• On CHOW: Restaurant food poisoning etiquette
August 10, 2008 11:29 PM PDT

Defcon ends with researchers muzzled, viruses written

by Elinor Mills
  • Font size
  • Print
  • 10 comments
Share

LAS VEGAS -- The Defcon hacker conference ended its 16th year on Sunday, sending about 8,000 attendees home from a weekend of virus writing, discussion of Internet attacks, and general debauchery.

The highlight was most definitely the restraining order which prevented three MIT students from presenting their research on how to hack the Boston subway system. The students attended the event and even gave a news conference after the order came down on Saturday, but did not present their highly anticipated talk.

Instead, journalist and security expert Brenno de Winter took their empty spot and discussed how the cards used in transit system in The Netherlands and London can be hacked just like the ones used in Boston. Both systems, and many around the world, use the Mifare Classic chip technology, whose cryptography was cracked by researchers last year.

Defcon founder Jeff Moss, alias "Dark Tangent"

(Credit: Elinor Mills/CNET News)

"I was advised by several lawyers not to go into details of the Mifare Classic, but anybody who has access to Google...," de Winter said.

Breaking the rules is always a theme at Defcon, but while irreverence for established corporate and government protocols is condoned if not exactly encouraged, breaking Defcon rules definitely has its consequences. Defcon officials said they were considering banning film crews from future events after ejecting a team from the G4 cable network on Saturday for allegedly videotaping a crowd. Photographers and videographers are required to get permission to shoot anyone, even from behind, and are forbidden from shooting crowds.

There was a report that police were called in to investigate a Windows-based kiosk that was hacked to display pornographic images in the lobby. And the usual rowdiness and late-night drinking were a nightly, if not daily, activity. However, things did not seem to reach the level of tomfoolery they did in in the early and mid-1990s when elevators were hacked and cement was poured down toilets. Of course, many of the script kiddies from that era are now married with children.

There were, of course, a range of sessions, including ones on evaluating the risks of "good viruses," hijacking outdoor billboard networks, and compromising Windows-based Internet kiosks.

Members of SecureState, a company that does penetration testing of corporate networks, gave a live demo in one session of an automated attack on Microsoft SQL Server-based computer that left the machine vulnerable to attackers installing viruses and other malware. The team used new tools they are offering for download, SA Exploiter and Fast-Track.

One of the more controversial events at the event was a "Race to Zero," in which teams modified samples of viruses and tested them against antivirus software. Four teams managed to complete all the levels and get through the antivirus software.

There were less technical contests as well. "Mike" from Chicago won $3,000 for spending 30 straight hours listening to pitches and marketing buzz from security company Configuresoft and correctly answering questions on periodic quizzes on the presentations. After the announcement, he jumped out of his seat with his arms in the air. Asked how he felt, Mike, who declined to give a last name, said he "felt smelly."

The contest, called "Buzzword Survivor," was not without scandal. Several contestants claimed--and submitted a cell phone photo as evidence to organizers--that one of the contestants had fallen asleep at one point. However, he was allowed to remain in the contest and made it to the very end with all the others, winning $200. The second prize was $1,000.

Gartner analyst Paul Proctor came up with the idea on a whim. It was originally intended to have 10 contestants competing for 36 hours for a $10,000 prize, but the prize was reduced when only one sponsor stepped up.

The contestants had 10 minute breaks every hour, but otherwise were in their seats listening to detailed talks about the company, its products, and the industry.

"We've submitted them to pain," Andrew Bird, a Configuresoft vice president, who served as MC at the end of contest, said mischievously. "We played recorded Webinars at 4 a.m."

Note: In the video below, Defcon founder Jeff Moss, alias "Dark Tangent," discusses the ethics of hacking and disclosure issues that provoke debate, and often lawsuits, at the event.

