FEAR & HACKING in Las Vegas
A respectable IS consultant ventures into the desert for some DEF CON depravity. Toto, I don't think we're in Minneapolis anymore.
News Story by Michael Schrenk
AUGUST 04, 1997 -
How do you distinguish DEF CON from Comdex or Share or any other information
technology gathering? DEF CON is the one to which attendees are merrily
encouraged to bring firearms.
About a dozen did just that. One day they went deep into the desert to
shoot large-caliber rounds at full cans of Mountain Dew and a paper likeness of
Bill Gates. Nobody thought to bring clay pigeons, so for skeet shooting, they
made do with America Online CDs.
I'm an Internet consultant from Minneapolis. I like to think I'm an
upstanding member of the mainstream information systems community. So I was
nervous about attending DEF CON V, held last month at the Aladdin Hotel and
Casino in Las Vegas [CW, July 21].
But I was also drawn by the opportunity to learn network security
techniques from the very hackers who break in to computer systems. DEF CON's
organizer, known as Dark Tangent, touted the fifth annual event as (among other
things) the conference for computer hackers, password crackers, virus coders
and phone phreaks.
I was uncomfortable because computer hacking and wire fraud aren't
generally discussed by us polite corporate IS types, and we normally don't come
in contact with those who participate in such activities. At least, that's what
I thought before the conference. Now I'm convinced we have contact with hackers
all the time. We just don't notice them - and that's the way they like it.
But there are times when hackers go out of their way to get noticed.
One day during DEF CON, a group traveled three hours north of Las Vegas to a
government facility known as Area 51. This is the place - very much in the news
lately - where it's long been rumored that the government is conducting
research with technology recovered from a crashed alien spacecraft.
When the hackers reached the security fence surrounding the compound, th
ey lofted aluminum foil attached to helium balloons and watched the devices
float within the scan of Area 51's radar. Minutes later they were asked to
kindly leave the premises.
And the duck sang 'Blue Suede Shoes'
You expect vendors at any computer conference. At DEF CON V, entrepreneurs
peddled logo parody T-shirts, books on hacker culture and piles of used
telephone and computer hardware.
Even here, though, there was a hack. I felt sorry for the T-shirt
salesman who lost much of his inventory when the sign that originally said "$20
each" was replaced by one that read "Free, take one."
And there was a vendor-sponsored scavenger hunt. Items on the list
included the following:
A security camera (60 points)
A foreign Web page "redecorated" by the hunter (15 points)
A live duck (20 points)
The hacker with the most points got to grab items from a box filled
with used computer and telephone components.
And yes, somebody found a duck.
Did you say root beer jugs?
One guy showed up with a handmade rail gun. A rail gun moves a lot of
electrical energy down a conductive track. Along the way, it can fire a
projectile at speeds approaching 10,000 meters per second. It discharges so
much power, the designer used graphite disks as projectiles. Anything metal,
you see, would have been welded to the gun.
The graphite projectiles were expensive, but the gun was otherwise
built from hardware store items and scrap. The major design problem - the need
for a large amount of power - was solved with banks of "Tesla-style"
high-voltage capacitors made from root beer jugs, salt water, bolts, wire and
"I'm doing this to prove that you don't have to be trained in something to
do something. Most of the people in this room know that, but the public at
large doesn't," the designer said.
That simple truth justified my attendance at DEF CON. I won't be able
to convince myself any longer that I lack the training to make a system secure.
There should be ways to a secure system, even if the path requires an
Holy Cow, a Las Vegas microbrewery, originally agreed to give a free
beer to anybody with a DEF CON badge. The offer was published on DEF CON's Web
page (www.defcon.org), and coupons were printed.
But shortly before the convention, Holy Cow changed management. The new
boss refused to honor the free beer commitment.
When the bad news was announced, conference attendees jeered. But the mood
changed to anticipation, then wild laughter as the announcer said, "So I
visited their Web page ..." At this point the crowd started chanting, "What's
their URL? What's their URL?"
The lack of free beer didn't stem the flow of alcohol. Drinking games
In one - "the TCP/IP game" - the goal was to determine how much beer a
panel of experts could consume before they became incapable of answering
questions on topics such as firewall filtering or bit-level Internet protocols.
Another favorite game was Hacker Jeopardy. Categories included We Still
Hate Cyber Movies, Some (Inter)net Security and Aliens Among Us.
And then there was the "Spot the Fed" contest. It's a fact of DEF CON life
that federal law enforcement agents attend the conference. Squares like me, the
feds hope to learn the latest tricks of the trade. But unlike me, they keep a
close eye on who's who at DEF CON - groups, trends and leaders are all
I was amazed as three consecutive federal agents were spotted and
marched sheepishly (but good-naturedly) to the podium. In each case, the agent
was correctly identified solely through the social engineering skills of a
hacker. Winners received T-shirts and a round of applause.
I can't recall ever seeing an industry show with as much audience
participation as DEF CON. A simple question such as, "How many of you hackers
program with the keyboard in your lap?" filled the conference room with cheers
and whistles. Pleased by the results of his informal demographic study, Doug
Hacker (yes, that's his real name) proceeded to toss handfuls of his invention,
the Lap Clip, to the audience.
Throwing was the method of choice for distributing prizes - and there
were countless prizes. People would stand on their chairs and dive for
copies of books, such as E-mail Addresses of the Rich and Famous or obsolete
computer boards. It wasn't uncommon to see CD-ROMs or unprogrammed cellular
phones bounce 50 or 100 feet into the audience.
The main door prize was - what else? - a door. It came from a GTE Corp.
service truck. It was not thrown into the audience.
GET THE MESSAGE. Excerpt from a new email security book.
Mobilize Your Enterprise For Success New Webcast
Free Guide How to web-enable BPM apps in just weeks, not months
Forrester Webcast Addressing Web App Delivery Challenges
HP workstations at PC prices Xtreme machines for Xtreme users. Click here or Call 1-888-367-2402
Answers to real IT questions. Remedy. Ask a question today.
Remedy. More than just Help Desk, Asset Management, Change Management, and SLA. Remedy. More. Get More from a Free Whitepaper.
Improve IT Efficiency. Windows Server System makes it possible.
The IP migration A wake-up call
Got ITIL? Tripwire can help you implement ITIL best practices.
Trend Micro The Fight Against Viruse Isn’t the Only Thing We’re Winning.
Securing Your Website for Business Looking for mission-critical server security?
Click for cost-effective Intel® enterprise solutions
Looking for service desk software that can save you money?
EnvoyWorldWide White Paper: 'Shattering the Myths of Automated Notifications'
Enterprise Grid Alliance Helping make grid computing work for you
Scalable. Affordable. Reliable. IBM eServer xSeries systems with Intel® XEON™ processors.
Dell has everything you need to Build a Scalable Enterprise Now.
Click here to share your thoughts on I.T. Chance to win a $50 cash
HP workstations: the power to propel innovation.
HP Workstation Solutions for Financial Experts. Learn more.
Stop Worms! Learn how view demo—NOW! Proactive endpoint security from Zone Labs.
HP digital projectors. Superior digital imaging technology. Buy now.
Enterprise Security Center: Exclusive collection of information for securing your business.
Retailers see opportunity in new technology investments Tune in to this new webcast to hear what’s in store for 2004
Copyright © 2004 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.