Granny Hacker From Heck Visits Def Con -------------------------------------- Thursday, July 15, 1999 at 16:29:59 by Carolyn Meinel - Writing For AntiOnline July 1, 1999. A staffer from Loompanics calls to say that the Def Con convention staff has ordered them to not sell my "The Happy Hacker: A Guide to Mostly Harmless Hacking" (http://happyhacker.org/buyhh.html) at their upcoming computer criminal soiree. This means war! How can I best stick it to the Def Con d00dz? Oho, their web site (http://www.defcon.org) is advertising a Bastard Operator from Hell (BOFH) (http://www.rangsoc.demon.co.uk/bofh_last.htm) contest. A true BOFH should run a computer with all sorts of tantalizing services. Build something that looks like an eight year old could break in. Then the attacker runs exploit after exploit against the box. And every attack mysteriously SCREWS UP!!! Muhahaha. By offering a prize for the best victim computer, the Def Con guys hops to get better targets for the hackers playing Capture the Flag. Amarillo, TX, July 6 and 7, I'm out there with Happy Hacker Wargame director Vincent Larsen and wargame admin Jon to put together our BOFH entry: Fangz. Ah, yes, Fangz, an Intel box running Red Hat Linux (at least that's what any port scanner would tell you, snicker). It runs ftp, pop3, smtp, a DNS server, telnet with a guest account with no password, guest access to vi and a C compiler; and a Lithium Quake server with back doors in place. Ahem, every service is working according to the RFCs, but not quite running the way hackers would expect:):) OK, let's get this straight. All I did was provide the hardware and use the Hacker Wargame to test various iterations of Vincent and Jon's Process Based Security (http://www.sage-inc.com) modifications to Red Hat Linux. Red Hat is a hacker's paradise. A clean install of the latest version has over 200 ways to break into it. Vincent and Jon's version of Red Hat, however, would make the BOFH himself proud. That's why I decided against entering a FreeBSD or OpenBSD system. They have pretty good security, too. But they don't TORMENT hackers the way Process Based Security does. At sunrise Friday morning, July 9, I caught a ride on the Happy Hacker Godfather's King Air business jet, along with him and Jon. Also there was this giant Texan on board. I asked him, "You look like a bodyguard. You look like you could pick up someone by the neck and hold him out at arm's length." "I'm an interior decorator. That's my story and I'm sticking with it." Nine AM we are on site at the Alexis Park hotel. We stagger along with Fangz, a monitor, laptop, my favorite Ethernet hub, my crummy backup Ethernet hub, lots of spare 10BASE-T cabling, tools, and duct tape just in case I need to tape anyone to the wall. A Def Con "goon" (security guard) helps us out by taking us to the head of the registration line. Who should be handling, um, exceptional cases such as ourselves but Pete Shipley. As his mouth drops with surprise to see us Happy Hacksters out in force, he fails to flash his copyrighted vampire fangs. Now these are very important, copyrighted vampire fangz, er, I mean, fangs. Shipley's lawyer actually sent several letters to the publisher of my Happy Hacker book claiming that Shipley had gotten a copyright on wearing vampire fangs, so the guy on the cover of my book wearing fangs owed Shipley royalties. Or something like this. Anyhow, the publisher, being a hacker himself (Dr. Mark Ludwig), decided to have a little fun with Shipley. In the second edition he blotted out Shipley's fanged features with a green blob reading "hey man get my face off this cover." Anyhow, I think Mark using Shipley's copyrighted fangs on my book cover is why Shipley can't wear fangs any more. That must be what got Shipley to being such a major enemy of mine. After all, my lady BOFH personality ought to win the adulation of hackers everywhere. LART, LART, who has the LART?;^) (http://www.winternet.com/~eric/sysadmin/lart.1m.html) Shipley swears it isn't because I hacked him at Def Con 3 in front of dozens of witnesses (see Granny Hacker from Heck). Oh, yes, if you are a reporter, contact me and I'll give you phone numbers for two of those witnesses. Well, that fangless Shipley just about ruined my day. What next, would Cult of the Dead Cow's (http://cultdeadcow.com) Deth Vegetable trash can his Mr. T bust and prance on stage in a business suit? We got Fangz set up pretty quickly. All I did was some physical stuff. Meanwhile, Jon changed the gateway, DNS server and IP address himself because there are some interesting twists to Fangz. Then he spent the next few hours waiting for the Capture the Flag/BOFH contest to start by changing a few more things on Fangz, like the process control tables for the "mv" and "cat" commands. Oh, you say you never heard of Red Hat Linux "process control tables"? Muhahaha. Then... Priest pays me a visit. Priest. He's a tall middle aged guy whose trademark is the loud Hawaiian shirts and shorts he wears at every Def Con. At Def Con 5 he won his "I am the Fed" T-shirt by showing off an FBI badge. Of course I believe everything I see. "Carolyn," he gestures to me. He sidles up close and whispers, "I left the agency a few weeks ago. An Internet startup in California offered