Help with Spotting the Fed at DefCon

How to Spot the Fed at DefCon:

IndexSection
Hide checked
Section		This can be a long page. Set check marks for sections you don't want refreshed on your next submit. If you only want to fill out one form, check everything but that form. Suggestions/comments, please send to cot@passwall.com and thanks to passwall for letting me use this space. :-)
These forms post and re-evaluate scores each time you submit. Any submit button forces re-evaluation of all selections on the page.
Scores for each "test" are computed and are found near bottom of each "test."
Enjoy!
Cot
Cited Sources
Introduction
About this doc
Warning Signs
Useful Questions
Funny Questions
Dangerous things
  Here is a link to sections displayed last time this page was loaded.

Introduction

Spot the Fed is a contest that has been running at DefCon ever since I can remember. I don't run the contest. I am just a simple newbie who tried to organize other people's ideas and publish them.

Humans attending DefCon try to spot certain Federal employees who work as legal enforcers, or specialize in computer crime, forensics, information/intelligence, or work for an "acceptable" TLA (Three Letter Agency.) National Parks Service/Department of the Interior have NOT historically been an acceptable TLA for this contest.

After a potential Fed (Federal employee) is spotted, a goon is contacted, and sometimes questions and answers are expected on a stage in front of an audience.

What are some signs that a person might be a Fed? What reasons do you have for the person being a Fed when you are asked, "Why do you think this person is a Fed?" What questions can you ask them on the stage if you should be called up to help your case?

As you educate yourself with this document, so will your opponent in this game. As a result, the usefulness of some of these items will decrease with time, and people pretending to be Feds to get a free tee shirt through social engineering will have more information to help themselves.

About This Document

This document is not the work on one person, but a combined effort from many people and sources.

When possible, sources are cited. If a source citation was omitted, blame me, and notify me so it can be fixed.

This is not a document to guarantee you will find a Fed. Some of the questions here are close to useless, and other questions are laughable. The percent scores after each item are not additive; they are estimates on the value of the answers/items they are associated with in this paper. If you choose to add them, then know that you can exceed 100% and still not have a Fed as desired by the DefCon game.

What is with the Scoring? Is there any way for a person to answer truthfully and have their answer match that of a Fed, without being a simple soldier/airman/seaman, Welfare Clerk, work for the Department of the Interior or be a non-federal Law Enforcement Agency? Percentile scores per item try to estimate problems with false positives/negatives and target the Feds desired by the contest. (Also consider security specialists in the military, and other branches of the government who would likely be considered Feds too.)

Do you have new content? include it on the forums as part of an existing, and related thread or send it to me.

Warning Signs

These apply to things observed at DefCon in a suspected Fed:

