DEF CON 30 Short Story Writing Contest
https://media.defcon.org/

HOMECOMING

By Triple-H

PART 1

The year is 1981. Dad just arrived home with a most excellent package. His five kids are all here in the living room, ages 8 to 19.

I'm 14 and about to enter the ninth grade. I grew about six inches over the summer and lost my baby fat. I even got up the courage to talk to girls at the pool party today.

Despite being a little bleary-eyed, sunburned, and smelling of chlorine, I perk up in the air of anticipation. We all know what this package contains.

We're helping to open all of the little sub-packages. Dad has spared no expense, buying all of the bells and whistles you can get. He's doing a pretty good job of staying patient and not yelling at anybody, because he does that sometimes. There are five of us, after all.

Mom is cooking something delicious in the kitchen but occasionally pops in to check in on the excitement.

Everyone is curious about the main box, but I can barely breathe. I feel as if I'm the one who's mainly flipping out about this thing.

Finally, it's unwrapped, revealing a large, beige plastic box about the size a typewriter. There's a rainbow-colored apple with a bite taken out and interesting lettering:

Apple ][
(in what I later came to find out is Motter Tektura font) and a little green Plus underneath.
"Plus" sounds way better/faster/more advanced than just ][.

The computer has a brown keyboard, with 1-9, 0, */:, =/-, and RESET across the top row. The rest of the keyboard looks pretty familiar with QWERTY, etc.

The only other odd keys are that one that says REPT next to the RETURN key, and a couple others that are somewhat arcane -- ESC and CTRL.

Dad has to shoo us away momentarily, as he is about to open the cabinet and doesn't want any little hands or additional electrostatic discharge getting in during this delicate operation.

I should mention dad is an electrical engineer and (literally) a rocket scientist. He works on ring laser gyro navigation systems for Atlas and Centaur rockets. So, dropping in a Language Card to the computer's slot 0 to expand the memory up to a whopping 64 KB is not a big challenge for him.

I didn't realize how cool this was at the time. Most kids, if they even had a computer, did not have one with two floppy drives -- allowing you to leave your boot disk in while loading another program off the second disk -- and also qualifying you to be the neighborhood hero who could copy disks!

And those other kids certainly did not have a dad who, even before plugging in his computer for the first time, maxed out its memory, allowing It to run almost any program (and fast!)

Dad finally has everything connected: floppy drives, a killer green and black CRT monitor, cables, game controller ... it looks like those systems you see in Mission Control before launch.

He inserts a master system disk into the first floppy drive. It clicks into place, and he closes a little hatch over it, locking it down. He has already rigged a strip to power on both the monitor and computer at the same time. He reaches back and switches on the power. There's a single "beep", and we hear a fan blowing inside the cabinet, while a light comes on the floppy drive, and guttural sounds emit from it.

Something happens on the green monochrome screen. It says:

DOS VERSION 3.3 08/25/80
APPLE II PLUS OR ROMCARD SYSTEM MASTER
(LOADING INTEGER INTO LANGUAGE CARD).

Don't let the keyboard's SHIFT key fool you; everything is in caps on the Apple ][ Plus.

Dad informs us that DOS is "Disk Operating System." He explains that it's the software that runs all the programs on the computer and lets it interact with the computer's Central Processor Unit (CPU), memory, and storage.

This wonderful new nomenclature is mellifluous to my ear.

Because of the computer's Language Card, we can run both Integer BASIC and AppleSoft BASIC.

Steve Wozniak wrote Integer BASIC, and it was pretty good, except for one thing – it didn't support floating point arithmetic; because Woz was primarily interested in writing games, for which integers alone were sufficient.

But to compete with the Commodore, which has floating-point capable BASIC, Apple bought this other BASIC from Microsoft and made it the main language for the Apple ][. In fact, we learned that to get into Integer BASIC, you type INT, and to get into AppleSoft BASIC, you type FP (floating point).

When the system stops booting up, there is a ] prompt with a flashing green block.

Dad is quickly perusing the manual to see how to get a directory listing of the disk.

My little brother (age 8) has wandered off, as there are just green words on the screen. My 16 year-old sister has also lost interest, as a boyfriend has called. My two older brothers are still in the living room talking about what's for dinner and the games they want to get.