me a chance to get rich. I have a nondisclosure agreement for you. Interested?" Of course I like to get rich, too. I sincerely believe that Internet startups like to offer FBI agents tons of money. "Sure." Meanwhile the Capture the Flag/BOFH game has finally gotten started. Less than 100 of the 3,600 Def Con attendees have signed up to play the game. What? Less than one hundred? I ask several players. They all say there are perhaps only 200 people at Def Con who actually know how to break into computers. The rest? Feds, narcs, groupies, and fakes. And BOFHs:):) Suddenly people start shouting. I turn to see a man prancing on top of a table next to the Penguin Palace booth. He is naked except for an extremely tiny g-string. It's a good thing his genitals are tiny enough to fit into it. Then he pulls on his jeans and leads a parade of drooling teenagers out of the room. A tiny waisted bleached blonde with braless boobs in a spaghetti string shirt prances over to some Capture the Flag players. Not only is each boob the size of her head, they are powered by antigravity devices. From time to time she pulls up her shirt and sticks her naked boobs into the faces of the players. They keep on shooing her off -- "We're trying to hack, dammit!" ----- Lets see, where was I. Oh, yes, the lady with the giant breasts powered by antigravity machines is trying to distract people playing the Capture the Flag game against the Bastard Operator from Hell contestants. All the BOFHers are unscathed so far. I'm standing next to my box, every now and then checking to make sure at least a half dozen people have spawned shells in the guest account. I want Fangz to get a real workout! And who should sidle over but Priest, the giant guy in the buzz cut sandy hair and loud Hawaiian shirt who says he is no longer with the agency. Out of the corner of his mouth he mutters to me, Dis has been committing too many felonies. If Dis doesnt watch out, he will go to jail. Dis. That's one of the two or three hundred handles Brian Martin uses, but who knows, lots of other hackers may use it, too. Or maybe Priest just keeps on confusing Dis with Mitnick or someone like that. I mutter right back, It's not clear to me that Dis is committing any felonies. Hoo, boy, now this is getting interesting. First Priest hints that he can make me rich, then he appeals to my presumed desire for revenge. Lots of people assume that since I am Brian Martins number one obsession (as seen at http://attrition.org), that I must hate him. Au contraire! Today is honesty day, no more kidding around. Martin is my public relations man, working overtime year after year to make sure everyone has heard of and buys my book, The Happy Hacker. By publicizing his fictional accounts of how I hacked 303.org and sekurity.org and let us NOT FORGET the New York Times, Martin has persuaded countless teenagers that I am a brilliant evil genius granny. Oh, while we are on the topic of honesty, Priest just emailed me to advise that he just might sue me for the first installment of Granny Hacker from Heck Goes to Def Con. Lets see, what are his exact words, I have to talk to my lawyer about a lawsuit...I at no time represented my self as an FBI agent nor did I ever display a 'badge' at Defcon 5 to get a Fed t-shirt. Further, at no time did I aproach you with an offer of employment or a commentary on what my orgainzation was doing. Hmmm, another man from an alternate universe. I think his alternate universe is at http://www.exo.com, phone them up and they will give you a truly amazing shell account from which you can entertain yourself with the file permissions of the other users. Lets see if I have this straight. Priest, a fictional entity who ran Def Con 7, and who has variously claimed to be an FBI agent and involved in a get rich quick Internet startup scheme, is trying to figure out how to sue the Granny Hacker from Heck for a humorous article that has lots of witnesses. If you have any leads on this mans true identity, or want to add to reports of who this man has claimed to be from time to time, please contact me at 505-281-9675. Don't pay attention to the man behind the curtain... Now, back to our regularly scheduled programming, Friday July 9. Jon takes a turn guarding Fangz, our Bastard Operator From Hell contestant. I go to the main ballroom to catch the first round of Spot the Fed. I pass a room out of which rock music booms. There are fog machines, spotlights waving about. I notice more young women than I had ever before seen at a Def Con, mostly beautiful, dancing with hackers in that party room. More gorgeous women lounge in the hallway, awkwardly flirting and beckoning. Are they hoping to marry the next Bill Gates? They certainly don't have the look of Las Vegas prostitutes, not even the lady with the antigravity boobs. Theres intelligence in those eyes. I briefly think of Tracy Baldwin, a new FBI agent, who came to Albuquerque for her first assignment out of Quantico. Baldwins young, beautiful, tense like a coiled spring. Some of these women in the hallway remind me of her. Oh, yes, last November I gave Baldwin a hard time when she tried to convince me she might arrest me if I didn't take a lie detector test about whether I hacked the New York Times. So now she