Hacking the planet

DefCon harbors sex, geeks and rock 'n' roll in one sleepless package

By Joshua Ellis and Patty Walsh

There's a scene in the retarded hacker flick Swordfish in which slick mastermind John Travolta gives grungy super-hacker Hugh Jackman a challenge: hack into the National Security Agency in a minute or less, while some hot club whore blows him under the table.

This has probably never happened to any hacker in history -- but if it did, it would probably have happened at DefCon. What began 12 years ago as a Vegas get-together for a small group of geographically disconnected online friends has become a gigantic free-for-all in which thousands of hardcore hackers, wardrivers, security consultants, federal agents, wannabes and groupies do their level best to outthink, outdrink and outparty one another.

In the truest sense, hacking is not an act; rather, it is a viewpoint, a set of tools for thinking about how to interact with systems. The late Judith Milhon, one of the first female hackers ever, defined hacking as "the clever circumvention of imposed limits." The early hackers at MIT and Stanford had limited access to the huge, expensive mainframes on which they worked, and so they devised clever and exotic ways both to gain more time and make their programming time more efficient.

One classic story details a computer manager who began locking the door to the computer room to keep the scruffy hippies out at night. When he returned in the morning, he found the entire door to his office had been removed, along with an apologetic note explaining that it had gotten in the way of someone's work.

Of course, things have changed over the decades. These days, your average hacker is just as likely to be a 17-year-old junior punk or goth with an anarchy T-shirt and a sticker of Tux the Penguin (the mascot for the free operating system Linux) on his or her laptop. And while DefCon may have begun as an invite-only affair for the old guard of the computer security elite, these days you're more likely to see the punk kid sitting poolside, making out with a goth chick wearing nothing but strategically placed duct tape, drunk on vodka and Red Bull and the simple gleeful awareness that comes from being surrounded by 5,000 people who are just like you.

This is what DefCon has come to represent for the hacking community: a combination of trade show and Burning Man, debauchery and deconstruction in one sleepless package.

There are three swimming pools at the Alexis Park Resort Hotel. Pool one -- the pool closest to the entrance and the convention area -- belonged to the Goons, the security/logistics crew at DefCon. Generally chosen for their size or physique, they can be intimidating bastards if you don't know what you are doing or where you are going.

Pool two was the social hot spot of DefCon, where the notorious and the newbies partied together. It was also the site of QueerCon, the Friday night party hosted by members of the Seattle 2600 group for gay members of the scene.

Pool three, at the back end of the hotel, was generally more sedate, despite the occasional presence of massive sound systems and drum 'n' bass and industrial DJs.

After-hours socialization at DefCon has always consisted of an endless pilgrimage -- back and forth between the pools and the parties held in private rooms and the never-ending Capture the Flag event, where hundreds of sleep-deprived geeks huddled in a massive convention hall for 36 hours to protect and defend one another's networks. The scores were posted on a giant projection screen at one end of the hall -- which would occasionally switch over briefly to random footage of a pimped-out Ken doll beating up Barbie Ike Turner-style, or the trailer for A Clockwork Orange, or old GI Joe cartoons overdubbed with pedophilic dialogue.

In the dark, the attendees look like the ghosts of long-dead cowboys in black leather and quiet medieval monks, flitting between the palm trees and stucco buildings, chatting away about buffer overflow violations, SSH tunneling, and, always, getting laid.

Sometime during Friday night or Saturday morning, Southern Californian geeks Brandon and Dan had gotten naked with a couple of the party girls that are part and parcel of the DefCon experience. When they'd awoken, the girls had vanished -- along with their clothes. They spent the next day and night clad in nothing but beach towels with vinyl backpack straps serving as belts, trying to hunt down the skanks who'd made off with their clothes.

Their clothes were nowhere in sight at DefCon veteran Bus Driver's party, but neither were the clothes of the local strippers he'd hired to entertain a suite full of sweating, drunken nerds. Surprisingly enough, the pros were something of a bust. It wasn't until a few talented amateurs got up on the coffee tables and started flinging their clothes, swaying to the rhythm of the jungle music pumping outside, when things really began to pick up.

This has much to do with the hacker preference for pale nerdy girls over Botoxed boobie queens. The dancers seemed to leave in something of a huff, unhappy to be ignored in favor of a bunch of small-breasted geek girls in Mardi Gras beads and panties with penguins on them.

Every convention in Vegas is a breeding ground for random illicit sex. But DefCon is one of the few conventions where random, illicit sex is a primary reason to attend -- a fact which amuses and disgusts a lot of veteran hackers.

"The past couple of years, I've talked to people who don't even know anything about computers," one older scenester told us. "They just heard it was a great party. It's like Burning Man -- now, half the people are just wandering around looking for the naked girls."

While the pools were an endless array of amusement and indulgence, a more refined, prominent event took place: the Black and White Ball. The Black and White Ball is like a warped version of prom, minus the jocks, the popularity contest and the superficiality.

Among the guests were Jesus and his Disciples (a group of hackers sporting nothing but white sheets, with "Jesus hacker" carrying the Holy Bible), an S&M bondage couple, some guy dressed up in pimp attire with a three-foot afro wig, and Renderman, the notorious Canadian hacker known for his black fedora hat and his zoot suits.

Another point of interest was the first annual Dunk the Geek, where a speaker, goon or inebriated hacker would sit in a dunk tank and await his or her ice-cold fate for a charitable cause -- the Electronic Frontier Foundation, a non-profit organization that defends digital rights.

The EFF is often considered to be the ACLU of cyberspace. They're legendary for fighting corporate and government interests when they interfere with the rights of cybercitizens. That fight is getting more and more serious every day.

