee, as a Visiting Scholar in the FDA Medical Device Fellowship Program, and as a member of the CDC BSC for the NCPHI. Dr. Goldman currently serves in leadership positions in several healthcare standardization and innovation organizations including Chair of ISO Technical Committee 121, Co-Chair of the AAMI Interoperability Working Group, Co-Chair of the Healthcare Task Group of the Industrial Internet Consortium, and Chair of the Use Case Working Group of the Continua Health Alliance (now the Personal Connected Health Alliance).

Dr. Goldman is an IEEE EMBS Distinguished Lecturer, and the recipient of the International Council on Systems Engineering Pioneer Award, American College of Clinical Engineering (ACCE) award for Professional Achievement in Technology, the AAMI Foundation/Institute for Technology in Health Care Clinical Application Award, and the University of Colorado Chancellor's "Bridge to the Future" award.

David Guffrey, MS, MSM, HCISPP, ITIL is the Biomedical Cybersecurity Specialist for Partners HealthCare. David leads the medical device cybersecurity program for research and operations across the largest healthcare system in Massachusetts. David’s background includes R&D in brain computer interfacing and neural prosthetic systems, linear and non-linear signal processing, electrical stimulation and feedback systems, virtual reality, as well as network and server architectures and medical device integration with electronic health records (EHR). In his current appointment, David leads myriad projects and activities across the Partners HealthCare enterprise. A major component of his work has been centered around architecting the MDPnP Cyber Lab, a state-of-the-art medical device cybersecurity laboratory with funding provided by the United States Department of Homeland Security (DHS) and Food and Drug Administration (FDA). David’s daily work includes risk assessments, technology assessments, penetration testing, and emergency preparedness & response activities as well as the nitty gritty work of applying his cybersecurity expertise to procurement contract negotiations. David is a leading voice representing healthcare delivery organization (HDO) interests in the national standards community. David’s passion lies at the nexus of medical devices, information technology, personnel practices and policies, and tackling the cybersecurity challenges of today to lay the groundwork for tomorrow.

Instructions for joining DHS IMPACT and requesting medical device network data from Massachusetts General Hospital

1) Go to the IMPACT website: https://www.impactcybertrust.org/login

2) Click on “REGISTER”

3) Create an account and complete the registration process

4) Once your account is created, return to the IMPACT site: https://www.impactcybertrust.org/login

5) Enter your “User Name” and “Password” to log into your account

6) Click on “Search”

7) Click on “DATA & TOOLS Catalog

8) Navigate to the left “FILTER” pane and click on “Massachusetts General Hospital”

9) This will display data sets available from MGH

10) Click on a data set title

11) The detailed description of the data set you are interested in will open in a new window

12) Click “Request” in the upper right hand corner of the data set window

13) Complete the request form per instructions and click “Submit”

14) The data request will be reviewed by IMPACT personnel and then forwarded onto MGH personnel




2:30 PM: Amputees and Prosthetic Challenges: Creating Functionality, Dignity Restoring, Interaction, and Enabling Technology


