Hands down, it's the unlikeliest computer conference around. It's called Def Con, and it's quickly turning into the annual meeting of the Computer Underground. For the second sultry July in a row, assorted hackers, crackers, and phone phreaks are flocking to Vegas to discuss how to infiltrate computer systems, among other topics. In hot pursuit are various attorneys, computer company security officials, and law enforcement officers. "Toto, I don't think we're at Comdex anymore," says Code Ripper, taking a dig at the computer industry's legitimate fall convention. Code Ripper, a hacker and occasional columnist for Gray Areas magazine, is a pseudonym.
Few, it seems, use their real names at Def Con, which begins July 22. Unlike other hacker conventions, this one openly extends invitations to such agencies as the Secret Service and the Federal Bureau of Investigation so they don't have to snoop around. Nobody's taking any chances, though. Last year, the number of cops, real and imagined, lurking about Def Con spawned a "Spot the Fed" contest. Winners received special T-shirts.
SEMINARS. The conference is the brainchild of 24-year-old Dark Tangent, a.k.a. Jeff Moss, a second-year law student at the University of Dayton. He says the name Def Con was chosen for its military overtones. (The defense industry is a favorite hacker target.) Moss, who insists he doesn't do anything illegal anymore, grew up in Seattle sorting through the dumpsters of giant Microsoft Corp.--virtually every computer disk he owns has a Word 4.0 label on it. Because he had observed that most hacker gatherings quickly degenerate into drunken parties, he decided to elevate his event to a discussion of social and policy issues. Thus the invitations to the Feds and serious seminars on topics such as hacker ethics and laws governing search and seizure.
"I'm going just to see what the other side is up to," says Gail Thackeray, a 45-year-old district attorney in Phoenix. Thackeray, who played a key role in Operation Sun Devil, a Secret Service undercover probe into phone-card fraud four years ago, was generally lambasted by attendees when she volunteered to field questions at last year's confab. "There were lots of hacking discussions, but a lot of time was spent in substantive presentations as well," she says. "And I don't think anyone did anything overtly criminal."
They came close. Last year's Def Con was held at the Sands Hotel & Casino (which, ironically, is owned by the same group that runs the Comdex convention). The late shift of Sands security guards, unaware that Def Con erganizers had arranged for the meeting rooms to be open 24 hours a day, attempted to evict Code Ripper, Merc, and the Prophet, three young hackers who had decided to crash there overnight. After the incident, one hacker offered Moss the phone number and passwords for the computer that runs the casino. "You'd think that the casino would have had a functional security system set up," says Moss. "Not."
This year, Moss has shifted to the Sahara Hotel & Casino and expects attendance to triple, to more than 300. He has scheduled 22 speakers--fewer than half with fake names. Given that the keynote speaker is cryptographer Philip Zimmermann, the meeting's hot topic promises to be data encryption.
Zimmermann is an outspoken opponent of the government's controversial Clipper chip--an encryption standard featuring a back door that allows law enforcement officials to engage in court-sanctioned decoding and eavesdropping. Indeed, he is the target of a federal grand jury investigation in San Jose, Calif., because his program, called PGP for Pretty Good Privacy, ended up overseas in violation of U.S. munitions-export regulations. So far as anyone knows, the National Security Agency--the Clipper chip's main driver--has been unable to break into data encrypted by PGP.
The heart and soul of Def Con, however, are the technical sessions held around midnight. They're more attuned to hard-core hacker time and tastes. Take "Twenty Ways to Trash a PC," by Mark Ludwig, who wrote a how-to book for virus programmers. Then there's the session on network security--which is actually being held via videoconference because the expert doesn't want to show up in person, presumably for legal reasons.
Some of those sessions admittedly strain prosecutor Thackeray's limits. But, hey, she's game. "Def Con has something for everyone," she says. "It's partly an entertaining party, it's partly a fashion statement. But it's mostly something about which the business world has no clue." Moss's advice to Corporate America: Load up your laptops, we're heading to Vegas.