Law Enforcement Officials Recruit Hackers

[InfoSec News <isn () C4I ORG>]

http://www.forbes.com/tool/html/00/Aug/0802/mu5.htm

August 02, 2000

By Arik Hesseldahl

LAS VEGAS. 11:40 AM EDT-The mercury soared as high as 118 degrees last
weekend, and still the number of people decked out all in black at the
Alexis Park Hotel remained a constant, at about two thirds of the more
than 5,000 who showed up.

The attraction was the eighth annual Def Con, a gathering of computer
hackers and information security professionals. While there are many
other hacker meetings that take place around the country, there is
only one Def Con, and it is considered the height of the hacker social
season.

In its own way, Def Con is not unlike the annual summer rendezvous
held by the fur-trapping mountain men of the Old West. Then again the
mountain men didn't have chat rooms. Def Con is the place for people
who typically interact exclusively on the chat channels of Internet
Relay Chat get together in real life, to compete in hacking war games,
learn new skills and party.

What often strikes people unfamiliar with the world of hacking as
unusual is that the event takes place at all, let alone out in the
open. Computer hacking, while more often associated in the public mind
with illegal activity than as a legitimate intellectual pursuit, is
typically carried out in a far-from-illegal manner. Yet hackers as a
group tend only to come to public attention in the aftermath of a
notorious criminal incident, say a virus outbreak or a denial of
service attack.

But corporate America was not averse to showings its face at this
year's Def Con. Dell Computer (nasdaq: DELL) donated equipment for the
event's wireless network, while employees from Symantec (nasdaq: SYMC)
gave a presentation on a new security system.

But in a twist, officials with several federal agencies, including the
CIA, the Department of Defense and the National Security Agency, were
in attendance and on stage. Their attendance is not new. Being so open
about it is. The overwhelming message from these officials to the
hacker community: "Come work for us."

"If you are extremely talented, and you are wondering what you'd like
to do for the rest of your life, join us, and help us educate our
people," said Arthur Money, an assistant secretary of defense during a
presentation called The Fed Panel, which included representatives from
the Federal Computer Incident Response Capability and the U.S. Air
Force.

Money's presentation was complete with a uniformed Naval officer
waiting in the back of the room to accept applications.

"I like to get out and listen to very smart people who can teach me
things that I don't know," says one federal intelligence officer who
asked that his name and agency affiliation not be used.

One key lure may be the opportunity to play with the advanced "toys"
referred to by some of the feds at the convention.

"I know hackers who love to play with cool toys and that's a given,"
says Jeff Moss, the event's main organizer, who also goes by the
hacker handle Dark Tangent. "When I jumped jobs in the past it was to
work with cool people and interesting stuff. I would take a $20,000
pay cut to be with an interesting group of people doing cool stuff."

Should the government be wary of hiring hackers? Probably not, at
least not as long as they don't have a conviction record, Moss says.
He knows a thing or two about hiring hackers. He himself worked for
Secure Computing (nasdaq: SCUR) until October 1999, when he devoted
himself full time to putting on Def Con. "When I was at Secure
Computing, we admitted that yes, we hire hackers, but we don't hire
computer criminals. We wanted smart, old-school hackers who knew what
they were doing."

The heavy federal presence made the traditional "Spot the Fed" contest
almost pointless. The idea behind the contest has always been to "out"
a federal officer who may be quietly lurking at the convention. A
suspected fed, sometimes spotted by his or her more conservative
dress, is quizzed by about his or her profession, and if they work for
a federal or other government agency, they're asked to produce a badge
or official identification. Of course it's all meant in good fun. The
prizes? An "I Spotted the Fed" T-shirt for the spotter, and an "I Was
the Fed" T-shirt for the spottee.

For the past two years, hackers attending Def Con have looked forward
most of all to the annual visit from the Cult of the Dead Cow (cDc), a
hacker troupe with a 16-year history, known for its collection of
interesting personalities and superior skills.

Def Con has recently been the place where cDc releases its latest and
most controversial software tools. At Def Con 6 in 1998, the group
released Back Orifice, a network administration tool that would allow
a user to remotely manage a Windows-based computer. It was also useful
for some of the malicious hackers who used it--by sneaking a copy into
a computer--as a way of monitoring the activity on a target computer
without the knowledge of the computer's owner.

Computer security firms rushed to find ways to counteract the misuse
of the program, many declaring it a Trojan horse. Then last year, at
Def Con 7, cDc released a new version of the program, Back Orifice
2000, which was smaller, faster and more powerful than the original.

So what did cDc have for the crowd at Def Con this year? A big show
that included, among other things, a mock human sacrifice, but almost
nothing else.

"We're not a software company, so people shouldn't be expecting a new
tool every year," says a member of cDc who goes by the name of Tweety
Fish. ("I wanted a name so ridiculous that if I ever got arrested, a
judge would laugh it out of court," he says of the name.)

Yet cDc, having recently released a software tool called NDNames,
continues to be a thorn in the side of software giant Microsoft
(nasdaq: MSFT). The program takes advantage of an apparent weakness in
the Windows operating system by blocking a computer's ability to get a
unique identifying name on a network, thereby interfering with its
ability to talk to other machines on the network. The group told
Microsoft about the weakness, and patch has been issued, but only for
Windows 2000. Microsoft said in a security bulletin that the weakness
lies not in Windows, but in the NetBIOS protocol.

Another vulnerability was revealed at the conference in Lotus Notes, a
Internet server platform sold by Lotus Development, a unit of IBM
(nyse: IBM), by Chris Goggans, who used to go by his hacker handle
Erik Bloodaxe and the Trust Factory, a Netherlands-based computer
security firm. Essentially, the weakness could, Goggans says, in the
most extreme cases, allow an attacker to usurp the identification
information of a Notes user, gaining access to that server. Lotus has
suggested ways to fend off such an attack, but Goggans says that while
this is a good start, they still don't cover all the ways it could be
carried out.

No word yet if Lotus plans to recruit at Def Con 9.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".