Hacking into a new age
----------------------

   By M.J. Zuckerman, USA TODAY
   07/13/99- Updated 11:50 AM ET

   LAS VEGAS - Every year at this time, the computer hacker underground
   comes out to play at DefCon, a long-weekend gathering under the glare
   of the desert sun, the gape of a smitten media and the gaze of hundreds
   of undercover feds.

   Gathered here are both the elite and the mundane of "The Community."
   Its members are typically portrayed as dark, brooding characters with
   pale, ornamentally pierced skin; their motives are depicted as a mix of
   anti-social genius, Robin Hood ethics and yearning for notoriety.

   As DefCon, named after the nation's nuclear "Defense Condition," rocked
   through its seventh year this past weekend, it was apparent that only a
   small portion of the crowd fit the brooding-teen-geek stereotype.
   Perhaps more startling is to find that the youths who pioneered this
   event in their early and mid-20s are in their 30s, each employed as a
   "security consultant" or cashing in on an initial public offering.

   "Being a hacker is kind of like being a supermodel," says Kevin
   Poulson, one of a very few legendary hackers convicted by federal
   authorities and a keynote speaker here. "Eventually you grow up and
   move on" to apply your skills in new ways.

   That's an understanding not lost on the ever-watchful federal agents
   locked in a love-hate relationship with The Community. The feds are
   here in record numbers to keep tabs on those who might have stepped out
   of line and to recruit others before they cross that line.

   And DefCon's identity as a white, male oasis is changing too. Women --
   lots of them -- are making their presence known in The Community. And
   people of color are no longer rare.

   "I've come to learn some of the latest stuff," says "Crazy Sage," who,
   like most of the 2,500 attendees, identifies herself only by her
   on-line alias. "As a woman making it in the tech industry, you have to
   be really assertive, or you are not taken seriously."

   Here, she's looking to do some professional networking -- "and get
   really drunk."

   Some aspects of hacker life are changing. But at DefCon, the frat-party
   mentality persists.

   At times, DefCon can be as formal as any other professional conference.
   Famous speakers offer insights on topics of interest and announce
   discoveries.

   There are endless discussions of technical protocols, engineering
   applications and an unfathomable yet elegantly simple question: Where
   will the technology take us three years from now?

   Yet DefCon also is a holiday and a celebration of what The Community
   regards as an art form.

   In the wee hours of the morning, there are private demonstrations of
   electronic breaking-and-entering skills presented against real targets,
   among closed groups of friends and trusted colleagues in congested,
   smoke-filled hotel rooms.

   DefCon's emcee, "Priest," had the unenviable task of crowd control,
   keeping events on track and correcting inappropriate behavior.

   Early on, it was people extinguishing cigarettes into the hotel
   carpeting. "We're supposed to be in the upper echelon of intelligence,
   and instead you're swinging from the rafters like baboons and throwing
   feces at each other."

   "Don't give them ideas!" someone screamed back.

   Later, as the ballroom heated up and the sound system alternately
   squealed or fell silent, he barked at the crowd to "grow up" and stop
   hacking the electronics. Within moments, the sound system worked
   flawlessly, and the air conditioning returned.

   But after dark, matters turn truly silly and rowdy:

   * As dozens of earnest young men and a few women
   spend hours elbow to elbow at 20-foot-long tables, stooped over
   computer screens and playing "Capture the Flag" (a competitive hacking
   game), a stunning blond woman climbs atop a table, lifts off her blouse
   and dances for no apparent reason.
   
   * During a game of "Hacker Jeopardy," an audience
   member jumps at a passing remark by one of the panelists about doing a
   "full Monty," stripping down to a thong and bumping and grinding his
   way down to bare facts. The game, which runs for two nights from about
   11 p.m. to 1 a.m., allows participation of the 500-plus audience
   members. If a contestant at the podium misses a question, they must
   suck back beers.
   
