Blackhat Briefings: Hacker Court 2004


Author: Joe Barr

BLACK HAT BRIEFINGS, LAS VEGAS, NEVADA — The third annual presentation of “Hacker Court” — entitled “Pirates of the Potomac: Curse of the Bl4ck P3rl” — was held Wednesday afternoon. I spoke briefly with Carole Fennelly, one of the founders, and Weasel — sometimes an actor, sometimes a member of the production crew, and sometimes technical researcher — to learn more about the group’s history.

Carole explained that she and a friend had been in a Blackhat technical session on forensic analysis four years ago and the presenter obviously didn’t know or understand the subject matter. She and a friend corrected him constantly during the session. Afterward, more than a few people suggested that the two of them give the presentation the next year. They chose a trial setting in order to be able to present two sides to an issue: the hacker side and the prosecution’s side. A new case for Hacker Court is created, researched, and presented each year.

In this year’s case, Captain Jack Hack is charged with breaking into a Naval Academy computer and removing sensitive documents, which he then allegedly tried to sell to a foreign intelligence service. The prosecution presented forensic evidence showing that the intrusion into the Naval Academy came via a rogue (unauthorized) Wi-Fi access point. Logging by the WAP revealed the external IP addresses of the intruders.

The feds requested and received identification of the users with those IP addresses at the time of the attacks from the appropriate ISPs. All those identified lived along the Potomac River, close to Annapolis. Further, each of them was using a WAP in their home. None of the home users was considered knowledgeable enough to have been responsible for the attacks.

Only a few of the home WAPs had logging enabled. But each of them that did revealed an IP address assigned to Captain Jack Hack had associated with them at precisely the same time attacks occurred. The feds seized laptops belonging to Captain Jack and a man who had worked for him. Both machines yielded their own interesting forensic evidence.

If all of this is coming across as dry, technical, and perhaps boring to everyone except those with a healthy interest in Wi-Fi security — or lack of same — that simply highlights another thing provided by the trial settings: comic relief. The audience was laughing at the lines of the characters throughout the session, which ran a full hour overtime.

Adding to the fun is the fact that real hackers, lawyers, judge, and forensic experts played the various characters. The judge is a real federal judge, the lawyers are lawyers, Captain Jack was played by Simple Nomad, and the forensics expert is exactly that for the USAF OSI.

The verdict? I’m glad you asked. In her summation, Captain Jack Hack’s attorney pointed out the MAC address for the wireless NIC found in his laptop did not match the MAC address recorded in the various WAP logs. She then concluded, “If the MAC doesn’t fit, you must acquit.” The result was a hung jury.

The following photos show Captain Jack Hack, the Court Clerk (played by Carole’s daughter, Caitlin), and Judge Pro. The event proved so popular Anthony and Cleopatra made an appearance.


  • Security