Black Hat Blues (4 page)
was something to be said for the pleasures of working with other people
face to face, like Lor3n and his old friend David, or “dmap” as his IRC
handle read. He only knew the two men through hacker conferences
and IRC, but that was more than enough for them to have formed a
friendly bond that was what really made coming to these cons worth-
while for him. Besides, working on the NOC was a great way to get
into the con for free. There was no way he was going to get up and give
a talk, which was the other free-badge option.
All the major problems setting up the network were, if not sur-
mounted, then at least identified. It was Thursday evening before the
con started and he was confident that he and dmap would have things
sorted out by Friday morning, maybe afternoon at the latest. Certainly
they’d have it by the time the keynote speaker from BountySploit took
the podium at 7:00 PM. Probably. Although he didn’t think it would
be the worst thing in the world if the BountySploit’s talk didn’t go well.
He left Dave in the converted storage room they’d taken over as their
network operations center and went up to the front desk to see if the
fixes he’d just made had sorted out their latest set of network issues.
The Cypress Estate hotel had been a Radisson until a few months ago,
Rick Dakan
15
but the shift to a fancier name and private owners hadn’t done much
to spruce up the dull, cookie-cutter decor. Not that Chris cared much.
It was mostly clean, there weren’t any weird smells, and the air condi-
tioner in his room didn’t rattle, so he was happy. The quiet hotel sat near
the highway and not much else—a strip mall with a Best Buy across
the street, some banks and office buildings on their side of the 6 lane
divided road. Sure they were technically in Atlanta, but the place could
have been in any suburban ring highway sprawl in the country and
Chris doubted he could tell the difference. He’d been to hacker cons
in cities all over the country and seen nothing much more interesting
than Cypress Estate (except for Def Con in Las Vegas of course). All
the exciting stuff happened in the talks and presentations and inside
people’s heads anyway.
Most of the attendees would arrive tomorrow, but a few would come
trickling in tonight. He wondered if Al was going to make it over from
North Carolina, or Skydog down from Nashville. At the front desk he
saw someone checking in who generally fit the profile: in his thirties,
wearing jeans and a black t-shirt. In this case it had the Green Lantern
logo on it and looked faded and well worn. He had shaggy brown hair,
was unshaven and wore steel rimmed glasses. He looked up at Chris as
he rounded the corner and gave him a quizzical look. Chris turned away,
not liking the attention, and asked the manager if everything was OK
with the hotel’s network. It was. Good, one less problem to worry about.
He turned to leave, but the Green Lantern dude called out to him.
“Hey, excuse me. Are you here for the hacker con?” he asked Chris.
“I’m just guessing from your shirt.”
Chris looked down at his stomach, which bulged under the too tight
shirt. It had “AAAAAAAGH” in wild, red letters across the top of a
grainy picture of a pony tailed man screaming into a microphone with
the words “Bow To My Firewall” across it in bold, horror movie-style
font. The man was Bruce Potter, who’d said the memorable phrase dur-
ing a talk at Def Con several years earlier. His wife and friends, who
helped him run Shmoocon in DC, had made the shirts and sold them at
the first Shmoocon, much to his lasting annoyance. Chris’s was a little
too small since he’d put on weight, but he’d been in the audience at that
talk and at Shmoocon when they distributed them, and it was one of his
favorite hacker con mementos ever. He looked back up at the stranger,
standing beside his purple suitcase. “Guilty as charged,” he said.
“I thought so,” the man replied, holding his hand out. “My name’s
Alan Denkins. I’m here to write a book about hackers and, well, this is
my first con. So I’m just sort of feeling my way through.”
16
Geek Mafia: Black Hat Blues
Chris shook his hand. “A book about hackers? What kind of book?”
There were lots of books about hackers. The ones for hackers by hackers
were pretty good. The ones by outsiders were mixed. The ones by people
looking for ridiculously sensational stories about high school kids sup-
posedly cracking into the Pentagon were pretty much total bullshit. He
wasn’t sure which category this guy fit into.
“I don’t really know yet. I’m still learning. I’ve been watching videos
and reading stuff online about various other hacker cons and the scene
in general and I just think it’s so fascinating, you know? I guess like
most folks I just thought hackers were criminals who attacked people’s
computers. But the more I learn about the scene, about what real hack-
ers are really doing, the more interesting it all becomes. So I suppose
what I want to do is dispel some of those media myths, you know? But
I still have a lot to learn.”
Chris at least appreciated the guy’s perspective on things. He was
tired of answering questions like, “Hackers have conventions? Isn’t that
illegal?” from friends and family all the time. Well, he had been tired of
it when it was happening anyway. “OK,” Chris said to the writer, “That
all sounds interesting. Good luck. I think you’ll learn a lot here.”
He’d started to turn to go when the writer stopped him with another
question. “Is there anything I can help out with? I came early to just
kind of get the lay of the land, you know? Maybe I can buy you a drink
later or something?”
Chris didn’t know what to say. Normally help from attendees at
hacker cons was welcome—they tended to run on shoestring budgets
and volunteer energy—but this guy was basically a reporter and Chris
didn’t know anything about him. “You’ll have to talk to Lor3n when
he gets back from the airport. He’s the guy in charge.”
“Great, thanks, man. I’m Alan by the way. What’s your name?” He
held out his hand, smiling
“Oh, sorry, yeah” Chris said, shaking the offered hand. “I’m c1sman.
Nice to meet you.”
“You’re the Sys Admin?”
“Spelled c-1-s-m-a-n.”
“Got it, well, I’ll see you around, yeah?”
