White-hat hackers huddle in D.C.
The white hats don’t wear white hats.
They wear jeans, shorts, T-shirts and hoodies; many had bike-messenger bags. They have beards of diverse lengths, shaved heads and multiple tattoos. Sometimes, the more eminent, established white hats can be found in khakis.
They are not white hats as a figure of style but as a figure of speech for the digital age: the good-guy hackers and security professionals in the war against the bad-guy hackers who topple Web sites, pilfer credit card account information and post aggravating spam links on Facebook pages — the black hats.
Those darn black hats are loathed by the 1,850 white hats from around the world who are at the Washington Hilton this weekend for the annual ShmooCon, where they attend talks titled “TTL of Penetration,” “Soft Markers in Attack Attribution” and “All Your Codes Belong to Me!” In between, they hack, play video games and sit around ballroom tables picking padlocks.
The white hats, most of whom are men, are government contractors and system administrators. They work in undisclosed locations, in offices with multiple monitors, keeping out the invaders. Many of them would need a considerable wardrobe upgrade before Thanksgiving dinner at the White House, but so what?
“This is one group of people who you can’t stereotype based on how they look,” said Keith Howell, a “solutions architect” at Assurance Data, an Alexandria data security firm. “There are some extremely smart people here who didn’t finish school. But everyone here listens to each other no matter what they look like, how they talk, or whether they have a ponytail and pink hair.” Just about then, a bald man walked up and head-butted Howell’s shoulder. He continued: “We are here trying to think like black hats but on the white-hat side.”
Although the conference, sponsored by the nonprofit Shmoo Group of information security professionals, promotes respect and tolerance among the white hats to fight the good fight against the wicked interlopers, that doesn’t mean all white hats behave equally well. The conference’s “event manual” lists these no-nos: “vandalism,” “criminal network or infrastructure hacking,” “disrespect towards hotel staff,” “drunk and disorderly conduct,” and “illegal acts and the like.”
On Saturday afternoon, everyone behaved. In small breakout rooms, while not attending talks, the white hats played the video game “Team Fortress 2,” tinkered with network gear and software, ate pizza, hacked, ate more pizza, and discussed academic papers with titles such as “Feedback Control Applied to Survivability: A Host-Based Autonomic Defense System.” Some white hats decompressed by flipping through books about turning Legos into robots.
One of the most crowded rooms was the Lockpick Village, where The Open Organization of Lockpickers provided locks, lock-picking tools, and instruction on the craft of picking deadbolts, padlocks and handcuffs. “Master Locks are really fun. It’s easy to pick them to build up confidence,” said Babak Javadi, the founder of the lock-picking group.
Obvious question: If white hats are the good guys, why are they picking locks?
“The people who are at this conference are here for the sake of the hack itself,” Javadi said. “What is your data protected with? A lock. People who have the mind-set of finding creative solutions to complicated problems are drawn to the electrical side and the physical side of the problem.”
His group teaches hackers two metaphorically important rules: Don’t pick locks you don’t own, and don’t pick locks in use.
Michael Shea, who works for a software company in California, had picked several locks by lunchtime. He offered this bit of poetry about picking locks and the relationship to hacking: “It’s a Rubik’s Cube for the colorblind.” Beautiful, Mr. Shea.
Out in the hallway, Mike McCabe was walking around wide-eyed. He’s 26, a District resident and hoping to leave the boring side of IT programming work to become a white hat. He compared a standard IT conference, with its big vendor booths and executives in suits, with what surrounded him at ShmooCon.
“Look around here,” he said. “People here are so creative, they have passion for what they do. They are proud of their work.”
More local news coverage: After 50-year absence, streetcars to return to the District Metro’s never-ending renovations: Is it getting any better? McCartney: Don’t fall for smears against the Girl Scouts Clinton accepts AU’s ‘Wonk of the Year’ award