THROUGH THE LOOKING GLASS DEF CON 7 ----------------------------------- by Doug Mohney With over 3,000 attendees this year and camera crews from 60 Minutes, ABC News, and Japans NKK TV stacked up to interview DT and first-day speaker/convicted felon Kevin Poulson, the DEF CON hacker convention has reached a critical point in its history. The Cult of The Dead Cow (www.thecultdeadcow.com) used the occasion to do its official roll-out of Back Orifice 2000 on Saturday, unveiled to a packed ballroom in a multimedia extravaganza complete with rap music and spinning Texas Longhorn skull graphics. For seven years, the DEF CON hacker convention has descended upon Vegas. It started as a glorified party and has evolved into an event creator Dark Tangent/Jeff Moss DT for short freely admits he no longer controls. Its taken on a life of its own, he said, I can only orchestrate. During DEF CONs vivid history, the convention was banned from one hotel and caused others to cringe from the antics of a minority group of kiddies who don' know the difference between a good hack and vandalism. This year was no exception as someone swiped a microphone from the 60 Minutes camera crew. The common word in many independent accounts of past DEF CONs is weird. DEF CON 7, held at the Alexis Park hotel on July 9-12, 1999, was no exception. Not strange or abnormal, but weird. When Rolling Stone magazine gets around to covering DEF CON some year, Hunter S. Thompson should be called out of retirement; between the mind games, alcohol and guns, Raoul Duke would be right at home. DEF CON and Vegas are made for each other, a 24x7 city for a conference that goes 24 hours a day. According to the hotel bar, the RAF is the only group to out-drink us, said DT with a hint of pride in his voice. One of the more bittersweet ironies at the conference was a well-timed hack attack on DEF CONs official Web site (www.defcon.org). WHO DO YOU SERVE? WHO DO YOU TRUST? DEF CON operates on multiple levels, depending on, as part of the opening challenge in TNTs Crusade series asks, who do you serve and who do you trust? Some attendees served governments foreign and domestic. Some were too young to serve anyone but themselves (and acted it), while still others were security consultants for major corporations. DT does business at $50-a-head in cash, so there are no hard statistics on the ratio of civil servants from three-letter agencies to under-20 youths. No credit cards, as you might suspect. Who you trust becomes a very important issue, especially since DEF CON seems to attract a more-than-average share of kleptomaniacs every year. Mudhead, a forty-something computer programmer in a black T-shirt with a California surfer look, put a different spin on the conference. It's all about relationships. The abuse of relationships, or making relationships, he said as we chatted by the pool on the last day of the conference. Being out by the pool and being able to exchange information with some very intelligent people makes the conference worth while. DEFCON <> TAILHOOK? While the mass media has painted an over-sensationalized picture of DEF CON as a gathering of near-rabid criminals, stalked by Big Brother Feds and stoked by camera crews who want the guy with the most piercings and off-green hair to put into their 30-second footage, the reality is different. How does this compare to Tailhook? I asked the hotel PR staff in my best leading question style. In their opinion, DEF CON was mild to moderate in comparison to conventions held by corporate groups and the crowds appearing in conjunction with some of the Hard Rock Hotel converts. Stu Platt, general manager of the Alexis Park, was happy and described the attendees as a nice group of people. Of course, five minutes after I wandered into the vendor hall, one of the exhibitors did his own exhibition, hopping on top of the table, pulling off his shirt, dropping his black jeans and dancing around in a black leather g-string matched tastefully with his studded black-leather collar. Later during the day, the ad hoc Master of Ceremonies, a six-foot, six-inch giant nicknamed Priest, dryly issued advisories between speakers such as, Don't throw flares in the elevator and If someone hands you a bag with something in it, don't eat it. This is DEF CON. it. This is DEF CON. 1F NOTHING ELSE, KEEP YOUR MOUTH SHUT One of the reasons DEF CON is such a weird and awesome event is the variety of speakers from both sides of the tracks, both hackers and law enforcement types. Convicted felon Kevin Poulson kicked off the conference to a packed ballroom, paired with hacker lawyer Jennifer Grannick, to explain a citizens rights during police search and interrogation. Poulson did five years of jail time, was banned from the Internet during his initial parole, and is the subject of a book by Jonathan Littman called The Watchman. Ira Winkler, a later speaker, noted if Poulson hadn't said anything when the FBI had come knocking on his door, he might not have done jail time. In a case of where art and life mixed together, Poulson used the Unsolved Mysteries segment done on him as his introduction to the audience. His speech was interrupted on multiple occasions as someone disrupted the ballrooms audio system. Make no mistake, Poulson isnt your