[ISN] Hacking the planet

InfoSec News isn at c4i.org
Thu Aug 5 06:10:33 EDT 2004


By Joshua Ellis and Patty Walsh
August 04, 2004

There's a scene in the retarded hacker flick Swordfish in which slick
mastermind John Travolta gives grungy super-hacker Hugh Jackman a
challenge: hack into the National Security Agency in a minute or less,
while some hot club whore blows him under the table.
This has probably never happened to any hacker in history -- but if it
did, it would probably have happened at DefCon. What began 12 years
ago as a Vegas get-together for a small group of geographically
disconnected online friends has become a gigantic free-for-all in
which thousands of hardcore hackers, wardrivers, security consultants,
federal agents, wannabes and groupies do their level best to outthink,
outdrink and outparty one another.

In the truest sense, hacking is not an act; rather, it is a viewpoint,
a set of tools for thinking about how to interact with systems. The
late Judith Milhon, one of the first female hackers ever, defined
hacking as "the clever circumvention of imposed limits." The early
hackers at MIT and Stanford had limited access to the huge, expensive
mainframes on which they worked, and so they devised clever and exotic
ways both to gain more time and make their programming time more

One classic story details a computer manager who began locking the
door to the computer room to keep the scruffy hippies out at night.  
When he returned in the morning, he found the entire door to his
office had been removed, along with an apologetic note explaining that
it had gotten in the way of someone's work.

Of course, things have changed over the decades. These days, your
average hacker is just as likely to be a 17-year-old junior punk or
goth with an anarchy T-shirt and a sticker of Tux the Penguin (the
mascot for the free operating system Linux) on his or her laptop. And
while DefCon may have begun as an invite-only affair for the old guard
of the computer security elite, these days you're more likely to see
the punk kid sitting poolside, making out with a goth chick wearing
nothing but strategically placed duct tape, drunk on vodka and Red
Bull and the simple gleeful awareness that comes from being surrounded
by 5,000 people who are just like you.

This is what DefCon has come to represent for the hacking community: a
combination of trade show and Burning Man, debauchery and
deconstruction in one sleepless package.

There are three swimming pools at the Alexis Park Resort Hotel. Pool
one -- the pool closest to the entrance and the convention area --
belonged to the Goons, the security/logistics crew at DefCon.  
Generally chosen for their size or physique, they can be intimidating
bastards if you don't know what you are doing or where you are going.

Pool two was the social hot spot of DefCon, where the notorious and
the newbies partied together. It was also the site of QueerCon, the
Friday night party hosted by members of the Seattle 2600 group for gay
members of the scene.

Pool three, at the back end of the hotel, was generally more sedate,
despite the occasional presence of massive sound systems and drum 'n'
bass and industrial DJs.

After-hours socialization at DefCon has always consisted of an endless
pilgrimage -- back and forth between the pools and the parties held in
private rooms and the never-ending Capture the Flag event, where
hundreds of sleep-deprived geeks huddled in a massive convention hall
for 36 hours to protect and defend one another's networks. The scores
were posted on a giant projection screen at one end of the hall --
which would occasionally switch over briefly to random footage of a
pimped-out Ken doll beating up Barbie Ike Turner-style, or the trailer
for A Clockwork Orange, or old GI Joe cartoons overdubbed with
pedophilic dialogue.

In the dark, the attendees look like the ghosts of long-dead cowboys
in black leather and quiet medieval monks, flitting between the palm
trees and stucco buildings, chatting away about buffer overflow
violations, SSH tunneling, and, always, getting laid.

Sometime during Friday night or Saturday morning, Southern Californian
geeks Brandon and Dan had gotten naked with a couple of the party
girls that are part and parcel of the DefCon experience. When they'd
awoken, the girls had vanished -- along with their clothes. They spent
the next day and night clad in nothing but beach towels with vinyl
backpack straps serving as belts, trying to hunt down the skanks who'd
made off with their clothes.

