July 31.
A return to Las Vegas, lost in the hot desert sun. I am in town again for
Defcon, the annual gathering of the hacking tribes-criminals, libertarians,
computer security gurus, a few Feds... The usual suspects.
I arrive at about 7 and am dazzled by the changes in Las Vegas. Hotels
have sprung up all over the barren desert terrain. The Riviera is advertising
its "no ifs, ands, or - Butts" policy with a row of beautiful female derrieres
on a fantastic billboard. Erin and Evan Horvath announce, on another billboard,
that they've just gotten married. But hey, at least it's a tasteful billboard.
I wonder if they're registered. Perhaps I ought to send a wedding present.
At Treasure Island, one of my haunts in town, I go out to walk the
casino and to have dinner-my reservations are at the Bay Club at 2130.
The Casino is filled with beautiful young generation X-ettes; a
striking blonde in coochie hugging black shorts under a very short bare midriff
top is playing at the high stakes roulette wheel. When I return several hours
later she will still be there. She's either lucky or well financed.
At the "Battle Bar" a girl is celebrating her birthday by drinking
Belvedere martinis. I buy her one for good measure, then head up to dinner. I
feast on prawns and lobster bisque, and chicken with Jordan Cabernet to wash it
down. At the meal's conclusion I lean out the windows and watch a pirate ship
sink a British man 'o war, after both are nearly destroyed in battle. I root
for the pirates-must be my rebel instincts. I am amazed to see the British
captain actually go down with his ship, but even more amazed to see him
magically resurface, alive, a few minutes later. Las Vegas can do weird things
to Reality.
* * *
Down to the casino for a few hours of blackjack. I lose $95 but at least it
takes me awhile!
* * *
August 1.
To the Plaza with a Cabbie from my home town-odd coincidence. Inside I
search for the conference and decide that a couple adolescent boys will lead me
to it-but they don't know where it is either. We decide to follow the "geeky
lookin' guys" up ahead and darned if they don't lead us right to the spot. The
lads ask me where I'm from and I name one of the Bell Operating Companies,
saying "Don't tell me anything I don't wanna know". They seem dubious until I
show them my ID. They tell me they have had some experience with our NT
administrators, and have a pretty low opinion of them. I'm not surprised.
* * *
After I hassle with registration, which has hit an ungodly $40 this year, I
check out a room of merchandise. Tee shirts that read "Big Brother Inside" in
the style of the "Intel Inside" logo, books on cracking wireless telecomm,
establishing new identities, spying on people, Secrets of the Legion of Doom
hacking group. CDs of warez or viruses. A tee shirt in the FedEx colors
saying RegExp, another one in red and yellow displaying the Royal Dutch
Petroleum "Shell" logo, with the phrase "/bin/sh" under it. Interesting stuff
but nothing I'm in the market for.
* * *
In the conference room there's a "Free Kevin" sticker on the podium, a
reference to Kevin Mitnick, hacker whom many feel was unjustly persecuted by
Law Enforcement. Later in the day I will see people who've morphed the
stickers into the phrase "Free Kevin with every Happy Meal". The crowd is huge,
much larger than in ''94, but I find a place to sit in time to hear D'arc
Tangent announce that an IRIX box was the first cracked in the "Capture the
Flag" hacking contest.
* * *
"Why do we keep coming back to Defcon? Because we want to color outside the
lines. Because we want to Know"
-- R. Thieme
* * *
Our keynote Speaker, Richard Thieme, takes the stage at 10:00. He fires up the
crowd with a speech that can only be described as Norman Vincent Peale meets
Hunter S. Thompson. He talks about the social implications of hacking, jumping
from topic to topic like a cubist on speed. He describes hackers as those who
really want to know how the world works. But in the digital world of today,
the constant construction of reality that is possible makes it difficult to
know a hacker's ultimate allegiance. And it is not what you know or do, but
rather your perceived allegiance that is a threat. He tells us of a young
hacker in an unnamed European country who makes a living from his hacking
skills, breaking into financial computing systems to test their security. He
does this with the Banks' blessing. A legitimate allegiance like this makes
his hacking "allright".
But hacking for its own sake is not "allright" as far as the public is
concerned-most people are actually scared of knowledge in today's world. And
they are socialized to such an extent that they believe the media's demonizing
characterizations of hackers without question, and despite the facts. Indeed,
Thieme defines socialization as that state in which you do not even see things
that would not be validated by mainstream social consensus, even if those
things are happening right before your eyes. This seems to me to adequately
describe the nation of media-sheep that we have become.
Next Thieme goes on to attack the mainstream media itself-a rather easy
target. The Wall St. Journal, he says, aims its literacy level at the Ninth
Grade, and this is considered profoundly high. Everything else is much more
watered down. In the back of my mind I can see a day when the news headline
reads "President Does Stuff-Film at 11".
* * *
"All Great Truths begin as Blasphemy"
-- G. B. Shaw
* * *
Thieme points out that many of the most important innovations of recent
years were ridiculed when they were first proposed-the PC, the Internet. But
all of these great ideas came from the fringe, from "Hacker Territory". As
Nick Machiavelli said hundreds of years ago, one of the hardest tasks is to
take the lead in the New Order of Things. Thieme believes that this is the
hackers' destiny-to take the lead.
He goes on to show the power of information in today's world. His
examples are of information warfare. First a famous picture of a Cuban soldier
gloating over a raped woman in Angola in the late '70's. This image, he tells
us, was totally fabricated by the CIA-the Cuban and the woman were never even
in the same country! More recently he points to the United States' will being
broken in Somalia-by a 30 second videotape of two dead Rangers being dragged
behind a jeep. Yes, information can have a major effect on events in today's
world, and hackers may have power over that information.
But, he asks the crowd, What is your intention in Hacking? His is
simply to know the Big Picture. As he said of hackers at the beginning of his
talk, "We want to Know".
* * *
"If you understand UNIX, you understand the Universe. If you understand
Windows NT, you understand-Windows NT"
-- R. Thieme
* * *
D'Arc Tangent takes the stage again and says "Here's something bad to do-when
you're in a major Hotel in Las Vegas, with security cameras everywhere, you
don't want to throw a lit road flare into an elevator which just happens to
have a security guard in it". One of our conference attendees did this. He
didn't last long.
* * *
Bruce Schneier, author of "Applied Cryptography", is up next to speak on
"Tradecraft in Public Networks". Tradecraft means "covering your tracks".
While cryptography is concerned with hiding the contents of a message,
tradecraft, or steganography, is concerned with hiding the very existence of a
message. Why is he interested in this? Why, from reading the "Hardy Boys'
Detective Handbook", of course! Once upon a time this venerable tome taught
him how to tail someone, how to case a crime scene, how to fingerprint. There
were a lot of skills used in traditional Cold War spying-such as tradecraft-
that today's hackers don't even know about. He sets out to remedy this.