#
Group:		 Observation:
Selection
1
Social-Passive		 (Feds of a feather flock together): Know that someone is a Fed? Are they wearing an "I'm the Fed Shirt? Were they on a "Meet the Fed" panel? Were they introduced as a Fed? Watch who they "hang" with at DefCon.
2
Social-Passive		 (Feds are sinners!): Why else would they want to talk to Priest? Some may pay with federal checks, or want to swap Fed stuff for a tee shirt or "shoot the breeze."
3
Social-Passive		 (Check please!): People who ask for receipts for food, room, and transportations (like taxi service) are generally looking to be reimbursed. Could be business employee or Fed.
4
Social-Passive		 (Your place or mine?): Feds generally stay where hotels offer a rate for federal employees that is not too costly and has been negotiated with the government. Research hotels in Las Vegas: Embassy Suites, Hilton Chain, Amerisuites, Crown Plaza
5
Social-Passive		 (Where is my Exit? Are they a threat? Where's my nearest cover?): Age 18-30 males who look like they workout a lot have "ass kicking" shoes/boots with rubber soles and always have their eyes trained on the doors and the people around them-- not the person they talk to. (Paranoia can be a false positive to this.)
6
Social-Passive		 (Bartender? Virgin Milk on the rocks.): Is the person not drinking alcohol at all-- even when you offer them a free beer? Could be part of AA/12-step, could be Fed, could be into self control, or on a diet.
7
Social-Active		 (Give me a job!): Tell a goon that you want to talk to a Fed about employment with the (insert TLA here.) That Fed will likely be "unspottable" but be an important link to finding other feds. Remember, "feds of a feather flock together," and you may be able to social engineer meeting more feds.
8
Social-Active		 (Obtaining a search warrant is such a pain...): Drop keywords and fed-speak and observe reactions from your potential fed. Body language, and facial expressions give away a great deal of information-- especially when unexpected topics are discussed.
9
Social-Active		 (How can you tell when a Lawyer lies?): Learn about characteristics exhibited by people as they tell lies and use these when you ask them direct yes or no questions in conversation.
10
Social-Active		 (You were on The FBI In Color? Can I have your autograph? or The Pen is mightier than the s-word?) For people who spend a lot of time on paperwork, a choice in writing device is often important. Either passive observation or S.E. to yeild display of pens/pencils can help here.
11
Language		 (Foxtrot, Uniform, Charlie, Kilo): LEO have different translations for speaking letters and numbers from military groups.
12
Language		 (Yeah. Uh-huh. Whatever. No Way Dude!): Casual ways to say yes and no are common to humans. "Affirmative" and "Negative" are not as common in speech.
13
Hint		 (Pay attention stupid!): Priest sometimes gives away clues about feds. At DC12, during leetest link, Priest said something like: "we had a well known Fed in the audience who has been spotted before." Right around the same time, a much younger blond woman was seen speaking to a 'well known Fed' sitting near the front, in an informal familiar way. She then walks back away from the front of the room where our well known Fed was sitting. Then Priest says, "There is a daughter of a well known Fed," (our fed turns his head a bit,) "who is in the audience. She is here in the building. She is blond. Anyone? Anyone?" Nobody spotted her. Sad. Pay attention, and use the clues. (She may have gone to over 3 DefCons without being spotted BTW.)
14
Clothing		 (It's the shoes!): Many who attend DefCon will wear their work shoes while at con. (Penny loafers, hush puppies, Red Wing Shoes.)
15
Clothing		 (Can You Hear Me Now?): Earpiece. Why would they wear these at DefCon? Fake Feds might do this. People who want a free shirt, but aren't Feds might do this.
16
Clothing		 (My future is so bright...): Wearing sunglasses indoors? More likely they are stoned and don't want people to see their pupils and eyes or they want a free tee shirt.
17
Clothing		 (Guns don't kill people. I do.): "Gunnysack"/shoulder-holster can be an indication when it includes a firearm.
18
Clothing		 (It's a freakin' Kangaroo!): Fanny packs, butt packs, front packs were suggested and used as an intermediate storage of firearms in later cons, but these became false positive as people who wanted free tee-shirts wore these too.
19
Clothing		 (No Shirt, No Shoes, No Service): Style vs. age. Does the person look like they have "dressed down" from their norm? Do they have old-style casual-ware that still looks really new/unused? After the vendor area opens this quickly loses value as Fed have learned to buy and wear DefCon tee Shirts.
20
Clothing		 (The Truth is Out There!): Men in Black. Right. Full black work suit. White Shirt. Black tie.
21
Clothing		 (Pro's and Cons): Are they professionals? Did they attend BlackHat? USENIX? SANS courses/presentations? Do they have swag/shirts from any expensive security "cons" ? They could be corporate, or they could be government.
22
Clothing		 (Nice Golf outfit buddy): Polo shirts and khaki pants were useful indicators before, but now corporate types have been found wearing this.
23
Grooming-Mutilation		 (I had a disagreement with a nail gun): Body Piercing
24
Grooming-Mutilation		 (Ink me baby): Tattoos:
25
Grooming-Mutilation		 (Rogaine won't change my profession): Hairstyle.
26
Grooming-Mutilation		 (I'm allergic to soap.): Feds who are not obese seem to bathe regularly and don't stink.
27
Demographics		 (Old age and treachery will outsmart youth and vigor?): Feds seem to primarily hire people with college degrees. Consider the age for someone to have at least a 4 year degree.
28
Demographics		 (Because a mind is a terrible thing to taste): Does the suspected Fed have a 4 year degree or better from a college? Military academy? (West Point, Annapolis, "Air Force Academy" (Colorado Springs).)
29
Demographics		 (Fit as a fiddle): Many TLA that have people working in the field have minimum requirements for fitness, but people can do desk work, or work in forensics and not be fit. Fitness is not a very good indicator by itself.
30
Demographics		 (Pimp 'mah' ride): Is the car they drive marked with federal stickers or decals? Does their license plate have a <G> or say "U.S. Government"? Most Feds will fly in and use a rental car.
How likely is your target a Your SCORE will be computed just below this line
Maximum Score: 187 , Minimum Score: -119 ,
Sum Score: 0 -- Fed Estimate: 0 %
Feedback: Help make this better. If you know the target's employment, select it here:
By selecting an item other than Unknown, you agree for this script to log your answers to try to make the scoring better.
Download Observations as a text file