Speakers: Wayne Penn, Laurel Koss, Chuck Hildreth Jr. Abstract: The human body is the most elegant and complex machine ever created, but often we do not realize how well it works until a major system has been compromised such as with an amputation severing and removing an element of the neuromuscular and skeletal system. There are 1 million annual limb amputations globally, which equates to one every 30 seconds. With those kinds of numbers and what we see in science fiction TV and film, one would expect that prosthetic technology is ubiquitous and advancing at an exponential pace. However, prosthetic technology advancement can be correlated with periods immediately following military conflicts and still not able to fully replicate anatomical function, which is why we are seeking assistance of those at DEFCON’s Biohacking Village to collaborate and help create prosthetic solutions. Wayne Penn, a biomedical engineer and entrepreneur, will be joined by bi-lateral amputee Chuck Hildreth Jr., and Occupational Therapist Laurel Koss to discuss the etiology and epidemiology of amputations, challenges amputees face, the secondary or associated conditions and complications, and their shared experiences while working on advanced robotic prosthetic limb research programs such as the DEKA/DARPA/Mobius Bionics Luke Prosthetic Arm System. Chuck will give a demonstration of the Luke Arm System, the only full powered shoulder down prosthetic arm system in existence. Introductions will be given to the two BHV Prosthetic Labs taking place following the talk and ran by this presentation team. The first Lab will be to create a family of Quick Change Magnetic Adapters for Activities of Daily Living to hold items for personal hygiene as well as items for eating and food preparation utilizing 3D Printing. The second Lab, Thermo Limbs, will be introduced by 7th graders, Piper Vail Lalla and Ava Conlon, who won the Best Idea in the Medical Field and a $20,000 grant for a patent application at the National Invention Convention. This lab will focus on creating microprocessor controlled cooling systems for amputees, as thermal regulation is a major issue that affects amputees with the loss of their major sweat and heat dissipation surfaces. Speaker Bio: Wayne is a biomedical engineer and entrepreneur. He received his undergraduate degree in biomedical engineering from Columbia University, and his graduate degree in mechanical engineering with a focus on biomechanics from Boston University. He worked as the Clinical Research Coordinator at DEKA Research & Development on the DARPA/DEKA Luke Prosthetic Arm Project and the Product Marketing Manager for the MIT Media Lab startup iWalk for the BiOM Powered Prosthetic Ankle System, now the Ottobock Empower Ankle. He has continued his work in prosthetics focusing on advanced human interface, controls, and fitting systems for amputees while working in partnership with biodesigns. Wayne founded and leads his multidisciplinary engineering and design team at Charged Concepts, whose mission is to turn innovative concepts into impactful real world technology, programs, and initiatives. Laurel Koss has been an Occupational Therapist for 21 years. She received her undergraduate degree from the University of Pittsburgh, and her Occupational Therapy education from Duquesne University. Laurel worked as a Subject Matter Expert and Clinical Research Specialist at the James A Hayley VA Tampa Regional Amputee Center of Excellence, where she and Wayne worked together on the DARPA/DEKA Luke Prosthetic Arm Clinical Trials. Additionally, she has worked as a Patient Advocate at the Durham VA Medical Center and now works at Relias Learning where she teaches and writes Occupational Therapy Curriculum. Chuck Hildreth Jr. was injured in an electrical substation accident in 1981. As a result he lost both arms and suffered electrical exit wounds on his kneecaps as well as his feet. He is a positive father of 2 and gives encouraging talks to new amputees. He served as the lead test pilot and amputee trainer for the DARPA/DEKA Luke Prosthetic Arm System for all 3 generations of its development. Additionally, Chuck is a competitive downhill skier, and is the President of Lakes Region Disabled Sports, a non-profit organization that provides recreation and fitness for individuals with disabilities in a safe, supportive, independent, and fun environment. T: @chargedconcepts




4:15 PM: Hacking Wetware with Open Source Software and Hardware: The DIY Artificial Pancreas


Speaker: Jay Lagorio Abstract: Managing diabetes revolves around stagnated tech from the 80s and 90s. Hackers took their lives into their hands by augmenting inadequate products after market. Building iterations of a DIY artificial pancreas and real-life examples of will be discussed and at least one will be working on the presenter. Replacing human intervention with technology betters quality of life. See what happens when hackers decide they’re not waiting around for government and the MedTech industry to do better. Speaker Bio: Jay Lagorio, a software engineer and independent security researcher, has been building computers and networks and writing code nearly his entire life. He received a B.S. in Computer Science from UMBC in 2008 and an M. Eng. from the Naval Postgraduate School in 2015. T: @jaylagorio




5:00 PM: Beyond the Firmware: A Complete View of the Attack Surface of a Networked Medical Device