His basic question-how does a person hide their actions from an adversary that
is extremely well funded-for example the Chinese government. Or even the U.S.
government. This has traditionally been a battle of wits, but today it's
turned into a battle of technology. The devices available to governments are
truly amazing (or frightening, depending on your viewpoint.) He tells us about
the rescue operation at the Japanese embassy in Peru, taken over by the Tupac
Amaru terrorist group in 1996. The rescue operation was flawless, aided in
large part by intelligence gathered from microphones on the buttons of the
clothing brought in by Red Cross volunteers for the hostages.
So, how to preserve the privacy of one's actions in the face of increasing
governmental capabilities? For many, such as Chinese dissidents, the East
Timorese (victims of an Indonesian invasion and genocide) and many other
oppressed groups around the world, this is more than just a rhetorical question.
Schneier tells us about some of the basic techniques of Cold War tradecraft,
such as the "Dead Drop", in which information is placed in a known location by
one person, and another person picks it up. For example, you might pass
information in a crumpled up cigarette packet near a wastebasket, or in a note
taped under the shelf in a phone booth. This technique is useful because it
both conceals the transmission of a message and prevents people from turning in
their contacts, since they don't know who their contacts are. Similar to the
Dead Drop is the "Live Pass" where perhaps you get on a crowded bus, and
someone may-or may not-place information in your pocket. You, as the recipient,
don't pay any attention to this information, of course, until you're safely
"home", wherever that may be in the circumstances. Another tradecraft
technique along these lines is the "Semaphore". You might walk past the same
mailbox every day; but if one day you see a chalk "X" on the mailbox, it means
something-perhaps you are to leave town, or call a pre-arranged phone number.
How to accomplish these kinds of information transfer on the Net? You could
post something to a news group, for instance a particularly good chocolate chip
cookie recipe in rec.recipes might mean something important is happening, or
that some action is to be taken by the "recipient". This is like a Dead Drop
because no one knows who's picking up the information. Additionally, it
obscures the existence of a message. And this is key, for the big problem for
surveillance agencies is not so much decrypting data, but rather deciding which
data is important.
Steganography is the technical name for the science of hiding the existence of
a message. There are several ways to accomplish this on the Net. An
example-hiding a message in the low order bit of a gif image. There are
steganography tools available that will do this. But now the fun begins. What
if you're a Chinese dissident trying to pass information to Amnesty
International this way? If you've never sent a gif image before this will
immediately arouse suspicion. Is it possible for the Chinese government to
scan the Net, looking for the same image with slight differences in it? Of
course the answer is "yes". Really the only way to get this to work is to take
a photograph yourself, so it won't appear anywhere else on the Net, scan it in,
encode information into it, and send it. And you better have a plausible cover
story for sending it!
* * *
"A spy always assumes that his person or house will be searched"
-- B. Schneier
* * *
Schneier now changes gears slightly to talk about hiding places. There are two
kinds of hiding places, deep hiding places, which may take an hour or more to
access-these may be inside a wall or buried under concrete-and "slicks", places
to dump something quickly. A slick might be inside a curtain rod, for example.
As Schneier says, anyone who has ever been a teenager has made use of slicks.
In computing there are a few ways to hide information. He mentions the
Deniable File System-this is preferable to simple encryption, because it's not
obvious it's there. Moreover, all forms of encryption are susceptible to
"Rubber Hose Cryptanalysis"-you simply beat the key out of the victim. The
problem, though, with Deniable File System is that you can set it up so the
goons never know they've gotten all your data, so they'll never stop beating
you. Schneier reminds us that we're dealing with an adversary that's not going
to behave by any reasonable set of rules.
Schneier describes what he feels might be the best method of hiding data, a
"panic button" system which, when activated, encrypts files with the public key
of someone in the Amnesty International office in the UK. This is much better
than a system that erases files, because false alarms, he says, "are a drag".
At this point, having covered the basics of tradecraft on the Net, Schneier
opens the floor to questions. His answers are most illuminating.
We learn that 56 bit keys can be broken in 2 1/2 days and that 64 bit keys are
also vulnerable. 96 bits is probably the bare minimum for security. 128 bit
keys will probably always be immune to brute force attacks, as these currently
require more time than the age of the Universe. But he notes that keys are
probably not your weakest link. In PGP it might be your pass phrase.
We learn that Electron Tunneling microscopes show up to 7 generations of data
on a disk. If you really want to destroy data he recommends overwriting it 15
times. When the government wants to destroy classified data it tosses the
disks into a metal shredder.
There is a question about archiving data on the Net-which actually makes a
great hiding place. Schneier suggests getting a 50 year old copy of Playboy
[N.B.-Playboy has only been published for 45 years] scanning the centerfold and
other pictures, inserting steganographic data and uploading or posting these
images where they'll be permanently archived. Although this technically is a
copyright violation, it is somewhat akin to the common spy technique of having
a slightly illegal cover story to mask highly illegal activities.
We learn about Peter Wayner's "Mimic" functions, which can encrypt your data
into meaningless chatter about baseball, for example. This works well against
automatic computer scans of all of USENET.
Someone asks, "How much security does the 'lock' feature of a zip drive give
you?" The answer: "None. Zero. Zip."
The questions follow Schneier out into the hallway as he leaves to make way for
Ian Goldberg, a graduate student at UC Berkeley.
Ian, who sounds to me like a Canadian, is here to tell us about digital cell
phone hacking. But first he talks a bit about analog phones. Analog phones,
he says, have basically no security. They transmit everything in the clear.
Privacy protection in the analog world is essentially legislative-and we know
how well that works. Digital cell phones should improve this situation, as
they allow for the addition of cryptography. But this, unfortunately, hasn't
been implemented very well.
Ian concentrates on GSM, the current European standard which is gaining a
foothold in North America with such services as Pacific Bell "Pure Digital"
PCS. There are at the moment 80 million GSM users worldwide. There are
projected to be about 20 million digital cell phones in the United States by
2001, a mix of TDMA, CDMA, and GSM. As long as analog phones are more popular,
and digital scanners remain more expensive, Ian predicts that attacks on
digital phones will not be common.
He tells us a very interesting thing-that the various digital cellular systems
all share similar security properties-the most important being that encryption
is used only between the cell phone and the base station. After that point
traffic is carried in the clear. If the FBI or other law enforcement agency
wants access to cellular telephone conversations, they can just tap at the base
station as long as they have the appropriate Title III warrant and CALEA says
the telephone companies must comply. So the ONLY reason law enforcement would
push for weak encryption is because they want to do illicit taps. This sounds
reasonable to me-and apparently to the rest of the audience as well.
