If You Build It, They Will Con

by Declan McCullagh   July 15, 1997

     Perhaps the thinking behind DefCon went something like this: Lure hundreds of hackers to Las Vegas in the middle of the summer, ply them with cheap beer, talk about packet sniffing, and observe. Last year the result was self-organizing chaos, capped by an event where the hired strippers were upstaged by a band of exhibitionist conferencegoers. "The pimp was like, 'Oh my God,'" says Dark Tangent, DefCon's organizer.

     Last weekend's fifth annual DefCon may have been a little less raucous, but it was no less important as a place where hackers from around the world gather to socialize, gamble -- and glance around furtively trying to spot the government agents who infiltrate the convention. (Bonus: If you guess correctly, you can take a prized "I Spotted the Fed" T-shirt home with you.)

     Naturally, DefCon has always been populated with a slew of specialized talks on "Hacking Novell Netware" and uses of "embedded microcontroller applications." But this year, speakers such as Richard Thieme spoke of finer points: For instance, how hackers should avoid merely imitating their predecessors' exploits. Instead, they should learn the intricacies of computer systems themselves. "This is really functioning as a call to excellence," Thieme says. Then there was Carolyn Meinel, who maintains the "Happy Hacker" mailing list. "You don't need to break the law to be a hacker," she told me.

     Maybe not, but the DefCon crowd -- mostly teenagers and twentysomethings -- wasn't listening. Some tried to pass counterfeit $20 bills when registering. ("We'll beat your ass," Dark Tangent warned afterward.) Others tried to snatch the DefCon banner from the convention hall. By the time the conference began, the hotel's antiquated phone system had been penetrated and instructions distributed on how to call long distance for free. The hotel's radio frequencies quickly appeared on the DefCon mailing list. On Friday evening, security guards booted two revelers after a hallway skirmish led to blows. And someone was carrying around a door to a GTE truck -- I never found out why.

     All of which might explain Las Vegas's growing reluctance to host the event. Dark Tangent says the convention has become virtually blackballed. "You're dicked. There's no place to go," he says. This year, Dark Tangent had to rename the convention "DC Communications" and take out $1 million in liability insurance. He also moved the conference to the Aladdin, a ramshackle hotel -- complete with faded purple carpets and cheesy lounge singers -- that seems the only venue now willing to risk hosting DefCon.

     Still, the Aladdin seemed a choice venue for Winn Schwartau, the "InfoWar" crooner whom many hackers love to hate. He showed up to host two rounds of Hacker Jeopardy. Teams of digerati took turns heckling Schwartau and competing in categories such as National Security for $300: "A: The two possible meanings of DOS. Q: What are Denial of Service or Disk Operating System?" Or, "A: The assistant director of the FBI who handled the TWA investigation and was behind the Clipper Chip. Q: Who is James Kallstrom?"

     Bruce Schneier, author of "Applied Cryptography" (and the star of his Hacker Jeopardy team), spoke on Saturday about "Why Cryptography Is Harder Than It Looks." He warned of overconfidence when designing a cryptosystem: "The math is perfect. The computers are bad. The networks hideous. The people worse." Says Schneier, "We need to recognize the limits of the possible."

    Sameer Parekh, president of C2Net, spoke the next day about offshore crypto-development: "We export jobs, not crypto." Jobs seemed to be what many in the crowd were looking for. As one generation of hackers gives way to another, a new batch of self-anointed "security consultants" appears on the scene. Of course, there are never enough scouts in attendance to hire them all.

     Dejected, and unable to hack more than the hotel PBX, some found solace in the seamier side of Las Vegas. I saw a note inviting everyone to a "StripperCon" that was being held down the street at the Tropicana Hotel on Saturday night. I went gambling instead.

     Short $75, I wondered whether next year's DefCon would be worth attending -- that is, if it happens at all. But surely there will be a DefCon 6, and since Internet Underground has gone to pasture, who else will there be to cover it? So I poured another shot, dialed 9# on the wall phone and placed a long distance call to the editor. On the house.