   * DefCon's home base, the Alexis Park Resort,
   beefed up security after the first night, when several dozen rowdies
   began depositing empty beer bottles in the pool and laced a hotel
   fountain with laundry detergent.

   Fed-spotting

   Spirited rounds of "Spot the Fed" are played several times a day during
   breaks between speakers in the main ballroom. Hosted by Priest, it's a
   good-natured game, outing a few of the law enforcement and intelligence
   officials present.

   Audience members call to the podium anyone they believe is a fed.
   Generally, it's golfing attire, fanny packs, haircuts or topsiders that
   give them away. In one case, it was a West Point ring. The accused have
   to answer audience questions (anything as blatant as "Do you carry a
   badge?" is considered unfair):

   * Are you permitted to carry a concealed, loaded
   weapon aboard commercial aircraft? (FBI)

   * Are you required to file a report when you have
   contact with a foreign national? (Military, police, intelligence)

   * Have Furbies been banned from your place of
   employment? (National Security Agency)

   All appeared to enjoy the playfulness. One agent, not wanting to
   prolong the agony, quickly copped to being an "FBI hacker hunter,"
   showed his badge and retreated to his seat.

   The hackers were clearly operating in a target-rich environment this
   year. According to a half-dozen veteran agents, at least 10%, and
   perhaps 20%, of those at the conference were feds, everything from
   postal inspectors to the Defense Information Systems Agency, trolling
   for sources and recruits.

   "There's a lot of natural distrust in the community toward the FBI,"
   says Peter Shipley, a veteran of DefCon and the chief security
   architect at the KPMG accounting firm. He hardly looks the Brooks
   Brothers model, dressed in black jeans and T-shirt, hair halfway down
   his back.

   "I'm in touch with (the FBI) because I'm trying to educate them to the
   realities of The Community. I want to get rid of their fear of hackers.
   But I'm not going to help them develop evidence against anyone." He
   hopes that working with the feds will assuage fears on both sides.

   But it could be quite a while. There's a lot of bad blood.

   A growing sense of adversarial relations has led to The Community
   lionizing convicted hacker Kevin Mitnick, whose imprisonment has
   launched scores of hacks in recent months of the Web sites of the FBI,
   White House and Senate, among others -- all demanding, "Free Kevin."

   In the first six months of this year, more than 1,500 hacks have been
   recorded by Attrition.org, which documents and archives those
   activities.

   The Community takes the view that malicious acts should be prosecuted,
   but not kids who break into poorly secured systems. "Think about it,"
   says "Mr. Mojo," 21, who last year defeated the password system
   protecting Windows 95 and 98 files. "If script kiddies (teens using
   automated hacking programs requiring few skills) can break into systems
   -- I mean, kids -- how much real effort went into securing those things
   in the first place?"

   The Cult's new tool

   The big event at the conference came late Saturday, when the 20-member
   Cult of the Dead Cow took the stage.

   Accompanied by a light show befitting a major rock concert, the hackers
   introduced Back Orifice 2000, software they developed and will
   distribute free on the Web. It enables anyone to dial into a computer
   operating Windows 95, 98 or NT and gain remote control of the machine's
   keyboard and mouse.

   Despite the Cult's protests to the contrary, common sense says this is
   a tool that will empower hackers. It also enables system administrators
   to examine the operation of any machine in a network without having to
   knock on office doors.

   Bottom line, says the Cult's "Deth Veggie": "We released this product
   in the hope of forcing Microsoft to fix its products."

   Ideally, that's what veterans say hacking is all about.

   "This is all about building something that's going to last a long, long
   time," says "WeldPond," a member of L0ft, a hacking group that has
   testified before Congress and leads in the Robin Hood model of using
   hacking to improve systems.

   "The Internet is going to be the legacy of this generation, and if we
   let a few companies get away with setting shoddy standards, well,
   that's where we have a moral imperative to act."

   "Dr. Mudge" of L0ft adds, "We are part of the checks and balances."