At this point things get technical. Ian outlines the following encryption
algorithms-CAVE, which is used for fraud protection, and is still unbroken, an
XOR mask-which in actual use is basically ridiculous since the first packet
sent in either direction is defined to be silence so you know the plane text
and you know the cyphertext-breaking this is trivial. And then CMEA which is
used for encryption of the control channel information. CMEA was first broken
a couple of years ago and can in fact be broken in real time. Ian tells us
that these algorithms were designed in secret with input from law enforcement,
with the result that all of these algorithms are broken. The GSM session
encryption algorithm, called A5/1, purports to be 64 bits but is believed to be
much weaker than this. He notes that work is underway to redesign the North
American security architecture, and that this time it will be an open process.
But he concedes that voice privacy will never be fixed since the NSA has
mandated (and where did they get the power to mandate?) a weak encryption
process if manufacturers want to export their phones. And in practice the
algorithms in use may not even need to be cracked-many providers use an all 0's
key. This is of course quite susceptible to the "known key attack". In
addition, many older base stations don't have encryption circuitry in them
anyway. The industry currently relies on the relative abundance of analog
cellular phones, which make easier targets, and the expense of digital scanners.
There is, Ian tells us, one major difference between GSM and the North American
digital cell phone standards. In the North American standards your identity is
programmed into your phone. With GSM your identity resides on a smart card
called a SIM (Subscriber Identity Module) which can be moved from phone to
phone. It is the SIM that carries authentication information. In order to
authenticate itself the SIM sends a 128 bit International Mobile Subscriber
Identifier (IMSI) to the Base Station (BS), which forwards it to an
Authentication Station (AS). Note that if communications between the AS and BS
are in the clear they may be intercepted and used to make digital "clones".
The AS picks a random number, performs two hashing algorithms on it (A3 and A8)
and sends the random number and the hash results back to the Base Station. The
Base Station forwards the random number to the SIM, which performs the same
calculations. If the results match the phone is authenticated and may now send
or receive calls. In addition to snooping on the BS-AS link you may also find
authentication information in computers at the BS or AS. It is also possible
to directly interrogate the card for its authentication information-but you
need to have it physically in your possession. While this may at first seem
far fetched, it is quite easy to do-in most parts of Europe you can rent a
digital cellular phone. You could clone it using an interrogation mechanism
overnight (cloning takes about 8 hours) and then return it. If you overclock
the SIM you can clone it in about an hour. Note that in Israel there is a
device in movie theatres and opera houses which automatically registers
cellular phones to a non-existent network-essentially by masquerading as a Base
Station-to prevent them from ringing during performances. This system could
conceivably be used to clone every phone in the theatre!
While GSM claims to have really good fraud protection, in reality, Ian tells
us, it has none. Since GSM phones are impossible to clone, why bother
protecting them, right? Although you cannot have two active conversations on
the same (cloned) phone at the same time, you can have two cloned phones on at
once. Incoming calls tend to go to whoever placed the last call.
How to clone a digital phone? If you've got the secret key from interrogating
a SIM you can just program it onto a blank SIM. The problem is, blank SIMS are
hard to come by. Fortunately, there is a device called a SIM-12-a card
reader/emulator-available for 70 pounds from ww.maxking.com. You simply slide
this into your phone, plug it into your PC, and your PC emulates the smart card
in software.
* * *
D'arc Tangent takes the stage to let us know that the "Pierce-a-Thon" has been
moved to 5 PM today.
* * *
I wait in the audience, sitting next to a young hacker whose name tag reads
"Johnny Zen", for Jennifer Grannick to take the stage. Jennifer is a defense
attorney who frequently takes the hacker's side, and I am very curious to hear
her speak. But I'm also a little dubious, as we all know there's no such thing
as a good lawyer. Johnny Z. reassures me though-he seems to have a very high
opinion of her.
Jennifer turns out to be a young law-babe, dressed entirely in black, as befits
this conference. She is here to tell us a cautionary tale for hackers, so that
people will know what's legal and what's not. So that people will know what
not to do.
Jennifer tells us that she got a call last week from the FBI. They wanted to
know what she was going to tell us. They thought if she told us how not to get
caught it would encourage hackers to go out and commit crimes. They thought
this would be very irresponsible of her. Was this a veiled threat? Most
probably. Although in this the 6th year of the Klinton Dictatorship the
agency doesn't usually bother to veil its threats anymore...
Jennifer begins with the tale of Mr. Salgado otherwise known as "smack". Mr.
Salgado exploited some known flaws in the operating system used by an unnamed
ISP, installed a packet sniffer and began collecting logons and other
information. Eventually the ISP system administrator noticed this packet
sniffer and tried to preserve the necessary information for a prosecution, but
Mr. Salgado just happened to be logged on at the same time and he successfully
erased his tracks.
At this point Mr. Salgado had a collection of credit card numbers of the ISP's
customers, and the ISP had no evidence against him. Unfortunately Mr. Salgado
decided that he wanted to sell these credit card numbers, and he bragged about
the incident on IRC. Things now begin to resemble any non-computer-related
case involving dealings in contraband. The FBI was contacted. They in turn
got a snitch. The snitch bargained to buy the credit card numbers. There was
an initial sale of just a few numbers, and then the snitch arranged a face to
face meeting to conclude the transaction-in the smoking lounge of San Francisco
International Airport. Why at the airport? Well as it happens the smoking
lounge is past the metal detectors, so this way the FBI could be sure that
Mr. Salgado was not carrying a gun. The arrest was made and Mr. Salgado was
charged with violating 18 USC sec. 1030-unauthorized access and 18 USC sec.
1029-fraud relating to unauthorized access. Sentencing is related to the value
of the property stolen. The US attorney wanted to take the average credit
limit and multiply it by the number of credit cards in Mr. Salgado's
possession, which was approximately 10,000. This would have given a value in
excess of 250 million dollars. The final figure agreed on was much less.
It is interesting to note in this case that the FBI played up the use of
anonymity in getting their snitch in contact with Mr. Salgado, and also the
encryption aspects (as Mr. Salgado had encrypted the credit card numbers)-as
evidence of the high tech nature of the crime and more importantly of their
response to it. As Jennifer tells us, though, this was simply old-fashioned
police work. There is nothing high-tech about a snitch.
Jennifer continues with the LaMacchia case from 1994. Mr. LaMacchia used his
account at MIT to set up an encrypted Bulletin Board System. He apparently
encouraged people to upload warez (pirated copies of commercial software) and
to download them for free. The amount of traffic on this BBS drew the
attention first of the University, and then of law enforcement. Mr. LaMacchia
was arrested and charged with wire fraud per 18 USC sec. 1343. But his lawyers
argued that this was a violation of copyright, which at the time was not
illegal if the activity was not for profit. Mr. LaMacchia was acquitted.
This case almost certainly contributed to the passage of the Electronic Theft
Act of 1997 which criminalizes willful infringement of copyrighted material
worth at least $1000, even if this is not done for profit (18 USC sec. 2319, 17
USC sec. 506). An audience member questions whether this would make it illegal
to keep multiple distributed backups. Unfortunately there is no clear answer
to the question.
