Special to The Dallas Morning News: Lori Cain Daniel Gilkerson of Dallas plays Capture the Flag, in which teams of hackers worked around the clock to take over an in-house computer network.

LAS VEGAS — Inside a jam-packed Defcon 8.0 conference room last week, Sir Dystic of the Cult of the Dead Cow, an elite cadre of the world's best computer system hackers, had just launched into a tirade against defacing Web pages when someone defaced him.

A teen armed with cans of Silly String spray leaped toward the stage, quickly covered cult members in white goo, then vanished.

Hoots and applause mixed with boos and hisses from the record crowd of 5,000 hackers of various sorts and security professionals assembled for the world's largest convention of its kind.

Sir Dystic wiped the latex from his graying beard and ponytail, and continued: "We all have the potential to perform miracles with software and hardware. Someone's going to design software that lets blind people see, helps people walk again. That is something more wonderful than fragging someone's hard drive or screwing up their Web page." Lectures and moralistic posturing don't always sit well with anarchists —and there were plenty of them among the black-clad, hard-core Hack Pack. Increasingly, Defcon and other "cons" devoted to the intricacies of manipulating computer networks are becoming scenes of clashing ideologies.

At Defcon 8.0, for example, federal agents took the stage to plead for an end to attacks on Web sites such as those launched recently against the Department of Defense. "Some of you are extremely talented, gifted even at what you do," said Arthur Money, assistant secretary of defense and chief information officer at the Defense Department. "You should think about coming to work for us." Meanwhile, revered insider groups such as Dead Cow have attempted to redirect energies that have brought hacking a bad name. They ridicule unsophisticated "crackers," those who maliciously break into computer networks to wreak havoc. And they vilify "script kiddies," who paste together code to deluge e-commerce Web sites and shut out customers.

Instead, the elder statesmen of hacking — many of whom have recently taken well-paying jobs in corporate computer security — urged the Defcon faithful to embrace "hackti-vism." Attacking child pornography sites in cooperation with public interest groups such as the AntiChild Pornography Organization is a much more constructive use of hacking talent, they argue. "Last year I said I was going to watch all the ... pointless, misspelled stuff on other people's Web pages before passing judgment," Dead Cow member Tweety Fish told Defcon 8.0. "Well, I've been following this for the last year and, like, you can stop now." Unfortunately, Tweety Fish said later, hacktivism is a concept that has yet to catch fire.

The scene

Signs of growing pains — both intellectual and physical — were impossible to avoid at Defcon 8.0. Until last year, the con had been housed in some of the swankier Las Vegas hotels-casinos. Problems with underage drinking and gambling, disrupted weddings, electronic mischief with hotel telephones and elevator systems, and miscellaneous vandalism forced a move to the family-oriented Alexis Park Hotel.

Although Alexis Park management is apparently content with Defcon's huge bar tabs and parade of bizarre characters, this year's event overflowed most of its facilities. Massive human traffic jams developed inside its limited exhibit hall and conference center. Last year, the event attracted about 3,500 registrants. This year, the numbers swelled to more than 5,000, said organizer Jeff Moss, a.k.a. The Dark Tangent.

Defcon 8.0 took over most of the hotel rooms this year, limiting conflicts with other registered guests. Still, some American Airlines pilots and other unprepared guests were shocked by what they encountered.

Participants, once a closed club of the most knowledgeable hackers, have become harder to pigeon-hole. Corporations, many of which have been the victims of cracker exploits, are sending more technicians to Defcon. Government operatives mix and mingle with spike-studded, green- and purple-haired teens attending workshops. And Internet security recruiters troll for talented prospects within the teeming horde.

The crowd has changed to the point that it has become difficult to run the annual "Spot the Fed" contest, which awards prized T-shirts to those correctly culling a government agent from the throng. Members of the news media, security analysts and other professionals who paid their $50 to attend made the targets hard to find.

The idea for Defcon is to get people talking about the security problems they face together but attack from different points of view, said Mr. Moss. In the process, he said, he hopes myths about hacking can be dispelled.

Mr. Moss' mission is not an easy one. For one thing, it's virtually impossible to figure out who's who.

Convention badges identify attendees only as "Human" and "Goon" because many of the participants are involved in blatant or borderline illegalities.

Goons are members of the ever-present Defcon security posse that attempts to keep order. Goons constantly warned the media against shooting frontal pictures of anyone without permission. Friction between the factions sometimes erupted into minor shoving matches and verbal assaults. "Paranoia goes hand-in-hand with what we do," said the Goon known as Priest. "Please respect people's privacy."

Hotel rewired, overrun

By the time Defcon kicked off Fri-day, organizers had effectively rewired the hotel. Cat 5 Ethernet cable ran everywhere.

The latest wireless mobile technology allowed instant connections to the Defcon network with laptops.

