How do you distinguish DEF CON from Comdex or Share or any other information

technology gathering? DEF CON is the one to which attendees are merrily

encouraged to bring firearms.

About a dozen did just that. One day they went deep into the desert to

shoot large-caliber rounds at full cans of Mountain Dew and a paper likeness of

Bill Gates. Nobody thought to bring clay pigeons, so for skeet shooting, they

made do with America Online CDs.

I'm an Internet consultant from Minneapolis. I like to think I'm an

upstanding member of the mainstream information systems community. So I was

nervous about attending DEF CON V, held last month at the Aladdin Hotel and

Casino in Las Vegas [CW, July 21].

But I was also drawn by the opportunity to learn network security

techniques from the very hackers who break in to computer systems. DEF CON's

organizer, known as Dark Tangent, touted the fifth annual event as (among other

things) the conference for computer hackers, password crackers, virus coders

and phone phreaks.

I was uncomfortable because computer hacking and wire fraud aren't

generally discussed by us polite corporate IS types, and we normally don't come

in contact with those who participate in such activities. At least, that's what

I thought before the conference. Now I'm convinced we have contact with hackers

all the time. We just don't notice them - and that's the way they like it.

But there are times when hackers go out of their way to get noticed.

One day during DEF CON, a group traveled three hours north of Las Vegas to a

government facility known as Area 51. This is the place - very much in the news

lately - where it's long been rumored that the government is conducting

research with technology recovered from a crashed alien spacecraft.

When the hackers reached the security fence surrounding the compound, th

ey lofted aluminum foil attached to helium balloons and watched the devices

float within the scan of Area 51's radar. Minutes later they were asked to

kindly leave the premises.

And the duck sang 'Blue Suede Shoes'

You expect vendors at any computer conference. At DEF CON V, entrepreneurs

peddled logo parody T-shirts, books on hacker culture and piles of used

telephone and computer hardware.

Even here, though, there was a hack. I felt sorry for the T-shirt

salesman who lost much of his inventory when the sign that originally said "$20

each" was replaced by one that read "Free, take one."

And there was a vendor-sponsored scavenger hunt. Items on the list

included the following:

A security camera (60 points)

A foreign Web page "redecorated" by the hunter (15 points)

A live duck (20 points)

The hacker with the most points got to grab items from a box filled

with used computer and telephone components.

And yes, somebody found a duck.

Did you say root beer jugs?

One guy showed up with a handmade rail gun. A rail gun moves a lot of

electrical energy down a conductive track. Along the way, it can fire a

projectile at speeds approaching 10,000 meters per second. It discharges so

much power, the designer used graphite disks as projectiles. Anything metal,

you see, would have been welded to the gun.

The graphite projectiles were expensive, but the gun was otherwise

built from hardware store items and scrap. The major design problem - the need

for a large amount of power - was solved with banks of "Tesla-style"

high-voltage capacitors made from root beer jugs, salt water, bolts, wire and

tin foil.

"I'm doing this to prove that you don't have to be trained in something to

do something. Most of the people in this room know that, but the public at

large doesn't," the designer said.

That simple truth justified my attendance at DEF CON. I won't be able

to convince myself any longer that I lack the training to make a system secure.

There should be ways to a secure system, even if the path requires an

untraditional route.

Holy Cow, a Las Vegas microbrewery, originally agreed to give a free

beer to anybody with a DEF CON badge. The offer was published on DEF CON's Web

page (www.defcon.org), and coupons were printed.

But shortly before the convention, Holy Cow changed management. The new

boss refused to honor the free beer commitment.

When the bad news was announced, conference attendees jeered. But the mood

changed to anticipation, then wild laughter as the announcer said, "So I

visited their Web page ..." At this point the crowd started chanting, "What's

their URL? What's their URL?"

The lack of free beer didn't stem the flow of alcohol. Drinking games

thrived.

In one - "the T*****/IP game" - the goal was to determine how much beer a

panel of experts could consume before they became incapable of answering

questions on topics such as firewall filtering or bit-level Internet protocols.

Another favorite game was Hacker Jeopardy. Categories included We Still

Hate Cyber Movies, Some (Inter)net Security and Aliens Among Us.

And then there was the "Spot the Fed" contest. It's a fact of DEF CON life

that federal law enforcement agents attend the conference. Squares like me, the

feds hope to learn the latest tricks of the trade. But unlike me, they keep a

close eye on who's who at DEF CON - groups, trends and leaders are all

monitored.

I was amazed as three consecutive federal agents were spotted and

marched sheepishly (but good-naturedly) to the podium. In each case, the agent

was correctly identified solely through the social engineering skills of a

hacker. Winners received T-shirts and a round of applause.

I can't recall ever seeing an industry show with as much audience

participation as DEF CON. A simple question such as, "How many of you hackers

program with the keyboard in your lap?" filled the conference room with cheers

and whistles. Pleased by the results of his informal demographic study, Doug

Hacker (yes, that's his real name) proceeded to toss handfuls of his invention,

the Lap Clip, to the audience.

Throwing was the method of choice for distributing prizes - and there

were countless prizes. People would stand on their chairs and dive for

copies of books, such as E-mail Addresses of the Rich and Famous or obsolete

computer boards. It wasn't uncommon to see CD-ROMs or unprogrammed cellular

phones bounce 50 or 100 feet into the audience.

The main door prize was - what else? - a door. It came from a GTE Corp.

service truck. It was not thrown into the audience.