Fear and loathing in Las Vegas

Hunter S. Thompson would approve

Hunter S. Thompson would approve. The misanthropic old hell-raiser was there in spirit last week as over 3,000 hackers, crackers, journalists, security gurus, police and federal agents brought the curtain down on the seventh DefCon conference in Las Vegas.

DefCon (the name comes from the "defence condition" codes that grade US nuclear forces's readiness from a peacetime 5 to the apocalypse-now level 1) has grown from just 100 people seven years ago to become the major computer underground event of the year. Code names are obligatory, with media coverage quoting people identified only by online aliases such as "Freqout" or "Hacq".

Security, and how to breach it, was much in the air and participants insisted "no-real-names" was a necessary precaution. It seems likely, though, that the necessities of style had as much to do with the aliases as those of security.

Formal discussion of technical standards and communication protocols, security seminars, retelling of exploits and rowdy socialising were the order of the day.

READ MORE

This year has seen a series of high-profile computer security alerts from viruses such as Melissa to the invasion and vandalism of leading websites. Even the White House, FBI and New York Times sites have suffered. The site invasions are tracked at www.attrition.org, which says that 1,500 sites have been hacked so far this year. There is, however, a cheerleading element to the coverage at Attrition (and at www.2600.com) as the vandalised versions of the sites are carefully archived.

With this background, it was inevitable that the "white hat" (benign) hackers and "black hat" site crackers would be joined by large numbers of law-enforcement officers. Throughout the conference a rolling "spot the Fed" competition allowed the audience to challenge anyone present as a federal agent. The person pointed out was called to the platform for some good-natured questioning ("Are you allowed to carry a loaded, concealed gun on commercial aircraft?" for example). An affirmative answer meant an FBI agent - and an "I spotted the Fed" T-shirt for the one who had pointed them out.

With so many law-enforcement staff - up to 20 per cent of the attendance by some estimates - representing agencies from police through security services and FBI to postal inspectors it might have been difficult to frame the right question. Not all the Feds were looking to prosecute. Some were reported to be recruiting, looking for those with the right security skills and, er, "experience" to protect their communications.

The path from cracker to security expert is a well-worn one. This year's conference had a special beginners' section to prevent newbies from clogging up the seminars with basic questions. At the same time, previous leading participants were present with new-found responsibilities as security consultants.

"Being a hacker is kind of like being a supermodel," hacking legend Kevin Poulson, a speaker at the conference, told USA Today. "Eventually you grow up and move on."

One group showing no signs of moving on yet was Cult of the Dead Cow (CDC), the hacker collective that took the limelight by releasing an upgraded tool that can be used to hack Windows systems. Their Back Orifice 2000 (BO2K) was launched with a light and music show that parodied a conventional program launch. The largest hall at the event was filled to overflowing as the update to Back Orifice (released at DefCon last year) was heavily publicised in advance.

BO2K is a remote-control program that now attacks Windows NT/2000 computers as well as the Windows 95/98 models vulnerable to the original program. Once it is run on a computer, according to security company Network Associates (www.nai.com) it "turns a user's system into an open client, giving virtually unlimited remote access to the system over the Internet. "Anyone remotely running the other half of the Back Orifice software can then control the user's computer to do anything that they could do while sitting in front of it, including reading or deleting all files on the computer."

Unsurprisingly, Network Associates advises an immediate upgrade to anti-virus software. Microsoft has warned of the dangers of running any program from an unknown source.

The name is a play on Microsoft's Back Office business software. CDC says rather disingenuously that BO2K is not intended as a hacking tool, but that it wants to highlight security issues in Windows. One CDC member, "Deth Veggie" said: "Our position is that Windows is a fundamentally broken product. Hopefully, this will force them to fix this thing."

Microsoft angrily rejected CDC's claims. Its manager for Windows NT security said "I certainly categorise what they're trying to do as being malicious . . . This program they have created has absolutely no purpose except to damage users."

Meanwhile, the high stakes in the crackers versus trackers stakes were underlined as DefCon ended when Kevin Mitnick made another court appearance. Mitnick has been in prison in the US for almost four and a half years since being arrested on hacking charges.

He has not been convicted but a plea-bargain deal earlier this year should mean he is released from prison within a year. At last Monday's sentencing hearing, sentencing was put back by a fortnight while the issue of compensation to his victims is resolved.

Mitnick's supporters (www.kevinmitnick.com) say that the government is looking for $1.5 million in restitution, but that companies from which he is has admitted copying software cannot justify the sums claimed for the damage that the copying did to them.

"The issues of how the companies involved in this case can claim such huge losses despite never having reported them to their stockholders, and how much soliciting the FBI did to get those letters claiming specific loss amounts . . . remain unanswered," his supporters' website states.

fomarcaigh@irish-times.ie