gets to put up with being in a Granny Hacker story. In the ballroom, Priest is on stage with a microphone. He booms out, To win your I spotted the Fed T-shirt, you have to identify someone who carries a badge and has the power to arrest. Informers don't count. You know how you spot an informer, don't you? Hes someone who was raided and got back out on the street within 24 hours. That made me think. A story in Forbes magazine last January had reported that the FBI had raided Brian Martin -- yet had not arrested him. According to an employee of the Internet Service Provider Martin uses (Inficad), not long thereafter We were served a subpoena by the Fed's to perform certain actions on the attrition box co-located at our facility. As we do with all law enforcement matters we complied, and they performed what was required and permitted under the subpoena. Many in that room know about Martins FBI raid. Some in that room remember Priest claiming to be a Fed. Why would a Fed, even an ex-Fed (if Priest was telling me the truth) be trying to publicly finger Martin as a supposed informant? All in good fun, I'm sure. A young man sitting next to me leans over. Who is this Priest guy? He seems to be running Def Con. I dunno, maybe being a ficticious character is his profession. Near midnight I am hovering over a laptop and hear a voice booming, You. We're closing down for the night. Out. Now. I look up and see a knot of hackers scurrying for the nearest exit, behind them Priest playing the role of Nazi SS man. He swivels, points with outstretched arm at the next nearest group. You. Out. Now. He strides to another group. You. Out. Now. I am amazed. Aren't hackers supposed to be anti-authoritarian? Is'nt herding hackers like herding cats? Not here. Oops, I'm wrong. A departing group breaks up and scatters rather than making it to the exit. Priest catches on within seconds. He points them out one by one: I told you, out. Now. When he has cleared the room of all but those of use playing the hacker war game, he comes over to us, now relaxed. I gesture at Fangz. I don't want to leave until everyone else is out of the room. I worry about physical sabotage of my Bastard Operator from Hell entry. No problem. He lets me be the last non-staff person out. Saturday morning. July 10, 1999. I'm waiting by the pool for the con to reopen. A swarthy fellow speaks. Carolyn, I'm a friend of Zyklon. Can you tell me just why, when he hacked the White House Web site, he called me a crack whore? I'll ask. By the way, I have your Happy Hacker book. Loved it. I can't resist plugging my book. Buy out the latest printing, folks, and maybe I'll shut up. Maybe not:) The hacking game is in full swing. A dumpy little fellow comes over to me. Hi, remember I called you on the phone? I'm a reporter from Rolling Stone. Can you tell me why so many hackers hate you so much? They won't ever tell me why, they just say Carolyn sucks. They don't all hate me, just some noisy ones. Why don't you talk to these young people? I introduce him to a group of teenage boys who have clustered around me to get hints about my entry in the game: Fangz. Stuff like I tell them to use the pasv command to make its ftp server work. Sorry, Fangz is a little primitive, but the fewer features on its services, the harder it is to hack. Hey, give us credit, its RFC compliant and at least we don't force players to use tftp, or cut and paste stuff through a terminal emulation program! The teens crowd around the reporter. Tell people most hackers are good guys! We don't commit crime! We make the Internet a better place! they chorus. A tall, thin young man in skinhead garb and haircut walks up and hands me a flyer. It is about the new Web site, Netcriminals.org. It has a fake dossier on me, along with fake dossiers for several other people. Skinhead asks, Do you know who I am? I shake my head. He gives a tight grin. Netmask. Netmask. It is the first time we have met in real life, yet over the years he has occasionally sent me demented, obscene, yet humorous emails. Some people might say he must be my kind of guy, but ask my fellow choir memebers at St. Luke, I'm just a sweet old lady. Anyhow, Netmask and I had spoken once on the phone, or perhaps I should say, had spoken once that he had admitted to being Netmask. His erotic fantasies remind me of the man, or group, that has done major damage to almost every Internet Service Provider I had ever used: GALF. Netmasks Web site -- 303.org -- features pictures of his 303 gang mowing down aspen trees with machine guns, dancing around a table covered with exotic guns, firebombing a car, and at one time it included instructions that presumably were meant as a humorous parody on instructions on how to molest children (under cocksoldier.com, hosted on the same box). They live near the Columbine school district near Denver. Netmask runs the kind of gang that could make reporters go nuts for a chance to interview him. I can see the headline, Goth gun and bomb nut hackers run rampant in Columbine school district. But I will resist the temptation to write lurid stuff about them, just check out http://www.303.org for yourself, if it is still up. Just before Def Con, Netmask had emailed me, You up for a little hacker death match with me on friday? (at con) I replied, Sure on death match, if you'll talk with me afterward. My aim might be off, I'm used to beating up outlaw horses with well-aimed kicks, the half ton class opponent is kinda exhilarating. Haven't sparred with a human in a long time. Dunno why humans are afraid of me :):) I was just kidding, I swear! I just give wild horses love taps when they attack me, is all. Hacker Death Match. That consists of putting on bulky foam rubber sumo suits and trying to knock each other down or out of the ring. Netmask had emailed back, I'm gonna pass on this actually.... Keeps me out of the media.. and keeps you less in the media.. Just now I am wearing karate shoes. It's my Deadly Granny outfit. Make muggers quake in their boots when they see me. Netmask is staring at them. The karate shoes, I mean. His martial art is kick boxing. He looks up. We stare at each other awhile. Then I lean forward within six inches of his face and whisper, The reason I respect you, is you aren't a crybaby like the others. He ducks and rushes off. Two PM. I had gotten press credentials earlier that day from an elderly oriental man so I could get into the front row with a tape recorder to cover the Cult of the Dead Cow. They are about to introduce their new program to enable people to break into computers: Back Orifice 2000. Priest gets up on stage to announce their imminent arrival. A voice shouts out, There have been a lot of naked people here. Isn't that against the law? Priest laughs. This is Las Vegas. Another voice shouts, What happens to the people who are running around naked? Priest points at him. They get laid! The audience roars with laughter. Priest continues, We have a treat for you tonight, live rock music. Priest leaves the stage to cheers. The lights dim, then go out. From big speakers on stage come sounds of a storm, mooing of cows and an adult voice ordering a kid over and over again to put the cows in the barn. The mooing gradually grows ominous, then ridiculously loud. Rock music breaks out as two spotlights shine on each side of the stage. They project the logo of the Cult of the Dead Cow -- a cow skull in black against a white cross. The logos rotate. In the center of the stage a video projects themes of cattle interspersed with intimidating images from Nazi and Maoist social realistic art. Then, to cheers, the Cult of the Dead Cow gang enters from right stage, hurling glowing disks out to the audience. Nineteen of the twenty cult members prance, slouch and/or stagger up on stage. In front of them, their master of ceremonies leaps about in a ratty white fur coat, synthetic fur chaps, a belt made of handcuffs, doing a sick parody of a Pentecostal preacher, grabbing his crotch, making obscene jokes, and leading the audience in chants of (him)Dead! (audience) Cow! (him) Kiss! (audience) Ass! The rising lights reveal a parody of church vestments, banners with a Christian cross with the dead cow symbol in the center hanging on each side of the stage. He raises both hands over his head, palms toward the audience. Every eight year old can hack shit! Hacking to save the world! Just don't get fucking busted! And use a fucking spell checker! Long cheering and laughter come from the crowd. And now, the man who wrote Back Orifice 2000 -- Dildog! Dildog describes the features as if it is merely a remote administration tool as he calls it, raising snickers from the crowd. He uses LCD projectors from both a client (attacker) and server (victim) computer to show how BO2000 hides itself. When he shows the option to disable the victim mouse and keyboard and allow the attackers mouse and keyboard to control the victim, the crowd cheers. They end the show with a man in red lace tights, shorts and red pasties held on with duct tape (who looks like a near terminal AIDS victim) shimmying across the stage while Deth Vegetable -- a gigantic sumo-style man in shorts -- smashes computers and a monitor with an electric guitar, the Master of Ceremonies waving his hands and screaming as he fires roman candles from a tube he clenches with his thighs against his crotch. Afterwards I go back to the press room to check for schedule changes. Somehow I have the premonition that Brian Martins talk fakes walk among us may be rescheduled. David Akin of the Canadian publication National Post approaches me as I am leaving and asks Why do so many hackers hate you? They won't tell me anything specific. Basically they just say Carolyn sucks. Just then a disheveled man in an Attrition.org black T-shirt strides up yelling, Get out of here. Only press are allowed here. I have a press pass. I show it to him. You aren't a legitimate reporter! Get out of here. How many FUCKing hundreds of magazine articles do I have to write before you admit I am a reporter? Oops, I said a bad word. I'm mortified. Well consider you a reporter when you write real information! Real information! Your Attrition.org site is full of libel! Just then the woman in charge of the press room, followed by several reporters, comes out and yells at me, The conference staff says you are not a reporter. Give back your press pass. Now. Akin turns to them, You can't do this! You can't pull a reporters credentials just because you don't like what he or she writes! Somehow