DefCon: Hacker Conference Exposes Lax Security Of Companies, Other Hackers

At DefCon, Even the Hackers Can Get Hacked

LAS VEGAS -- There are so many ways to get hacked at the world’s largest hacker conference.

A hacker could bump against your pocket with a card reader that steals your credit card information. Or a hacker might eavesdrop on your Internet traffic through an unsecured Wi-Fi network. Or a hacker might compromise your cell phone while you charge it in the hotel’s public phone-charging kiosk.

The Internet connection here has been dubbed "the world’s most hostile network." You might want to avoid the A.T.M.'s, too.

Welcome to DefCon, where thousands of the world's best code crackers gather each year to discuss the latest hacking techniques -- then occasionally try them out on each other.

More than 10,000 hackers and security experts have descended upon the Rio Hotel and Casino in Las Vegas this weekend for three days of lectures and contests.

Admission to DefCon, now in its 19th year, is $150, far less than Black Hat, a cybersecurity conference held earlier this week at nearby Caesar’s Palace that cost around $1,500.

At both conferences, hackers can make a name for themselves by demonstrating how they found security flaws in technology that most observers would consider well-protected or harmless.

At DefCon this year, there are presentations on how to hack office printers, wireless water meters, smart phones, laptop batteries and the network used at correctional facilities to open and close prison doors.

For the paranoid, there is a presentation on how to destroy data if you're "convinced that the black helicopters are incoming and ruthless feds are determined to steal your plans for world domination," according to the conference program.

The conference also offers more than 50 games and contests to challenge hackers. In one room, techno music thumps over loud speakers as teams of hackers hunched over laptops try to steal files from each other in a game called "Capture the Flag."

Another game gives contestants five minutes to hack into a voting machine. Yet another contest, called "Crack Me If You Can," challenges teams to crack as many passwords as possible in 48 hours; the winner gets $600.

Some DefCon attendees complained Friday on Twitter that A.T.M.'s inside the convention hotel were out of service. To some, this was no surprise. After all, hacker Barnaby Jack demonstrated at Black Hat last year how to hack into an A.T.M. Two years ago, a malicious A.T.M. was placed at DefCon and stole data from conference attendees before it was detected.

Some companies see the hacker conference as a place to scout for new talent. In June, Facebook hired George Hotz, the young hacker who gained notoriety in 2007 for "jailbreaking" Apple's iPhone, getting around the phone's software controls.

Companies exposed for weak security are not the only ones being embarrassed at DefCon. If a conference attendee logs on to her email account, for example, using an unsecured wireless network, her username and password are posted on an electronic board known as the "Wall of Sheep."

Brian Markus, chief executive of Aries Security, said his company runs the "Wall of Sheep" to teach a lesson on Internet security. He compared using unsecured networks to the free-love ethic of the 1960s and 1970s when many people had unprotected sex.

"Today, everybody is connected and they need to go out and get protection because the environment has changed," Markus said.

Most DefCon attendees are particularly cautious about security, going so far as to use only their online nicknames at the conference. Many attendees are young, wear dark clothes and sport a wide range of hairstyles -- including mohawks -- with enough hair colors represented to match a Crayola box.

Not everyone here is a hacker, though. Employees of federal agencies also attend, giving panel discussions and inspiring a traditional game among hackers at DefCon called “Spot the Fed.”

Friday's program included a beer-chilling contest, where contestants competed to cool beer that had been sitting in the hot desert sun. Two participants, Chris McMinn and Chris Lopez, built an 11-foot-long contraption from aluminum and steel pipes that they said cools beer from 90 degrees to 40 degrees in four seconds.

They did not win the contest, but they didn't seem to care.

"We did it more for the glory," Lopez said. "All of our science teachers would be very proud."

McMinn added: "Where else would you chill beer for sport?"

Go To Homepage

Popular in the Community