Speaker: Dr. Avi Rubin Abstract: Even a device with the most ironclad firmware can still be subject to a broad variety of attacks depending on its interaction with other external components. This presentation will examine commonly overlooked vulnerabilities in medical device deployments, with real-world examples discovered either during a certification process or through regulatory review. These vulnerabilities serve as cautionary examples of the extensive, but not always apparent, attack surface of medical devices. Speaker Bio: Dr. Avi Rubin is a Professor at Johns Hopkins University, where he serves as the Technical Director of the JHU Information Security Institute. He is also the founder and director of the JHU Health and Medical Security Lab, where his work is advancing medical device security and healthcare networks. T: @avirubin




7:15 PM: Medical Device Incident Response, Forensics, and “IT’s” Challenges


Speakers: Sam Buhrow, Adam Bravo, Randy Riden Abstract: Performing incident response (IR) and forensics on Medical devices is met with unique challenges due to manufacturers focus on longevity, but not security. This creates an environment with OS’s that are outdated, making live acquisitions almost impossible and conducting “Dead Box” forensics a standard practice. In this talk, we will cover some of the experiences we have had with medical device forensics, artifacts found (and not found), and the unique security concerns encountered. Speaker Bio: Sam is a cybersecurity practitioner that has had the opportunity to do, manage, or lead nearly every role in cyber, and has been in every vertical except Energy. Sam was told he wouldn’t go to college by his high school counselor. He graduated Summa Cum Laude. Adam served in the US Navy onboard the USS Halsey out of San Diego from 2006 – 2011 as a Sonar Technician 2nd Class (STG2). Upon separation from the Navy he began furthering his education and obtained his BS in Computer Information Systems with an emphasis in computer forensics in 2014. Since then he has been working as a computer forensic examiner/analyst in the education field and then healthcare for the past two years. He has multiple forensic and security certifications including CISSP, GCFA, GCFE, and EnCE. He is currently an IT Security Sr. Analyst in a large healthcare company where he has experienced many pitfalls and victories while responding to potential medical device security incidents. Randy served in the US Air Force as an Instrument and Flight Control Specialist under the Air Force Special Operations Command. Randy transitioned from his military career in Avionics to a civilian career in Digital Forensic Investigations. Since then he has grown in the Information Security workspace from litigation support to military contractor, higher education, and presently healthcare. He holds multiple certifications in fraud, forensic and security including CISSP, CISA, CHFI, CFE, CCE and EnCE. He is currently the Senior member of the Incident Management team as the IT Security Sr. Consultant for a non-profit healthcare organization.




6:30 PM: 0-Day Inside: Analog Analytics, Blood, Muscle, and Electricity


Speaker: Mandy Logan Abstract: Brainstem & cerebellar strokes=0day for me. No inside voice. No ability to comprehend speech or form words. No movement, no memories. Filters removed. Senses heightened in ways that threatened life. I lived through being “reset to abilities of a 6-mo” and spent 1000’s of hours formulating a new OS based on on/off response of my body’s electrical system and defining electrical signature of words, emotions, sensations, everything. Come listen. Grow stronger. Speaker Bio: After 5 strokes & major injuries, Mandy is no longer in const/eng. She used life hacking skills from a non-traditional background to re-establish neuro control using her tongue against her teeth & perseverance. Now, as a happy dyslexic autie, she pursues biohacking/stand up/fun/improving lives. T: @ 5urv1va7rix




5:45 PM: The Biology of Malware


Speaker: Turtle Snap Abstract: Drawing the connections between how human biology is affecting the evolution of malware. This talk will discuss how malware can affect biological virus research and be used for future medical research. Basically, a cool malware talk that will hopefully make you excited or s*&^ your pants. Speaker Bio: Turtle has dedicated the last 5 years of her career researching malware and providing foresight into future attacks and international terrorism. Her goal is to one day work full time in the United Kingdom providing offensive research to commercial entities.





Saturday Schedule

10:00 AM Opening Words


Welcome to the Biohacking Village!




