Silicon Graphics. It's what you do with it.

It takes a hacker to catch a hacker

Part 1: Security experts flock to Las Vegas to recruit hackers
Part 2: Beyond the pranks
Part 3: Merging with the enemy
Part 4: In full swing

Published: August 10, 1997

Special to the Mercury News West magazine

In full swing

Sometime after 9 p.m., the conference officially kicks off with Hacker Jeopardy. (``He wore a frilly dress and was in charge of the FBI.'' ``Who was J. Edgar Hoover?'') Panelists who err must gulp down a swallow of beer.

The sign that Def Con is in full swing is the arrival of hotel security. Minutes after stepping from the podium, the Chris I'd watched working his girlfriend's thigh is taunted. Some guy sneers that it's too bad about what happened to his ``boxes,'' hacker rap for an attack on his computers that cost him thousands of dollars. Chris spits, and the taunter punches -- from behind. Security beams down and then a polished San Francisco lawyer hot to represent hackers negotiates on behalf of her ``clients.'' She quickly defuses the situation: They get banishment from the hotel, no jail, no fine.

The female factor at Def Con is proof that hackers and computer security are now cool. I interview two professional women from a Big Six accounting firm. One is a CPA, the other works in computer security, ``trying to gain more knowledge to protect clients against unwanted intruders.'' Just how different is this from past conventions? Let's put it this way: Attractive women without body piercings didn't go to Def Con. As one veteran hacker puts it, shaking his head, ``What is it with the babes?''

I introduce the Big Six accounting women to another Chris, one of the nation's premier tiger testers, and a former member of the notorious Legion of Doom hacker gang. Chris and two fellow tigers join us for a little dancing at The Drink, Vegas' hottest nightspot. These guys thump confidence. One of them -- not Chris -- has this thing where he touches a part of nearly every well-proportioned woman who saunters by, bare midriffs, elbows, hair. I keep expecting somebody to slug him, but the women don't even react.

Handguns and hired guns

The desert and mountains stretch before us, downtown Las Vegas just a mirage. The cops didn't look in the trunk, and they didn't find the guns. And after grumbling about the $150 fine for the illegal turn and missing registration, Rambo is ready to move on to more critical matters. He passes the empty reservoir that our directions said was a lake. At the sign that says, ``Wild Burros. Do not feed or harass. $25 fine AND THEY BITE,'' he hangs a left on a dirt road to nowhere.

A rock clangs against the car's underbody and Rambo winces as the car wobbles like a toy boat in a tub. A mile or so later, Rambo pulls over amid cactus, brush and dirt.

As the second car in our group lurches to a halt in a cloud of dust, the weapons emerge: a 357 Smith & Wesson, several 9mm semi-automatic handguns, and, of course, that Chinese-made semi-automatic rifle. No one is sure whether this is where we were supposed to go and whether it's legal, but hey, it's far enough off the road, a hill makes for a safe backdrop, and there's all that ammunition in the trunk just waiting to be fired.

Hackers at Def Con V Mercury News photo by Michael Rondou
The audience, including Dead Addict, an earlier speaker here perched on a table, listens to one of the convention speakers.
A few minutes later, I'm walking through the desert shaking up diet Root Beer cans and sticking them on boxes. Shadow, a bulky kid from Fremont in jeans and a green canvas shirt, joyfully exclaims, ``I love destroying Diet Root Beer!'' Rambo, his two 9 mm hand guns holstered, and his ear muffs hanging around his neck, repeats the rules of fire, looking into the eyes of the shooters as he finishes with a simple non-negotiable demand: ``No assholes.'' I take up position 15 feet behind the hackers, with Shadow and a couple of other unfortunates who don't have guns.

``Load and make ready,'' Rambo orders.

The chambers click in, the ear muffs slip over. I squeeze my eardrums tight with my fingers.

Rambo's first shot explodes a soda can, sending a plume of root beer skyward and launching respectful cheers from the peanut gallery. Pop, pop, pop, go the guns, interrupted by an occasional schwiiiiiing as a bullet ricochets off a rock.

After about half an hour of plugging my ears, I squeeze off a round from a 9mm semi-automatic and earn some respect by knocking back a can of root beer. Rambo arranges a contest, and looks like the winner when he cans his soda in 3.34 seconds on his first shot. But Shadow squeezes like a pinball wizard and nails his third shot in a blazing 2.13 seconds.