Useful Questions

# Questions: Yes (%) No (%) Selection:
1 Are you presently an employee? +0 -60
2 Did your employer pay you to attend an intensive training program before you completed probation for full employment? (Camps and education centers like those from the CIA and FBI) +12 +0
3 Were you issued a badge as a result of working for your employer? (Some may consider a "name badge" as a badge, or even the DefCon badge, as a badge.) +5 +0
4 Did your employer issue you a form of Federal/National identification other than SSN/Citizen ID Number or passport? +20 -20
5 Is the primary goal of the organization, which pays you for your work, to make a profit? (NPO, State Agencies, Feds who are not "Feds" in this contest all work against "No" answers for this) -40 +3
6 If you attended BlackHat, did you pay for BlackHat with a check? +2 +0
7 If you did not attend BlackHat, and have a "Human" DefCon badge, did you pay with a check? +5 +0
8 Do you have legal access to government machines that the public does not have legal access? +1 +0
9 Were you issued a firearm by your employer? +3 +0
10 Do you use a firearm as part of your profession? +2 +0
11 Does your employer force you to have direct deposit? +30 +0
12 Does your employer only pay you monthly? (e.g. not weekly, or bi-weekly.) +8 +0
13 Do you have a clearance level which is described by a Single alphabetic letter? (e.g. "Q") +45 +0
14 Does your pay-scale conform to a lookup table with a key of two letters followed by an integer with a step increase? (I.E. GS1 step 1, GS1-GS15 Step 1-10) +30 +0
15 Do you have FEGLI? +35 +0
16 Do you pay into CSRS or FERS or PARA or ICMA? +35 +0
17 Are you legally permitted to carry a concealed handgun across state lines and into various cities and National Parks without requesting a concealed weapons permit at each location you visit? +60 +0
18 Does the law restrict your ability to gather evidence legally admissible in court for a possible investigation more than any other civilians? +18 -2
19 Have you memorized statement of Miranda Rights for the purpose of arrest? +12 -2
20 Are you familiar with Terry v. Ohio? (LEO vs Fed LEO) +8 -2
21 Are you familiar with the Weeks v. United States? (LEO vs Fed LEO) +8 -2
22 Do you live within an hour of Reston, Sterling, Arlington, Lakewood, Los Alamos, Langly, etc.? +2 +0
23 Can you legally carry a firearm/weapon on-board commercial domestic flights as a passenger? (Not checked-in as luggage.) +45 +0
24 Could you legally file paperwork at your hotel to avoid paying federal and/or state taxes during your stay? +30 +0
25 Is your hotel charging you a special rate that does not include certain taxes? +7 +0
26 Is the cost of your hotel based on a rate negotiated by the U.S. Government? +10 -2
27 Is the title of the person in the highest position at your agency/organization Director? +4 +0
28 If your answer to the previous question was "Yes" for "Director", does this director report to elected officials to report on your employer's spending and budget other than taxes? +5 -2
29 If your answer to the previous question was "Yes" for "Director", were they nominated and/or appointed by people who were elected in national elections? +5 -2
30 Reviewing the chain of command and working up through the ranks of your boss's boss repeated until you arrive at the highest-level human boss, is that boss the leader of a country? +10 +0
31 Did passage of the Patriot Act make more things legally possible (and easier) at your workplace? +8 +0
32 Have you testified for the prosecution in a criminal case as part of your job requirement(s) in a Federal Court? +8 +0
33 Do you have legally authorized access to material classified by our government such as confidential, secret, and top secret as part of your job? +8 +0
34 Does your employer require a polygraph (lie detector) every 1 to 18 months?? +10 +0
35 Does your employer require a polygraph (lie detector) every 18 to 60 months? +8 -1
36 Did your employer require a drug test before employment? +1 +0
37 Has your employer ever conducted random drug test after employment? +2 +0
38 Are you only self employed? -15 +0
39 Does your employer have a detailed background check for would-be employees? +5 -2
40 Are you legally authorized to crack some hippie skulls? -5 +0
41 Does part of your job require you to listen to conversations for which there were 'expectations to privacy' ? +5 +0
42 Does (or has) part of your job include(ed) assist(ing) or work(ing) to overthrow foreign governments? +45 +0
43 Does (or has) part of your job include(ed) assist(ing) or work(ing) to subvert foreign governments? +30 +0
44 Does (or has) part of your job include(ed) assist(ing) or work(ing) to destabilize foreign economies? +15 +0
45 Do you make maps at your job that are to be used by employees of the federal government? +3 +0
46 Does part of your job require careful examination of very high resolution satellite photos? +7 +0
47 Is a TLD of your agency's or organization's domain name, ".gov"? +30 -7
How likely is your target a Your SCORE will be computed just below this line
There are 47 unanswered questions above.
Maximum Score: 645 , Minimum Score: -164 ,
Computed Score: 0 -- Fed Estimate: 0 %
Feedback: Help make this better. If you know the target's employment, select it here:
By selecting an item other than Unknown, you agree for this script to log your answers to try to make the scoring better.
Download Questions as a text file