Jennifer continues with the case of Eugene Kashpureff. Mr. Kashpureff was an
activist who was angry with Network Solutions, the company granted control
(i.e. a government-sponsored monopoly) of DNS, the Domain Name System which
controls host name assignment and resolution on the Internet. He exploited a
loophole in the Internet software and redirected traffic to his own site,
"Alternic", where he detailed the problems with Network Solutions. He also had
a link back to the InterNIC (Network Solutions' own site). Mr. Kashpureff
never made any unauthorized access, he stole nothing-his only crime seems to be
that he bragged about what he did. He was arrested in Canada, extradited, and
charged with wire fraud. Jennifer tells us that this shows how the statutes
can be used in a really broad way. There is a lone "boo" from the audience.
"'Boo' is right," she says.
* * *
"If you've got the knowledge, the books, and tools, then you're a threat."
-- J. Grannick
* * *
She details a trio of new laws:
18 USC sec. 1831-the new Trade Secret law, is a felony punishable by up to
15 years imprisonment, if the owner of the trade secret has made "reasonable
precautions" to keep it private, and there is value derived from its not being
commonly known.
18 USC sec. 2510-the Electronic Privacy Act-criminalizes unauthorized wiretaps.
It is a 5 or 10 year felony conviction. (I picture every fed in the room
suddenly behind bars for the next 5 to 10 years. Nah, never happen...) This
law also defines cell phone scanning to be an illegal activity. It does
however include one extremely broad exception-a business is allowed to
intercept communications on its own phone system if those communications are
related to the business. Yeah right.
18 USC sec. 2701-Stored Communications-criminalizes access, theft, or altering
of stored communications.
These acts, between them, criminalize keystroke monitoring, eavesdropping on
cell or cordless phones, and packet sniffers.
Jennifer now tells us "What to do if the cops come to your door":
1. Just say "no". Don't say anything. There's never any good reason to talk
to cops. (This is greeted with loud applause.)
2. Police are like Vampires, they have to be invited into your house.
So-NEVER let them into your house; NEVER let them into your car.
3. If you happen to have something on you that perhaps you shouldn't have-
NEVER throw it into the bushes. Keep it on you because the cops don't have the
right to search you. DO NOT throw it into plain view.
4. Don't resist arrest-this is illegal.
5. Keep your hands visible at ALL TIMES. The last thing you want to deal with
is a scared cop, and this minimizes the chance that they'll beat the crap out
of you.
Jennifer is a breath of fresh air-a lawyer who actually believes in the 4th
amendment. (For those who have forgotten, this amendment reads, "The right of
the people to be secure in their persons, houses, papers, and effects, against
unreasonable searches and seizures, shall not be violated, and no warrants
shall issue, but upon probable cause, supported by oath or affirmation, and
particularly describing the place to be searched, and the persons or things to
be seized.")
She closes by telling us that the more people assert their rights, the less
guilty asserting your rights will appear.
* * *
We now have a "Spot the Fed" session. Sure enough someone has fingered a
member of the DOJ. Believe it or not he's the program manager for "Operation
Get Cracking". Apparently Miss Reno wants to hire about 16 hackers to hack
into other federal agencies. It is unclear what the purpose of this exercise
is, but given the Clinton/Reno MO, it probably is to collect dirt on their
adversaries in government. One thing I am certain of-it has nothing to do with
securing government computers. Much to my surprise the fed actually asks the
audience to contact him if they would be interested in jobs. There is a
question from the audience-"Do you drug test?" This is greeted with much
laughter.
* * *
"The Feds are not scared of 'Guys Like You'"
-- Audience member to White Knight
* * *
White Knight steps up to tell us about illegal wiretap operations. He is, as
it happens, an electronic countermeasure specialist and has run across a lot
of illegal wiretapping.
One September, a few years back, he got a call to sweep a facility in the
lounge of a bank. This he did on Sunday, September 6th, and found a
transmitting device on a payphone, which is illegal because you can't
"minimize" it. [Brief digression-legal wiretaps must be "minimized"-that is
law enforcement can't listen in to or tape conversations that are not related
to the criminal investigation at hand.]
Our hero had driven about 20 miles when he began to hear sirens. He stopped
for gasoline and was suddenly surrounded by 8 cop cars, with police yelling
in his face that they wanted their bug back, and threatening to arrest him.
Among the jurisdictions involved-Tampa PD, the IRS, and the DEA. WK was more
than willing to be arrested and to give his story, with a court reporter
present. The cops said they didn't want the media involved and he said "Why?
Illegal wiretap?" At this point the cops started hemming and hawing and
looking down at their feet-definite "guilty" body language.
They cited WK anyway, because they had to have a reason to search his van to
get the illegal bug back.
Apparently this wiretap was part of an investigation into the Key Bank, in
Florida, which in turn was a part of the BCCI (Bank of Credit and Commerce
International) investigation. WK tells us that the investigation of Key Bank
was politically motivated, and that despite 65,000 instances of illegal taps in
the case the only criminal activity turned up (besides of course the illegal
taps) was that someone made a cash deposit without filling out the appropriate
IRS form.
WK shows us the wiretap reporting for the Key Bank case. There is no
prosecutor's report-this is a violation of the law. WK tells us that
Hillsborough County, Florida, seems to have more illegal wiretaps than
anywhere else in the country.
When WK went to investigate this case in more detail, he found that the State
Attorney's office had to be sued to release the supposedly "public" records
relating to the case. In them he found:
* the warrant for this wiretap was never signed
* the docket number was altered
* no warrant in the entire case was dated by the judge.
The point of all this? Even though there are strict laws governing wiretaps,
law enforcement and government do not follow these laws, and are not
accountable. The documents show that the warrant for the bug he discovered was
applied for on September 11, 5 days after he was cited with the traffic ticket
mentioned above-thus, the bug was certainly in place before a warrant was ever
applied for. More interesting perhaps is that the date on the bug application
is one month after the date on the following docket number. This seems to be
further evidence that the bug warrant was obtained after the bug was found and
slipped into the normal run of dockets by (rather amateurish, it would seem)
falsifications of the docket number. It should be mentioned that altering a
federal document is a felony. Mailing an altered federal document, as law
enforcement did, in this case, in response to WK's allegations, is mail fraud.
WK filed a complaint with the Governor's office-this however was never
investigated.
He filed a criminal complaint with Congress, the Treasury Department
("overseers" of the ATF), and other appropriate federal agencies. Congress
referred him to the FBI Field Office in Tampa. This however turned out to be
a dead end, as the FBI agent assigned to the case personally knew all the
"defendants", and, as we all know, all cops stick together. In fact the FBI
agent tried to interrogate WK. As it happens WK let him have it with both
barrels, telling the agent that he was tampering with a witness for Congress,
and could be incarcerated for his actions.