Chris did see him around, that night and then a lot the next day. He’d
apparently hit it off with Lor3n right away, and by that evening was
helping set up chairs and tables and joined the group of a dozen or so
Rick Dakan
17
volunteers and speakers when they went out to Dave & Busters for din-
ner that night. C1sman didn’t get to talk to him much, but he listened
in a lot. The writer listened a lot too, but he always had another question
ready to fill any hint of a lull in the conversation, and he was more than
happy to buy the table several rounds of drinks. He seemed to know
a fair bit about the scene, and c1sman liked the kinds of questions he
was asking and the things he was saying. When the book came out he
might even buy a copy.
The next day the convention began in earnest, and Chris found him-
self spending more time than he’d planned in the NOC, because of
course nothing was really working like it was supposed to, and people
were already complaining. Ensconced in his converted storage room, he
didn’t notice when the mysterious fliers started appearing around the
hotel. By 4:30, there were close to 200 attendees checked in, and the
first three speaker sessions had come off without too many technical
glitches. Chris turned the last few problems over to dmap and went
out to get a Coke and see who was there and what was going on. First
things first though, he needed to take a dump and didn’t like using
public bathrooms, so he decided to go up to the room he was sharing
with dmap. As the elevator doors opened, he saw a bright pink flier
taped to the wall opposite him.
Tired of Corporate Sell Outs Giving Hackers a Bad Name?
Disgusted with cons that are all about the money and the
pay-day and not sharing the knowledge?
Why pay more just to support the exploit exploiters?
Why not try UnSECZone?!?!
Room 346
Free to attend. Free to learn.
Free from Corporate Corruption.
Chris later learned that people had been leaving these fliers and similar
cards all over the hotel and that Lor3n and the other SECZone volun-
teers had been tearing them down and throwing them away as fast as
they could find them. It didn’t occur to Chris at the moment to tear
the flier down. He was just curious. He guessed that the flier was rooted
in some sort of protest against the fact that BountySploit was the con’s
main sponsor. Not particularly happy with that turn of events himself,
he pressed the button for floor three instead of two.
He heard them down the hall before he saw them. Room 346 was just
like any other room in the hotel—two queen beds, a TV, a dresser, two
18
Geek Mafia: Black Hat Blues
night tables, and what looked like thirty hackers crammed into every
available space. Chris heard the heated arguing from ten doors away,
and as he looked in the door he was surprised to see that the speaker was
H# (pronounced h-sharp, short for Henry Sharpe). He’d been a popular
speaker at least year’s SECZone, and Chris had really enjoyed his talk
on cross site scripting vulnerabilities. It was weird to see someone of his
caliber speaking in this hot, stuffed little room.
“What’s going on?” he whispered to the man standing in the doorway
while he tried to figure out what they were arguing about. Something
to do with the NSA it seemed.
“As far as I can tell, they’re hacking the hacker con,” the man said. It
was the writer, what’s his name. Alan something.
“What?” Chris asked.
“They’re pissed at Lor3n for, as they say, ‘turning the con over to
BountySploit’ and so they’re staging a counter-convention.” The report-
er’s breath smelled like Altoids. “They’ve got speakers and badges and
even t-shirts. They’re trying to undermine SECZone with this whole
UnSECZone thing. Pretty wild, eh?”
Chris just nodded. He’d never heard of such a thing, and yeah, it
was pretty wild. Although it also made a whole lot of sense, at least it
did if you were working from a hacker’s mindset. Don’t like the way
something works? Find a way to change it so it does work the way you
want it to.
“Can you explain to me what they’re so mad about?” the writer asked.
“What’s the big deal about this BountySploit company?”
Several people in the room had noticed them talking and one woman
(in fact the one, single woman) shot them a dirty look. Chris wondered
if it was because of the talking, or his SECZone Staff t-shirt. Either
way he felt embarrassed and stepped back from the doorway and out of
line of sight. The writer followed him a few paces down the hall. “It’s a
touchy issue. It all has to do with ethical disclosure stuff.”
“You mean like, when and how a hacker discloses to the world that
he’s found some kind of security hole?” He was pulling a small black
moleskin notebook from his front pocket.
The writer did know some basics at least. “Yeah, so that’s been an
issue forever. Do you release the exploit to everyone so they can take the
right precautions or do you just tell the people with the crappy software
and give them time to fix it. I think you do something in between. But
the way it’s always been, releasing exploits is something hackers just
do because, well, that’s what we do. We find vulnerabilities and tell
each other about them. That way software companies should, in theory
Rick Dakan
19
anyway, make more secure software. If you don’t publicize the exploits,
then you gotta assume some other black hat clown has found it too but
just isn’t telling anyone. Instead he’s taking advantage of it to do dirt
on people, but the software maker doesn’t know or doesn’t care and so
they don’t fix the problem.”
“And BountySploit,” the writer said, jotting something in his note-
book, “it’s a company that does this disclosure stuff for a profit some-
how, right? And somehow that helps them sell their security services to
other companies. At least that’s what I got from their website.”
“Yeah, that’s part of it, but here’s what kinda sucks.” Chris was warm-
ing to the subject—it was an issue that divided his friends and so wasn’t
something he could usually talk about without running the risk of
igniting a flame war of some sort—and he liked the idea of having his
views on the record with the reporter. It was nice to be able to cut loose
with this guy who hadn’t already made up his mind. That was the thing
he really hated about the hacker scene sometimes—the little disputes
that boiled over into insane feuds. “BountySploit and companies like
them have kind of come along and screwed up the system. They pay
hackers good money for their exploits, but they keep that information