Funny Questions

  1. Do you have powers of arrest? (What is citizen's arrest?)
  2. Have you killed people? (Um. Right.)
  3. Do you work in a room with 4 walls? (Huh?)
  4. Do you have a gun/firearm/weapons?
  5. Do you have/use handcuffs?
  6. Did you have/use handcuffs last night?
  7. Do you have authorization to access government systems? (Um. Consider TLD .gov and ask again.)

Dangerous Things

There are things you should probably not do when looking for feds. Some feds are trained to kill. Some are trained to push paper, and alter information about other people. Just because a fed/hacker is your opponent in this game does not make them your enemy in the game.

When you choose an action consider these common sense bullets:

More common sense:

  1. If you think they have a concealed weapon or handgun/firearm, do not touch the weapon, or make a motion towards it; remember, "feds of a feather flock together."
  2. Just because a fed may be carrying a weapon does not mean you should carry a weapon too. Leave weapons in safe places. Bring firearms to the DC Shoot.
  3. Do not use force with your potential fed/hacker; this is a game, not rubber hose crypt-analysis.
  4. Don't break federal laws in front of feds to entice them to admit to being feds.
  5. Yell, "GUN!" and watch the responses. (This is a bad idea for obvious reasons-- no matter how effective it may be at spotting feds.)

Sources

  1. DefCon Forums Thread: "Spot the Fed "
    • AlxRogan (DefCon Forums)
    • astcell (DefCon Forums)
    • Bascule (DefCon Forums)
    • che (DefCon Forums)
    • drdank (DefCon Forums)
    • erehwon (DefCon Forums)
    • JoeSchmuch (DefCon Forums)
    • Kallahar (DefCon Forums)
    • kree (DefCon Forums)
    • lil_freak (DefCon Forums)
    • not5150 (DefCon Forums)
    • Pyr0 (DefCon Forums)
    • Second (DefCon Forums)
    • Shalome (DefCon Forums)
    • Tacitus (DefCon Forums)
    • TheCotMan (DefCon Forums)
    • TwinVega (DefCon Forums)
    • BlackOrch (DefCon Forums, in sub-channel)
  2. CDC Announcement on DefCon 4
  3. About DefCon and other things
  4. Article on CIA/FBI from The Washington Post

Related links:

Valid HTML 4.01!