Special Report:
Hats off to the hackers
by Simon Edwards
A delegate hacked the conference network and was given an award. This is typical of the Defcon conference which attracts enthusiasts and saboteurs alike, says Simon Edwards
The crowds that descended on Las Vegas's casinos, strip clubs and all-you-can-eat restaurants last weekend were a little different from the norm. They were a little more troublesome, too.
For these thrill-seekers were computer hackers and security experts from all over the world - distinguishable from the general public thanks to vivid red and yellow entry passes, and occasional outlandish haircut and dress sense.
They had gathered for the annual hacker conference known as Defcon. Now in its ninth year, it is claimed by the organisers to be the largest and most important computer "underground" meeting in the world. The estimated number of registered visitors ran to 4,500 this year.
Members of both security and hacking communities announced new tools and lectured on techniques for breaking into and reinforcing computer systems. In previous years, tools such as the powerful and dangerous Windows Trojan known as Back Orifice were released by sensationalist hacker group, the Cult of the Dead Cow.
This year, though, the bad news was for Macintosh users. Agent OJ of the underground programming group Team 2600 announced that a project to transfer the infamous PC-based Trojan SubSeven (which allows a hacker to take complete control of an infected computer) to run on Macs is 80% complete with a final version expected to be ready within two months. Beta software for test purposes is already available for download by anyone with an internet connection.
But not everyone at Defcon saw viruses as being necessarily harmful. Medical doctor Cyrus Peikari spoke of a future containing good viruses that in the long term, as with diseases in the real world, increase the host's immune system. An audience member had another, conflicting analogy. Would taking a bomb to an airport and blowing it up be a reasonable measure to increase security?
Discussing and learning hacking techniques is justified by legitimate security professionals as necessary to protect computer systems against irresponsible or criminal people. But despite the high profile of Defcon, and its emphasis on defence, there were plenty of people who came to behave badly.
By the end of the first night a payphone at the conference centre had been prised off the wall and abandoned in a toilet, and on the last day a speaker spent an hour instructing an audience on how to buy goods using stolen credit card numbers without being caught. He admitted to having used the techniques himself.
Throughout the three days, and nights, some were content to stay glued to their computers and shun the talks. The Defcon Capture The Flag competition took teams of hackers and pitted them against each other in an electronic war. Some teams would set up working computers while others attempted to break in, gaining points for using extra ingenuity and imagination.
Getting full access wasn't enough - you had to do it in style. One individual man aged to crack the conference's network (which was not part of the competition) by conning security guards into allowing him access to the Network Operations Centre. He won special recognition at an awards ceremony on the last day.
In truth, Defcon is not an underground event. It would be fair to say that a great many people who packed into the conference halls on Friday 13th were law-abiding professionals and enthusiasts. And some were so young that they came with their parents.
This mixture of types was, at times, uncomfortable. In one room a programmer would talk about a new technique he had found for securing Windows 2000, while in another a team demonstrated how to hack into wireless networks without being caught, potentially gaining access to personal and business files.
Hackers often describe each other as belonging to one of three groups - black hat (bad), white hat (good) and grey hat (white with an edge). But, as the spokesperson known as Shatter said in the conference's introductory speech, "hackers don't wear hats".
The original copy is available on the Guardian website.
First Published in Guardian, Thursday July 26, 2001.
The above article is © Guardian Newspapers Limited 2001. This article may not be reproduced or transmitted in any form in whole or in part without the written consent of the publishers.