Network News

X My Profile
View More Activity

DefCon Day 1: Hacker Mayhem

Defconlogo LAS VEGAS, July 29 -- Just got a tour of the sprawling campus that is the Alexis Park Hotel, where DefCon is in full swing. My guide was a junior "Goon," one of dozens of security folks wearing orange shirts who keep the peace around here and physically remove hackers who get rowdy or otherwise cause more than their allotted share of mayhem.

I'm filing this entry from the room of a Defcon speaker named Strom Carlson, where four self-described "phone phreakers" are holed up. The press room is in disarray, and there is some unspecified problem with the Internet connection there. Strom's room is littered with phones, voicemail gear, at least six laptops and a pay phone that Strom bought on eBay. He is slated to give a talk tomorrow on "How to become your own phone company."

It's not like I'm skipping the speaker presentations; the TV in Strom's room is tuned to a closed-circuit, live broadcast of the talk going on in the main outdoor tent right now, which is blisteringly hot at 105 degrees. Speaking at the moment is Phil Zimmermann, considered a legend in hacker circles for developing and making available for free a software program called PGP (it stands for Pretty Good Privacy), which lets people encrypt e-mail and other Internet communications. Phil is discussing "His Next Big Project," which deals with encrypting and securing Internet-based phone calls (a.ka. Voice over IP, or VoIP). As I write, he is demonstrating a new program he wrote that can prevent anyone -- including the Feds -- from eavesdropping on VoIP conversations.

I'm getting online using the excruciatingly slow data connection on my Treo 650 phone, mainly because I've been told by several people that under no circumstances should I connect to any of the many wireless networks polluting the digital airwaves here at the hotel. My laptop says there are eight accessible wireless access points here; one of them is named "Kevin Mitnick Sucks; the rest are named "DefCon." But Strom warns that most of them are actually "rogue" wireless networks set up by hackers looking to capture passwords and usernames of anyone who logs into the network.

In a giant ballroom downstairs, at least two hundred hackers are hovered over their computers, ignoring that advice and using the WiFi networks to participate in "Capture the Flag," a competition to see who can hack -- or "own" -- the most number of computers in the shortest amount of time. On one wall is the "Wall of Sheep," in front of which is table full of hackers whose job it is to post up on the wall the usernames and passwords of anyone brave (read: dumb) enough to access their e-mail over an unencrypted connection.

In the next room, a half dozen hackers are using a variety of metal implements to compete in the lockpicking competition. Across the room, people are queuing up to participate in the DefCon 13 Scavenger Hunt, where hackers can compete for prizes by completing the most tasks and amassing the most items on the list; Finding 100 half-eaten M&Ms, for example, is worth 50 points. Other items on the list include: 1 cubic foot of something (100 points), meat earrings (25), Mexican jumping beans (50), a USB sex toy (75), and a live chicken (100 points). Some of the more interesting tasks competitors can attempt to complete are: get belligerent with, then surrender to tourists outside the Paris hotel -- while wearing a beret (100); get the Dark Tangent (Black Hat and defcon founder Jeff Moss) to slap you, hard (105); Sing the Copa Cabana in a cabana (35); beer bong a full size can of Fosters beer (80); and make a wet suit out of mouse pads and jump in the pool (+100 points if your clothes stay dry.

That's all I have time for right now. Robert Morris Sr., the brilliant ex-chief scientist for the National Security Agency, is about to give a talk on security vulnerabilities in bank ATMs, which Morris called "the next financial hacking pot of gold."

By Brian Krebs  |  July 29, 2005; 5:45 PM ET
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: FBI Investigating Lynn's Role in Ciscogate
Next: DefCon Day 1: Lynn Presentation Circulating on Internet


As the organizers of "Capture the Flag", we would like to point out that your facts are wholly incorrect:

1) There were only approximately 100 people playing the game, and no more than 64 were ever playing in the ballroom at once.
2) Contestents in the ballroom did not use the WiFi networks in order to participate. The contestents had physical connections to their tables, and were not using the conference wireless network for any game related activities. I think you must have been confusing the conference at large (which used wireless to get to the Internet, despite the advice from many that they not), with the game. Nonetheless, a journalist such as yourself has no excuse for missing the mark so thoroughly.
3) The goal of capture the flag has nothing to do with "seeing who can hack the most number of computers in the shortest amount of time". Number of computers hacked had no direct impact on the game outcome, and there was no "shortest amount of time" element to any break-in activities.

Also, the "goons" were all wearing red shirts. They couldn't possibly be mistaken for orange.

While I don't expect Post blogs to receive the same level of fact checking as a print article, I hope the Post would frown on facts being so far from the truth on a web page run by the paper. To that end, we will be emailing a copy of this post to your ombudsman.

Posted by: Factually absurd | August 2, 2005 7:28 AM | Report abuse


Posted by: John H Jones | August 2, 2005 9:57 AM | Report abuse

As a person who played in the capture the flag competition, I have to say this is completely off base. Sad when a reporter can not take the time to get the facts straight.

Posted by: Epic | August 3, 2005 5:27 PM | Report abuse

attention hackers: Uncle Sam wants you

Posted by: er_or | August 28, 2005 12:28 PM | Report abuse


Posted by: gryllo | December 4, 2005 6:14 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company