ordinary multiple-piercings, black T-shirt geek. During his bad boy days in the late 80s and early 90s, he tooled around Los Angeles in a Porsche and picked up women in strip clubs. He got the Porsche by taking over the 25 inbound dial-up lines of a local radio station, giving himself the slot of caller number 102. Today, he's a computer programmer and a contributor to Wired and ZD-TV. DT described Poulson as an urban legend of hacking and wanted to expose people to him so they could form their own opinions. A counterpoint call for ethical responsibility was given on Saturday morning by Phillip J. Loranger, a Vietnam and Gulf War veteran now working in the Department of the Armys Information Assurance Office. He appealed to attendees to consider their actions carefully when moving from benign exploration of systems to a more destructive approach of modifying Web pages or changing important data. A famous patriarch for the dark side once said, Luke, I am your father, but he also lit the night sky with his burning carcass ... It may be fun to be the bad guy, said Loranger, but in the end, when it comes down to an eternity of hell and damnation, a few hours or days behind bars or the FBI beating down your door in the middle of the night, wouldn't you rather choose the big hat and cleft chin of Dudley DoRight? (Note to Phil: Thomas Magnum or Neil Armstrong might work better; Dudley is ugly.) Crypto expert Bruce Schneier (www.counterpane.com) wowed the crowd with the latest information on protecting data. One of his more interesting pieces of work is a solitaire encryption algorithm featured in Neal Stephensons Cryptonomicon. Yes, Mr. Bond, Schneier created a way to encrypt messages using a deck of playing cards to generate an encoding key. The write-up on Counterpane Systems Web site is worth reading even if you aren't a math geek. Schneier is genuinely enthusiastic about his field and had the audience spellbound. Schneier is one of a group of repeating DEF CON speakers including such fun people as Ira Winkler, John Q. Newman, Gail Thackeray and Kevin Higgins. Winkler is a graying former NSA employee who does Fortune 500 security consulting and pops up every year to talk about the pros and cons of hiring hackers. Newman a nom de plume has written several books on personal privacy and creating other identities. Thackeray and Higgins are attorneys, working for the states of Arizona and Nevada respectively, who participated in several computer crime prosecutions. _________________________________________________________________ Missing Page 3 _________________________________________________________________ Clear-cut victory was convincing the fed to reach into his telltale fanny pack to pull out a badge and display it to the audience. A record 25 T-shirts were given away during the conference this year, and a number of GS-ers have quietly sought out DT for I am the Fed T-shirts to take home with them. Master of ceremonies for the verbal pillorying in Spot the Fed this year was the aforementioned giant, Priest. He claims to play rugby, but you can't be sure about that, since Priest is a master of the art of social engineering. Trying to get his real name, his real day job or any substantial information from him is about as useful as trying the old Jedi mind tricks on Jabba the Hutt. At the end of the conference, he sat poolside giving romance counseling to a 19-year-old woman while he casually flipped through the contents of her wallet. On stage, Priest played head games with both the suspected Fed and audience hecklers with equal skill, using a combination of wit, kindness and sympathy on the Fed - Sir, its OK, it's just you and me here and brutal comebacks to taunting participants. Sir, were your parents married when you were born? Early on Saturday, a bunch of black T-shirt types went out into the desert with weapons and ammo and shot holes in paper targets and other inanimate objects. The official DEF CON Shoot is in its third year. Bill Gates (on paper) seemed to be a very popular target, and FBI attendees were invited to tag along and pop some caps. Perhaps future DEF CON events will include a triathlon format hack (computers), shoot (weapons) and spot (the fed). If you weren't into slinging lead, Winn Schwartau presented the latest and greatest information on electronic/RF weapons designed to fry computers, radar and radios. According to Winn, you can buy surplus Russian electro-fry equipment on the Internet that will do a number on unshielded computer equipment from a mile away for less than $500 in parts if you have the proper antenna design. Schwartau encouraged budding EMP experimentalists to stay away from microwave electronics, due to its detritus effects on the brain and reproductive organs, and stick to working with low power devices. NEXT YEAR IN VEGAS DEF CON conference planners have signed a four-year contract with the Alexis Park Hotel, so the convention will likely be staying in one place for a while. However, some people grumbled that DEF CON has gone too mainstream between the media attention and a separate conference track for newbies. Dark Tangent didn't really seem too phased by the criticism. When Kevin Mitnick gets out of jail, said DT, he'll get an invitation to speak at DEF CON.