By Bronc Buster
We flew into Las Vegas on Wednesday, hoping to get to check out the hotels and casinos on the strip before it all started. How were we to know the worst floods in Las Vegas history would happen, and that we would be told to stay in our hotel rooms for our own safety? What a beginning to a long five days, and another weird kick off for another installment of DefCon. This was DefCon 7, the annual hacker convention that happens every year in Las Vegas.
Everyone comes to DefCon: Teams from Microsoft and Intel, Federal Agents, elite underground figures, a huge number of hackers and phreakers, and even high school kids who must have ran away to come, because they look far too young to be in the city of sin by themselves. They come from all over the world: from Australia, Kuwait, Europe, South America, you name it. So for those of you not familiar with DefCon, you are asking yourself what would bring all these people—well over 3000 by some estimates—to the Alexis Park Hotel for this three-day event. Well, ask each different person and you will get a different answer.
DefCon had three different speaking tracks this year, ranging from newbie to advanced topics, like how to take over PBX phone systems, to a simple introduction to TCP/IP, which is the protocol the Internet uses to function the way it does. Now, on the surface it may sound like a normal convention just like any other, but once you get there, you notice some strange things happening.
There were vendors selling everything from very real-looking fake IDs to books, old computer hardware and military computer equipment, T-shirts and CDs with alternate operating systems, like FreeBSD and Linux. There was a scavenger hunt, in which the items to be collected included everything from a satellite dish off the top of a famous casino, to a menu from a local restaurant. They had "hacker death matches" in huge, inflatable sumo outfits, that paired off people who may hate each other online, but have never seen each other in real life. Popular yearly games are played, like Hacker Jeopardy, in which teams of hackers get onstage in a game of Jeopardy to see who knows the most, with the losers having to drink large amounts of beer. The l0pht (pronounced Loft) also holds a TCP/IP drinking game, where people shoot it out on stage to see who knows the most about the complex inner-workings of the net, with the losers having to drink large amounts of beer. Another popular game that goes on throughout the entire convention is "Spot the Fed." This is where normal con goers try to pick out the feds who might be in the crowd mingling. It’s all in good fun, and if spotted, they are brought on stage, asked to show their ID, and then given a round of applause and T-shirt saying "I am a Fed."
As the years roll by and DefCon gets larger and larger, it attracts more and more people. This was apparent in how serious the U.S. Government is taking it, this year hosting its own panel where people could ask questions to agents from the National Security Counsel, the White House and the NSA. More apparent were the masses of media people who showed up. More than 300 press passes were given out, and there were over 20 film crews on hand, from CNN to Z-Net, and TV stations from all over the world. Needless to say, it is almost unbelievable seeing it go from what it was 7 years ago—when it was a gathering of a few hundred people run by a group of friends who had the wild idea to get together to have to fun in Las Vegas—to what it is today.
One of this year’s highlights included a presentation from a group called the Cult of the Dead Cow, or cDc for short, who released an updated version of their remote administration tool called Back Orifice 2000 (BO2K). In addition to its legitimate use—remotely administrating networks—critics say it can also take over other people’s computers over the Internet if someone were to be duped into installing it onto their system. BO2K has the ability to take over the mouse and keyboard of a victim’s computer, and in addition to logging everything a person might type, it can provide a video feed in real time, so one can watch what the victim’s computer is doing, what is being clicked on, and what is being seen. Similar to last year’s presentation (when the group announced their original Back Orifice tool), this year the cDc made a grand entrance with strobe lights, loud techno music and spinning cow skulls on the walls. It was standing room only for their almost two-hour presentation.
Another highlight, and always a favorite, was Capture the Flag. Now, this is not the game you played when you were a kid, this is Capture the Flag, hacker-style. People set up target boxes and put them on a network in one of the convention rooms, while other people hook up their laptops and try to break into them to plant their group’s "flag." These boxes vary in types and operating systems, and they are not your run of the mill systems, either. The owners secure them and try to make it a difficult task for people to get on. This year, a group calling itself the "Ghetto Hacker" took first prize by getting onto the most boxes and defending them from other groups who were hard at work trying to follow them.
As you can no doubt imagine, as much play as serious work goes on at this con, which is why people say that is it so popular. The parties go on long into the night, and the speakers do not start until noon or so, then fade into the games, which last until midnight or longer. The Alexis Park was kind enough to stock Jolt Cola for the con-goers to help keep them going, and the Dis.Org Crew (the DOC) brewed, and then gave away case after case of caffeinated beer to also help keep the parties going strong.
Now, you may be getting the idea that DefCon is nothing more then a three-day long party, but that’s only part of it. The convention features speakers on a variety of topics: this year, there were federal agents talking about legal matters and what the government is planning on doing for the future of the Internet; lawyers talking about rights and how they relate to the Internet; people talking about various security problems with different systems and software; investigators talking about online forensics and intruder-detection systems; reporters talking about what it is like reporting on the hacking underground, and much, much more.
In the past, DefCon was looked on as a freak show of sorts, where people with multiple body piercing and colored hair were the norm. Now, as it grows, it almost looks as if this year that was the exception rather then the rule. More women are showing up, as well as people from all ethnic backgrounds, and more people are in their late 20s now (like me), rather then the pale youngsters of past conventions. The only thing that has remained from the days of yore is the party attitude.
As you can imagine, not everything goes according to plan when you get over 3000 people with a lot of technical skills and a lot of beer in one place. The lights and climate controls were messed with more than once, and the radio channels the hotel security used had to be changed several times as well because their channels were being taken over by short wave radios that many people were carrying on their belts. Other classic pranks were pulled as well: soap was poured into the hotel fountain, beer bottles were left floating in the pool, and streakers ran through the con from time to time (men and women). After the first day, the hotel had to double its security, but as with most hotels that have hosted DefCon in the past, it was not ready for what came with the con. On Saturday, some poor couple got married and had their reception at the Alexis Hotel; they were surrounded by freaky people con-goers and left shortly after their party arrived.
The con’s organizer, Jeff Moss (who goes by the name Dark Tangent), was strangely absent this year for most of the con. In past years, Moss was almost omnipresent, constantly up on stage with announcements and fixing problems that arise during the three-day con. In his absence, a large fellow name Priest ran the con, and run it he did, with an iron hand. He was a cross between a Nazi SS trooper and a pro wrestler, throwing people out on a whim and canceling presentations by people he didn’t like. If there was anything that could have made a fun three days turn bad, he was it. Lucky for us con-goers, Moss would pop in from time to time and defuse things, which kept the con moving with only a few bumps.
The whole idea behind DefCon is to make a place where people can meet their friends and enemies, people they may only know online; where people can learn and exchange ideas; where anyone can come and get a look inside the hacker underground and see that it’s not some dark, scary place some reporters make it out to be, but rather a preview of the movers and shakers of the next century. These people are not trying to take over the Internet, they are just trying to improve it and keep companies honest in their work and what they release.
Who knows, maybe if we’d had a DefCon 20 years ago, we would not be facing the Y2K problem now, because after all, the Internet is going to be around for a long time, and these people who spend a large amount of their time online want nothing more than to see it improved.
Bronc Buster is a California-based hacker whose exploits have been featured in the LA Times.