Hackers Convene At Def Con 18
JACKI LYDEN, host:
Even WikiLeaks is unlikely to penetrate the secrecy surrounding Def Con 18. That's not some Department of Homeland Security designation, like code orange; it's the 18th annual convention of hackers going on this week in Las Vegas. Thousands of hackers, security specialists and IT administrators are gathered for the concurrent Def Con and Black Hat computer conferences.
Declan McCullagh is the chief political correspondent and a senior writer at Cnet.com and he's covering the conferences and joins us from Las Vegas.
Mr. DECLAN MCCULLAGH (Cnet.com): Why, hello. It's good to be here.
LYDEN: What are the differences between these two conferences - Def Con and Black Hat?
Mr. MCCULLAGH: Oh, Black Hat is the one that you can tell your boss you're going to. It's held at the Caesar's Palace Hotel, which has beautiful ballrooms. It's very aboveboard. It's very buttoned-down and you'll have a lot of people wearing polo shirts.
But Def Con, which takes place at the end of the week, is something that you just may not want to broadcast you're going to if your boss doesn't exactly like a bunch of hackers running around the hotel trying to figure out how to break into things.
LYDEN: Are there any leaks so far on what might be the big news coming out of this Def Con conference?
Mr. MCCULLAGH: There are a few surprise speakers. And so we're waiting to see who those are going to be. There is someone from WikiLeaks who is supposed to be on the program. We don't know whether he's going to show up or even set foot in the country because of the recent disclosure.
But Def Con has always been a place where you have people who are pushing the envelope of what is allowed by law, what's allowed even within the hacker culture. I mean, I was at Def Con in 2001 when you had a Russian programmer, Dmitri Sklyarov, who showed up and gave a presentation about how to decrypt, how to bypass the copy protection on Adobe eBooks. And the FBI arrested him on charges of violating U.S. copyright law that...
LYDEN: Let me ask you about that. And this does get tricky. And this has gotten some play. I mean, I understand that a security tester has already shown everyone how to hack into an ATM at the push of a button.
Mr. MCCULLAGH: He gave a presentation at Black Hat. The summary is that he bought a few ATMs - the stand-alone ones you might find in restaurants or convenience stores, kind of the smaller ones. He bought them over the Internet - because you can buy everything over the Internet - took them apart and found ways to compromise the security of them. And in about five seconds you can insert some code that tricks the computer into spitting out cash.
There is a caveat. He was going to give the speech last year, and the ATM manufacturers applied some pressure. He didn't. But in the last year they've fixed their systems, and so all the systems that have been upgraded since are secure. But, you know, there probably are quite a number that have not received the security updates in the last year and those are still vulnerable. He is not releasing the software though.
LYDEN: I see. All right. But he might be one of the people getting a tap on the shoulder before he leaves that conference.
Mr. MCCULLAGH: Absolutely.
LYDEN: But on the other hand, I understand Michael Hayden, the former CIA director, attended Black Hat. What's he doing out there? This is also, of course, the former head of the National Security Agency, Michael Hayden.
Mr. MCCULLAGH: There's always been this odd relationship between hackers and three-letter agencies inside the U.S. government. Early on, they showed up at Def Con without announcing themselves and there were prizes - t-shirts given at the end for spotting the Fed. And if you saw someone wearing shorts and a crewcut and, then there was probably a pretty good chance that that person was a Fed.
But since then, the CIA, the NSA - it's really, especially the NSA, which does a lot of codemaking and codebreaking - they've realized that this is a good place to recruit. Instead of breaking systems - our systems from the outside - this is the sales pitch - you can come and work for the government, get a security clearance and break them from the inside and be able to do some pretty interesting things you may not be able to outside.
LYDEN: Well, Declan McCullagh, thank you very much.
Mr. MCCULLAGH: Any time.
LYDEN: Declan McCullagh is the chief political correspondent and senior writer with Cnet.com. And he joined us from the Def Con conference in Las Vegas.