It's difficult to get anybody to go on the record at DefCon, and with good reason: In the recent political climate of America under the PATRIOT Act, a lot of these people could easily be construed as terrorists. Thanks to the Digital Millennium Copyright Act, almost everyone there -- including at least one of the CityLife reporters covering this story -- violate federal law several times a day. Most attendees feel that the laws are unjust and stupid, made not for the protection of the people, but for special interests in business and government.

One of the strangest things about attending DefCon is the odd mixture of dissent and laissez faire objectivism. Most hackers seem to be libertarians: they're interested in self-preservation and the rights of the individual, often to the exclusion of others. There is a core of arrogance, of genuine belief that hackers are somehow above not only laws, but the people around them, by sheer virtue of intellect.

There are exceptions of course. The hacker group Cult of the Dead Cow (which didn't make much of an appearance at DefCon this year) have been exploring the possibilities of "hacktivism" for a few years now: the idea of using their skill set and knowledge for the benefit of humanity. Other hackers work to bring technological infrastructure to developing nations.

But the majority who attend DefCon seem concerned mostly with learning the latest tricks, getting the greatest schwag and finding the hottest girls (or guys). Even the arrest of programmer Dimitri Skylarov for discussing theoretical ways of cracking DVD encryption schemes at DefCon 9 in 2001 didn't seem to arouse the crowd too much.

That happened just over a month before 9/11, and the climate has changed drastically since then. There seem to be less attendees who are willing to openly announce that they work with the federal government (though there may actually be more feds around now than ever before).

The feeling of paranoia has increased noticeably over the past three years; in some sense, it has put a slight damper on the general explosion of hedonism and goofiness that has always marked DefCon. What happens in Vegas stays in Vegas unless, of course, it gets you hauled off to Guantanamo Bay.

So what does the future hold for DefCon? Probably a lot less of the old guard and substance of previous years. "Every year, I tell myself I'm not gonna come," one pioneering hacker told us. "I book my ticket later and later. There have been some years where I didn't even show up until the first day -- somebody would call me and say 'Dude, you've got to make it out here.' But I find less and less reason to come every year."

The consensus amongst the older hackers seems to be that DefCon is increasingly about style over substance, and that it is becoming more and more mainstream, attracting more clueless wannabes and party-seekers than those who are genuinely interested in the scene itself.

Most of the more mature scenesters stay in their rooms, or use the time between seminars and talks to check out the Vegas nightlife rather than the poolside scene. One notable exception this year was Apple co-founder Steve Wozniak, who showed up in a giant blue Humvee with a satellite dish on the roof for constant Internet access, and who spent much of DefCon whizzing around on his Segway with a big grin on his face.

Then again, you find the same attitude in people who've only been attending for two or three years but already consider themselves old hands. As jaded as attitudes might be, and as disdainful as everyone seems to be, they still show up every year.

The end of DefCon is traditionally marked by an awards ceremony, where prizes such as Best Buy gift certificates, books, swag, and über-hacker black badges (which are lifelong free access passes to DefCon) are given to those that succeeded in the various contests, be they important or utterly absurd. This year was marked by several new contests, with a few unintentional new entries like the hamburger-eating contest.

Apparently, some hackers got together and went to In-N-Out. A hacker ordered a 10 patty "animal burger," and before the guy knew it, fellow hackers were placing bets on who could top that massive stack. He actually surpassed his own record by gorging himself on an impressive 20 patty burger (with fries on the side, of course).

The lock picking contest is a DefCon favorite, and this year it included an "obstacle course," where the object of the game was to pick the most locks in the best time, with eight different locks in a row.

Then there was the illustrious wardriving contest. Wardriving -- a term invented by Dis.org vets Seric and Peter Shipley -- consists of driving or walking around while looking for unsecured wireless Internet (or wi-fi) access points. It's derived from the old hacker practice of "wardialing," in which an automated program dials every possible number in an area code, noting down which numbers have modems attached to them (you can see an example of this in the classic hacker film Wargames, starring Matthew Broderick and Ally Sheedy's breasts).

Perhaps the highlight of the awards ceremony was the Second Annual DefCon Wi-fi Shootout Contest. The goal of the contest was to reach the greatest possible connect distance between two wi-fi stations via innovative antennae designs and ingenious engineering skills.

Three young college students from Ohio using the team name P.A.D. took home the gold and received several standing ovations for breaking the world record for the longest wi-fi distance with a whopping 55.1 miles, using a home-brewed 600 megawatt signal amplifier. Though their parents tried to talk them out of their far-fetched plan for fame and glory, P.A.D. drove all the way to Vegas from Cincinnati in a mini-van with a satellite-like receiver disc duct-taped to the roof of the vehicle.

As they stood near the podium and described their journey, you could see the sparkle in their eyes. While DefCon has become more mainstream over the years, and some say that substance has dissipated from the true core of the event, there was no denying the passion that flowed through the veins of these kids. It was their time to shine in the spotlight, and DefCon was their forum to finally fit in with a crowd.

And that seemed to be the recurring theme of this and every DefCon: for those few days they're in Las Vegas, these hackers don't have to worry about getting their asses kicked for their clothes or their often total lack of social skills. At DefCon, they can be heroes, if just for a day, standing in front of all their fellow geeks, winning awards for feats of prowess that most of their peers and even family members couldn't even begin to understand.

And then they slip away into the night, back to the real world, to their jobs as system administrators or security experts, to their dorms and high schools; anonymous again amongst the beautiful people, waiting another year for their time to shine.

Joshua Ellis is a writer, rock star and Web guru. You can save your soul at column.zenarchery.com, the Website for his weekly column All Tomorrow's Parties. Patty Walsh is a freelance journalist.