At this point WK wrote a letter to Louis Freeh (director of the FBI) outlining
the situation. Mr. Freeh's response? That the wiretaps were fully adjudicated
and the defendants were dismissed; further investigation would not be in the
public interest. Uh huh.
WK next wrote a letter to Senator Grassley to file a complaint on Louis Freeh.
This received no response.
So basically he went as far as he could, and no one in government was the least
bit interested in following up these allegations.
WK estimates the extent of these activities as being 181 days of illegal
wiretaps, on a bank, with no minimizing-think about that, law enforcement could
listen in to find out your bank balance, and any financial transactions you
might make, whether or not you were under investigation for this case.
Thirty-eight cops were involved from US Customs, DEA, IRS, and the Sherriff's
Departments of Hillsborough and Pinellas Counties, among other jurisdictions.
Total cost of this "exercise in fascism" is estimated at $181,547. Corruption,
including a cover up, mail fraud, and obstruction of justice seems to involve
not only the law enforcement agents mentioned above but also the Florida State
Attorney, Assistant State Attorneys, the Judge presiding over this case, and
indeed probably goes all the way up to Louis Freeh.
In closing, since the US Government was not willing to hold a trial in this
matter, White Knight asks us to serve as a jury, trying the law enforcement
agents, and Louis Freeh, based on the evidence he has presented. The audience
finds all law enforcement involved guilty on all counts.
Oh, and just an amusing afterthought-WK's traffic ticket was dismissed.
* * *
"They say patriotism is the last refuge to which a scoundrel clings"
-- B. Dylan
* * *
Time for "Spot the Fed" again. This time someone actually finds an NSA spook.
I'd never seen one before. He looks very much like Ron Howard, jeans, baseball
cap, just your average guy. Though I know inside that head of his are some
seriously psychotic thought processes.
* * *
Time for "Cult of the Dead Cow" and their launch of "Back Orifice", a hacking
package which attacks Windows machines. Grand Master Ratte', resplendent in
white sheepskin chaps, gun belt, and huge necklaces-a hacker-rapper?-gets the
crowd to chant. "Dead". "Cow". "Rocks". "Ass". Hey at least it wakes up
anyone who might be in a post-luncheon stupor...
Back Orifice is a client server package-the idea being to turn the targeted
machine into a server. The server code is only about 120k bytes in size,
rather small for a Windows application. Currently the server will run on
Windows 95 and Windows 98. (By the time of this writing it should be ported
to Windows NT as well.)
The client code runs on Windows, though there will soon be a UNIX version.
Back Orifice can be installed using any one of a number of commonly known
exploits that allow you to write to the targeted machine. Once installed, Back
Orifice allows you basically to commandeer the resources of the targeted
machine. One of the CDC members gives us a demo-"Look! We have a color
QuickCam!" (on the victim machine). "Let's capture a frame off that QuickCam."
And he proceeds to do so. "Now we'll capture an AVI..." Back Orifice also
allows you to play sounds on the server-this I can see has great annoyance
potential. You can also pop up arbitrary dialog boxes with text of your
choice. The CDC is considering making these dialog boxes system modal so the
user can't do anything until they click on them. You can look at all incoming
and outgoing network connections... You can obtain a remote DOS shell through
a TCP port. You can reboot or lock up the server. You can even write plug ins
for Back Orifice to perform additional functions. The CDC calls these
"Butt Plugs". This gets a chuckle out of the audience.
Back Orifice installs itself as a service and starts up every time the machine
is rebooted. The file name that it installs itself as is configurable; the
port number it uses to communicate with clients is configurable, and the
packets transferred between client and server are encrypted. The Cult tells us
that it is even possible for multiple servers, installed by different people,
to run on the same victim machine.
At this point the audience asks some specific questions about installation-you
can install Back Orifice by e-mailing it as an attachment, or exploiting a
known buffer overflow bug. The Cult is currently writing "DirectExploit", a
Windows based wizard that will assist with exploits. They are also engaged in
writing a wrapper which will allow you to attach Back Orifice to an application.
The wrapper will install B.O. while appearing only to run the app.
More information on Back Orifice is available at www.cultdeadcow.com/tools.
* * *
At this point I've been at the Con for hours-I've had no breakfast and nothing
to drink, so I head out for some food. "Capture the Flag" is still packed with
people-I will learn later that one of the teams has commandeered the network's
router so most of the other teams are just bouncing off of it! I pass a man
in a "Rehab is for Quitters" tee shirt. I like that.
On the way down the escalators I see Jennifer Grannick doing an interview with
camera-toting media of some sort. I hit the Plaza Deli-which overpowers me
with the smell of disinfectant. This isn't particularly appetizing so I head
out to the street. I had forgotten that the Downtown casinos, in an effort to
increase business, had put a roof over downtown, turning it into the "Fremont
Street Experience". To me it is a travesty-it's like I've wondered into "Las
Vegas Land" at DisneyWorld. It's a parody of the Vegas I've known for the
last 20 years. You can't even cruise Fremont St. anymore-they've turned it
into a pedestrian mall. Jesus. I look for likely places for lunch and finally
decide on the Golden Gate (1 Fremont Street, est. 1906)-this strikes me as a
good choice since I'm from San Francisco, though the "1906" reference worries
me a bit. I take advantage of their 24 hour breakfast and have a couple fried
eggs, while listening to a pair of Defcon attendees sitting next to me. The
girl is telling the guy about her plans for college. She's decided on UC
Berkeley, my alma mater. Go Bears!
I finish up and pay with two two-dollar bills-the cashier doesn't seem to want
them but one of the patrons at the counter does so we make a quick trade. I
wander back out onto Fremont Street, passing a Coke kiosk (who the hell drinks
soft drinks in Las Vegas?) and duck into Glitter Gulch, the old slot machine
joint that was transformed, a few years back, into a topless bar. Now that's
the kind of change I can embrace. There's no cover charge, but a two drink
minimum, so I decide to come back later when I have more time.
On my way back to the hotel I pass a cute babe whose job is to stand on th
e street, in a skimpy cowgirl costume-complete with fishnet stockings, which of
course historically provided cowgirls with very good protection against the
sage and under brush-and distribute free tickets to the Red Skelton tribute
show at the Plaza. I make a note never again to complain about my job. But a
tribute to Red Skelton? I would much rather see "The Spice Girls Experience"-
which actually is playing elsewhere in town! Only in Las Vegas...
* * *
Up at the conference someone has brought in stacks of "entertainment" magazines
such as "Private Dancers" or "Las Vegas First Class-XXX Nude Dancers"
(featuring former Clinton Girlfriends-yeah, I really wanna risk catching
whatever STD's Clinton has...) These are heaped up near the as yet unmanned
bar (dammit I want a drink!) Inside the merchandise room techno music plays,
and a light show competes with a screening of AnnaLiza's "Unauthorized Access"
hacker documentary from years ago.