(Credit: Elinor Mills/CNET News)

Click here for more coverage from Defcon.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

News

Tags:

Defcon 2008,

hackers

Share:
Digg
Del.icio.us
Reddit
advertisement
Click Here
Recent posts from Security
Google sues over alleged work-at-home scams
Study: Facebook users willingly give out data
Youth using phones to harass and spy on partners
PC Tools Internet Security 2010 reviewed
Google Chrome now bundled with Avast
Some Avast users must reinstall flagged files
Defense Dept. pulls software over privacy issues
Microsoft to plug critical IE hole targeted by exploit code
Related
Building circuits, code, community at Noisebridge hacker space
Apple plugs holes for domain spoofing, other attacks
Science untarnished by 'Climategate,' U.N. says
Can Comcast-NBC play nice with Hulu?
Buzz Out Loud Podcast 1109: In the future we'll all be cats
Buzz Out Loud Podcast 1105: The New Testament of Torrents
Week in review: Old faces in new places
Comcast snags NBC Universal to build $37 billion venture
Add a Comment (Log in or register) (10 Comments)
  • prev
  • 1
  • next
by livecrunch August 11, 2008 7:25 AM PDT
I think this is amazing hack which actually reminds me of the movie that just came out to DVD called "21" where MIT students used simple math to count cards yet the judge was Cole Williams.

Btw I wrote about it too just a bit different:
http://www.livecrunch.com/2008/08/11/mit-students-found-the-way-to-hack-boston-subway/
Reply to this comment
by wgilbert5 August 11, 2008 8:05 AM PDT
Think of the misery these clowns have caused to millions of plain people over the years and then let me hear you call what they do "pranks". Frankly, if left up to plain, ol' redneck me, these guys would all be doing a lot of time behind bars.
Reply to this comment
by The_Decider August 11, 2008 8:51 AM PDT
LOL

I see you do not understand security what a surprise that a redneck is ignorant.

These "clowns" have made computing and the Internet orders of magnitude safer.
by wgilbert5 August 11, 2008 9:38 AM PDT
Bull
by fdunn3 August 12, 2008 5:43 AM PDT
You are obviously speaking out of ignorance of what DefCon is all about.
by NoVista August 12, 2008 7:50 PM PDT
Let me guess ... Florida republican? You guys are awfully fond of prison time for anyone who is not you.

Maybe not, you could possibly be one of those rednecks who can't wait to join the queue for every email hoax that comes down the pike. Yeah, I mean those fwd's with a hundred names in the To: field.

You may not like pranks but I'll wager the NSA was reading your ill-informed comment and laughing at you. Do think on this: these Defcon hackers find the vulnerabilities that the Serious People and companies inadvertently leave in their code, then the bugs can be fixed.
by n3td3v August 11, 2008 10:34 AM PDT
I don't know why Defcon gets so much press coverage.
Reply to this comment
by benjaminstraight August 11, 2008 1:38 PM PDT
Sounds like it was productive.
Reply to this comment
by neowarrior788 August 11, 2008 3:15 PM PDT
I would think at 68 you would learn to keep your mouth shut and let us get back to work fixing this screwed up country you left us with.
Reply to this comment
by as901 August 12, 2008 6:15 AM PDT
I hate to use the word "hacker". Many years back, a "hacker" was a person such as myself , who was a self taught programmer who never learned to type. We started using computers at a time when there were no store bought programs. You wrote them yourself and early computer magazines contained code to help write programs.

The people who call themselves "hackers" today are mostly spoiled upper middle class brats with too much time on their hands. They believe that copying some code and mailing it to do harm is :"bucking the system" and" shoving it to the man"!

These spoiled brats do not harm the "man". They harm mothers and grandparents who cannot afford to hire an IT expert each time their computer crashes!

Mark Heinemann
Reply to this comment
(10 Comments)
  • prev
  • 1
  • next
advertisement

Google hopes to turn the river into a canal

Searching real-time services like Twitter at the moment is like standing in front of a firehose on a hot day: you'll get cooled off, but you'll get knocked over. Google wants to change that.

Will video site Vevo be next-gen MTV?

Vevo is the Web music-video service built by the big record labels with help from YouTube. Can it make an MTV-like splash?

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET