Hacking the planet
DefCon harbors sex, geeks and rock 'n' roll
in one sleepless package
By Joshua Ellis and Patty
There's a scene in the retarded hacker flick
Swordfish in which slick mastermind John Travolta gives
grungy super-hacker Hugh Jackman a challenge: hack into the National
Security Agency in a minute or less, while some hot club whore blows
him under the table.
This has probably never happened to any
hacker in history -- but if it did, it would probably have happened
at DefCon. What began 12 years ago as a Vegas get-together for a
small group of geographically disconnected online friends has become
a gigantic free-for-all in which thousands of hardcore hackers,
wardrivers, security consultants, federal agents, wannabes and
groupies do their level best to outthink, outdrink and outparty one
In the truest sense, hacking is not an act;
rather, it is a viewpoint, a set of tools for thinking about how to
interact with systems. The late Judith Milhon, one of the first
female hackers ever, defined hacking as "the clever circumvention of
imposed limits." The early hackers at MIT and Stanford had limited
access to the huge, expensive mainframes on which they worked, and
so they devised clever and exotic ways both to gain more time and
make their programming time more efficient.
One classic story details a computer manager
who began locking the door to the computer room to keep the scruffy
hippies out at night. When he returned in the morning, he found the
entire door to his office had been removed, along with an apologetic
note explaining that it had gotten in the way of someone's work.
Of course, things have changed over the
decades. These days, your average hacker is just as likely to be a
17-year-old junior punk or goth with an anarchy T-shirt and a
sticker of Tux the Penguin (the mascot for the free operating system
Linux) on his or her laptop. And while DefCon may have begun as an
invite-only affair for the old guard of the computer security elite,
these days you're more likely to see the punk kid sitting poolside,
making out with a goth chick wearing nothing but strategically
placed duct tape, drunk on vodka and Red Bull and the simple gleeful
awareness that comes from being surrounded by 5,000 people who are
just like you.
This is what DefCon has come to represent for
the hacking community: a combination of trade show and Burning Man,
debauchery and deconstruction in one sleepless package.
There are three swimming pools at the Alexis
Park Resort Hotel. Pool one -- the pool closest to the entrance and
the convention area -- belonged to the Goons, the security/logistics
crew at DefCon. Generally chosen for their size or physique, they
can be intimidating bastards if you don't know what you are doing or
where you are going.
Pool two was the social hot spot of DefCon,
where the notorious and the newbies partied together. It was also
the site of QueerCon, the Friday night party hosted by members of
the Seattle 2600 group for gay members of the scene.
Pool three, at the back end of the hotel, was
generally more sedate, despite the occasional presence of massive
sound systems and drum 'n' bass and industrial DJs.
After-hours socialization at DefCon has
always consisted of an endless pilgrimage -- back and forth between
the pools and the parties held in private rooms and the never-ending
Capture the Flag event, where hundreds of sleep-deprived geeks
huddled in a massive convention hall for 36 hours to protect and
defend one another's networks. The scores were posted on a giant
projection screen at one end of the hall -- which would occasionally
switch over briefly to random footage of a pimped-out Ken doll
beating up Barbie Ike Turner-style, or the trailer for A
Clockwork Orange, or old GI Joe cartoons overdubbed with
In the dark, the attendees look like the
ghosts of long-dead cowboys in black leather and quiet medieval
monks, flitting between the palm trees and stucco buildings,
chatting away about buffer overflow violations, SSH tunneling, and,
always, getting laid.
