(Editor's note: ZDNet News reporter Rob Lemos holed up in Las Vegas
for three days of fun and games at DEF CON, the mother of all hacker
and computer security conventions. Considering how in its six years of
existence, DEF CON has never been invited back to any of the hosting
hotels, this promised to be a reporter's paradise. And so it was.)
If information is a virus, DEF CON 6 attendees were a crowd looking to get infected.
From breaking smart card codes to taking over
Windows 9x machines, from knowing your rights when face-to-face with
law enforcement to picking mechanical locks, DEF CON 6 offered
something to everyone.
And very few of the attendees matched the renegade stereotype inspired
by notorious tales of hacking carried out by the likes of Kevin
Mitnick, Robert Morris and others. This crowd varied from "legitimate"
hackers in the know to kids looking for pointers to security
professionals and government officials watching from the sidelines.
Despite a crowd close to 2,000, the conference was fairly tame this
year -- the hotel is even considering asking them back, according to
the manager of Jackie Gaughan's Plaza Hotel. "There were a few pranks,
but nothing malicious," he said. At one point, a few attendees found
the hotel security radio frequency and were harassing the guards over
the air. "It wasn't a bad group," said the manager on Monday.
Last year, the activities leaned more towards vandalism, when several
kids from the conference stole one of the hotel satellite dishes from
the roof of the Aladdin. Two other hackers, who became embroiled a
fistfight arising out of a professional disagreement, got booted from
the event. Needless to say, that hotel didn't invite DEF CON back.
If the Plaza decides to again roll out the welcome wagon, it will mark
a signal event in the history of DEF CON. For the last six years, the
conference has worn out its welcome and has had to change venues.
Many of the actual hackers were clustered around local area network
connections attempting to break into six servers that the DEF CON über
hackers had set up for that purpose. This "capture the flag" contest
would go to the team that took control of the largest number of
servers. None of them knew which servers had which operating systems
beforehand. Other groups traded information, access and techniques away
from the main conference room and the clusters of media and government
workers. While speakers occasionally stabbed at the media, the hackers
recognised their love-hate relationship with publicity. "We hope they
can get it right this time," said one member of the Cult of the Dead
Cow, a media-oriented hacker group that released a program that has the
potential to control remote Windows 9x computers.
On the other hand, digs at the government were the rule. The best way
to win instant recognition was to "Spot the Fed" -- an annual game in
which contestants attempted to find federal officials who came to DEF
CON to observe. When found, the agents were brought up on stage and
asked to prove they are not federal agents. Employees from the
low-profile National Security Agency, the Federal Bureau of
Investigation and the Department of Defence all suffered from jeers
after being unmasked.
The usually packed conference room was also overflowing with
government-wary paranoia. Ian Goldberg, a graduate student at
University of California at Berkeley who analysed the shortcomings of
the encryption on GSM cell phones, found that one company's system used
54 bits rather than the full 64 bits that it could have used. This
significantly weakened the security of the cell phone system. His
loaded question: "Someone had an interest in undermining the crypto --
I wonder who that was?" Another speaker, Michael Peros, a Florida-based
electronics counter-surveillance consultant, told attendees of a case
of illegal wiretapping by police and state officials involving more
than 65,000 individual incidents of wiretapping. His warning: "You had
a situation where the government had no accountability for their
actions." After intense interest from the attending hackers, Peros
plans to post the evidence shown during his presentation on his
company's Web site.
The ZDNet UK IT Priorities Conference, 28th September 2004
Based on the insight gained through our proprietary IT Priorities
research, this event is focused on the seven most important investment
areas as identified by your peers: e-business, mobile and wireless
security, software licensing, Voice over IP, hacking, Linux on the
desktop and 3G.
Register today to secure the Early Bird Rate (offer expires after 31st August)