Then it's the grand finale. ``What about shooting at Bill Gates?'' Shadow shouts. Chip, a jovial IBMer with a hearty belly and a T-shirt that reads, ``Life is too short to smoke cheap cigars,'' pulls out a target from the car of a mugger waving a gun, and writes ``Bill Gates'' on it. Even Big Bluers, it seems, love to hate Microsoft.

The target is destroyed by a fusillade.

``I want to thank you all for satisfying my personal fantasy,'' an ecstatic Shadow announces, ``We shot the s--t out of him.''

As we get in the car, Rambo suddenly looks familiar. Not too long ago an IBM hacker -- one of the world's premier tiger testers -- was featured in a major New York Times article. ``That was me with my parrot on my shoulder,'' Rambo says with a smile. ``IBM rents me out.'' Nick (Rambo's real first name) was barefoot in the Times photo, shown working from his Boca Raton, Fla., home. The self-taught programmer uses Linux, a free program that is the favored operating system of many hackers.

It all makes sense. Somehow I'm not surprised that the guy leading the desert shoot is a highly respected and well-paid corporate hacker, the ideal to which many Def Con attendees aspire.

On the leisurely drive back to Vegas, I ask Rambo and Chip about corporate hacking and their thoughts about their amateur brethren.

``We're $3,000 a day -- per person,'' Rambo says, ``plus travel, plus living.'' Chip jumps in, ``We're big guys, we eat a lot.''

So how does this work? How does one authorize Rambo and Chip to crack a multinational corporation's computers? The hackers give the clients boilerplate ``intrusion'' agreements and instruct them to retype their legalese on their own corporate stationary. ``They're specifically authorizing us,'' explains Chip. ``It's all illegal'' without the agreements. ``There are no time limits. They accept all liability. It scares the living daylights out of them.''

Rambo and Chip consider it their job to find problems, and thus they often find themselves purveyors of bad news. It's not for the faint-hearted, says Rambo: ``If they want fairy tales, don't call us.''

Nor do they see themselves as part of some establishment crackdown on hackers. ``We're not in the business of putting hackers in jail,'' Chip explains, saying playing cops and robbers doesn't pay for corporate America. ``Leaving your corporation at risk [from more intrusions while law enforcement investigates] and spending time and money with feds is expensive.'' What about Bug Busters, hackers like Mudge and Hobbit? ``Anyone who finds and publicizes vulnerabilities is good,'' Chip says. ``What can you say bad about these guys?''

Before I check out of the Aladdin, I'll talk to the hacker who led a troop in a Humvee out to the Air Force's mysterious Area 51, released a makeshift helium balloon wrapped with foil to trip the radar, and watched with amazement 14 1/2 minutes later when a Navy F-something screamed within 500 feet of the provocateurs. I'll find the pirate hacker radio station putting on a demonstration of techno free speech: Up in a Def Con suite, the pirates are broadcasting on 99.9 FM, playing swiped local FBI and law enforcement transmissions, eerie music and hacker interviews. And I'll sit Nirva down for a chat. Def Con's resident cyborg, Nirva's hair is flamingo pink and electric blue, a spike sticking out of his lip, steel twirling from his ears -- what he dubs ``projects.'' He's slowly unwrapping the ace bandages on his wrists as he tells of the operation he underwent a month ago, the insertion of large surgical-quality steel rings under the skin on the top of his hands.

``It's subtly extreme,'' explains Nirva of his motivation for making the backs of his hands resemble symbols left by aliens. There are plenty of freaks here at Def Con, computer drones who crave the attention they can attract by dyeing their hair or strapping on leather and steel. Nirva, surprisingly, isn't one of them. His name is Danny Dalai and he programs for the premier Wall Street investment firm D.E. Shaw & Co. After a year and a half of high school, Nirva entered a school for ``degenerates,'' passed his equivalency exam in three weeks and was soon consulting. His father designs jet engines for Boeing and GE, and his mother ``starts companies.'' Nirva just turned 20, and he says that between his D.E. Shaw salary and selling his own programs he'll make nearly a quarter million in this, his first full year of work.

But I wouldn't bet on this soft-spoken, articulate prodigy becoming a company man. Nirva may be the perfect poster boy for the New Hacker Generation. As he covers up his implants, he smiles and says of his Wall Street employers, ``I'll be there as long as they keep me happy.''

JONATHAN LITTMAN is the author of ``The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen,'' published by Little, Brown. His e-mail address is .

News Library