A pirate radio station broadcast all events on the Internet. Another video feed took over a hotel cable channel. Staples of Defcon remained, despite the churn in participant profiles. One room was devoted to an electronic contest of Capture the Flag, in which teams of hackers worked around the clock to take over an in-house computer network. On Saturday morning, the rather scary Defcon Shoot was staged for those who brought weapons for target practice. At 11 each night, it was Hacker Jeopardy time. Hosted by venerated CyberShock (Thunder's Mouth Press, $24.95) author Win Schwartau, teams with names such as the Media Whores and Haxor Your Mother answered computer history and social trivia questions.

Online exotic model Vinyl Vana (screen name Bad Kitty), one of the few females in evidence, served as hostess. Those who missed questions were forced to drink large quantities of beer or remove pieces of clothing designated by Ms. Vana.

Caffeine is a staple of the hacker diet, so promoters put together the first annual Coffee War competition for those who brought their favorite java blends.

Special to The Dallas Morning News: Lori Cain The crowd has changed to the point that it has become difficult to run the annual "Spot the Fed" contest, which awards prized T-shirts to those correctly culling a government agent from the throng.

Elsewhere, CDs with favorite hacking programs or the latest in Linux were burned and exchanged. There were at least two marriages. Throughout the event, the endless electronic pulsing of techno-rock emanated from a fog- and smoke-filled ballroom.

Conference room discussions ranged from the esoteric (a group called Iron Feather presented a 90-minute video showing Commodore 64 cracker screens from the 1980s) to the practical (famed hacker defense attorney Jennifer Granick of San Francisco detailed how laws are being used to track down and punish malicious hacking).

Several years ago, Defcon spun off the $1,000-per-person preconvention Black Hat Seminars designed to help corporate and government workers understand hacker tools and philosophies. "Kids can't afford that," says Def-con veteran Ryan Russell, author of Hack Proofing Your Network (Syn-gress, $49.95). "In many ways, Black Hat has turned into what Defcon used to be. Lots of people say this is now more of a social event at this point." A 19-year-old hacker known as Snark agreed. "I don't even go to most of those conference things anymore," he says. "See that guy over there? I hacked into everything he owns last year. I destroyed his server. Never met him.

Now we're friends. We got drunk together last night and laughed about it all. "That's what it's all about for me."

Serious business

If one panel embodied the changing rules facing those challenging security on the Internet, it was "Meet the Fed." During it, the Defense Department's Mr. Money and others regaled the Def-con crowd with problems that malicious hacking has created for the government, offered alternatives to cracking and warned of legislation and weapons on the way.

The Defense Department, Mr. Money said, was pleased that hackers evidently helped minimize Y2K problems during a critical period for computers in the United States.

Still, more than 22,000 computer-based attacks were leveled last year against Defense Department computers at a cost to taxpayers of about $1.5 million per event, he said. "You've got our attention," Mr. Money said. "But let us concentrate on the threats from outside rather than waste our time on those coming from inside." Soon, Mr. Money warned, federal legislation will shift jurisdiction for malicious hacking of governmental computers into a new realm. Rather than a local law enforcement issue, government workers will be empowered to consider computer attacks issues of national defense. "I would rather have my attention focused on what rogue states are doing to us than being harassed seven times a day figuring out what the hell some guy is doing to us," Mr. Money said. Rather than post computer vulnerabilities on the Internet, hackers should work with government agencies to repair problems before they are exploited, Mr. Money urged.

Those who crack government systems may soon find themselves under reverse attacks, Mr. Money said. "Attack-back" tools are being developed that will give federal agencies the ability to target malicious hackers with the same kinds of electronic weapons used in the tactics against major e-commerce sites earlier this year, he said. "To me, it's not any different than a physical attack on Pearl Harbor," Mr. Money said. "Think through the consequences of what you're doing." Arcane wire-tapping laws are soon going to be replaced with speedier ways to track down crackers, the federal representatives told Defcon. "There's no one here with a level of sophistication that can't be matched by the government," said Dick Schafer, director of information assurance for the Defense Department. "No one here has a set of toys as neat as what I've got." Such blunt talk did not deter the release of new exploit code during Def-con 8.0. The Cult of the Dead Cow, in fact, announced it had successfully infiltrated the protocol used by many Windows machines to share files. To cult members such as Tweety Fish, the government's pleas ignore the security implications for noncorporate users. The heart of the conflict, he said, rests on a single question: How can home users learn that their systems are vulnerable to attack if hackers can't demonstrate what they've learned? "I think the pendulum has swung really far out in some cases [where vulnerabilities have been released on the Internet]," he said. "And I think as more and more hackers are getting their milk money from governments and corporations, there's less of a wall between us all. "Still, there's just no better way."

Contact Doug Bedell by writing him at dbedell@dallasnews.com

Send editor an e-mail | Feedback

FRONT PAGE | DFW | TEXAS & SOUTHWEST | NATIONAL | WORLD | SPORTSDAY | BUSINESS
WEATHER | OPINION | GUIDELIVE | LIFESTYLES | TRAVEL

©Copyright 2000 The Dallas Morning News
All Rights reserved.