10:15 AM Spectra: Open Biomedical Imaging


Speaker: Jean Rintoul Abstract: Biomedical Imaging has previously been expensive and near impossible to hack and experiment with. If more people experimented and understood how imaging works we could move it forward much faster and make these transformative technologies available to everyone. In this talk I'll present Spectra: a tiny 2" device that uses safe levels of AC current to recreate an image of any conductive material such as your lungs, arm or head, using the same tomographic reconstruction technique as a cat scan. Speaker Bio: Jean Rintoul wants to push forward a health technology commons. Previous experiences include bringing consumer electronic biosensor products to market from the Emotiv BCI to the Basis watch and Kiddo biosensor watch, and being published for her work in Cognitive Neuroscience in Nature. T: @jeantoul




11:00 AM DIY Medicine: The Ethics of Hacking Pharma


Speaker: Alex Pearlman Abstract: I will present two case studies of groups using biohacking methods to create generic versions of two of the most widely prescribed and most expensive pharmaceuticals in America. I will explain their methods and motivations in the context of the crisis of distributive justice in the US healthcare system. I question the ethics of the the delivery of pharmaceuticals to patients in the US and argue that biohackers are actually acting in a way that is morally acceptable, given the circumstances. Speaker Bio: Alex Pearlman is a bioethicist and writer and is the Managing Director of the Institute for Ethics of Emerging Technologies. Her research focuses on biohacking, self-experimentation, and access to health technologies. She also writes about emerging policy issues in science for the mainstream press. T: @lexikon1




11:45 AM Forensic Science and Information Security: Lifetime Lovers, Part-time Friends


Speaker: Najla Lindsay Abstract: Forensic Science and Information Security are very parallel fields. They are both methodical in nature and often one area builds succinctly on top of the other. With the ability to have a specialty in various areas, it is interesting that the two do not often merge together and share policies and procedures. You see Forensic Scientists often are called in at the “endpoint.” Usually, it is at the scene of a crime, only giving the final “product” and must work backwards to build a story for what initially happened. In Information Security, with the rapid growth of exposure to data, specifically PHI, it is evident that it would be beneficial for both communities to work together. With my area of extended knowledge and expertise in Forensic and Clinical Toxicology, I am often met with various attempts to “social engineer” me out of patient results to having sent incorrect reports to clients (not on purpose of course). In a Toxicology lab, whether government (local, state or federal) or private, PHI is the utmost important issue. Scientists adhere to the policies and procedures of the SCIENTIFIC aspect of the organization, but not always to the INFORMATION SECURITY aspect of the organization. Let’s chat a little about how to make both industries more aware how they are really Lifetime Lovers and Part-time Friends Speaker Bio: Najla is a Penn State Grad with a technical background in Forensic Science. She works in the area of Forensic & Clinical Toxicology, more specifically drug testing for various specimen types (urine, blood and oral fluid). She is a criminal show junkie, avid thrill seeker and traveler and wine explorer. She is currently transitioning into the hacking specialty of security and labels herself as Pentester Neophyte. You can follow her journey on twitter using these hashtags: #ToxicologyToOSCP and #ScientistToHacker. Her website/blog, forensicsandinfosec.tech is focused on forensics and information security.




12:30 PM Doctor/Hacker Panel


Speakers:

