malk+bunnyThis week we have the DefCon 20 and Black Hat computer security conferences in Las Vegas — reasons enough for me to do 2-3 columns about computer security. These columns will be heading in a direction I don’t think you expect, but first please indulge my look back at the origin of these two conferences, which were started by the same guy, Jeff Moss, known 20 years ago as The Dark Tangent. Computer criminals and vigilantes today topple companies and governments, but 20 years ago it was just kids, or seemed to be. I should know, because I was there — the only reporter to attend Def Con 1.

In those days there were no independent computer security research organizations. There were hackers, or more appropriately crackers, as they were known.

Def Con (notice the different spelling) was a computer criminal’s rave where — for reasons I could never quite understand — the cops were invited to attend. The Dark Tangent can now legally drink at his own show (he couldn’t 20 years ago), he picked up a real name along the way and even an MBA, so of course the show is now supposed to make money. They still play Spot the Fed, with the person who spots the Fed getting a t-shirt that says, “I spotted the Fed,” and the Fed who has been outed receiving a shirt that says, “I am a Fed.” It’s cute, but no longer clever.

Def Con 1 attracted around 150 hackers and crackers to the old Sands Hotel back before ConAir Flight 1 smashed the hotel to bits for a movie. The year was 1993 and InfoWorld, where I worked in those days, wouldn’t pay my way, so I went on my own.

It was surreal. I knew I wasn’t in Kansas anymore when my cellphone rang in a session, setting-off four illegal scanners in the same room. As I left to take my call in the hallway I wondered why I bothered?

There were two high points for me at Def Con 1. First was the appearance of Dan Farmer, then head of data security for Sun Microsystems. Dressed all in black leather with flaming shoulder-length red hair and a groupie on each arm, Dan sat literally making-out in the back row until it was time for his presentation. But that presentation was far more entertaining than the smooching. In a series of rapid-fire slides Farmer showed dozens of ways in which crackers had attacked Sun’s network. He explained techniques that had failed at Sun but would probably have succeeded at most other companies. It was a master class in computer crime and his point, other than to prove that Dan was the smartest guy in the room, was to urge the crackers to at least be more original in their attacks!

But the best part of Def Con 1 was the battle between the kids and hotel security. Contrary to popular belief, breaking into Pentagon computer systems was not very lucrative back then, so many of the participants in that early Def Con did not have money for hotel rooms. The Dark Tangent handled this by renting the single large meeting room 24 hours per day so it could be used after hours for sleeping. Alas, someone forgot to explain this to the 6AM security shift at the Sands. Just as the hardy group of adventurers returned from a late-night break-in at the local telephone company substation, fresh security goons closed the meeting room and threw the kids out.

It is not a good idea to annoy a computer cracker, but it is a very bad idea to annoy a group of computer crackers bent on impressing each other.

The meeting reconvened at 9 or 10 with the topic suddenly changed to Revenge on the Sands. Gail Thackeray, then a U. S. Attorney from Arizona who at that moment had approximately half the room under indictment, rose to offer her services representing the kids against the hotel management.

Thackeray had been invited to speak by the very people she wanted to put in jail.  I told you this was surreal.

Adult assistance might be nice, but a potentially more satisfying alternative was offered by a group that had breached the hotel phone system, gained access to the computer network, obtained root level access to the VAX minicomputer that ran the Sands casino, and were ready at any moment to shut the sucker down. It came to a vote: accept Thackeray’s offer of assistance or shut down the casino.

There was no real contest: they voted to nuke the casino. Not one to be a party pooper, I voted with the majority.

Gail Thackeray, feeling her lawyer’s oats, was perfectly willing to be a party pooper, though. She explained with remarkable patience that opting en masse to commit a felony was a move that we might just want to reconsider, especially given the three strikes implications for some of the older participants.

We could accept her help or accept a date with the FBI that afternoon. The Sands (now the Venetian), which was ironically owned by the same folks who used to run Comdex, never knew how close it came to being dark.

It was a thrilling moment like you’d never see today. Everyone who was in that room shares a pirates’ bond. And though I can’t defend what we almost did, I don’t regret it.

And like the others, I wish Gail Thackeray had stayed in Arizona and we’d shut the sucker down.

Tomorrow: the surprising future of computer security.