I eagerly await Dad's typing of a command to see what this amazing machine will do next:
] CATALOG
DISK VOLUME 254
HELLO
ANIMALS
APPLE PROMS
APPLE VISION
BIORHYTHM
BOOT 13
BRIAN'S THEME
CHAIN
COLOR DEMO
COLOR DEMOSOFT
COPY
COPY.OBJ0
EXEC DEMO
FID
FPBASIC
INTBASIC
...

Some of the programs have an A in front of them, meaning they're AppleSoft BASIC programs. Others have an I, meaning they're Integer BASIC. Still others have a B.

Dad says don't worry about those -- they are binary programs that the computer runs itself during boot up. Of course, I should've paid more attention to those BINs early on, as it might've helped me with binary exploitation CTF challenges in the future.

Dad runs the BRIAN'S THEME program, Copyright 1979 by Brian Howard. It tells us "Stepping by 5", and it is drawing these beautiful vectors on the screen. They are all expanding out from a central vertex, but they have this circular, swirling pattern in them. It's mesmerizing.

The image disappears, and now it's "Stepping by 4" and drawing something equally amazing. We go through several iterations of this before we "PRESS THE 'ESC' KEY TO STOP." I quickly learn what that key does.

Dad types "LIST" to show us a listing of the source code for BRIAN'S THEME. I look at the code and try to understand what it's doing. There are line numbers to order the code. Stuff with a REM looks like human comments, not program code. Those must be ignored by the computer.

VTAB and HTAB evidently move to different parts of the screen. PRINT prints something to the screen. There are some mathematical equations and FOR X = 1 to 1500. Not sure about those. PEEK and POKE are rather mysterious. I shall learn about those later.

Dad runs the COLOR DEMO program, which tells him to use the game controls and buttons to draw. He is drawing all over the screen with this joystick thing and lets those of us who are left try it as well.

Soon, everyone has come back into the room to witness the spectacle. I don't remember eating dinner that night or how late we stayed up playing with the new toy.

The next day, I jump out of my bed before dawn to get first crack at the new rig. I bring it to the ] prompt with the flashing cursor. I load up BRIAN'S THEME and ANIMALS and other programs and list their BASIC code.

And then, I am ready to write my own first program:
] 10 PRINT "JEREMY"
] 20 GOTO 10
] RUN
JEREMY
JEREMY
JEREMY
JEREMY
JEREMY
...

It fills the screen and just keeps going. It's pretty cool at first. It looks animated. I have animated my name to the screen. But then, I panic a little when the ESC key doesn't work to stop all of those JEREMY's. I have not learned CTRL-C yet. So, I just power off the computer.

==========

PART 2

The year is 1983. We have now shed our 300 baud modem in favor of a new, incredibly fast 1200 baud Hayes Smartmodem. I have memorized the dialup sounds and can tell immediately if we have a successful connection or if something is off-kilter.

Initially, on the 300 baud modem, it was a high-pitched sound, followed by an answering lower pitched sound, and then some modulating noises. On this new 1200 baud Hayes Screamin' Machine, it's a pulsing high-pitched sound, followed by a higher, steady sound, and then a "static" sounding jumble before everything is connected and kosher.

I have also learned a little about the modem command language which allows the computer to make control requests over the same RS-232 interface used for the data connection.

Long Form Short Form n value in ATXn
0 1 2 3 4
OK 0 x x x x x
CONNECT 1 x x x x x
RING 2 x x x x x
NO CARRIER 3 x x x x x
ERROR 4 x x x x x
CONNECT 1200 5 x x x x
NO DIALTONE 6 x x
BUSY 7 x x
NO ANSWER 8 x x

I connect to an online service called CompuServe and play a trivia game. All night. I am ranked DEF CON Forums in the world on this game.

About a month later when he receives the bill, Dad tells me to "cut it out." He changes his password. After about 10 attempts, I guess his new password, and I'm on again. Did I mention that the computer is actually hosted in my room? How did my folks possibly think I would not be up all night on this device?

Dad changes the password again. This time it is something hard and unguessable. However, he has written it down on a slip of paper that's in his wallet. Obtaining this is -- trivial.

I'm on once again, and this time when the bill arrives, my folks have a "come to Jesus" meeting with me. I mean, it's crazy the price of these online services. You can buy a printed newspaper out of the bin for 25 cents, or you can download one in about two hours at a cost of $5 per hour (after 6 PM).

Obviously, the hundreds of dollars per month bills are putting a bit of strain on the family budget.