Members of the Dis.Org Crew are passing out free temporary tattoos of bar codes
("Scan me, baby!"). I take a few and ask the blonde behind the table how they
work. She helps me put one on the back of my left hand, soaking it in water
then sliding it off the backing and putting it carefully in place-but it won't
stay, I have too much hair. Shoot.
A couple on the floor-a pretty young girl and a rather overweight young
guy-tell me that they're getting married. Would I be interested in
contributing $ for their wedding? Not being one to stand in the way of young
love I toss a quarter into their collection bucket.
I notice a girl whom I will refer to, mentally, as "S&M Chick", for the rest of
the weekend. She is browsing one of the hacker book tables. She wears a black
vinyl corset over a lacy black see-through shirt, black micro mini,
multi-colored hose that appear to depict magazine or newspaper articles, black
"Spice Girl Shoes", and a black slave collar with ring. Pale makeup with heavy
dark mascara and blood colored lipstick, and multi-colored black, teal, and
orange hair, in pigtails, complete the ensemble. Definitely attention-catching.
* * *
Back in the lecture hall, Paul Kocher tells us of his (successful) efforts to
break DES, the government's Data Encryption Standard and one of the most widely
used encryption mechanisms for the past 20 years. The basic technique is to
reject enough obviously bad keys that the machine can undertake a "reduced"
brute force attack on the rest. The machine, built at Cryptography Research in
San Francisco, and sponsored by the Electronic Frontier Foundation, was named
"Deep Crack" (an homage to the computer "Deep Thought" in "The Hitchhiker's
Guide to the Galaxy", which in turn appears to have been named after the
X-rated movie classic, "Deep Throat". End of Genealogy Lesson.) "Deep Crack"
consists of approximately 18,000 ASICs, Application Specific Integrated
Circuits, each expressly built for the purpose of cracking DES, and cost, in
total, about $250,000. It supports, or rather breaks, the various flavors of
DES, such as Cipher Block Chaining, Cipher Feedback Mode, and Output Feedback
Mode.
Breaking DES enabled them to claim a $10,000 reward from RSA Data Security.
But why spend $250,000 to win $10,000? They did it for a number of reasons:
* to validate academic claims that DES could be broken
* to point out that short key lengths are not secure. A 40 bit key space,
which is what the government wants exporters and foreigners to use, can be
broken by "Deep Crack" in 6 seconds.
* to refute government claims regarding the "security" of DES
* to provide information to users of DES
* and most importantly, perhaps-to demonstrate what attackers already know.
When he opens the floor to questions, an audience member says "Congratulations
and thank you-you have done something wonderful." The room breaks into
applause.
Paul tells us, in response to other questions, that he has found no obvious
back door in DES, that there has been no statement from the NSA (surprise) and
that "Deep Crack" cannot be used to attack Triple DES. In fact he estimates
that it would take 72 quadrillion of these machines to break T-DES. For this
reason he heartily recommends it.
Additional information on this effort can be found at www.cryptography.com.
* * *
At this point it's after 6 so I go outside. The floor in the entranceway is
carpeted with ads for nude dancers, burnt out cigarettes, empty cups and
bottles. It's a good thing I'm wearing heavy boots as I can hear all this
crunching underfoot. I run into "Dead Addict" whom I first met in 1994. He
seems to be doing well, working for one mainstream firm or another-I forget
which. I ask after Peter Shipley, a mutual acquaintance, but he hasn't seen
Pete. I take my leave and circle the tables in the merchandise room once more,
then go downstairs and head out, over to the Topless Girls of Glitter Gulch.
I watch dancers with outrageously huge (and outrageously fake) breasts writhe
on metal poles, pretending to find sexual gratification from this. My Defcon
notes glow in the black light. I notice some other conference attendees and go
chat to "PJ", an employee of one of the Big 7 (Big 6? At this point who can
remember...) accounting firms. He is enjoying the conference, and even more so
the dancing. He seems awfully mainstream, he could almost be mistaken for a
fed.
After awhile I decide I better get back to my hotel so I grab a cab and go back
to Treasure Island-listening the whole time to my cabbie's story of his divorce
and his crazy ex-wife. He should be paying me, I think!
* * *
The night is lost with memories of cruising the strip for good Italian food-
chianti-vodka-and some kind of ungodly pink slushee drink they serve in the
bars at Treasure Island, in a skull shaped mug which you can keep, if you can
down the concoction. Seems to me it would have been easier just to buy the mug!
* * *
August 2.
I return to the Plaza for Round 2. A list of machines and logins is
posted over the door of the auditorium, courtesy of one of the many hacking
groups present. Or perhaps its a set-up by one of the many TLAs present?
Inside, D'arc Tangent tells us that someone was interfering with the hotel's
security frequency yesterday. He got a little visit from the Plaza's goon
squad. He tells us, "if they catch you, you're going to jail." The prevailing
sentiment in the room is, "Why? The Plaza doesn't own the frequency."
* * *
Dan Veeneman speaks to the hungover crowd (apparently I missed quite a party
last night) about Low Earth Orbit satellite communications. He wears a
"Practical UNIX Terrorism" tee shirt that looks like an O'Reilley book cover
except that instead of an animal it has a picture of the Unabomber on the cover.
Dan outlines the various orbital bands above the earth-at 19,300 nautical miles
is the geostationary orbit. This contains satellites belonging to Inmarsat
(for marine navigation), American Mobile Satellite Corporation, TMI, a Canadian
firm, and Optus, an Australian firm. At 12,000 nautical miles is the outer Van
Allen Radiation Belt, along with some military satellites, and also the ICO
satellites. At 8,000 nautical miles is the Medium Earth Orbit or MEO band. At
3700 nautical miles the Inner Van Allen Radiation Belt. At 1100 nautical miles
the Low Earth Orbit or LEO band, which includes the Iridium, Globalstar, and
Orbcomm satellite systems, among others. And at 200 nautical miles, the
atmosphere. The Van Allen radiation belts are pretty hard on satellites-as is
the atmosphere-but Dan tells us there are plans to have satellite-like devices
in the atmosphere!
* * *
"Satellites are not bandwidth-limited, rather they are power-limited"
-- D. Veeneman
* * *
On to LEOs. Dan first covers "Big LEOs", each of which consists of a
constellation of satellites that will provide voice services in frequencies
above 1 GHz. These are essentially extensions to terrestrial cell service.
Motorola's Iridium System will have over 66 satellites traveling in 11 planes
at 421 nautical miles altitude. Unlike other systems, Iridium's satellites
will do on-board processing-they intend to make heavy use of inter-satellite
links. Currently Iridium has 72 satellites in orbit, but 7 of these have
failed in some way. Iridium will operate in the 1600 MHz frequency range.