Priest materializes. Come with me, I have some information for you. We go into a deserted room. Chairs are stacked high. I can't believe I am actually thinking this, but the first thing that comes to mind is that this will make a great scene for the Granny Hacker Sticks it to the FBI movie. Priest breaks the spell. The press room incident. It never happened. What? We are explaining it to the reporters. They understand it was no big deal. You will never speak of this incident again. No way. Puzzlement flashes across his face. He must be realizing that his nondisclosure agreement ploy has failed. If you talk to a reporter about this, I will throw you out of the con. You *will* tell them it never happened. One problem. I don't lie. I begin to tremble. I ... have ... my ... integrity. Priest rubs his chin. I glare at him. He takes a deep breath. Time for a different ploy. You don't have to worry about Attrition.org. We have discredited them with the media. Brian Martin is on his way out. I look at him, head tilted, puzzled. A few months ago Brian Martin tried to get me fired. Uh, huh. We were talking on Internet Relay Chat. On condition of confidentiality. He sent a transcript of the conversation to my boss. Got me in major trouble. All he did was violate confidentiality? Sheesh, he didnt alter the transcript? He altered the transcript. Fortunately I had my version burned into a CD-ROM. Also, two others had eavesdropped on our chat and burned their transcripts to CD-ROM, too. Ours all agreed. I nodded. Yeah, right. How come there are always so many fantastic stories revolving around Brian Martin and Attrition.org? We ought to nominate attrition.org for a Hugo award at the next World Science Fiction Convention. Or is Priest the one who deserves the Hugo? Priest continues. I want Martin behind bars. You know he was busted for the New York Times hack. Then immediately released. He's now an unpaid informant. I let out a long breath. If Priest is telling the truth -- a BIG assumption -- Martin is now too valuable for the agency to expend. I've heard that Martin is ops (moderator) on three Global Hell IRC channels. So was he the one who got Zyklon busted for the White House hack? Priest shrugs. Is he informing on Global Hell? He throws up his hands. We have so much on our plates we can't even pay attention to Global Hell. But they claim to be the ones hacking so many of those government Web sites. You have no idea of what we are contending with. Internet startup. Get rich. Yeah, right, I hate it when people forget to stick to their stories. I reply, I have a problem with your informant. I had to shut down our Happy Hacker IRC server when Martin got on it. It is my opinion that he may have been encouraging kids to commit crime. I am not operating a breeding ground for crime. I'm not going to bring Happy Hacker IRC back up until I get a more reliable group of moderators. Contributing to the delinquency of minors is a crime. Bring your IRC server back up and we can get Martin behind bars. How? Your network is located in Texas. Under Texas state law, even though Martin and any kid he involves in crime are both out of state, if discussions about committing a crime happened on a computer within Texas, that's conspiracy. They'll extradite both parties. I can't do that. I will not expend some teenager to put Martin behind bars. I will not bring up our IRC server until I can make sure we can keep the criminals off. And, I thought, not until we can keep FBI agent provocateurs out. So, am I going to have to kick you out of the conference? My publisher would be overjoyed. Great publicity. Believe it or not, two independent groups have approached me about doing a movie. Getting kicked out would be a GREAT dramatic device. Oh, man, I can almost taste the Granny Hacker from Heck movie! But what do you want? I want to stay. I want to see if Fangz can win the Bastard Operator from Hell contest. But even if it does, I presume the conference organizers will come up with an excuse to deny us the prize. Yes, but at least you will know you won. When I return to the game, I see someone at the console of Fangz. Excuse me, that's my computer. The rules say you have to hack it remotely, not from console. I was just checking to see whether it was broken. He goes back to messing with the console of the computer next to Fangz, his entry in the Bastard Operator from Hell contest. A fat man with disheveled black hair and ragged beard and sloppy clothes joins him. The disheveled man slides a CD-ROM into the drive. They are violating the rules by changing their operating system. Again. A little later I see Priest walking by. I run over and hail him. Excuse me, what is your real name? He pauses in mid stride, looking so off balance I wonder if he might fall. His mouth flaps open and shut. Finally he sputters, You must be kidding. I thought it was worth a try. He falls back into his fast stride and disappears into the crowd. Poor Priest, he doesnt realize yet that he has just persuaded an investigative reporter, yes, the Granny Reporter from Heck, to learn everything she can about him, stuff like his .bash_history (real hackers use tcsh) and maybe even his real name. ----- Saturday, July 10, 1999. After dinner, I return to take a turn