Nothing makes hackers happier than breaking into a computer that anotherhacker set up, especially when an appreciative audience is watching. Smallsurprise, then, that there were plenty of grins at last weekend's BeyondHOPE hacker convention in New York City.
The first break-in attempt came at about 4 a.m. on Friday when a huge,tattoo-encrusted Englishman named Cyberjunkie ran a utility that probedthe network of HOPE's Dutch sister conference, Hacking In Progress. Theplan: to expose any weaknesses, then peel away the security measures ofthe target computer like the layers of an onion. The program quickly foundseveral obvious security holes. "So I had to do something," Cyberjunkiesays. "It's a bit like waving a red flag at a bull, isn't it?"Like the encierro at Pamplona, Cyberjunkie sent a stampede of null informationinto one of the server's memory buffers until it choked and overloaded.
Quietly attached at the end was a simple script that granted him theaccess he wanted. (In hacker argot, this is known as an IMAP exploit.)
Because hacking is not only encouraged but rewarded at HOPE -- whichconference organizer Emmanuel Goldstein revived this summer after a three-yearhiatus -- each of the thousands of participants received an IP address withwhich they could glom onto the Puck Building's 10-megabit network and connectto the rest of the world. The Pittsburgh-based DataHaven Project provided15 public terminals, but Ethernet hub plugins were plentiful. Confused?No problem.
The 13-year-old with braces in the next chair was glad to help out. Afterall, he'd already hooked his ancient DEC, Hewlett-Packard or portable IBMonto the Net and was busily trying to gain root access.
When you'd tired of chatting on IRC #hope (topic at 4:11 p.m. on Saturday:"HOPE is a commercial enterprise full of bullshit"), you couldbrowse through the various kinds of phone equipment, T-shirts or softwarethat were on sale.
Ether Bunny sold $250 worth of lineman's equipment (including severalSouthwestern Bell hard hats) in just over an hour. There was, of course,a constant stream of panels to attend: Tiger Teaming (better known as securityconsulting); cryptography; how to hack Windows NT; Metrocard hacking; aprisoner panel that included Bernie S. and Phiber Optik; and an amazingtalk on privacy given by investigator Steve Rambam.
Best known for tracking down 161 Nazi war criminals hiding in Canada,Rambam is a consummate connoisseur of databases. "It is true that Ican go online and reliably determine if you are a homosexual or a lesbian.It is true that I can go online and determine your religion. I can go onlineand, without breaking a sweat or getting carpal tunnel syndrome, find whatmovies you rent at Blockbuster," he said.
Yet Rambam takes an unlikely stance on the privacy issue, especiallyin a room full of paranoids. Closing off databases, he says, will not adverselyaffect his work -- since he'll always be able to buy the information fromsomeplace. "It will harm the ability of the average person to controltheir lives; to check up on government to see if they are lying to him,to check up on big business to see if they are lying to him, to check upon the guy next door and see if he is an ax murderer," he said.
Now Rambam may be biased, for he operates a billion-record database thatis accessible online to subscribers (he refused to give the URL for fearof hacking attacks). Nevertheless, it was rare to see so many teenagerstaking copious notes, noted fellow attendee Shabbir Safdar. The audiencecouldn't get enough of Rambam, who looked more like a fed than a hackerin his custom-made Hong Kong suit. (A big hit was when he detailed how toturn a dead man's identity into your own.) But ultimately, Rambam questionedwhy anyone would want to: "The fact of the matter is that there isno real reason to hide who you are and what you do."
It's an unfortunate but true statement about the state of hacking today.Where have all the good hacks gone? Three years later and the flimsy Metrocardis still impenetrable. A panel of hackers turned security consultants showedthat one of the biggest challenges for today's data cowboys was changingthe preconceived notions of hackers held by the corporations they work for.
Keynote speaker Brock Meeks went so far as to admonish the crowd fortheir low hacker batting average (only 20 percent of all government computersystems have been hacked). His address was putatively a history of hackingin America, but it sounded more like a call to arms for the audience. "You'regoing to have to learn how to hack the media, because you haven't been doinga good job of it," Meeks said.
Indeed, hackers get their share of bad press, and they gripe about itto no end. And HOPE highlighted the split personality hackers bring to theirrelationship with the media. Like most groups, they lambaste journalists.Yet their keynote speaker wasn't an agent provocateur, but a member of thepress (albeit an esteemed one who champions the hacker cause). There wasa panel discussion (which I participated in) where hackers could finallyturn the tables on the media in attendance. "No weapons allowed,"said the schedule of events. Yet only one of the audience's questions criticizedthe press, specifically noting John Markoff and his book on Kevin Mitnick.There was even a "Media Portrayal of Hackers" survey being distributedby a University of Tennessee sociology student as part of his master's thesis.
Perhaps it's useless to analyze hacker-vs.-media stereotypes. After all,the hacker community has shown that it can successfully run its own magazines,pirate radio stations and web sites. If it's true that information technologyis going to obliterate old media, the horsemenof the apocalypse are morelikely riding from alt.2600 than from Wired. "The whole 2600 thingis a media hack," admitted Goldstein. And the success of this year'sHOPE showed not only that Goldstein knows how to co-opt the media but thathe might be a damn good entrepreneur as well.