Globalsat, a competing "Big LEO", has been dogged by power concerns due to
their small battery size. Apparently power management is one of the primary
problems aboard spacecraft. Many industry observers believe that the Globalsat
satellites are underpowered and will not be able to support all their
customers-that is if they are successful enough to have a lot of customers.
However as an ace in the hole Globalsat uses a mechanism called "Diversity
Combining" which enables up to 4 satellites to send the same signal to a
receiving cell phone, using CDMA, in order to provide sufficient power.
Ellipsat, a third competing system, actually has obtained a patent on their
orbiting scheme. They use elliptical orbits with the apogee (the point at
which the satellite is furthest from Earth) over the Northern Hemisphere-which
includes most of the Earth's land masses, and thus most of Ellipsat's customers.
Their satellites spend much more time on the apogee portion of their orbits so
are in "usable" locations for much longer-which means that fewer total
satellites are required. The orbit's perigee is over the Southern Hemisphere.
Ellipsat proposes to put its satellites into quiescent mode during the
relatively brief time that they are in perigee so that they may recharge their
batteries.
The fourth competing system isn't really a "Big LEO" at all, but rather a MEO.
ICO, a spin-off of Inmarsat, has 10 satellites with 2 spares and uses basic
TDMA for transmission. The small number of satellites is made possible by
ICO's higher altitude.
* * *
Dan now tells us about "Little LEOs". "Little LEOs" differ from "Big LEOs" in
that they are used only for data transmission in the VHF and UHF frequency
ranges. Some of the current Little LEOs are Orbcomm, E-Sat, Final Analysis,
LEO One USA, and Volunteers in Technical Assistance. These five companies are
currently sharing a common frequency range. It is unclear how this will be
resolved if these services become popular in the future. To further complicate
things, the same general frequency range is shared by satellites from the DOD,
the National Oceanic and Atmospheric Administration (NOAA, which performs
weather tracking and forecasting), and a French LEO system.
Orbcomm, a typical Little LEO, will consist of a constellation of 28 satellites,
which will be enhanced, we are told, to a total of 48 by 1999. There will be
six orbital planes of eight satellites each. The satellites are essentially
orbiting packet routers, each of which weighs about 100 pounds and, in Dan's
words, looks like a "big movie film cannister". They use X.400 addressing to
send "Global Grams". When the satellite can see an earth station it will relay
these packets; if it cannot see an earth station it will store data and forward
it later.
It is possible, Dan tells us, to monitor Little LEOs. All you need is a
receiver in the 137-138 MHz frequency range with a 25-50 kHz bandwidth. The
"rubber ducky" antenna works well. You will also need orbital predictor
software to help you determine where the satellite is, as well as "Two-Line
Elements" (TLEs-unfortunately I have not a clue what these are, and Dan never
tells us) to feed into this software. A better antenna is the M2 EB-144
"Eggbeater". This gives good performance without having to track the satellite
quite so closely, and it runs only $150.
* * *
LEOs typically use Direct Sequence Spread Spectrum. Unlike narrowband
broadcasting which is used by most normal RF communications, DSSS broadcasts a
much less powerful, much more spread out signal. In fact DSSS power is so low
that the signal normally sits below the noise floor, so if you didn't know a
signal was there, you probably wouldn't notice it. A side effect of this is
that satellites can conceivably be used as a covert relay channel by anyone who
happens to know where they are. It is unlikely that the additional traffic
would be noticed as anything other than an increase of the noise floor by a
slight fraction of a dB!
* * *
Dan opens the floor for questions. The crowd is beginning to wake up and so
they ask about May's nationwide pager failure. Dan answers that although a
backup satellite was available, technicians had to manually re-point all the
paging towers at the backup. (Now there's a classic case of bad system
design.)
Someone else asks about satellite failures, and Dan tells us that the best
source for information on outages is Securities and Exchange Commission
reports. He tells us, "You can lie to the FCC, but you can't lie to the SEC."
There is a question about Y2K. But as Dan says, "The problem with Y2K is that
you can't really say anything without your lawyer wanting to kill you."
* * *
I go out to walk the merchandise room while awaiting the next talk, by Peter
Shipley. I really wanted to get some of the books in there, so I pick up a
book on acquiring a new identity, and another called "Just Say 'NO' to Drug
Tests". I don't do drugs, but I think the un-Constitutionality of drug tests,
in almost every circumstance, is fairly apparent to the meanest of
intelligences. Well maybe not to the meanest of intelligences, as these seem
to belong to our current supreme court (in)justices. Defcon is, among other
things, a great gathering place for people with Libertarian ideals, which is
1. Why I feel at home here, and 2. Why I can find great books to buy here!
* * *
Outside in the corridor someone shows up with tee shirts I just have to have.
He is still taking them out of the bag as I fork over $20 and snag one-a
black shirt with the "Intel Inside" logo superimposed over an inverted
pentagram and the legend "Intel i80666 Pentagram Processor-Runs Hotter than
Hell". On the reverse is a picture of Bill Gates with Devil's horns on his
head, and the legend "Bill says, 'Buy It!'"
* * *
Back into the lecture hall, which is now overflowing with people waiting to
hear Peter. I can't find a place to sit so I go up to the front and sit on the
floor. Peter is standing to one side, looking his usual eccentric self, with
long flowing hair, billowy goth shirt, and a pair of goth fangs in his mouth.
He steps up to speak when a box of FreeBSD CD-ROMs is delivered, and he starts
asking trivia questions of the audience and tossing the CD's out to them. He
is trying to promote the use of FreeBSD, and also trying to promote the
audience's literacy by asking questions about Dante's Inferno. My
fave-"Which circle of Hell does Bill Gates belong in, and why?" One audience
member answers "the 9th circle, for betrayal to benefactors, where Judas
lives." This is greeted with applause and laughter.
* * *
Peter is here to tell us about the results of a 2 year long war-dialing study
he undertook in the San Francisco Bay Area (specifically LATA 1 of Pacific Bell,
including area codes 408, 415, 510, 650, 707, and 925.) He tells us he doesn't
know why we're all here, as he is just going to tell us everything we already
know. He notes carefully though that there are no state or federal laws
against war-dialing. It's covered by a local ordinance, and you're allowed one
phone call to a number-which is all he needed.
There are few published references on security problems with modem access, and
Peter's basic conclusion is that things are worse than he expected-Internet and
modem connectivity, as implemented in the real world, are equally insecure, and
system administrators do not seem to care!
Peter has scanned 402 exchanges so far (an exchange is capable of supporting
approximately 10,000 telephone numbers). His statistics show the following
distribution:
Carrier 1.01%
Busy 18.4%
Ring no answer 44.2%
Answers 36.3%
(Peter notes that the 1.01% carrier argues against Pacific Bell's plan to
raise rates based on usage of the telephone infrastructure for Internet
access...)
A majority of the dialups found greet users with a welcome message-this is a
very bad thing from a legal standpoint. It's very hard to prove trespassing
on a computer system if you "welcome" the "intruder". In fact, less than
2% of systems warn away possible intruders.
