Photos: Hacking at Defcon

1 of 14 NEXT PREV

Capture the Flag

Teams compete in Defcon's Capture the Flag game, organized by a group called Kenshoto. In this computer security war game, the goal is to attack rivals' networks while simultaneously defending one's own.
To participate, would-be entrants must score well in a prequalifying round by answering questions ranging from hacker trivia to computer forensics and Web server administration.

Published: August 8, 2006 -- 04:12 GMT (21:12 PDT)
Caption by: Bill Detwiler
DefconBots

What self-respecting hacker convention would not include a "Computer Controlled Weapons Development" competition? It's called DefconBots, and the task is to create a computer-controlled gun that can track stationary targets and shoot them from 10 feet away.
For safety's sake, no metal projectiles were allowed (that is, no firearms). Instead, competition participants used projectiles like plastic pellets. Servo motors driven by a laptop controlled the gun. To penalize a shotgun approach, the contest rules included targets painted black that yielded negative points if they were hit.

Published: August 8, 2006 -- 04:12 GMT (21:12 PDT)
Caption by: Bill Detwiler
Dunk tank

The Electronic Frontier Foundation organized a novel fundraiser at the Defcon convention: a dunk tank.
Isaac Levy, a member of the New York City BSD User Group (pictured in the dunk tank) said he volunteered for the job "totally to support the EFF." By late Saturday afternoon, after nearly two full days, the Electronic Frontier Foundation had raised about $2,000.

Published: August 8, 2006 -- 04:12 GMT (21:12 PDT)
Caption by: Bill Detwiler
Michele

A woman who gave her name as Michele volunteered to be dunked to support the Electronic Frontier Foundation. If conference attendees couldn't hit the target from about 25 feet away, they could pay $20 to walk up and push the lever to dunk their victim. Many did.

Published: August 8, 2006 -- 04:12 GMT (21:12 PDT)
Caption by: Bill Detwiler
Lost Boy

An electrical engineer and robotics expert named Ryan Clarke who goes by the alias "Lost Boy" (left) created a unique "Mystery Box Challenge" for this year's Defcon hacker convention.
Teams (with names like GrayHat Militia and Aquateen Hacking Force) were given a locked metal box wrapped with wires with a simple circuit built on a breadboard inside on Friday. The task was to be the first to open the box, decode a picture puzzle, analyze the circuit and figure out the magic word. It was, by the way, "1057," which can be read as "lost" spelled entirely in numerals.

Published: August 8, 2006 -- 04:12 GMT (21:12 PDT)
Caption by: Bill Detwiler
Clarke's puzzle

Clarke said he started working on this puzzle in January and finished it just in time for Defcon. Out of the 15 teams that entered the competition Friday, which started at 2 p.m. PST, three successfully finished by 6 p.m. that day.
"I tried to think of a way to get hardware involved at con," Lost Boy said. (The skeletal hand and fangs were just there for decoration.)

Published: August 8, 2006 -- 04:12 GMT (21:12 PDT)
Caption by: Bill Detwiler
Lock picking

Lock picking has long been a Defcon tradition, mostly because hackers view locks as just another security challenge. In this photograph, conference attendees try their skill at trying to pick a series of padlocks.
Also at the conference, attorney Marc Tobias warned that many pin tumbler locks are vulnerable to opening through technique called bumping (click here for PDF). It relies on obtaining a "bump key" that has all cuts at the maximum depth. By inserting that key and rapping it sharply, the lock can be opened.
"From a legal standpoint, from a risk standpoint, we've got a problem," Tobias said. He recommended, among others, Medeco high-security locks.

Published: August 8, 2006 -- 04:12 GMT (21:12 PDT)
Caption by: Bill Detwiler
Defcon badges

For a novel twist on the staid idea of a conference badge, Defcon organizers turned to Joe Grand (alias "Kingpin"). Grand designed a badge that was a circuit board with built-in LEDs and a holder for a battery. It was manufactured by E-Teknet, pictured in this photograph, and was intended to be difficult to forge.
Grand's creation used two light-emitting diodes, a switch and a Microchip PIC10F202 microprocessor. Of course, because thousands were distributed at a hacker convention, some attendees tried to hack their badges. One idea: Replace the badge's blue LEDs with infrared LEDs that could then be used to control televisions in Las Vegas bars and restaurants.

Published: August 8, 2006 -- 04:12 GMT (21:12 PDT)
Caption by: Bill Detwiler
External antenna

Any serious wireless hacker needs an external antenna to boost Wi-Fi signals. At Defcon this year, vendors were selling "WarDriving and Penetration Testing Cards and Kits" that would dramatically amplify a laptop's range.

Published: August 8, 2006 -- 04:12 GMT (21:12 PDT)
Caption by: Bill Detwiler
Pink underwear

This pair of pink undies asks for a username and password.

Published: August 8, 2006 -- 04:12 GMT (21:12 PDT)
Caption by: Bill Detwiler
"I READ YOUR EMAIL" cap

A baseball cap for sale says "I READ YOUR EMAIL."
At a hacker convention, it might even be true. The "Wall of Sheep" is a Defcon project that sniffs out passwords and login data that are traveling over wireless connections. If it finds one, it'll display on a projector (though obfuscate your password just a little). Attendees are encouraged to use a wired connection instead--and encrypt everything, just in case.

Published: August 8, 2006 -- 04:12 GMT (21:12 PDT)
Caption by: Bill Detwiler
Meet the Feds

Among federal intelligence and police circles, Defcon has been known as a convenient location to nab hackers. For instance, Dmitry Sklyarov was arrested five years ago for alleged Digital Millennium Copyright Act, or DMCA, violations.
Now that relationship is thawing. This photograph shows military, law enforcement and even some senior government officials showing up at Defcon for a "meet the Feds" preview.

Published: August 8, 2006 -- 04:12 GMT (21:12 PDT)
Caption by: Bill Detwiler
An embarrassed sergeant

It's often easy to spot federal officers at a hacker convention because of their short haircuts and military demeanor. At Defcon, the conference organizers have made a sport of it, with awards going to people who are especially good at Fed spotting.
The woman in this photograph, who did not give her name, verified her suspicions about this Fed (center) through a truly novel mechanism. She told the audience she had sex with the suspected Fed and then, when he was asleep, went through his belongings. The slightly embarrassed man acknowledged that he is a master sergeant in the military.

Published: August 8, 2006 -- 04:12 GMT (21:12 PDT)
Caption by: Bill Detwiler
Dan Kaminsky

Dan Kaminsky of DoxPara Research cares so much about the concept of Net neutrality that he wrote a utility to find out whether an Internet service provider was playing fair.
The code, as Kaminsky described it during a speech at Defcon, looks at dropped packets to detect whether any funny business is going on.
"It is automatically able to tell the amount of bandwidth between any two points," Kaminsky said.

Published: August 8, 2006 -- 04:12 GMT (21:12 PDT)
Caption by: Bill Detwiler

1 of 14 NEXT PREV

In Las Vegas, more than 6,000 attendees party, compete over weekend at world's largest hacker convention.

Capture the Flag

Teams compete in Defcon's Capture the Flag game, organized by a group called Kenshoto. In this computer security war game, the goal is to attack rivals' networks while simultaneously defending one's own.

To participate, would-be entrants must score well in a prequalifying round by answering questions ranging from hacker trivia to computer forensics and Web server administration.

Published: August 8, 2006 -- 04:12 GMT (21:12 PDT)

Caption by: Bill Detwiler

1 of 14 NEXT PREV