Their clothes were nowhere in sight at DefCon veteran Bus Driver's
party, but neither were the clothes of the local strippers he'd hired
to entertain a suite full of sweating, drunken nerds. Surprisingly
enough, the pros were something of a bust. It wasn't until a few
talented amateurs got up on the coffee tables and started flinging
their clothes, swaying to the rhythm of the jungle music pumping
outside, when things really began to pick up.

This has much to do with the hacker preference for pale nerdy girls
over Botoxed boobie queens. The dancers seemed to leave in something
of a huff, unhappy to be ignored in favor of a bunch of small-breasted
geek girls in Mardi Gras beads and panties with penguins on them.

Every convention in Vegas is a breeding ground for random illicit sex.  
But DefCon is one of the few conventions where random, illicit sex is
a primary reason to attend -- a fact which amuses and disgusts a lot
of veteran hackers.

"The past couple of years, I've talked to people who don't even know
anything about computers," one older scenester told us. "They just
heard it was a great party. It's like Burning Man -- now, half the
people are just wandering around looking for the naked girls."

While the pools were an endless array of amusement and indulgence, a
more refined, prominent event took place: the Black and White Ball.  
The Black and White Ball is like a warped version of prom, minus the
jocks, the popularity contest and the superficiality.

Among the guests were Jesus and his Disciples (a group of hackers
sporting nothing but white sheets, with "Jesus hacker" carrying the
Holy Bible), an S&M bondage couple, some guy dressed up in pimp attire
with a three-foot afro wig, and Renderman, the notorious Canadian
hacker known for his black fedora hat and his zoot suits.

Another point of interest was the first annual Dunk the Geek, where a
speaker, goon or inebriated hacker would sit in a dunk tank and await
his or her ice-cold fate for a charitable cause -- the Electronic
Frontier Foundation, a non-profit organization that defends digital

The EFF is often considered to be the ACLU of cyberspace. They're
legendary for fighting corporate and government interests when they
interfere with the rights of cybercitizens. That fight is getting more
and more serious every day.

It's difficult to get anybody to go on the record at DefCon, and with
good reason: In the recent political climate of America under the
PATRIOT Act, a lot of these people could easily be construed as
terrorists. Thanks to the Digital Millennium Copyright Act, almost
everyone there -- including at least one of the CityLife reporters
covering this story -- violate federal law several times a day. Most
attendees feel that the laws are unjust and stupid, made not for the
protection of the people, but for special interests in business and

One of the strangest things about attending DefCon is the odd mixture
of dissent and laissez faire objectivism. Most hackers seem to be
libertarians: they're interested in self-preservation and the rights
of the individual, often to the exclusion of others. There is a core
of arrogance, of genuine belief that hackers are somehow above not
only laws, but the people around them, by sheer virtue of intellect.

There are exceptions of course. The hacker group Cult of the Dead Cow
(which didn't make much of an appearance at DefCon this year) have
been exploring the possibilities of "hacktivism" for a few years now:  
the idea of using their skill set and knowledge for the benefit of
humanity. Other hackers work to bring technological infrastructure to
developing nations.
But the majority who attend DefCon seem concerned mostly with learning
the latest tricks, getting the greatest schwag and finding the hottest
girls (or guys). Even the arrest of programmer Dimitri Skylarov for
discussing theoretical ways of cracking DVD encryption schemes at
DefCon 9 in 2001 didn't seem to arouse the crowd too much.

That happened just over a month before 9/11, and the climate has
changed drastically since then. There seem to be less attendees who
are willing to openly announce that they work with the federal
government (though there may actually be more feds around now than
ever before).

The feeling of paranoia has increased noticeably over the past three
years; in some sense, it has put a slight damper on the general
explosion of hedonism and goofiness that has always marked DefCon.  
What happens in Vegas stays in Vegas unless, of course, it gets you
hauled off to Guantanamo Bay.