Additionally, a majority of dialups overly identify themselves, with such
information as the organization they belong to, or the OS version they are
running (very helpful to hackers.)
Peter saw about 94 modems per exchange, with the highest percentage of modems
in an exchange being 6.1%. Of the modems found:
2% have a warning in their banners
1% show the Internet Domain Name
2% were Shiva LAN Rovers
3% were Annex Terminal Servers
.4% were Ascend
.2% were PBXs - this was the console port of the PBXs, you MUST protect
this, preferably
with two-line dial back, key authentication, etc.
.4% were voice mail
Peter tells us that 2% of the Shiva LAN Rovers have no root password. 3% of
Ascends answered with an "ascend% " prompt. Many of the CISCOs encountered
answered with a command prompt; about 25% of these were in "enable" mode.
The baud rates encountered varied, but there were a lot of 1200 bps
connections-these are "juicy" as they're generally connections to building
environmental controls, voice mail, and other important systems.
Peter gives props to my alma mater. While UC Berkeley had the most modems
per exchange, these were also the most secure dialups!
Among all the different devices he discovered, Peter lists:
Firewall Router Consoles
Environmental Controls
Terminal Servers
UNIX Shells (he reminds us to make sure our modems drop carrier...)
DOS shells
T-1 Multiplexors
Oakland Fire Dispatch (he turned this in to the FBI)
Cody's book ordering database
A Dr. S- in Berkeley whose patients' records were publicly available
(unintentionally, one assumes)
On average Peter discovered a wide open system 4 times a week. He also notes
that 75% of dialups are vulnerable to some form of a hack. This seems to
agree with Dan Farmer's data on Internet connectivity and security problems.
So, how to defend your dialups? Build and install an intranet firewall to
segregate your modem bank subnet from the rest of your network. Write a
security plan. Audit your firewall. These are all basic steps that too many
of us forget or put off in the daily rush of business.
* * *
Peter opens the floor to questions. Someone asks why the telephone company,
in this case Pacific Bell, didn't notice. He doesn't know-he was even on the
cover of the San Jose Mercury News. Another questioner asks what happened when
the phone company contacted him for hitting trapped lines. He says this never
happened to him.
In closing he tells us he's about 75% done with the local exchange, and he'll
probably finish it, then quit.
* * *
As Peter leaves I follow him to talk for awhile-he gives me a bottle of Dis.Org
Ale (IPA spoof spice ale) which is pretty cool-the label features a picture of
the entire Dis crew taken at what looks like Burning Man, along with the
warning "1) Consumption of alcoholic beverages may inhibit celibacy
2) Consumption of alcohol may impair the ability to examine a system undetected
and build functional back doors". It is far too cool to drink so I save it as
a souvenir (besides, I'd rather have a vodka and tonic...)
* * *
The next speaker, Se7en, is so far a no-show. Too bad 'cause I was looking
forward to the talk on hacking the travel industry... Instead I wander into
the other room, where Johnny Zen is up on the stage asking trivia questions of
the audience and giving out "unusual" door prizes-mostly outdated computer
equipment. I walk to the front and sit on the floor, as I'm kind of used to
the floor by now, and watch for awhile... "What is the start up sequence for
a VAX?" "What kind of computer do you have to heat up before you can use it?"
(An IBM 1621-a very old computer with genuine magnetic core memory.)
Johnny decides to embarrass me and "fingers" me as a screenwriter for the
"Spot the Screenwriter" Contest. Why he thinks I look like a screenwriter is
beyond me, except maybe that I'm twice as old as the average audience member...
I'm wearing blue jeans, black suede boots, black silk shirt, and a grey tweed
blazer-are these the clothes of a screenwriter? Perhaps. Johnny asks the
audience to vote, but they seem kind of indecisive, so he fesses up that he
knows where I work, and I admit to working for an RBOC, which gets kind of a
mixed reaction from the crowd. He gives me a 2400 bps fax modem for being a
good sport-just what I need!
I go back to sit down and admire the "Big Brother Inside" sticker on
someone's laptop-Johnny continues the trivia questions and I come up with my
own, which I scribble on paper and give to him: "What year was the first
digital switch deployed in the Bell System, and what kind of switch was it?"
(Answers: 1976, No. 4 ESS) A bearded fellow-geek seated next to me decides
to ask the full name of the inventor of the first mechanical switch; even
I don't know this. (It's "Almon Strowger", for the curious...)
* * *
I wander outside and sit down in one chair, propping my feet in another, to
write, and to watch the crowd. Someone brings in a free case of Jolt and
plunks it down on the table right near me-I grab one in the general feeding
frenzy-the case doesn't last more than a minute. So I lean back and watch the
hackers come and go, and up my caffeine level...While Peter gives a filmed
interview to 2600 I chat with "Judy"-a more mature hacker, who says she's been
around from the beginning. She directs me to the "root shell" web site, with
the warning that after a hack shows up on "root shell" you can expect attempts
to be made with the new hack in two to three days... Sabrina from the
Georgetown School of Public Policy comes over with a survey on international
aspects of hacking-it asks questions such as "has an agent of a foreign
government ever asked you to hack into a computer system?" "Judy" lays into
her about the construction of the survey, while I can't help but wonder which
TLA is interested in the results...
* * *
Out in front of the casino I see S&M chick. I tell her she should get an
award for best outfit of the weekend. She asks me if I was there when phon-E
(a young hacker I remember chiefly because of the design of an atom, in red,
dyed into the back of his very black hair) was arrested. I say "No!
Too bad." Days later we will find out that the FBI pulled him in for
possession of a Herf gun-a magnetic "weapon" capable of frying most
electromagnetic devices-and possession of which is, as far as I know, not
against the law. Indeed, phon-E is only held for a day or two, on God only
knows what charges (if any), and then released.
* * *
My last memory is of Isabel, a beautiful redhead with short curly hair, shaven
across the back of her head, blue eyes, ivory silk shirt unbuttoned just enough
to be sexy, beige plaid pleated "Catholic School Girl" skirt, beautiful legs,
cute khaki ankle socks, high heels, and a very high-tech low power ham radio
system for communications within the hotel-she has an earphone in one ear and a
microphone attached to the collar of her shirt. I don't remember, from my own
youth, any geek-ettes even remotely this gorgeous. But she's gorgeous and
intelligent-I will tell a friend later that she reminded me of the ZZ Top song
"Legs", or more accurately, my own paraphrase of that song-"She's got
brains.... She knows how to use them...."
This is true of most of the crowd I think. They are way over the national
average in terms of intelligence, even if it is mostly directed toward
technology. Perhaps that's appropriate-we live in a very technical world now.
So why is government concerned about these people? All that brain power and
youthful energy-who knows what they could do?
Entire Contents copyright 1998 T. J. Barrett, all rights reserved