guarding Fangz. Jon points to a stain on the linen covering the table where Fangz sits. Someone tried to kill it by pouring a can of Jolt at the keyboard. Also, the power has been turned off four times since you left. They are getting ugly. He laughs. I let someone reboot into single user mode as root. He changed the root password to crackwhore. He was pissed when he rebooted and couldn't get into root over the network. Oh, yes, I knew what that was all about. He had set it up so root from console couldn't write to the password file. We both snicker. Then I grow sober thinking of the hazards of people frequently turning off our power. The operating system we use can sometimes be destroyed if the power goes off while a file is being written to the disk. Kernel panic! Some hackers gather around me talking about the latest Web site hacks. They say the Defcon.org site is down because someone defaced it with parodies of the Antionline and Happy Hacker web sites. I didn't do it! Honest! Um, John, what about you? They have an even better story about why Martins Attrition.org site is down for Def Con. Somehow the title of the index.html page changed to Temple of Hate. That's what Antionlines John Vranesevich and I like to call it. Then, mysteriously, just after it sprouted the Temple of Hate slogan, Attrition.org went down. (Later Martin explained that his webmaster had changed the name on purpose, that it wasn't hacked, honest! And, just by coincidence, a hard drive failed right after the Temple of Hate headline went up. Just by coincidence, as soon as they got Attrition.org up again, they decided to change the headline to We are the people our parents warned us about. I didn't do it! I swear! Repeat after me, Hacking Web sites is childish. Besides, why would I hack my own publicist?) At fifteen minutes before 10 PM, Priest comes in to shut down the room. You. Out. Now. Hackers meekly file to the doors. I go to my hotel room at the Hard Rock hotel across the street, and change into a short red velvet dress and black tights. This is for the formal Black and White ball, then sashay back to the Alexis hotel. I'm glamorous granny now, honest! In the lobby, two of the Trumpbour brothers greet me. They thank me for bringing our Happy Hacker Wargame team and some computers to their Summercon hacker gathering a month previously. Def Con has a bad atmosphere. We like to keep our con pleasant. I thank them for keeping alive the ideal of true hacking. Folks, if you go to just one hacker con next year, try Summer Con. It's run by real hackers, people who use their real names, not a bunch of fictitious characters such as Priest. Speak of the devil, Priest walks by just now dressed like a priest. I flash him my winningest smile, but he acts like he doesn't see me. I begin walking through the lobby toward the Def Con ballroom. A voice behind me yells, Carolyn! Why did you tell the FBI that I hacked the New York Times? I turn and see a man so muscular that he looks like a bicycle pump has inflated him. By contrast, his narrow head sits on a skinny neck. He is wearing a tank top that shows off his tattoos. His muscles quiver with what I suspect might be rage. Behind and beside him is a crowd of kids that look like they average fourteen years of age. They goggle at us like spectators at a bull fight. I scan the group. I don't recognize any of them. Excuse me, but I don't believe we have met. Mr. Steroids says, We have met. Several times. Think. I scratch my head, rub my chin. I simply can't think of having ever met anyone who gives the impression of being seriously pumped on steroids. I study his face. Steroids shouldn't change that too much. Still doesn't ring a bell. Give me a hint. You know me. You told the FBI I hacked the New York Times. I wonder if the FBI had tried to force him to become an informant. Did some agents do to him exactly what they did to me, claiming to have evidence that they really didn't have? When they came after me for supposedly hacking the New York Times, I had told them to, um fword themselves. Seriously, I am against computer crime and am happy to help the FBI catch criminals. But I refuse to be an undercover informant and I oppose the use of undercover informants. OK, time for major soapbox speech here. IMNSHO, our taxpayer money should not fund the FBI to run around encouraging computer crime all in the name of some undercover operation. But, then, maybe I'm just paranoid. Maybe the FBI doesn't run Def Con. Maybe it is mere coincidence that Jeff Moss, who bills himself as the man who owns the Def Con conferences, is a full-time employee of Secure Computing, Inc. To be exact, the registration for Defcon.org reads: DEF CON (DEFCON-DOM) 2709 E. Madison Seattle, WA 98112 Domain Name: DEFCON.ORG Administrative Contact, Technical Contact, Zone Contact: Moss, Jeff (JM27) jm@DEFCON.ORG 206-626-2526 (FAX) 206-453-9567 Billing Contact: Moss, Jeff (JM27) jm@DEFCON.ORG 206-626-2526 (FAX) 206-453-9567 Maybe it is coincidence that the Secure Computing web site claims that it is the market share leader in providing network perimeter security to the U.S. Federal government. (http://www.securecomputing.com/C_Bg_Hist_FRS.html) Maybe the whole Priest thing is just a guy having mostly harmless Vogon fun by