  • Dr. Harish Manyam
  • Hussein Syed
  • Dr. Dale Yoo
Abstract: Evaluating the clinical impact of a vulnerability has significant implication on how the vulnerabilities is handled both pre and post disclosure including how it is communicated to physicians and patients. Open and transparent communication between the clinical and security researcher communities is essential to ensure that researchers understand the impact that medical device vulnerabilities will have on patient health and safety and clinicians have a better understanding of security implications to be able to recommend an appropriate response for their patients. This panel which includes medical security researchers and practicing physicians and healthcare technologists will discuss the challenges of evaluating the clinical impact of medical device technologies and the opportunities for researchers and healthcare processionals to work more closely together. Speaker Bio: Dr. Manyam received his training at Case Western Reserve University Hospitals (2012-2014) and stayed there as faculty and Assistant Professor of Medicine from 2013-2016. He served as the Head of the Lead Extraction Program at University Hospitals Case Western Reserve prior to jointing the UT Cardiology group. He serves as the Director of Cardiovascular Research and the Head of the Atrial Fibrillation Center at Erlanger. He is actively involved with multiple research trials including monitoring the recurrence of atrial fibrillation, optimizing programing options in patients with biventricular defibrillators, and the assessment of lead extraction risk. He has extensive experience in complex ablation (atrial fibrillation and ventricular tachycardia), laser lead extraction, and device implantation. Hussein Syed is the VP/CISO at RWJBarnabas Health System, an integrated healthcare delivery network in New Jersey. He is responsible for the organization's information security program. Hussein and his team are responsible for security management planning and execution to align with the strategic goals of the health system. Hussein has more than 25 years of experience in IT, of which 17 years are in information security. He has spoken and participated at various security events, RSA, Evanta, HIMSS, and Gartner. Dr,. Dale Yoo attended the University of Pennsylvania in Philadelphia for his undergraduate degree program with honors. He attended medical school at the University of Texas Health Science Center, San Antonio, TX. He completed h9is residency in Internal Medicine and his fellowships in Cardiovascular Disease, Cardiac Electrophysiology Research and Clinical Cardiac Electrophysiology all from Emory University in Atlanta, GA. Dr. Yoo is proficient in all aspects of Electrophysiology including atrial fibrillation ablation, atrial flutter and PSVT ablation, ventricular tachycardia ablation, as well as complex congenital heart disease management and ablation. In addition, he implants pacemakers, defibrillators and cardiac resynchronization therapy devices. He is also one of only a handful of physicians trained to perform laser lead extraction in the Dallas area. Dr. Yoo not only practices electrophysiology, but he is also board certified in Nuclear Cardiology and proficient in advanced heart failure management. He is also quite involved with clinical research and has developed and patented a post-operative atrial fibrillation drug.




2:30 PM: The L33T Shall Inherit the Cosmos


Speaker: J.J. Hastings Abstract: The era of the astro-jock is over, no more men in tin cans taking orders from mission control. Staying alive off Earth will require the ability to thrive in an environment that requires constant adaptation. Fellow hacker and analogue astronaut J.J. Hastings argues that hackers are an ideal match to the space environment. Her talk suggests how we might become extra-terrestrial hackers and shares insights from her missions as a field researcher and analogue astronaut. Speaker Bio: A biohacker since 2009, JJ Hastings co-founded London Biohackspace and BioQuisitive, and has the first garage to be PC-1 certified in Australia. An alumna of NYU, Harvard and Oxford with advanced degrees in Biology and Bioinformatics, she is an analogue astronaut and field researcher for NASA/JPL. T: @HackerAstro




3:15 PM: The Story of SICGRL Vulnerability


Speaker: Andrea Downing Abstract: A massive security vulnerability was discovered which allowed PHI to be leaked from closed patient support groups on Facebook. In this session we’ll discuss how a coalition of patients and security researchers faced this crisis and explore the need to develop a new model for collective data governance on social media. Speaker Bio: Andrea Downing is a BRCA Community Data Organizer and founder of Brave Bosom. Along with Fred Trotter, Andrea discovered a security vulnerability in Facebook's Group product that affected all closed groups on Facebook. T: @BraveBosom




4:00 PM: Cyberbiosecurity & the "Full Stack Biotechnologist"


