Too legit to quit

Wired:   I'm in Las Vegas for the 15th annual DefCon conference, possibly one of the strangest conferences to have endured as…

Wired:  I'm in Las Vegas for the 15th annual DefCon conference, possibly one of the strangest conferences to have endured as long and as healthily in this city, writes Danny O'Brien.

Even after a decade and a half, Vegas is really not sure of DefCon. Its attendees are notoriously averse to gambling, drinking or heavy tipping. They tend to stay in their rooms and only emerge in the night to go to their own loud and intensive dance parties.

They look strange. They dress in black in the 90-degree sun. They invite federal law enforcement agents. Hotel machinery tends to break in strange ways when they are around. This year, every one of them is walking around with a piece of electronics that looks like either a card-counting device or a type of primed time bomb.

DefCon is the biggest computer hacker conference in the world - and that's hacker in the popular sense - cohorts of underground computer experts who enjoy dismantling, breaking into, understanding and exploiting phones, computers and other technology. Most of its participants hide behind exotic pseudonyms - its founder is known by most as DarkTangent, though here among his friends, you occasionally hear him referred to as Jeff.

READ MORE

DefCon used to be infamous beyond annoyed hoteliers at Vegas. Among computing professionals, it had a reputation as a coterie of rogue elements, shady and untrustworthy. Among those whom you might think of as its allies - the working stiff geeks of Silicon Valley and beyond - there was little respect. DefCon, the traditional view states, is the home of "crackers", not hackers - teenagers and worse who break security because they don't have the education or ethics to do something more interesting.

Fifteen years on though, and even teenagers mature - as do markets. The bulletin-board users who started DefCon in 1993 have grown up and have families and careers, often connected to the community that has grown around the conference.

A vibrant security industry has emerged around DefCon. The speakers and attendees are far more likely to be those defending the internet from attack than holding it to ransom. These days, DefCon is matched, if not in numbers then certainly in income, by its corporate spin-off, Black Hat.

Black Hat brings security professionals up to date with what the bad guys - the black hats - online are doing. DefCon lets them meet the "grey hats"; those whose work wobbles between lawful and illegal.

There aren't many industries that work this way; you don't get many safe crackers attending law enforcement conventions (or do you?). But time, familiarity and a constant two-sided battle to bring down stupid criminals who might ruin the network for hackers, businesses and government alike has brought the computer underground and its more legit cousins together.

For the computing industry and wider society, the results appear to have been for the good. Academics and computer security professionals can peer into and knowledgably comment on what is happening in the "commercial" black market formalware, the shady marketplaces where deals are struck between criminals and black hats for control of millions of infected PCs.

But DefCon is far more of a fun event, even as it fills more with maturing consultants and professional troubleshooters than dyed-hair geeks in drainpipe trousers and black T-shirts. Attendees play "spot the Fed" as they attempt to uncover visitors from law enforcement. Lock-picking contests and competitions to "own" (break into) sacrificial PCs let everyone hone their skills.

Despite the dodginess, it's hard to convey how uncriminal this world really is. If anything, these attendees despise trickery with ill-intent. They firmly defend the right to learn anything ("or learning how to learn", as one competition winner describes the DefCon way), but are hard on anyone who misuses their power - especially when it is not one of their own.

This year, one undercover TV journalist attempted to sneak into the conference without declaring her press credentials. Standing out like a sore thumb, she was quickly identified and exposed. In a typical prank, the DefCon attendees quickly mocked up their own paparazzi storm of video-recording pursuers, who showered the fleeing journalist with the type of question that her TV show, Dateline, usually reserves for its victims.

On the weekend of DefCon, a few hundred miles away, the skills it teaches and illustrates were being put to the best use possible. The Californian government, concerned at accusations that its electronic voting machines might be hackable, recently ordered that its e-voting machines be handed over to security experts who could test their vulnerabilities.

Like the hackers at DefCon, they knew enough sneaky tricks to act like vote thieves - and like the hackers, they found flaws everywhere. They included hard-wired passwords of 12345678 and software that would willingly reboot and install any malicious software from disk.

In the last minutes of an August 3rd deadline, a shocked Californian secretary of state, who had been assured of the machines' invulnerability by their manufacturers, de-certified every e-voting machine in the state.

The DefCon hackers may act secretively, but their relative openness about their interests serves everyone well. Better that the Feds are here to listen than to guess the underground's next steps.