Go to Advanced Search


Computerworld Home











Click here to find out more!

Knowledge Centers

Security
Storage
Mobile & Wireless
Hardware
Business Intelligence
Networking
Software

Jump to any
Knowledge Center


Partner Zones

Collaboration
Convergence
CRM OnDemand
Features

Latest Headlines
This Week's Issue
Shark Tank
Research
Webcasts
White Papers
Software Downloads
Buyer's Guides
E-mail Newsletters
News Feeds
Home > Browse Topics > Security > Hacking


FEAR & HACKING in Las Vegas
A respectable IS consultant ventures into the desert for some DEF CON depravity. Toto, I don't think we're in Minneapolis anymore.




Related to this topic

Indiana man charged with hacking into former employer's systems
Trouble In Transit
Sidebar: Help on the Horizon
Hunt for XP SP2 flaws seen in full swing
Feds seek a few good hackers
New phishing scam: Spoofed campaign site


Click here to find out more!

Other resources

Enterprise Security Center: - Exclusive collection of information for securing your business


News Story by Michael Schrenk

AUGUST 04, 1997 -

How do you distinguish DEF CON from Comdex or Share or any other information

technology gathering? DEF CON is the one to which attendees are merrily

encouraged to bring firearms.

About a dozen did just that. One day they went deep into the desert to

shoot large-caliber rounds at full cans of Mountain Dew and a paper likeness of

Bill Gates. Nobody thought to bring clay pigeons, so for skeet shooting, they

made do with America Online CDs.

I'm an Internet consultant from Minneapolis. I like to think I'm an

upstanding member of the mainstream information systems community. So I was

nervous about attending DEF CON V, held last month at the Aladdin Hotel and

Casino in Las Vegas [CW, July 21].

But I was also drawn by the opportunity to learn network security

techniques from the very hackers who break in to computer systems. DEF CON's

organizer, known as Dark Tangent, touted the fifth annual event as (among other

things) the conference for computer hackers, password crackers, virus coders

and phone phreaks.

I was uncomfortable because computer hacking and wire fraud aren't

generally discussed by us polite corporate IS types, and we normally don't come

in contact with those who participate in such activities. At least, that's what

I thought before the conference. Now I'm convinced we have contact with hackers

all the time. We just don't notice them - and that's the way they like it.

But there are times when hackers go out of their way to get noticed.

One day during DEF CON, a group traveled three hours north of Las Vegas to a

government facility known as Area 51. This is the place - very much in the news

lately - where it's long been rumored that the government is conducting

research with technology recovered from a crashed alien spacecraft.

When the hackers reached the security fence surrounding the compound, th

ey lofted aluminum foil attached to helium balloons and watched the devices

float within the scan of Area 51's radar. Minutes later they were asked to

kindly leave the premises.

And the duck sang 'Blue Suede Shoes'

You expect vendors at any computer conference. At DEF CON V, entrepreneurs

peddled logo parody T-shirts, books on hacker culture and piles of used

telephone and computer hardware.

Even here, though, there was a hack. I felt sorry for the T-shirt

salesman who lost much of his inventory when the sign that originally said "$20

each" was replaced by one that read "Free, take one."

And there was a vendor-sponsored scavenger hunt. Items on the list

included the following:

A security camera (60 points)

A foreign Web page "redecorated" by the hunter (15 points)

A live duck (20 points)

The hacker with the most points got to grab items from a box filled

with used computer and telephone components.

And yes, somebody found a duck.

Did you say root beer jugs?

One guy showed up with a handmade rail gun. A rail gun moves a lot of

electrical energy down a conductive track. Along the way, it can fire a

projectile at speeds approaching 10,000 meters per second. It discharges so

much power, the designer used graphite disks as projectiles. Anything metal,

you see, would have been welded to the gun.

The graphite projectiles were expensive, but the gun was otherwise

built from hardware store items and scrap. The major design problem - the need

for a large amount of power - was solved with banks of "Tesla-style"

high-voltage capacitors made from root beer jugs, salt water, bolts, wire and

tin foil.

"I'm doing this to prove that you don't have to be trained in something to

do something. Most of the people in this room know that, but the public at

large doesn't," the designer said.

That simple truth justified my attendance at DEF CON. I won't be able

to convince myself any longer that I lack the training to make a system secure.

There should be ways to a secure system, even if the path requires an

untraditional route.

Holy Cow, a Las Vegas microbrewery, originally agreed to give a free

beer to anybody with a DEF CON badge. The offer was published on DEF CON's Web

page (www.defcon.org), and coupons were printed.

But shortly before the convention, Holy Cow changed management. The new

boss refused to honor the free beer commitment.

When the bad news was announced, conference attendees jeered. But the mood

changed to anticipation, then wild laughter as the announcer said, "So I

visited their Web page ..." At this point the crowd started chanting, "What's

their URL? What's their URL?"

The lack of free beer didn't stem the flow of alcohol. Drinking games

thrived.

In one - "the TCP/IP game" - the goal was to determine how much beer a

panel of experts could consume before they became incapable of answering

questions on topics such as firewall filtering or bit-level Internet protocols.

Another favorite game was Hacker Jeopardy. Categories included We Still

Hate Cyber Movies, Some (Inter)net Security and Aliens Among Us.

And then there was the "Spot the Fed" contest. It's a fact of DEF CON life

that federal law enforcement agents attend the conference. Squares like me, the

feds hope to learn the latest tricks of the trade. But unlike me, they keep a

close eye on who's who at DEF CON - groups, trends and leaders are all

monitored.

I was amazed as three consecutive federal agents were spotted and

marched sheepishly (but good-naturedly) to the podium. In each case, the agent

was correctly identified solely through the social engineering skills of a

hacker. Winners received T-shirts and a round of applause.

I can't recall ever seeing an industry show with as much audience

participation as DEF CON. A simple question such as, "How many of you hackers

program with the keyboard in your lap?" filled the conference room with cheers

and whistles. Pleased by the results of his informal demographic study, Doug

Hacker (yes, that's his real name) proceeded to toss handfuls of his invention,

the Lap Clip, to the audience.

Throwing was the method of choice for distributing prizes - and there

were countless prizes. People would stand on their chairs and dive for

copies of books, such as E-mail Addresses of the Rich and Famous or obsolete

computer boards. It wasn't uncommon to see CD-ROMs or unprogrammed cellular

phones bounce 50 or 100 feet into the audience.

The main door prize was - what else? - a door. It came from a GTE Corp.

service truck. It was not thrown into the audience.



Subscribe to the Computerworld Daily e-mail newsletter:
E-mail ZIP Code

Hacking Section
Hacking News  |   Mobile Channel  |   E-mail newsletters
  > Hacking XML Feed    > XML Feed FAQ

Also in the Security Knowledge Center

News  |  Discussions  |  Buyers' Guides  |  Resource Links  |  White Papers  |  Mobile Channel  |  E-mail newsletters
  > Security XML Feed    > XML Feed FAQ






Additional Content
Hacking White Papers

Computerworld White Papers

Read up on the latest ideas and technologies from companies that sell hardware, software and services.

>FDC White Paper: “Flexible Database Clusters with IBM eServer
>Protecting Your Business From the Outside In
>Visible Ops Handbook: Starting ITIL in 4 Practical Steps
>Realizing the Mobile Enterprise with 2.5G Wireless Solutions
>DELIVER EMPLOYEE SELF-SERVICE PORTALS

>View Hacking whitepapers
Computerworld Zones

Collaboration Zone Oracle Collaboration Suite offers customers a suite of enterprise-class messaging and collaboration applications that enables organizations to increase user productivity and service levels while reducing total cost of ownership. Please take a look at this exclusive content from the Oracle Collaboration Zone.

White Paper: Spend Less, Collaborate More
Case Study: EPL, Inc. Builds Software Products Seven Times Faster
Video: Customers Benefiting from Oracle Collaboration Suite

View the Oracle Collaboration Zone
Computerworld Briefings

Get this research report... Security: The Security Imperative
Our new report, "The Security Imperative," offers dozens of tips and strategies for protecting your business from internal and external threats. IT managers tell you how to (safely) outsource security functions, implement identity management, plug instant-messaging gaps and even get a bigger security budget from the CFO! Plus, you'll get tactics for securing telecommuters, who could be your company's weakest security link! Get this $195 value free for a limited time, compliments of Citrix.

Download this report free.
Purchase this report.





Sponsored Links

GET THE MESSAGE.   Excerpt from a new email security book.

Mobilize Your Enterprise For Success   New Webcast

Free Guide   How to web-enable BPM apps in just weeks, not months

Forrester Webcast   Addressing Web App Delivery Challenges

HP workstations at PC prices   Xtreme machines for Xtreme users. Click here or Call 1-888-367-2402

Answers to real IT questions.   Remedy. Ask a question today.

Remedy. More than just Help Desk, Asset Management, Change Management, and SLA.   Remedy. More. Get More from a Free Whitepaper.

Improve IT Efficiency.   Windows Server System makes it possible.

The IP migration   A wake-up call

Got ITIL?   Tripwire can help you implement ITIL best practices.

Trend Micro   The Fight Against Viruse Isn’t the Only Thing We’re Winning.

Securing Your Website for Business   Looking for mission-critical server security?

Click for cost-effective   Intel® enterprise solutions

Looking for service desk software   that can save you money?

EnvoyWorldWide White Paper:   'Shattering the Myths of Automated Notifications'

Enterprise Grid Alliance   Helping make grid computing work for you

Scalable. Affordable. Reliable.   IBM eServer xSeries systems with Intel® XEON™ processors.

Dell has everything you need   to Build a Scalable Enterprise Now.

Click here to share your thoughts on I.T.   Chance to win a $50 cash

HP workstations:   the power to propel innovation.

HP Workstation Solutions for Financial Experts.   Learn more.

Stop Worms!   Learn how view demo—NOW! Proactive endpoint security from Zone Labs.

HP digital projectors.   Superior digital imaging technology. Buy now.

Enterprise Security Center:   Exclusive collection of information for securing your business.

Retailers see opportunity in new technology investments   Tune in to this new webcast to hear what’s in store for 2004




   
 

Copyright © 2004 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.