YOU ARE HERE: LAT HomeCollections

A Haute Commodity

Hacking, er, Vulnerability Analysis, Is Big Business


LAS VEGAS — In the world of computer hacking, DEF CON--an annual two-day fest of beer drinking, tech talk and conspiracy theory--was once the center of it all. Hackers would gather amid the swirling excess of Las Vegas and for $40 revel in a low-budget locale where discussing radio scanners and Windows NT security weaknesses was considered a great way to spend the weekend.

But now the center of the hacking world has clearly shifted. Just before the convention, which runs through Sunday at the Plaza hotel, the organizers of DEF CON put on a related event, the Black Hat Briefings--a $995 affair held in the opulent environs of Caesar's Palace designed to teach corporate executives, government officials and system administrators how to protect their systems from hacker attacks. It was a rousing success, drawing 350 people mostly in suits, military uniforms and polo shirts as opposed to DEF CON's typical T-shirts, tennis shoes and body rings.

"For me, Black Hat is where the interesting stuff is now," said Jeff Moss, the organizer of both Black Hat and DEF CON. "Interesting isn't beating your head in for four days trying to break into a company."

Boosted by the growth of the Internet and the prospect of billions of dollars through online sales, the art of hacking--once a craft largely practiced by only the military and the technological counterculture--has become big business.


Hacking has gradually changed into a legitimate field known in the computer industry as "information security." Hackers, the technological equivalent of the hippies of yore, are now called "penetration testers" and "vulnerability analysts." Corporate headhunters prowl the DEF CON convention floors, offering salaries as high as $90,000 for penetration testers with just a few years of corporate experience.

Information security is now a huge industry, encompassing the development of protective network firewalls, secure electronic commerce systems, virus prevention and detection software, encryption and user authentication systems.

With the tidal flow of dollars--and the development of powerful hacking tools that even a child can use--a subtle pressure has also been exerted on the culture of hacking, drawing off the best of the older generation of hackers into the corporate world and swelling the ranks with hordes of new arrivals sporting DEF CON T-shirts and tattered copies of the hacker magazine 2600.

"Any hacker who learned something either ends up now working for a company or as a consultant," said Christian Valor, a 30-year-old former hacker who now runs a security consulting firm in San Francisco. "It's where all old hackers go to die. We gave up our 2600 T-shirts and don Armani."

DEF CON was created in 1993 to commemorate the passing of another generation of hackers. Moss, then 22, had once run a computer bulletin board--a kind of electronic meeting place--for hackers and wanted to throw a party for a group that was disbanding.

Moss, known on the networks as Dark Tangent, thought it was time for everyone to meet face to face after years of knowing each other only through electronic messages. He named the event DEF CON--referring both to the Strategic Air Command's defense alert conditions and to the event being a "def," as in good, convention. The first event was attended by 110 people, and it has been growing ever since.

Moss, who now works as director of security assessment services for San Jose-based Secure Computing, said he began to sense a change in the hacker underground about two years ago when representatives from large computer companies began appearing at DEF CON, searching for experienced hackers who could navigate the arcane world of network security systems.

Karan Khanna, product manager for Microsoft's Windows NT security systems, said that in the past, companies largely viewed network security as a time-consuming money pit of development. It was just a necessary feature of network operating systems, like a radiator in a car.

The rise of the Internet transformed the equation. Information security has become one of the key pieces in constructing the economy of the future, necessary for everything from online buying to secure e-mail.

The Internet was also bringing a large number of new hobbyists into play. Unlike an earlier generation that had to discover the workings of the electronic world on their own, the new hackers found a variety of software tools, such as L0phtcrack and Satan, that essentially reduced hacking to a form of recipe following. These were simple tools that could wreak havoc on a network.

Khanna said maintaining an adversarial relationship with all hackers was futile. His group began to reach out to the most skilled hackers through conventions such as Black Hat.

The appearance of DEF CON has changed little over the years, despite its growth and the influx of corporate dollars. It is still largely a gathering of young, male computer users who see DEF CON as the modern equivalent of an antiwar march.

Los Angeles Times Articles