Security Watch | Matt Hines » Defcon diary: The real story

August 06, 2007 | Comments: (0)

Defcon diary: The real story

TAGS: Security

At Defcon, hacker hobbies turn into careers, and careers support hobbies, writes contributor Andrew Brandt

At the 15th Defcon computer security conference in Las Vegas, hackers, computer security professionals, and government cybercrime experts from around the world converged on the well-worn Riviera Hotel and Casino to share secrets and prove, once again, that none of us are as safe as we think from prying eyes.

[ See slideshow: Inside Defcon 15 | Plus: Dateline NBC 'mole' outed and booted from Defcon ]

But as important and technically sophisticated as the training sessions and panel discussions are, many who attend this annual gathering come primarily for the friendly competitions, the social gatherings, and the chance to show off their really cool gizmos and creations. Some never attend a single training session, opting instead to spend three days and nights hunched over glowing laptops in a virtual competition of Capture the Flag, where the "flag" is a computer server the participants attempt to break into over an internal network and, once inside, secure against attack from the other players.

Other extra-conference competitions include Coffee Wars, where hacker-roasted beans slug it out in a taste-off; the Lost @ Con Mystery Challenge, a complex puzzle where teams must employ a wide range of research, codebreaking, and lockpicking skills in order to open a haphazardly-wired, circuit-boarded, padlocked, and welded box made of quarter-inch-thick steel; Defcon Bots, in which teams of robotics engineers teach and tweak computer-controlled pellet guns to aim at and shoot plastic pellets at targets autonomously; a Guitar Hero contest(played on an appropriately-modified Xbox 360); a wireless hacking challenge, featuring a tower built out of 11 Linksys wireless access points and network switches; and the LPCON, a timed lockpicking and lock cylinder disassembly/reassembly contest for those hackers more interested in physical security than computer security.

To accommodate this level of obsessive-compulsive computing, a support network of vendors sells everything from clean clothes to caffeinated mints as well as a wide array of surplus military-grade electronics, tools, lock pick kits and books, and other hacker essentials. Many vendors attend the conference year after year with most selling out of their most popular items in the first 36 hours of the conference.

Some of the most entertaining moments at the conference have nothing to do with the conference at all but come from attendees who bring their hobbies to the 'con. One attendee who works in the energy industry, proudly showed off his creation -- a hand built laser display system capable of rendering both text and animated graphics.
Another walked the conference halls in full regalia of a Ghostbuster, including a highly detailed homebuilt Proton Pack of the type worn by the actors in the movie.

But the conference yielded its own share of surprises this year. In one talk by security expert and Defcon Goon (staff member) Zac Franken, he described and demonstrated a device he built that can manipulate the access control systems used in thousands of office buildings by exploiting the Wiegand protocol, which those access control systems use to communicate with card readers, keypads, or biometric devices.

Another speaker, a woman with shocking pink hair who goes by the hacker handle Neonrain, described how she and her conference partner designed and built a Tetris-like video game that can be controlled with a biofeedback device called the Wild Devine Lightstone. The blocks in the game fall at a rate that varies as the player's pulse rate changes, so players who can maintain a steady heartbeat can more easily manage the game than can a player who gets excited.

Even the conference badges were a hacker's work of art. For the second year in a row, electronic engineer Joe Grand, who runs his own electronics design firm called Grand Idea Studios, designed and built elaborately contrived electronic badges. This year's badge featured an array of LEDs that users could program with their own scrolling text messages. Buttons were cleverly disguised as symbols printed on the front of the badge; The instructions and details about how the badges were designed and built were included in the form of a poem, also written by Grand, and printed in the conference schedule booklet, which began:

170 hours of total time spent
2 nights of my honeymoon (oh, how I lament!)
3 circuit board revisions to get it all right
863,000 total components bring them to light
6800 hackers wearing the badge in all its glory
If you want to learn more, please read this fine story

Posted by Mike Barton on August 6, 2007 04:30 PM

RATE THIS ARTICLE: