washingtonpost.com
NEWS | LOCAL | POLITICS | SPORTS | OPINIONS | BUSINESS | ARTS & LIVING | GOING OUT GUIDE | JOBS | CARS | REAL ESTATE |SHOPPING
'); } //-->
Hackers Meet to Exploit Computer Flaws

By DAN GOODIN
The Associated Press
Sunday, August 6, 2006; 7:47 PM

LAS VEGAS -- In a dimly lit room off the main drag of a computer-security conference, programmers guzzle caffeine-laced drinks and wolf pizza while methodically hunting for cryptic messages hidden in the bowels of enemy territory.

They're looking for long strings of numbers and other clues that contest organizers have embedded within servers, the giant computers that perform critical tasks such as processing credit card transactions and granting employees remote network access. The game is the digital equivalent of capture the flag _ but instead of kids trying to seize a tattered cloth in the backyard, these technophiles are searching for vulnerabilities that expose corporations and consumers to online criminals.

"There are more castle walls to defend, and each one is vulnerable to a different cannon ball," says Jason Spence, 26, a network security consultant donning a red fedora and blue tie during Defcon, one of the world's most important conferences for hackers, computer security professionals and government agents.

About 6,000 computer aficionados gathered at the annual three-day event in Las Vegas, which concluded Sunday. More than 500 contestants will have competed in capture the flag and 16 other Defcon games, considered a legal talent show for hackers _ a way to show corporations, consumers and government agencies how vulnerable their networks are, without the risk of criminal prosecution or financial liabilities.

"The ability to do something that's socially unacceptable is always a thrill," says Chris Eagle, a computer science professor at the Naval Postgraduate School in Monterey, Calif.

Several rooms away, 17-year-old Dan Beard is readying a robot that took him four months to design. The machine shoots pellets using a camera that can see all of its 30 targets, which are the size of 50 cent pieces situated about 10 feet away. Most competing robots are equipped with cameras that can see only a fraction of the targets.

"I might not be the fastest, but I'm definitely going to hit most of them down," says Beard, a high school student in Newport Beach, Calif.

Other games include a lock-cracking tournament, where contestants armed with picks compete to be the first to open a door protected by a padlock, dead bolt and doorknob lock. This year's winner, 21-year-old Babak Javadi, beat out 67 other players.

Javadi, a student of computer engineering at Iowa State University in Ames, says he enjoys lock picking for the challenge and because it helps him visualize some of the more intangible aspects of computer programming. But he also credits the sport with helping manufacturers make more secure locks.

"There's a huge benefit from this hobby because vulnerabilities are found," he said.

Back in the room hosting the three-day capture-the-flag competition, empty pizza boxes and soft drink containers litter tables as the three-day game unfolded. Industrial beats from a band called Mindless Self Indulgence blast over a sound system while a short video animation of a scantily clad woman working an electric drill is beamed on one of the walls.

L@stplace, a team that has easily been in the lead since the contest began, is suddenly seeing its position challenged by a group with a name not fit for print.

In less than an hour, the resurgent team has rallied with a volley of attacks, penetrating its opponents' servers and overwriting files. The team is scoring major points for increasing its number of "Pwns," hacker speak for possessing, or owning, an opponent's computer.

"We don't know where they're coming from," said Robert Hudock, a 33-year-old L@stplace member and Washington, D.C., attorney annoyed over the onslaught from the unmentionable team. "We're hanging by a thread."

___

On the Net:

http://www.defcon.org

© 2006 The Associated Press