Hacker/Fed Tensions Abound at Def Con

"We apologize for the delay," said a Def Con press attaché filling time before a stalled press conference in Las Vegas a week ago.

"The CIA is caucusing in the men's room."

"Well, I'm so glad I left the tape recorder running in there," replied a British reporter calmly pouring Scotch. "Would anyone like a drink?"

Def Con - the annual gathering of hackers and the law enforcement agencies who chase them - drew more than 6,000 people to the Alexis Park Hotel.

It featured, among other curious spectacles, government security managers alternately threatening hackers and begging them to accept job offers.

"Who's a hacker here?" asked David Jerrell, director of the Federal Computer Incident Response Capability (FedCIRC), during the "Meet the Fed" panel. No hands went up.

"You're going to bust us all!" someone from the audience yelled.

"We've got some of the most sophisticated toys in the world, if you'd like access to those toys," murmured Dick Schafer, the U.S. Department of Defense's director of information assurance, in another session on Def Con's main stage.

Of course, many of the young people wearing boots and telephone earpieces who were jacking in via Ethernet in the crowded hallways apparently weren't eager to meet civil service behavioral guidelines.

Some of the assembled hackers, many of whom appeared to be under the age of 21, were admonished by conference organizers for setting off smoke bombs, releasing bubble bath into the pool, stealing phones and reportedly pouring concrete down the toilets.

But the vast majority of attendees were simply there to exchange useful information and party with their friends.

Voice of Experience

"We are struggling with whether we need changes in personnel practices from the classic Beaver Cleaver profile for who is trustworthy," conceded a tired CIA officer after emerging from the men's room to talk about security and recruiting.

But the tension was at least as high between the older, more experienced hackers and the youthful crowd they deride as "script kiddies."

During a presentation by the hacking group Cult of the Dead Cow, a member known as The Nightstalker castigated virus writers and script kiddies who launch attacks with simple programming scripts.

He said hackers should instead use their skills to develop tools to regenerate eyesight or help those with spinal cord injuries.

"All of you have the potential to perform miracles with hardware or software. I want you to make a choice to be creative," The Nightstalker told the crowd.

"Any jerk can make a Visual Basic script, but it takes an artist to let someone walk or see or hear."

"Hacking into systems might be fun," said Jerrell during the "Meet the Fed" panel. "But there's no glory in being an asshole."

Jerrell pleaded with hackers to report security holes they find to him, instead of posting them on the Internet for others to exploit.

Jennifer Granick, a criminal defense attorney in private practice in San Francisco, pointed out in a presentation on the legalities of hacking that an array of laws penalize everything from phreaking - hacking into phone systems - to reading someone's e-mail without permission.

Stiff sentencing guidelines also concern Def Con conference organizer Jeff Moss, who quit his day job in the intrusion-detection group at Secure Computing Corp. in San Jose last year to run the conference full time.

"It seems safer to run somebody over drunk than to hack into their system," Moss said. "With mandatory sentencing guidelines, there's just not much leeway in a case. I always worry that juveniles are going to wreck their lives."

Join the newsletter!

Error: Please check your email address.

More about Federal Computer Incident Response CapabilitySecure Computing

Show Comments

Market Place