being a fictitious FBI agent. I'm wondering if the FBI really had told Mr. Steroids I had provided evidence against him. Is this how their Quantico academy teaches FBI agents to nullify recalcitrant reporters? Run around questioning, raiding and arresting people and telling them I provided the evidence? For once I'm dead serious here. Besides Mr. Steroids, Pete Shipley and his dis.org gangmates Ph0n-E and Cyber say the FBI has questioned them at length about allegations the FBI claimed I had made against them. Do you know what it feels like to have weird looking guys trembling with anger accusing me of getting them in trouble with the FBI? But then again, maybe the FBI isn't doing anything of the sort and all these guys are just making up these stories. Anyhow, you're tired of my rant, so let's get back to the story. Serious mode off. Humor mode on. Steroids reaches into his jeans pocket and pulls out a battered wallet. OK, I'll give you a hint. Look at this. He shows me his drivers license, trembling in his hand. It says Michael Schiffman. His buddies draw closer, menacing. Er, as menacing as a gaggle of 13 through 15 year olds can get. Darn, I'm not wearing my karate shoes. They are staring at my 38 D bosom instead. I put on my best politician smile. Michael Schiffman, nice to meet you! Now I know who he is, a man better known as Route or Daemon9. He got mad at me long ago when I told my Happy Hacker mailing list that I opposed his hacker ezine, Phrack. In my opinion, he encourages people to commit senseless digital vandalism. Why did you tell the FBI that Modify and I hacked the New York Times? I thought fast. I could remember telling the FBIs Tracy Baldwin that it was my opinion that there was only a 2% chance that Michael Schiffman could have been part of Hacking for Girliez. I had thought that was my way of debunking the idea he was involved. I figure it won't do any good to tell him about the 2% bit, he's too mad to grasp nuances just now. I reply, The FBI told me that *I* hacked the New York Times. Schiffman puffs out a breath. He looks like an impatient school teacher waiting for a slow student to get the right answer. OK, a psychotic teacher with steroid poisoning. He's shaking. Why did you tell them we did it? Modify hack the New York Times? Now that's ridiculous. Why would I say that to the FBI? He couldn't hack his way out of a paper bag. Schiffman and company begin shouting, Modify can so hack, Crack whore, and other brilliant intellectual observations. I brilliantly retort, I don't have to listen to this. Would they jump me? Was I about to be mobbed by children while not wearing karate shoes? I figure I am safer acting like they could not be any threat than by taking a martial arts defensive stance. I turn on my heel and walk away.. I enter the main ballroom at midnight -- time for Hacker Jeopardy to start. This is a takeoff on the TV quiz show, Jeopardy. To get to the empty seats on the far side of the ballroom, I walk around the back. In the middle of the back row I see a familiar face: Modify and three others are standing on their chairs. Are they trying to be noticed? As I pass them, Modify hands me a business card reading Attrition.org -- We don't play well with others. Oh, yes, isn't that a line from the movie Hackers? Does this mean they are trying to get a movie deal, too, something like How Attrition.org Stuck it to Priest (whoever the heck he is)? The guy standing on the chair next to Modify hisses at me, You'd better watch out. I stop to look over the guy who hissed at me. Yes, it must be Brian Martin. It has to be. He is standing next to Modify, his bosom buddy. But Martin, once buff, showing off his muscles with a tight T-shirt at previous Def Cons, has wasted away. He's downright skinny now. Some two inches of his hairline has balded. The man is only 25 or 26, I think. Are those wrinkles on that sagging, emaciated face? Is that a stoop to his shoulders? The pressure of being my publicist, dealing with that non-hack of his attrition.org web site, and Priests attempts to brand him a narc and discredit him with journalists must be wearing him down. Priest tromps up on stage. Is there anyone who needs to do anything before the game starts? A transvestite prances up to Priest, clad in a tiny sheath evening dress. Someone throws the girlie a condom. S/He lifts his/her skirt to reveal a red sequined jock strap that appears to be rather full, and inserts the condom in it. S/He wriggles off stage, a pied piper leading a gaggle of boys out of the ballroom. Sunday morning some dazed-looking guys are lounging by the pool. One is the fellow who is managing the entry in the Bastard Operator from Hell contest that sits to the right of Fangz. I walk over and give him a cheery hello. He and his comrades start howling, Your computer is stupid. It's broken. It sucks. I ask, Why? Because it's yours. Because the C compiler is broken. I say, Other people have compiled programs on it. Why can't you? Because they fixed the compiler. I say, That's called hacking. Later that morning, there is great cheering as the Ghetto Hackers break into one computer, then another, then get half a hack on a third. At 1 PM the game is called to a close. Ghetto Hackers have won the Capture the Flag part of