Def Con hackers go mainstream but still love to party

When Jeff Moss founded the Def Con hackers convention in 1993, he never imagined that two decades on, one of the key speakers at the annual Las Vegas event would be four-star General Keith Alexander, head of the U.S. National Security Agency.

Once known as an excuse for computer geeks and social misfits to drink cheap beer, create mischief and party all night Sin City-style, Def Con has transformed itself into a venue where elite and amateur hackers alike debate serious security issues with experts from the public and private sectors.

While there was still plenty of merrymaking for hackers at last weekend's conference, it also drew top corporate executives, military officers and intelligence agencies looking to recruit the brightest minds in the crowd.

"Hacking has gone from being a hobby to a profession," said Moss, who was working as a messenger at a law firm when he founded Def Con to mark the shutdown of a Canadian hacking network known as Platinum Net.

Talented computer security experts are in high demand as government agencies and corporations grapple with increasingly sophisticated cyber attacks.

About 100 hackers showed up at the first Def Con nearly 20 years ago. A record 15,000 people attended the latest meeting, including Alexander, who called on hackers to join U.S. government efforts to make the Web more secure.

Hackers unite

The changes in Def Con reflect the influence of Moss and other hackers who now counsel government leaders and technology companies on how to protect their information networks.

Moss, known in hacking circles as "The Dark Tangent" or just DT, is an advisor to the U.S. Department of Homeland Security and chief security officer of ICANN, an organization that manages some of the Internet's key infrastructure.

Def Con promotes "white hat" hacking, which aims to identify security flaws so that software makers and other manufacturers can fix them before criminals use the vulnerabilities to launch attacks.

"Black hats" are felons, and "gray hats" fall somewhere in the middle.

In its early years, Def Con had such a wild reputation -- even by Las Vegas standards -- that Moss had trouble finding major venues to host the meeting. The raucous attendees not only liked to hack into every computer network they came across, but also sometimes caused physical damage to facilities, organizers said.

Last year, the restaurant computer system crashed at the Rio Las Vegas Hotel and Casino, which has hosted the past two Def Cons. Long lines ensued, and servers had to take orders with pen and paper. This year, cellphone calls were mysteriously jammed for several hours.

Organizers routinely advise attendees to leave their ATM cards at home, turn off all wireless connections on their mobile devices and generally be on guard, describing Def Con as one of the most hostile hacking environments on the planet.

Nevertheless, there are fewer problems nowadays than in the early iterations of Def Con, and organizers say that mischief makers account for a small minority of attendees.

"Def Con has cleaned up," said Brendon "cstone" Creighton, a member of the "Ninja" hacker crew, which hosted one of the conference's biggest parties over the weekend.

That calmer atmosphere may be partly due to an increased military presence at the conference.

"Everybody is trying to recruit you," noted Creighton. "There are Army guys handing out business cards."

There were even investors scouting the crowd of teens and adult males, some of whom were tattooed and had colored hair and Mohawks. Some were dressed in kilts and exotic costumes, but most just wore T-shirts with shorts or jeans.

Nico Sell, an organizer who is also an angel investor, decided to help two college students build a company in 2004 after they showed up with a hacking "gun" that could attack mobile phones from more than a mile away. It was dubbed "Bluetooth Sniper."

They eventually founded Lookout, now one of the biggest providers of software for mobile devices, with products available through major carriers including Verizon Wireless , Sprint Nextel Corp and T-Mobile USA .

"The roots of our company are in Def Con," said Lookout Chief Technology Officer Kevin Mahaffey.

Moss calls Def Con a "neutral zone" for feds and hackers to mingle. The conference's all-night parties have become increasingly lavish, with corporate sponsors including Facebook Inc , Zynga Inc and Qualcomm Inc .

One such event was organized by the Ninjas, who invited more than 1,200 hackers, security experts, federal agents, corporate executives and other "cool people" to a pool party in the courtyard of a boutique hotel on Saturday night.

A rapper belted out songs with lyrics like "Drink all the booze. Hack all the things." The invitations were in the form of HTC One Android smartphones that could access a specially built GSM mobile wireless network that ran off a wireless antenna on top of a van filled with computer equipment.

Building that network -- and designing retro Ninja Tel phones -- took nearly a year and several hundreds of thousands of dollars, which the Ninjas got from Facebook, Zynga, Lookout and a unit of Qualcomm known as AllJoyn.

Why put in so much work for a party?

"Strippers aren't so interesting anymore, so build a phone company," said Ninja crew member pinguino, a 34-year-old woman from Los Angeles. "It's kids growing up."

To be sure, the vast majority of Def Con attendees are not recruited by the feds or invited to a Ninja party. Most -- known in Def Con parlance as "humans" -- hang out with friends, watch movies, learn to pick locks and enter hacking contests.

In one big room, 20 teams of geeks spent three days crouched over laptops, jamming out code at a feverish pace in Def Con's "Capture the Flag" contest, considered one of the world's top hacking competitions. The goal was to attack the computers of other teams and defend your own.

Electronic music played in the background, and projectors showed videos of scantily clad young women and other footage on the walls. Irreverent organizers handed out finger condoms to promote "safe hacking."

By Saturday night, about thirty hours into the competition, the contestants looked dazed.

Jared Demott, the principal security researcher with Harris Corp , says he enters these contests to stay at the top of his game.

"It's fun," he said, "but not all that fun."

Reuters