So what does the future hold for DefCon? Probably a lot less of the
old guard and substance of previous years. "Every year, I tell myself
I'm not gonna come," one pioneering hacker told us. "I book my ticket
later and later. There have been some years where I didn't even show
up until the first day -- somebody would call me and say 'Dude, you've
got to make it out here.' But I find less and less reason to come
every year."

The consensus amongst the older hackers seems to be that DefCon is
increasingly about style over substance, and that it is becoming more
and more mainstream, attracting more clueless wannabes and
party-seekers than those who are genuinely interested in the scene

Most of the more mature scenesters stay in their rooms, or use the
time between seminars and talks to check out the Vegas nightlife
rather than the poolside scene. One notable exception this year was
Apple co-founder Steve Wozniak, who showed up in a giant blue Humvee
with a satellite dish on the roof for constant Internet access, and
who spent much of DefCon whizzing around on his Segway with a big grin
on his face.

Then again, you find the same attitude in people who've only been
attending for two or three years but already consider themselves old
hands. As jaded as attitudes might be, and as disdainful as everyone
seems to be, they still show up every year.

The end of DefCon is traditionally marked by an awards ceremony, where
prizes such as Best Buy gift certificates, books, swag, and
über-hacker black badges (which are lifelong free access passes to
DefCon) are given to those that succeeded in the various contests, be
they important or utterly absurd. This year was marked by several new
contests, with a few unintentional new entries like the
hamburger-eating contest.

Apparently, some hackers got together and went to In-N-Out. A hacker
ordered a 10 patty "animal burger," and before the guy knew it, fellow
hackers were placing bets on who could top that massive stack. He
actually surpassed his own record by gorging himself on an impressive
20 patty burger (with fries on the side, of course).

The lock picking contest is a DefCon favorite, and this year it
included an "obstacle course," where the object of the game was to
pick the most locks in the best time, with eight different locks in a

Then there was the illustrious wardriving contest. Wardriving -- a
term invented by Dis.org vets Seric and Peter Shipley -- consists of
driving or walking around while looking for unsecured wireless
Internet (or wi-fi) access points. It's derived from the old hacker
practice of "wardialing," in which an automated program dials every
possible number in an area code, noting down which numbers have modems
attached to them (you can see an example of this in the classic hacker
film Wargames, starring Matthew Broderick and Ally Sheedy's breasts).

Perhaps the highlight of the awards ceremony was the Second Annual
DefCon Wi-fi Shootout Contest. The goal of the contest was to reach
the greatest possible connect distance between two wi-fi stations via
innovative antennae designs and ingenious engineering skills.

Three young college students from Ohio using the team name P.A.D. took
home the gold and received several standing ovations for breaking the
world record for the longest wi-fi distance with a whopping 55.1
miles, using a home-brewed 600 megawatt signal amplifier. Though their
parents tried to talk them out of their far-fetched plan for fame and
glory, P.A.D. drove all the way to Vegas from Cincinnati in a mini-van
with a satellite-like receiver disc duct-taped to the roof of the

As they stood near the podium and described their journey, you could
see the sparkle in their eyes. While DefCon has become more mainstream
over the years, and some say that substance has dissipated from the
true core of the event, there was no denying the passion that flowed
through the veins of these kids. It was their time to shine in the
spotlight, and DefCon was their forum to finally fit in with a crowd.

And that seemed to be the recurring theme of this and every DefCon:  
for those few days they're in Las Vegas, these hackers don't have to
worry about getting their asses kicked for their clothes or their
often total lack of social skills. At DefCon, they can be heroes, if
just for a day, standing in front of all their fellow geeks, winning
awards for feats of prowess that most of their peers and even family
members couldn't even begin to understand.

And then they slip away into the night, back to the real world, to
their jobs as system administrators or security experts, to their
dorms and high schools; anonymous again amongst the beautiful people,
waiting another year for their time to shine.


Joshua Ellis is a writer, rock star and Web guru. You can save your
soul at column.zenarchery.com, the Website for his weekly column All
Tomorrow's Parties. Patty Walsh is a freelance journalist.

More information about the ISN mailing list