Sometime during Friday night or Saturday
morning, Southern Californian geeks Brandon and Dan had gotten naked
with a couple of the party girls that are part and parcel of the
DefCon experience. When they'd awoken, the girls had vanished --
along with their clothes. They spent the next day and night clad in
nothing but beach towels with vinyl backpack straps serving as
belts, trying to hunt down the skanks who'd made off with their
Their clothes were nowhere in sight at DefCon
veteran Bus Driver's party, but neither were the clothes of the
local strippers he'd hired to entertain a suite full of sweating,
drunken nerds. Surprisingly enough, the pros were something of a
bust. It wasn't until a few talented amateurs got up on the coffee
tables and started flinging their clothes, swaying to the rhythm of
the jungle music pumping outside, when things really began to pick
This has much to do with the hacker
preference for pale nerdy girls over Botoxed boobie queens. The
dancers seemed to leave in something of a huff, unhappy to be
ignored in favor of a bunch of small-breasted geek girls in Mardi
Gras beads and panties with penguins on them.
Every convention in Vegas is a breeding
ground for random illicit sex. But DefCon is one of the few
conventions where random, illicit sex is a primary reason to attend
-- a fact which amuses and disgusts a lot of veteran
"The past couple of years, I've talked to
people who don't even know anything about computers," one older
scenester told us. "They just heard it was a great party. It's like
Burning Man -- now, half the people are just wandering around
looking for the naked girls."
While the pools were an endless array of
amusement and indulgence, a more refined, prominent event took
place: the Black and White Ball. The Black and White Ball is like a
warped version of prom, minus the jocks, the popularity contest and
Among the guests were Jesus and his Disciples
(a group of hackers sporting nothing but white sheets, with "Jesus
hacker" carrying the Holy Bible), an S&M bondage couple, some
guy dressed up in pimp attire with a three-foot afro wig, and
Renderman, the notorious Canadian hacker known for his black fedora
hat and his zoot suits.
Another point of interest was the first
annual Dunk the Geek, where a speaker, goon or inebriated hacker
would sit in a dunk tank and await his or her ice-cold fate for a
charitable cause -- the Electronic Frontier Foundation, a non-profit
organization that defends digital rights.
The EFF is often considered to be the ACLU of
cyberspace. They're legendary for fighting corporate and government
interests when they interfere with the rights of cybercitizens. That
fight is getting more and more serious every day.
It's difficult to get anybody to go on the
record at DefCon, and with good reason: In the recent political
climate of America under the PATRIOT Act, a lot of these people
could easily be construed as terrorists. Thanks to the Digital
Millennium Copyright Act, almost everyone there -- including at
least one of the CityLife reporters covering this story --
violate federal law several times a day. Most attendees feel that
the laws are unjust and stupid, made not for the protection of the
people, but for special interests in business and
One of the strangest things about attending
DefCon is the odd mixture of dissent and laissez faire objectivism.
Most hackers seem to be libertarians: they're interested in
self-preservation and the rights of the individual, often to the
exclusion of others. There is a core of arrogance, of genuine belief
that hackers are somehow above not only laws, but the people around
them, by sheer virtue of intellect.
There are exceptions of course. The hacker
group Cult of the Dead Cow (which didn't make much of an appearance
at DefCon this year) have been exploring the possibilities of
"hacktivism" for a few years now: the idea of using their skill set
and knowledge for the benefit of humanity. Other hackers work to
bring technological infrastructure to developing nations.
But the majority who attend DefCon seem
concerned mostly with learning the latest tricks, getting the
greatest schwag and finding the hottest girls (or guys). Even the
arrest of programmer Dimitri Skylarov for discussing theoretical
ways of cracking DVD encryption schemes at DefCon 9 in 2001 didn't
seem to arouse the crowd too much.
That happened just over a month before 9/11,
and the climate has changed drastically since then. There seem to be
less attendees who are willing to openly announce that they work
with the federal government (though there may actually be more feds
around now than ever before).
The feeling of paranoia has increased
noticeably over the past three years; in some sense, it has put a
slight damper on the general explosion of hedonism and goofiness
that has always marked DefCon. What happens in Vegas stays in Vegas
unless, of course, it gets you hauled off to Guantanamo
So what does the future hold for DefCon?