Speaker: Steve Lewis Abstract: At the intersection of biotechnology and technology there are emerging information and biosecurity (“Cyberbiosecurity”) considerations worth exploring in the context of design, healthcare, manufacturing, automation, and artificial intelligence. Never before has an individual had the opportunity to learn such a diverse range of skills. This presentation will explore the various intersections of the world’s most advanced (bio)technologies in the context of Cyberbiosecurity and discuss the myriad capabilities and tools of the “full stack biotechnologist.” We will also chat about biosensors and wearable product development. This presentation is guaranteed to be fun and informative for all – regardless if you’re a hacker, biologist, spook, prototyping expert, or health wearables geek! Speaker Bio: Steve Lewis is a biotechnology, IT, and operations professional from Denver, CO. He is an active member of the biohacking community through Inworks, a Denver-based prototyping lab and community bio space. Steve is a biosensor and wearables expert who invented and successfully prototyped the world’s first battery-free biosensor wristband that glows when users become too intoxicated to drive. At Merrick & Company, Steve leads IT and biologics development operational planning efforts for the National Bio and Agro-defense Facility (NBAF), in support of the United States Department of Agriculture. In June 2019, Frontiers in Bioengineering & Biotechnology published two peer reviewed publications that Steve co-authored, further defining the emerging discipline of Cyberbiosecurity. He also loves brewing beer in his spare time. T: @dontmindsteve




5:30 PM: Liven Up: Augmenting Materials for Bio-Hybrid Functionality


Speaker: Rachel Smith Abstract: What tools are currently available to us to create “living” or bio-hybrid materials—those that can be animated with biological functionalities for growth, response, distributed information processing, and cuing to the physical and chemical environment (a.k.a. the IOT before the digital IOT)? We seek fascinating ways augment the existing devices (i.e. pregnancy tests), 3D printed objects, and fabrics to interface with engineered living systems. The illustrated applications of these bio-hybrids range from disease-detection, programmable patterning of chemicals or pharmaceutics, and embedded reactivity to environmental DNA or particles. Speaker Bio: PhD.c in the Mediated Matter Group at the MIT Media Lab, Rachel hunts for ways to augment existing synthetic materials and devices with biological or living functions. Rachel holds a B.S. in Biomedical Eng (UVA) and has a colorful past starting up high-accessibility diagnostic tools and running medical hackathons to encourage creative designs for hospital needs.




4:45 PM: Building a New Decentralized Internet, With the Nodes Implanted in Our Bodies


Speaker: Nick Titus, Zac Shannon, Mixæl S. Laufer Abstract: The internet is broken. It's vulnerable to manipulation, censorship, shutdowns, surveillance, and on top of all that, it costs to access it. What if we could bypass all that? The PirateBox platform with its meshing capability creates this possibility, but somehow has gained little traction. If every WiFi enabled device just became a node on a mesh network, we would have a replacement for the hardware layer of the internet. To show how powerful this platform can be, and take it to the next level, we have created the PegLeg, an implanted cybernetic enhancement that turns the user into an anonymized local area network on which people can chat and share files anonymously, as well as mesh with other nearby networks. The PegLeg differs from a wearable, as it cannot be confiscated, and has no battery. Come learn how you can turn your phone, laptop, raspberry pi, or router into a meshing piratebox, and build a new internet. And if you are really committed, you can build the implant yourself, and be a walking pirate server with a PegLeg. Speaker Bio: Nick Titus invented his first assistive device in high school. This open source wearable electrically simulated a patient's muscles to move in accordance with mental commands transmitted by an EEG headset. After winning most innovative hardware at Tech Crunch NYC 2017 and sharing his story at TedxCU, Nick leaned into the biohacking movement as a whole. He has since focused his efforts on leveraging emerging technology to address overlooked challenges in all aspects of biology. He now lives in Boulder, CO where he collaborates on multiple humanitarian-driven biotech projects. Zac Shannon is too cool to brag about all the awesome things he's done, but he did take care of porting the operating system, and the meshing of the PirateBox platform for the PegLeg, as well as segregating the file system from the OS, so that the machine will not brick even in the case of a corrupted file system created from a hard shut down. Mixæl S. Laufer worked in mathematics and high energy physics until he decided to use his background in science to tackle problems of world health and other social issues. Perpetually disruptive, his flagship project makes it possible for people to manufacture their own medications at home. Open-source, and made from off-the-shelf parts, the Apothecary MicroLab puts many medications within the reach of those who would otherwise not have them. The project which garnered his group the most press was the EpiPencil, an open-source version of the EpiPen which costs only $30 to produce, and $3 to refill.