Fortunately, I find out about something else online in a CompuServe forum – it's a way to access information freely via something called a bulletin board system (BBS). This is incredible. I'm able to get to games and forums for freeeeeee!

I even go to a local meetup that's being organized by someone called a sysop (the BBS administrator). I am 16 now and drive there with two of my high school friends whom I have also gotten to dialup into the BBS. Most everyone else here is in their early 20s.

There is a lot of beer and drinking and exactly one girl (out of about 25 people). I come to realize that the sysop's sole reason for having the party is to meet this one particular girl. He is all over her, and I don't think she's that much into him. We are not that much into drinking, and for whatever reason, the people here aren't that much into talking about gaming and computers. So, we leave; I guess we'll just limit our interactions to the online kind from now on.

In school, I am taking an Intro to Computer Science class. It's cake. I am actually teaching our teacher, Miss Morrison, a thing or two.

We also are pulling a few dumb stunts, such as telling the TRS-80 to print out the value of Pi to the printer on a Friday afternoon. It is using that green and white lined paper with the perforations on the edges to allow it to be fed through the Epson MX-80 dot matrix printer. When everyone comes in on Monday, we have printed out the entire box of paper. No one admits to it, and I think Miss Morrison is somewhat bemused. However, she is not going to waste that paper. For the rest of the term, we have to print out on the other side of it.

For my final project, I write a game called "World War III" in AppleSoft BASIC. It is a text-based adventure game with some opening splash screen graphics and 8-bit music. It is about 10,000 lines of code that makes heavy use of GOTOs and GOSUBs, which I find out later on in college computer science classes is a bit of a no-no and leads to unmaintainable "spaghetti" code.

But my program works great; everyone who plays it loves it. Except Miss Morrison. I get my grades in the mail at the beginning of summer break, and she's given me a C- in the class. I am flummoxed and immediately call her up to find out what's up. She says the floppy disk I gave her with the game was unreadable. This happens sometimes when you reuse those 5.25" floppies. I had taken one and hole-punched the other side of it so that I could load it upside-down and use the flip-side.

Upon bringing her a new disk and playing the game with her, she is astounded. She changes my grade to an A+, and I get a paper certficate as top CS student at the end of the year awards ceremony. Something to add to the ol' scrapbook.

==========

PART 3

The year is 1991. Somehow, I made it through four years of college in only six years. It's those doggone labs -- one credit hour for something that takes all week.

I am now at a defense contractor writing Ada code. Yes, it is named for *that* Ada, the daughter of Lord Byron, considered one of the first software developers for programming Charles Babbage's 1837 Analytical Engine. Ada is a strongly typed language considered to be good for software engineering. Basically, if you can get it to compile correctly without any warnings, you are in pretty good shape (unlike C, in which you are just beginning your problems!)

As software engineers, we are rated by a few things -- e.g., how many source lines of code (SLOCs) we produce and how few software problem reports (SPRs) are written against our code.

As I am going through the legacy project code, I find this giant, and I mean humongous, IF-THEN statement that has about 1,000 conditionals. I see that it's poorly programmed and mind-numbingly inefficient. I reduce it to a type definition with separate representation clauses for each of the conditionals. That takes it down from 1,000 SLOCs to one. However, this throws off the coding metrics. The program is now shrinking instead of growing, and that is bad. I am instructed to revert back to the inefficient code.

Then, there are total of five unresolved SPRs written against about 20,000 SLOCs to which I contributed. That is a 0.00025 rate. I am taken to task for this during my annual review. However, I have come in armed with data -- that industry averages between about 0.020 and 0.048 bugs per SLOC are normal. I am orders of magnitude better than that. It doesn't matter. I am told to take this as "coaching" and just improve for the future.

My disillusionment with the software development world is exacerbated by my experience in the test lab.

We develop all of our code on a VAX VMS system, and then, we have to copy it over to run on the testbed in the lab. That testbed is rig with 12 Motorola 68040s connected via a VME parallel backplane data bus.

We have a common login on the lab testbed, but everyone has to copy his or her code over from their own account. Someone has made this simple by writing a script that takes your login credentials and does all the copying for you. I realize that it is a simple matter to alter the script to store a copy of people's credentials to a file in /tmp. Within a week, I have the passwords of everyone on the team.

I decide to tell the lab "czar" about this and recommend that we kill the shared account and use only individually named accounts on the system. But instead of welcoming my bug discovery and responsible disclosure, I almost get fired for "hacking."

