Fear and Loathing in Cyberspace--the Computer Underground comes to Las Vegas. T.J. Barrett July 22-24, 1994. Las Vegas plays host to DEFCON II, a conven- tion unlike any other. DEFCON bills itself as a convention for the "underground" elements of the computer culture--hackers, phreaks, hammies, virii coders, programmers (ah, here's where I fit in!), crackers, cyberpunk wannabees, civil liberties groups, cypherpunks, futurists, artists, etc. It should be an interest- ing time! * Friday night, July 22nd. As I enter the convention hall I'm struck by the massive disorganization. While registration was fairly easy, all of the night's speakers have had to bow out leaving a room full of drunken conference participants witnessing what can only be described as a cross between anarchy and stand up comedy. Speakers named "Novacaine" and "Pinky" tell jokes about PC's. "How do you crash a PC?"-- "hit the return key." "how do you turn your 486 into an 8088?"--"type 'win' and hit re- turn." We learn that there is a pizza server that will allow you to construct your own pizza--simply send a message to pizza@ecst.csuchico.edu with the subject "pizza help". Finally Ron Butcher helps to organize an impromptu talk on UNIX security--Peter Shipley of DNA (Direct Network Access, an Internet Service Provider) speaks for about an hour on setting up a public access UNIX site--the economic and technical considera- tions, etc. Peter has quite a following--when he leaves a bunch of people follow him into the bar, actually the Casbar Lounge in the Sahara Hotel, which tonight is featuring Sonny Charles' Check- mates. We get carded--a novel experience for me since I'm 36, but some of those with us may not yet be 21. Finally we're seat- ed and have a chance to talk and drink for about 5 minutes when Sonny and his band come onstage. Now we're reduced to yelling at each other about bugs in various versions of UNIX while musicians far older than myself strut around the stage trying to look like teenagers, and doing barely recognizable versions of songs like "Mustang Sally". A very surreal experience. I suck down two vodka and tonics and split. * "How many Feds does it take to screw in a lightbulb?" "None, they're not afraid of the dark." Saturday July 23rd. Back at the Sahara I've arrived a bit early for the convention's keynote speech, featuring Phil Zimmerman au- thor of PGP (Pretty Good Privacy, a strong public key encryption system for use by "the masses"). Phil is highly regarded by this audience--he has made it possible for them to preserve their privacy in a world that is becoming increasingly public. Phil tells us several rather amazing stories, such as the case of Bur- mese opposition groups being trained to use PGP in jungle train- ing camps (Burma is a notoriously repressive regime) or the use of PGP by an individual documenting atrocities in a central amer- ican country. An audience member reminds us not to send encrypt- ed messages to Sarajevo or Zagreb--the mere receipt of such mes- sages is taken as evidence of criminal or subversive activity there. Phil notes that the United States government treats its peacetime civilians in much the same way governments in the form- er Yugoslavia treat people with regard to encryption. This is not good. Nevertheless he ends on an optimistic note, telling us that "it is possible to make progress for seemingly impossible objectives", in this case reclaiming our rights from the govern- ment. Next up is Gail Thackeray, Deputy County Attorney for Maricopa County in Arizona, one of those who participated in the notorious hacker crackdown "Operation Sundevil". Her basic thesis is that it is important for the government to retain its right to wiretap in order to solve crimes--she presents a number of worst case scenarios, mostly involving terrorists and nuclear weapons, and explains to us in somewhat condescending terms why we need to abdicate our rights to the government. It particular- ly bothers me that she treats everyone in the room as if they were "crackers" since I am not, but in fact work for one of the Regional Bell Operating Companies. Later I hear one of the audi- ence members talking about Ms. Thackeray, remarking on how she felt perfectly free to use "doomsday" scenarios for her side of the argument, but dismissed any, such as the emergence of a cor- rupt, fascist government in the United States, on the other side. Another lawyer followed, and then the video "Computer Warriors" from Mattel, which D'arc Tangent, the conference organ- izer, describes as a mind bomb for children. This is not an ex- aggeration. It is mercifully short. Next Judi Clark of the Computer Professionals for Social Responsibility, who leads a round table discussion on that organ- ization and its role in shaping the nature of the "National In- formation Superhypeway". She gives a good talk and is well re- ceived. Mara Whitney and Karen Coil also speak about CPSR. Fi- nally Marianne of CPSR tells us about "hacker barbe" (pronounced "barbie"). She reads us about hacker barbe from Kurt Hemr's piece on the Internet-- "...my niece can't get enough of Hacker Barbe's Dream Basement Apartment! The pink Sun workstation in the corner, the little containers of takeout Szechuan scattered across the floor, her 'Don't Blame Me, I Voted Libertarian' t- shirt--it's on every little girl's Xmas list!" Marianne actually has a Barbie doll with a