August 5, 2006

DEFCON 14 gets off to a late start

Author: Joe Barr

In retrospect, it was probably a mistake to arrive at DEFCON 14 early Friday morning in hopes of avoiding some of the crowd at registration. Nonetheless, in spite of several spurts, sputters, and delays, it is now safe to say that the occasionally ordered chaos that is DEFCON 14, the largest hacker's conference in the world, is off and running.It's hard not to compare DEFCON and Black Hat, since Jeff Moss -- aka Dark Tangent -- runs them both. Black Hat is commercial, professional, designed to appeal to security pros, and now owned by CMP. DEFCON is designed to appeal to the hacking community. It is wild and chaotic and does not belong to CMP. Here's a prime example of what I mean.

After waiting about 45 minutes for registration to begin, I was told that members of the press were to register in the press room, but that the staff who would handle that had not yet arrived. I decided to wait in the press room, but on the way there I learned from a team of three hotel security officers manning a checkpoint in the hall that I could not enter that area of the hotel without a red badge. That's the color reserved for DEFCON staff, lovingly referred to as goons. Not until 10 AM, at least.

Finally, 9 AM arrived and I was issued a green badge: green in order to warn attendees that I was a member of the press. Unfortunately, I still couldn't get to the press room since only red badges were allowed past the checkpoint. I finally asked a goon acquaintance to escort me past the guards to the press room, and was able to get in and get set up before the first presentations were scheduled to begin.

At 10 AM sharp, I was in the first row of hall where Atlas was to appear and explain how he had graduated from script-kiddie level to becoming a real hacker by virtue of writing and proving his first exploit.

But at the appointed time, it was not Atlas who took the podium, it was a goon. He took the mike and spoke addressed the throng, saying "Good morning, and welcome to DEFCON 14. Now turn around and get the fuck out."

Most laughed at the joke. But then he repeated it, saying he wasn't joking. He explained that due to a problem with the fire marshal, every presentation room would have to be emptied and inspected before the conference would begin. We were told there would be a one hour delay before the presentations began. Then it became a two hour delay. They finally started at 12:30 PM.

I never made it back to the hall where Atlas was going to describe his metamorphosis. I couldn't get out of the press room. There were simply too many interesting people to talk to.

The Kingpin and the badge

AP News had a camera crew and reporter in the press room, and they brought Joe Grand in to film an interview with the man responsible for this year's badges. I asked him for a few minutes of his time after the AP interview was done, and he obliged.

Joe is a nice, bright, young man. He runs a company called Grand Idea Design, which creates cool things. Things like this year's badges, which are nearly a work of art and should prove nigh on impossible to counterfeit. If you're not familiar with DEFCON history, part of the game is to sneak in by any means possible, including making counterfeit badges.

As you can see, this year's design consists of a skull and crossbones, except that the skull is actually a smiley-face with twin blinking lights for eyes. The design is actually cut into a working printed circuit board which contains a micro-processor to control the lights, a battery, and a function switch which also turns the lights on and off. In between the on and off there are four different combinations of light activity: in the first position, both lights are on; in the second, both blink in unison; in the third, they blink alternately; in the fourth, an extended pattern of blinks is executed; and the fifth time you press the switch, they shut off again.

I asked if Joe Grand was his real name, and he said yes, although at one point in his life, he was known as Kingpin. As we talked, I further learned that he had been the youngest member of the L0pht Heavy Industries, creators of L0phtcrack and other goodies. At 17, he was the youngest member by 6 or 7 years.

He was part of the L0pht crew which joined @Stake in 2000, but left the professional security firm a couple of years later. I also learned we had both attended Hohocon in Austin during the early/mid 90s, though probably not the same year.

Dead Addict

While Joe Grand looks like he could be a tennis professional at a tony country club, Dead Addict looks and dresses more like part of the dark side of the computer underground. I've seen him at every DEFCON and Black Hat I've attended. That's a small number of shows, but each time I have wanted to learn who he was and what he was about. So while the DEFCON was on hold waiting for the fire marshal's approval, I asked if he could spend a few minutes with me in the press room.

I learned that the reason I always saw him, was that he has been a part of DEFCON/Black Hat since the beginning. He works these days doing independent QA for a large, multi-national corporation which he declined to identify, but did say they sent him to the show each year. Sometimes he presents, sometimes he is just a goon. That is the case this year.

We talked a little about QA, and I asked if he used Fuzzy tests, which seem to be hot in the security community. Dead Addict told me that he thought fuzzy testing was a fine technique, but that personally he was more of an intuitive tester. Then I asked him to tell me about the beginnings of DEFCON, and how it came to be.

He explained that Dark Tangent had run a BBS which served almost as a message conduit for a lot of other boards which were part of the computer underground and eventually became an accepted member of the community. Jeff -- aka Dark Tangent -- decided to create a con where the BBS community of hackers could meet in person. But with a couple of important distinctions which made it different from other cons.

For one thing, they invited law enforcement to attend. For another, they also invited the press. Both represented a major break in traditional hacker cons. Dead Addict was instrumental in getting one of those law enforcement officials, Gail Thackery, to attend. Thackery had been the prosecutor in the infamous Sundevil raids.

Her first reaction was no, she didn't want to have anything to do with it. But eventually she came around and was a speaker at DEFCON 2.

Among other things, we also talked about how computer security had changed over the years. Dead Addict said something I thought was very astute: "The previous generation of computer security professionals did not get their start as 'computer explorers.'"

Secure VOIP

I also got a chance to chat for a few minutes with Philip Zimmermann, the creator of PGP, who was here to speak about his latest project, Zphone.

He explained how the encryption in Zphone is different than that of PGP, which was designed for encrypting email and requires perseverence of the keys. In Zphone, the key is negotiated when a phone call is started, and discarded at the end of the call. It's very similar to the type of encryption used by the White House when President Bush makes a secure call.

Also in retrospect, I wish now that when I made the travel arrangements months ago for Black Hat and DEFCON, I had allocated more than one day for the latter. DEFCON 14 runs through Sunday if you're in the Vegas area.


  • News
Click Here!