the contest. Of the remaining nine computers, the winner in the Bastard Operator from Hell is, in theory, to be awarded to whomever had been running the most services. That, I hope, means Fangz. I notice a crowd gathering. Priest is there. I ask him, Is it OK to take down our equipment now? He nods. Jon and I began taking the system apart, unplugging the Ethernet hub, power, etc. A kid from the Penguin Palace booth comes over and begins interviewing me on tape. Carolyn, your box finished the game without being rooted. Does this mean you're elite? No, it just means Fangz didn't get rooted. The fat, disheveled guy with the box next to Fangz begins shouting, You didn't get rooted because the hackers here are no good. They didn't root my box and it had plenty of holes. I reply, You mean the Ghetto Hackers are no good? That's not a fair comparison, you kept on changing your operating system from console. I cheated? I had FreeBSD on it for twelve hours! People did so have plenty of time to try to break in! Are you saying the Ghetto Hackers are no good? He rubs his chin, thinking this one over. As I watch him, I suddenly realize who he is. Bluto, from the Popeye cartoons. Aha, I have pierced yet another hacker identity. Finally Bluto looks me in the eye and yells, You cheated! Your box broke the rules! You have to be able to remotely administer it! That's the rules of the game! I look bewildered. Wait, I distinctly heard them say you are *allowed* to administer it remotely, and forbidden to administer it from the console. They didn't say we were *required* to do remote administration. I realize a crowd has gathered. Shipley is among them. Bad sign. A skyscraper of a man looms to my right. It's the giant Texan interior decorator. He holds a keyboard menacingly in his right hand, staring down Bluto. Good sign. Bluto yells again, Can you remotely administer this box? Answer me now! Well, um, er, it doesn't have secure shell, we have to telnet in to do anything. I'm embarrassed. Prove it! Create an account now! But we just took the system down... Prove it! Prove it! Priest looms behind Bluto. He's staring into my eyes. That's it, Carolyn. We just used up our last chit at this hotel. Last night some fucking idiot tried to steal their golf cart. One more incident and they close down the con. You. Out. Now. I can hardly hear Priest for the shouting of Bluto, who is leaning awfully close and waving his arms. I make out strangled sounds like non RFC services ... broken C libraries... The Penguin Palace kid is still tape recording. The giant Texan interior decorator is still leaning over the table wielding Fangz keyboard like a weapon, in the face of Bluto. I hear a voice shouting, Its not fair, she isn't causing the disruption. Priest hisses at the kid with the recorder, If you publish it, I'll sue you. Then he stares at me. You. Out. Now. I get this sinking feeling. Does this mean otherwise you will strap us into chairs to listen to your Vogon poetry? A guy in a Def Con Goon shirt hisses, Resistance is futile. Priests eyes glaze over as he recites, Or I will rend thee in the #dc-stuff channel, see if I don't! My mind comes up with a don't panic scenario. Actually I quite like your poetry. Priests mouth flaps open and shut. You do? Tell me more. Er, ... interesting rhythmic devices... The giant Texan interior decorator springs to my defense. Counterpoints ... the surrealism of the underlying metaphor... A dreamy smile softens the lumpy surface of Priests face. So what you're saying is I write poetry because underneath my mean callous heartless exterior I really just want to be loved? Yes, yes! the giant Texan interior decorator and I urge him. No, well, you're both completely wrong, I just write poetry to throw my mean callous heartless exterior into sharp relief. You. Out. Now. As we exit the hotel, walking by the pool, Priest trots up and tries to draw me aside. We need to speak privately. I think for a minute. Maybe he has reconsidered. Maybe he just wants me to sign that nondisclosure agreement after all and make me rich. Or could it be, shudder, more Vogon poetry? I gesture at Jon and the giant Texan interior decorator. We can speak with them here. No, this is private. Then we can't talk. Jon, the giant Texan interior decorator and I pile into our rental car which the Happy Hacker Godfather has managed to materialize. Shipley is leaning into the window to snap one last picture of me. His lips part in a snarl. No fangs. I flash him a smile. Postscript: Just as I had anticipated, Priest rescheduled Brian Martins Fakes Walk Among US talk. To be exact, he rescheduled it to dev/null (device null for you non-Unix wizards). Martin refused to take the affront passively. He gathered a handful of people by the pool side to recount his stories about Antionlines John Vranesevich and me. He may win this years Hugo yet. Want to find out why fictitious characters variously claiming to be with the FBI or a hot Internet startup recite Vogon poetry at me? See http://happyhacker.org for our mostly harmless instructions on how to break into computers. Happy hacking, and watch out for us grannies from heck! Oh, I almost forgot. Buy my book, The Happy Hacker: A Guide to Mostly Harmless Computer Hacking. Resistance is futile.