Libertarian t-shirt to illustrate the point--which is that the Net is not just for those who have a Y chromosome. * Lunch at the "Holy Cow!", a micro-brewery across Las Vegas Blvd. from the Sahara. I'm with Peter Shipley, his girlfriend Tracey, Mark Trumpbour, "Rich"--a self described "spy" who works for Chevron, and a couple folks I don't know. We drink Raspberry Wheat Beer out of a huge glass bottle set in a bucket of ice and talk about computing. Tracey shows me Fuckball Tetris--a version of that game which makes sounds indicative of great gastric dis- tress. It also has a tendency to insult you and cheat. It is a must have. We also discuss the commute from SLO-town (San Luis Obispo, California) to the Bay Area. I make a note to tune in 97.1 FM next time I'm in SLO. * Afternoon. More sessions. "Theora" leads a panel discussion on computer security. We learn that anonymous remailers don't real- ly assure you of anonymity, that anon.penet.fi has been comprom- ised, that PGP will do you no good if you use it stupidly. Perhaps most interesting is Mark Aldrich who tells us about cryp- tography as it relates to the 2nd and 3rd amendments. This is prompted by a bumper sticker he saw--"Fear the Government that Fears Your Guns". He substitutes "cryptography" for "guns". How does this relate to the 3rd amendment, an obscure amendment prohibiting the quartering of troops in a citizen's house except during wartime. His point--what if the soldier they want to quarter is an IC? It doesn't sound so far-fetched to us because he works his way backwards from being forced to quarter "Robocop" to being forced to quarter a single IC--as in Clipper. Where do you draw the line? The audience asks him if the 2nd amendment currently applies to cryptography-- not an unreasonable question since the government has put certain encryption technologies on the controlled munitions list, prohibiting their export. His answer--you probably wouldn't get it through the courts. * "Historically, more people have been killed by governments then criminals." -- Phil Zimmerman A "cool toy demo" is supposed to be next, but no cool toys ma- terialize. Yawn. Then Michael Parris of Privacy Electronics, who tells us, in direct contradiction to Gail Thackeray, that 90% of today's wiretaps are illegal (he has been told this by law en- forcement), and he characterizes present day wiretap practices as "fishing expeditions". Illegal taps are called "confidential sources", illegal tapes are saved and bootstrapped in when a war- rant is issued. And despite Gail Thackeray's insistence that the government must have the capability to protect us from terror- ists, not one Title 3 warrant was pulled for a terrorist investi- gation between 1989 and 1992. His is a frightening message-- that the government cannot be trusted. I suspect much of the au- dience already believes this. * Pirate radio was to have been next but I slip out and accompany Peter over to "Holy Cow!" where I end up at a table with Amy Har- mon from the Los Angeles Times (who reminds me of Winona Ryder in "Reality Bites") and three anonymous hackers. I feel ill at ease since they all know I work for a Telco, but the beer starts to flow and they finally start talking--mostly about the Internet and in particular how to transmit voice over it. They finally go off in search of someone rumored to have the hardware necessary to demo this here in Las Vegas. I head back to the hotel. * July 24. I arrive late for Padgett Peterson's talk on viruses and anti-virus measures. The scope seems to have expanded so that much of the talk concerns itself with Internet "insecurity". He discusses a number of problems such as port 25 or SMTP at- tacks, the presence of "Received From" headers in mail messages, and that tracing on the Net is not only possible, it's legal. The bottom line is that the Internet is not like a phone line, it's a packet switched network in which all of this information regarding originating nodes must be present in order for traffic to flow. It's as if you got Caller ID without paying for it, but there's no "*76"! In essence there is no anonymity on the Inter- net, and there really can't be because of it's underlying struc- ture. Audience questions tend to be heavily virus-oriented. Most interesting is his claim that every resident virus can be detected in 11 bytes by stepping through the Interrupt Table. He tells us that when he alerted Microsoft to this situation they said "it was not in their business interest to provide such pro- tection". This does not really surprise the audience. Stephen Donnifer follows with a talk on micro-power or "pirate" radio. He's started an organization called the Free Communications Coalition or "the people's" FCC. His goal is to take back the airwaves as a public forum--they should not just serve as the voice of corporate america. In fact his view of the Internet is somewhat similar--he believes it to be a powerful resource because it allows us to communicate without any govern- mental or corporate control. He is trying to bring this kind of freedom to the airwaves (eventually including television). He tells us it will take effort. It will take "bodies in the street--government has never been responsive to a well-crafted dialectic." * "Congress is bought and paid for by Corporate America. We don't have democracy in this country." -- Stephen Donnifer Winn Schwartau is up now with a