Secure Computing Internet Security Newsletter vol. 1, no. 7, August 1997 Hackers turn up heat at DEF CON V --------------------------------- by Holly Knox, Internet Security Editor DEF CON V, the annual hacker convention, was held for the fifth consecutive year in Las Vegas on July 11-13. Antics such as breaking into a hotel's phone system by previous year's convention attendees have prevented organizers from holding this event in the same hotel twice. A DEFCON V Participant This year an estimated 1,000 people gathered at the Aladdin Hotel and paid $40 each to be part of the largest of all hacker conventions. To the casual observer it might be difficult to pinpoint what type of convention it is that attracts such a diverse group of people. Since hackers tend to be an unusual breed, it should come as no surprise that this convention thrives on the unconventional. Most attendees are young males in their teens and twenties, many of whom dress in all black. Only a handful use their real names and most prefer to use monikers or code names like White Knight, Se7en, Cyber, and Deth Veggie. Unlike most of the other hacker conventions the organizers of DEF CON openly invite information security professionals including law enforcement officials to participate in the conference. One of the more popular games played at the conference is called "Spot the Fed." Contestants in this game are awarded a T-shirt for spotting a member of a law enforcement agency or "Fed" and pointing this out to others. While there were probably some Feds who easily blended in to the crowd, the ones who were spotted tended to be clean cut which contrasted sharply to the those who dressed in all black and had various parts of their body pierced and tattooed. DEF CON attendees were also given the opportunity to participate in their own rendition of "Capture the Flag." The game is structured to award a cash prize to the first team of individuals who successfully broke into all four different network operating systems set up by conference organizers. As it turned out, not one individual team was successful in breaking into all of the systems, so the prize was split among individuals from several teams. Some hackers even went on a field trip to "Area 51," the place where its rumored that the government conducts research on crashed UFO's. The hackers launched foil attached to helium balloons over the perimeter security fence hoping the objects would float into Area 51's radar. A short time later the hackers were asked to leave the area. The formal agenda for the convention was composed primarily of hourly discussions on topics ranging from "Hacking Vegas" to "Global Domination," and discussions about what the Feds think of hackers. There were also break out sessions and panel discussions on such subjects as how to read email headers, and how to create and decipher forged email messages. The clueless ones One particularly interesting presentation was given by Ira Winkler, a noted security consultant and author of Corporate Espionage. His topic included a discussion on how the Internet has made it easy for almost anyone to call themselves a hacker. In fact, he believes most hackers today are of a variety he labels as the "clueless ones." Winkler even devised a quiz to help ferret out a clueless hacker from a real one. He challenged the audience to take the quiz and answer it truthfully. For example, if you have never installed a network operating system or written a program in "C" or another similar language you hardly qualify as having the skills of a real hacker. These clueless hackers, who he asserts are primarily teenagers, pose one of the biggest threats to corporate security administrators because they are more apt to use the Internet hacking tools indiscriminately. Winkler contends that many of the attacks done today are executed by those he considers clueless and judging from the audience's reactions to his remarks many appeared to agree with him. With each passing year the popularity of DEF CON continues to grow, as evidenced by this year's large turn out. No doubt many attend to satisfy their curiosity. Others are simply trying to stay informed about the latest hacking trends. For many others, the big attraction may be the opportunity to rub shoulders with some of the "legendary heroes" of hackerdom. For more information on DEF CON go to: http://www.defcon.org