==========

PART 4

The year is 2007. I have now been teaching my "Principles of Computer Security" class as an adjunct faculty member at the university for about seven years. I am in Las Vegas at the Riviera Casino, where our student hacking team has made it to the finals of Defcon Capture the Flag -- considered the world championship of hacking.

We have captured lightning in a bottle: that one moment when everything comes together and people accomplish a Big Thing.

I had approached the university back in 2000 looking for some advanced graduate coursework in cryptography and network security. They didn't have any.

But I had just finished up an internal company course on crypto (we were making cryptographic key fill and in-line encryptor devices for three-letter-acronym agencies) and had gotten my CISSP credential; so, I had a lot of study materials on "infosec basics."

The school asked if I could put together an undergraduate course in computer security. I foolishly said yes, and this would take up a lot of my time over the next 20 years.

Back when I graduated from college, there was no such thing as cybersecurity. I was a computer science major. Back then, you found yourself in security either by accident or necessity.

Today, they have tenure track faculty teaching security, and they have a bachelor's degree, master's degree, and doctorate in Cybersecurity. There is a $30 million state-funded Center of Excellence. I would like to say I had a little bit of influence on that.

Early on, the computer science faculty were convinced that my intro to security class was just a fad, and that infosec studies would surely go away at some point.

In 2001, a student told me about Defcon. She went every year and hung out with thousands of other hackers. It sounded cool, but I didn't know if I would ever get there. I had never been to Sin City. It sounded like a boondoggle.

Then, in 2004 my company sent me to the Black Hat Briefings, and I got a free Defcon ticket with it. I went to the first day of the con and was blown away. Technical talks in giant circus tents. Geeks walking around in shorts, many shirtless. A CTF room that had lasers and pulsating music. It looked more like a rock concert than a technical event.

Enthralled by competing in that atmosphere, I came home and told my class we were going to start a CTF team. I hung a few flyers around campus, and when the word got out, it created a buzz. The school newspaper splashed the headline: "Can you hack it?" I got called into the dean's office for a chat about this venture. I assured them it was on the up-and-up, and that we were primarily concerned with teaching outside the classroom and providing an outlet for critical thinking. They said they were going to keep a close eye on it.

The university sent in some of their IT leadership to investigate at our first meeting. They quickly realized that we were well-intentioned and *mostly* posed no harm.

There were a few incidents over the years. Some of our guys ran a password cracker on the school's supercomputing cluster for about two years before it was noticed. And there were some unsolicited bug notifications on the school website (SQLi and XSS) and payroll system (allowed directory traversal to see anyone's SSN). In my opinion, the school should've thanked us for the responsible disclosure of the latter, but as was the case with my own lab czar experience, this was perceived as unwelcome "hacking." I ended up talking to the dean's office on behalf of club members three times.

There was standing room only at our first meeting. Almost 100 people showed up. I am not kidding you; it was in Room 1337 of the Engineering Building. I have to say, that was a bit of room reservation serendipity.

We didn't know what we were doing, but we figured it out. Our first real competition was iCTF put on by the Shellphish team at UC Santa Barbara. We finished 13th. By the next year, we moved up to third.

I still recall our first CTF breakthrough. It was on a Web challenge. Basically, by manipulating the URL directly, you could pull up other pages and view/change content. Pretty low-hanging fruit by today's standards, but back then, it was CTF gold.

I worked all night once on a CRYPTO 500 challenge and finally figured out the decrypt key was the first letter of each country from which you had to proxy in a network connection to the server. Crazy!

For the Kenshoto 2007 Defcon CTF qualifiers, there was Jeopardy! style board with different categories on it:
BINARY LEETNESS FORENSICS WEB HACKING POTENT PWNABLES TRIVIA

We had gotten pretty good at all of those. I can picture every challenge in those quals. The first was a road sign at the corner of 0Day and Illuminati Streets that turned out to have some EXIF metadata in it that led to some location in Massachusetts.

We stayed up for almost 48 hours. When you have that much Red Bull and that little sleep, there are going to be some issues. I had to unwrap one guy's hands from another guy's neck at one point. But eventually, we all made up and got some sleep. We finished sixth and made it to the finals.

Here I am in the finals of Defcon CTF. I have to pinch myself. This is the end of a long journey that started with that first Apple ][+ and guessing passwords and reverse engineering scripts and learning crypto. Now, I am at home with my people. And we are hacking.

END