6:15 PM: The hard-coded key to my heart - Hacking a Pacemaker Programmer


Speakers: Marie Moe, Eivind Skjelmo Kristiansen, Anders Been Wilhelmsen Abstract: Marie’s pacemaker was hit by cosmic radiation while she was flying, which caused bitflips in the memory of the device. The incident led her to getting hold of an encrypted file with a crash log and a memory dump from her device. In order to get access to her own heart’s data she handed this file over to the two master students that she was supervising at the time, and gave them the task of breaking the crypto. They succeeded in finding the hard-coded key, which will be demonstrated in this talk. Speaker Bio: Dr. Marie Moe has a PhD in information security and works as a Research Manager at SINTEF and an Associate Prof. at NTNU. She is currently doing research on the security of her own implanted pacemaker. Marie loves to break crypto protocols, but gets angry when the broken crypto is in her own body. Eivind received the M.Sc. degree in communication technology with specialization in information security from NTNU in 2018. He is an alumnus of EURECOM and is currently a consultant at Bekk. Anders is a reverse engineer working for NSM NorCERT, the Norwegian national CERT. He's been the captain of the Norwegian national cybersecurity team in the European cyber security challenge (ECSC) and has a passion for CTFs. He received his M.Sc. in 2018 from NTNU in Trondheim and is an alumnus of EURECOM. T: @MarieGMoe @anderbw




7:00 PM: Digital Medicine 101


Speaker: Jen Goldsack Abstract: Technology is changing how we practice medicine. Sensors and wearables are getting smaller and cheaper, and algorithms are becoming powerful enough to predict medical outcomes. Yet despite rapid advances, healthcare lags behind other industries in truly putting these technologies to use. A major barrier to entry is the cross-disciplinary approach required to create such tools, requiring knowledge from many people across many fields. The talk aims to drive the field forward by unpacking that barrier, providing a "myth busting" session of the core concepts and terms that define digital medicine. The talk will use cartoons (woot!) to outline concepts the security, ethical, regulatory, and legal issues developers must consider as digital medicine products go to market. Speaker Bio: Jen Goldsack is the Executive Director of the Digital Medicine Society (DiMe). Jen spent several years at the Clinical Trials Transformation Initiative (CTTI) -- a public private partnership cofounded by Duke and the FDA -- where she led development and implementation several projects within CTTI’s Mobile Program and was the operational co-lead on the first randomized clinical trial using FDA’s Sentinel System. Jen spent five years working in research at the Hospital of the University of Pennsylvania, first in Outcomes Research in the Department of Surgery and later in the Department of Medicine. More recently, she helped launch the Value Institute, a pragmatic research and innovation center embedded in a large academic medical center in Delaware. Jen earned her master’s degree in chemistry from the University of Oxford, England, her masters in the history and sociology of medicine from the University of Pennsylvania, and her MBA from the George Washington University. Additionally, she is a certified Lean Six Sigma Green Belt and a Certified Professional in Healthcare Quality. Ms Goldsack is a retired athlete, formerly a Pan American Games Champion, Olympian and World Championship silver medalist. T: @_DiMeSociety





Sunday Schedule

10:00 AM Opening Words


Welcome to the Biohacking Village!




11:45 AM: A Minor Threat: What healthcare technology companies can learn about infosec from the Washington DC Punk Scene: 1979-1992


Speaker: Mike Kijewski Abstract: The changes healthcare IT and medical device companies need to make to their product development processes to address infosec challenges are radical. Many of these same challenges were overcome by the Washington DC punk scene in the 80s and 90s. Bands from Minor Threat to Fugazi used information sharing and first-principles thinking to bring lasting change to the music industry. If you are responsible for the security of healthcare software, its time to think like a punk. Speaker Bio: Mike is the cofounder of MedCrypt, a medical device cybersecurity startup based in San Diego, CA. T: @mikekijewski




11:00 AM: Blue Team Bio II - Genetic and Epigenetics Backups


Speaker: Mr_Br!ml3y, K-B00m Abstract: Editing genes is getting easier as knowledge of various genomes and technology advance. This will enable repair of genetic damage caused by external carcinogens provided that a known prior DNA sequence is available. This presentation discusses leveraging backup methodologies in IT to DNA applications to remediate genetic and epigenetic damage. Coding DNA into digital form at the base pair and transposon (amino acid specifyng) levels will be discussed. Speaker Bio: Mr_Br!ml3y has nine years of public sector info sec experience, and is currently working on a doctorate in environmental engineering, focused on contaminant transport/isolation. He has presented at DefCon BioHacking Village for four years, focusing on computational aspects of biohacking. K-B00m is a college freshman in pre-engineering with primary emphasis on chemistry and biology, preparing for a future major in biological engineering or computer security. She is currently a cybersecurity apprentice in the public sector.




10:15 AM: Biopiracy on the High Seas: lessons learned from purloined tarantulas and viral pandemics


Speaker: Marla Valentine Abstract: You wouldn’t steal a car! You wouldn’t steal a movie! But would you steal genetic code!? Venture into the high seas where no international laws regulate the patenting of genetic discoveries. From scientists threatened with extradition for identifying new species to calculable deaths based on sub par vaccinations; this lecture will cover the panoply of laws concerning developing genomic technologies in the high seas (or lack thereof) derived from preexisting statutes ratified by sovereign states. Speaker Bio: Dr. Valentine has explored the gamut of ocean sciences from wrestling sharks and alligators to exploring the darkest depths of the sea floor. Using a decade research experience Dr. Valentine now works at the forefront of scientific policy.




12:30 PM Getting Skin in the Game: Biohacking & Business


Speaker: cyberlass Abstract: Let’s talk biohacking, technology and business. We are a community that is innovating and creating — mostly in non-commercial and academic spaces. As we have grown so have the opportunities, sometimes in unexpected places. My company, Livestock Labs, is bringing its biometric implant to market — in cows first. Started by body augmenters, the company is proving what we all know — that when we get funding and dedicated time our projects take off. This session tries to shed some light on learning to business as a biohacker and what other funding models we might explore. I want to encourage other biohackers to take the leap and see what amazing things they can accomplish. Speaker Bio: Biohacker, IT nerd and COO of Livestock Labs, Amanda Plimpton has lessons learned from biohackers entering commercial spaces. She wants the biohacking community to have more opportunities for its talented, passionate members to contribute in commercial, academic and non-profit sectors. T: @cyberlass




1:15 PM: Chinese Military Combined Arms Effects - Bio-Weapons


Speaker: Red Dragon 1949 Abstract: During "Chinese Military Combined Arms Effects - Bio-Weapons" attendees will receive a field experience based discussion from within the People's Republic of China regarding the People'sLiberation Army's use of bio-weapons. Speaker Bio: Independent security researcher who has met authors of China's Unrestricted Warfare & a US Marine T: @RedDragon1949




2:00 PM: WASP BEER: Nature's Pipeline for Better Beers (Yes, limited beer will be provided)


Speaker: Anne A. Madden Abstract: The democratization of synthetic bio tools fuels innovation, but also poses risks, such as the creation of new organisms with unknown capabilities. For decades scientists have safely hacked nature’s pipeline to grow unknown natural microbes—finding those that make antibiotics and better beers, while avoiding those that make the world’s deadliest chemicals. We can leverage key learnings from this parallel field of bioprospecting to foster innovation while keeping humanity alive in the process. Speaker Bio: Dr. Madden is a microbe wrangler, an innovation consultant, and TED speaker. Her mission is to reveal the utility of the microscopic world around us. She’s discovered a novel microbial species, characterized new antibiotics, and identifying new yeasts for better beer technology from inside wasps. T: @AnneAMadden