talk on "information warfare". He recites a lengthy litany of our potential vulnerabilities-- malicious code, viruses, sniffers, ESS hacking, chipping (chang- ing EPROMS to introduce hardware "trojan horses"). Each of these could be incredibly effective and incredibly dangerous in the hands of a wealthy individual. For instance the military relies on IC's but it doesn't have the resources to test every chip. He concludes with perhaps the most frightening technology--Herf Guns [sp?] which generate incredibly high levels of electromagnetic radiation that will either crash the target machine (if you're lucky) or else crash it, erase the disk, and possibly even fuse the silicon barriers on the chips! A typical herf gun is back- pack sized, costs about $150 to build, and puts out an incredible 16 Megawatts of pulse. We learn that the United States actually deployed these type of weapons in bombs against Iraq in 1991--RFI weapons destroyed the Iraqui air defense system. * Lunch time. I go over to the "Holy Cow!" to look for Peter and who should I run into but my friends Kim Gurwin and Joan Blye from Detroit. Kim is a manicurist. Joan drives a semi. (Real- ly!) I try to explain to them what this conference is about, why it features a "Spot the Fed" contest, why the conference program has etiquette instructions titled "If you are going to bust any- one"... I am not entirely successful--and this is a problem that we will all face if we hope to have any sort of coherent National Information Policy--we must assist those not in computing or telecommunications to understand the new world of cyberspace. It will not be easy. * On my return from lunch there is a lock-picking demo going on down in the lobby. I miss this, or more likely I simply fail to notice it. In the conference hall a voice piped in from some- where is demonstrating social engineering for us, calling room 6340 at the MGM Grand, the room of Tori Welles, nude dancer at Club Paradise, trying to get her real name. He talks his way past the switchboard but Tori is not there, only a friend who won't give out Tori's name. Score one for common sense. * "There will always be bugs in the future. As long as Microsoft's around, anyway." -- "Dead Addict" "Dead Addict" presents his vision of two futures for us in the afternoon--Utopia versus Dystopia. He starts by telling us about his current state of disillusionment--"A paranoid person is one who is well-informed". He sees the Internet as being a positive force toward his vision of Utopia, in which there is universal access to all knowledge, artifacts, works of art-- in which there are no hidden secrets. Education becomes not the assembly line practiced in today's factory-model schools, but an individual sculpting of each student. People do the jobs that they like to do and hence are more productive. There are no patents to foster all of the redundant research that goes in in today's world so that whoever gets to the objective first locks everyone else out--instead scientists would work together and be far more ef- fective. His is an idealistic vision. His vision of Dystopia is essentially just an extension of life as we know it today. Restrictions and government regula- tion are the norm, cookie-cutter education and dull, boring jobs are everyone's lot, government and corporations are the only winners. Dead Addict's visions of alternative futures seem to be the social equivalents of "1" and "0". * Dr. Mark Ludwig takes the stage. He is famous to these people as a creator and chronicler of computer viruses. Today he will tell us "how to get a laugh when the Feds show up at your door". He recommends that we cover our assets in offshore bank accounts-- for this he recommends "The Offshore Nestegg Strategy" available from Privacy Reports, Inc., 26a Peel St., Ground Floor, Central, Hong Kong. He also emphasizes that we store our computing tools and programs in encrypted form on a 2G DAT tape and make copies and store them in several places. Finally he thinks it would be a good idea to make friends overseas. In this way we can "be a customer" for different governments and shop around. His message is well received. * Analiza T.orquamada is next. She is from the UK and is working on a documentary film entitled "Unauthorised Access". The film however is not yet completed so I drift to the back of the hall to talk to Peter and Mark. It has been an interesting and en- lightening 3 days. Peter is reading the first draft of this article--he suggests that I try to characterize the crowd. This is difficult. There do seem to be some Feds, of course. A cou- ple of RBOC people like myself... Mostly the crowd consists of young computer-literate males with somewhat questionable ethics, and "novel" ideas about the way the world works. I don't find that they are, in general, smarter then other people--but they are perhaps more dedicated to their hobby/career and to sharing information. But it has been worth it to me to talk to them, and to meet those few people like Peter and Tracey and Mark and "Dead Addict" who really are smarter than most of the crowd. It has been a worthwhile conference because of these people. I am sorry to go but I do. Kim and Joan are waiting for me and I go to meet them, anticipating a vodka and tonic and a conversation without a single reference to computers. * PS--a big "thank you" to the Dark Tangent for organizing DEFCON II.