Hackers gather in Vegas for annual digital huddles

Kevin Rademacher

Wednesday, July 28, 2004 | 10:35 a.m.

For the next few days corporate executives sporting coats and ties will rub elbows with a T-shirt-wearing crowd sporting names like Ne0n Ra1n and Mudge.

The unlikely convention-mates are the product of a national economy increasingly dependent on its computer systems and the security of those systems.

That notion has created a growing market for the topics of discussion at two gatherings of computer hackers beginning this morning in Las Vegas. Black Hat Briefings, which opened today, and its less-formal sister event, Defcon, are billed as digital self-defense conferences.

Black Hat brings together corporate and government computer security professionals and some of the nation's best hackers. This year the two-day Black Hat crowd is expected to reach 1,800. About half of those attendees and speakers are expected to stick around through the weekend for Defcon, which features more parties and fewer business suits.

That crowd will be discussing, among other things, intrusion detection, Internet anonymity and forensics, said Defcon and Black Hat founder Jeff Moss.

The breaks between the presentations might be just as important as any keynote speech, Moss said. Since the crowd features individuals that would normally avoid each other, the conference setting allows for insightful conversation.

"It's a place where the feds and the hackers can actually talk," Moss said.

Those conversations are important, he said, since the biggest challenge in securing a system is predicting what pitfalls may be on the horizon.

"How do you defend against an unknown threat?" Moss said.

John Slitz, chief executive of Las Vegas-based Systems Research & Development (SRD), agreed.

"The folks at these kinds of conventions are right on the edge of both defense and offense," Slitz said.

Michael Beardslee, president of the Las Vegas-based consulting firm IT Strategies International Corp., said such insight is particularly important given the rapid progress of information-based technology and innovations such as wireless Internet services.

"As more and more people want to do wireless things, security is going to be a bigger and bigger issue." he said. "It is coming along so fast ... The security has to catch up."

Slitz said that security also has to be refined enough to allow people access to information while providing adequate protection.

"That people really have to think about security as a regular part of business is what's difficult," he said. "Not everyone can live in Fort Knox. It's a constant evolution, and I don't see and end in sight."

Moss has been quick to point out that the notion of a hacker does not necessarily mean Las Vegas will be crawling with cyber-criminals for the next few days. Last year he likened hackers to plumbers.

"You can be a good plumber or you can be a bad plumber," he said. "You can be a good hacker or you can be a bad hacker."

Many in the hacker community also have claimed that without hackers pointing out vulnerabilities in popular systems, there would be little pressure to secure them. Still in the days leading up to Black Hat, authorities have often pointed to the convention as a likely time for large-scale attacks on systems.

Last year, such concerns were announced but never materialized.

"It's kind of funny, but year after year it gets kind of tiring," Moss said.

In 2001, a Russian software developer was arrested by FBI agents a day after he gave a Defcon presentation that pointed out flaws in an e-book program sold by Adobe Systems Inc. He was later acquitted of digital copyright theft charges.