Probably a lot less of the old guard and substance of previous
years. "Every year, I tell myself I'm not gonna come," one
pioneering hacker told us. "I book my ticket later and later. There
have been some years where I didn't even show up until the first day
-- somebody would call me and say 'Dude, you've got to make it out
here.' But I find less and less reason to come every
The consensus amongst the older hackers seems
to be that DefCon is increasingly about style over substance, and
that it is becoming more and more mainstream, attracting more
clueless wannabes and party-seekers than those who are genuinely
interested in the scene itself.
Most of the more mature scenesters stay in
their rooms, or use the time between seminars and talks to check out
the Vegas nightlife rather than the poolside scene. One notable
exception this year was Apple co-founder Steve Wozniak, who showed
up in a giant blue Humvee with a satellite dish on the roof for
constant Internet access, and who spent much of DefCon whizzing
around on his Segway with a big grin on his face.
Then again, you find the same attitude in
people who've only been attending for two or three years but already
consider themselves old hands. As jaded as attitudes might be, and
as disdainful as everyone seems to be, they still show up every
The end of DefCon is traditionally marked by
an awards ceremony, where prizes such as Best Buy gift certificates,
books, swag, and über-hacker black badges (which are lifelong free
access passes to DefCon) are given to those that succeeded in the
various contests, be they important or utterly absurd. This year was
marked by several new contests, with a few unintentional new entries
like the hamburger-eating contest.
Apparently, some hackers got together and
went to In-N-Out. A hacker ordered a 10 patty "animal burger," and
before the guy knew it, fellow hackers were placing bets on who
could top that massive stack. He actually surpassed his own record
by gorging himself on an impressive 20 patty burger (with fries on
the side, of course).
The lock picking contest is a DefCon
favorite, and this year it included an "obstacle course," where the
object of the game was to pick the most locks in the best time, with
eight different locks in a row.
Then there was the illustrious wardriving
contest. Wardriving -- a term invented by Dis.org vets Seric and
Peter Shipley -- consists of driving or walking around while looking
for unsecured wireless Internet (or wi-fi) access points. It's
derived from the old hacker practice of "wardialing," in which an
automated program dials every possible number in an area code,
noting down which numbers have modems attached to them (you can see
an example of this in the classic hacker film Wargames,
starring Matthew Broderick and Ally Sheedy's breasts).
Perhaps the highlight of the awards ceremony
was the Second Annual DefCon Wi-fi Shootout Contest. The goal of the
contest was to reach the greatest possible connect distance between
two wi-fi stations via innovative antennae designs and ingenious
Three young college students from Ohio using
the team name P.A.D. took home the gold and received several
standing ovations for breaking the world record for the longest
wi-fi distance with a whopping 55.1 miles, using a home-brewed 600
megawatt signal amplifier. Though their parents tried to talk them
out of their far-fetched plan for fame and glory, P.A.D. drove all
the way to Vegas from Cincinnati in a mini-van with a satellite-like
receiver disc duct-taped to the roof of the vehicle.
As they stood near the podium and described
their journey, you could see the sparkle in their eyes. While DefCon
has become more mainstream over the years, and some say that
substance has dissipated from the true core of the event, there was
no denying the passion that flowed through the veins of these kids.
It was their time to shine in the spotlight, and DefCon was their
forum to finally fit in with a crowd.
And that seemed to be the recurring theme of
this and every DefCon: for those few days they're in Las Vegas,
these hackers don't have to worry about getting their asses kicked
for their clothes or their often total lack of social skills. At
DefCon, they can be heroes, if just for a day, standing in front of
all their fellow geeks, winning awards for feats of prowess that
most of their peers and even family members couldn't even begin to
And then they slip away into the night, back
to the real world, to their jobs as system administrators or
security experts, to their dorms and high schools; anonymous again
amongst the beautiful people, waiting another year for their time to
Joshua Ellis is a writer, rock star and
Web guru. You can save your soul at column.zenarchery.com, the
Website for his weekly column All Tomorrow's Parties. Patty Walsh is
a freelance journalist.