Twenty years ago, the world of consumer technology was a very different place. In the early 1990's, cell phones were still expensive devices slowly making their way out of Gordon Gekko's high-rise office and into the hands of well-heeled customers like, for example, Zach Morris. Phones with PDA functions existed, but the smartphone as we know it today remained a sci-fi dream. The internet was still a text-based affair of interest mainly to academics (there were no dot-coms), though the nascent World Wide Web had begun gathering momentum among early adopters. Connections were analog, with transmission speeds clocked at kilobytes per second. There were bulletin boards and IRC, CompuServe and AOL, FTP and Gopher, floppy discs and command lines. There was no residential broadband, no Google, no iPads, no everywhere Wi-Fi, and no ethereal “cloud.”
It was in this world of two decades past that Jeff Moss, AKA The Dark Tangent, organized the first Def Con, a boisterous, beer-fueled gathering of hackers beneath the relentlessly sunny Las Vegas sky. In 1993, he operated A Dark Tangent System, a popular BBS connected to a dozen networks of hacker and phone phreak culture. When the organizer of one such network decided to shut it down, he asked Moss to throw a farewell party; Moss chose Vegas, figuring if it all blew up he’d at least be able to enjoy a poolside drink. Invitations in IRC channels #hack and #freak, posted on bulletin boards, and sent by fax to the Secret Service resulted in about 100 cash-paying attendees. Today attendance often tops 10,000, and Def Con is one of the longest-running hacker conventions in the country. “When I started this madness long ago I never conceived of doing it for 20 years — yet here we are,” Moss wrote in this year’s convention program.
"Now people are very comfortable coming out to Las Vegas, the most heavily surveillance-laden place on the planet."
So how has Def Con changed over two decades? Technologist, author, and all-around security guru Bruce Schneier says, "I think my first Def Con was Def Con 3, and it was a few hundred people at some hotel that’s been long demolished" — there’s a long-standing joke that every hotel that hosts Def Con later gets torn down. This year, Schneier says, it’s 13,000 people strong. "It got big. And it also got popular... it’s no longer fringey. It’s a real-life counterculture," he says, and one that’s spawned imitators around the world.
The hacker community has grown, and over the years many attendees have grown up with the convention. They’re no longer the kids who might hitch a ride from San Francisco without telling their parents, as Schneier remembers from those early days. They’re people with day jobs and employers, and even kids of their own. (Def Con Kids, now in its third year, offers workshops and seminars for the next generation of white-hat hackers.) Facebook’s security officer is in attendance, and the company, along with Zynga and Qualcomm, sponsored the elite Ninja Party. Schneier describes a fringey subculture that these days can also boast corporate backing.
Technology author Richard Thieme offered a capsule history of Def Con’s counterculture mindset when he recently told CNET that Jeff Moss used to say "if you're 20 and you're working for The Man, you're a loser." He’s since appended that aphorism: "Ten years ago, Moss said, 'if you're 30 and you're not working for The Man, you're a loser.' And now he agreed that at 40 he is The Man.'" In his case, being The Man means working as a security consultant while serving on the Homeland Security Advisory Council and as ICANN’s Chief Security Officer.
Another veteran hacker who’s followed a similar trajectory is Dead Addict. After trying to coax some extra privileges out of Moss on A Dark Tangent System, Dead Addict instead found himself recruited for Moss’s latest project, the first Def Con. He’s been around ever since, both as a senior staff member and frequent speaker. For the last decade he’s worked as a media liaison. Like Moss, he’s parlayed his hacking experience into work for high-profile (but, for the record, unnamed) corporations. He’s excited by the community’s growth and by the new generation of hackers. "There’s a lot more people who are active and passionate about technology than there were 20 years ago," he says. Not only have the numbers grown, but as hacking and information security have become more mainstream pursuits, the atmosphere of secrecy and (often understandable) paranoia has dissipated. "When we first started Def Con 1," Dead Addict says, "there were a lot of people who were bashful and shy about coming to a very public event. Now people are very comfortable coming out to Las Vegas, the most heavily surveillance-laden place on the planet."
Part of that new comfort probably comes from a change in the associations around the word "hacker." As Dead Addict recalls, one invitee to the first Def Con was Gail Thackeray. In 1990, Thackeray had made a name for herself as the Assistant Attorney General in Arizona with Operation Sundevil, a nationwide law enforcement sweep against "illegal computer hacking activities." (Bruce Sterling’s The Hacker Crackdown: Law and Disorder on the Electronic Frontier memorably captures this era.) Asked to attend a hacker conference, Thackeray compared the idea to speaking at a conference for car thieves and giving them advice on how to be better car thieves. To her credit, she showed up, joking that her speech should begin with the words, "you have the right to remain silent" and asking conference-goers not to commit any felonies in front of her.
"If we hadn’t made blue boxes, there would have been no Apple."
From the beginning, then, Def Con offered a neutral space where hackers and law enforcement could interact outside the courtroom. The authorities began to understand a distinction between hackers and computer criminals, between the phone phreak exploring AT&T’s electronic innards and the Mafia boss making untraceable calls. "The hacker community uses technology and sometimes crosses legal boundaries when they’re exploring," Dead Addict explains, but the exploration is without malice. And with time, that positive definition of "hacker" has become more prominent. Say the word now and fewer people think "car thieves" — they’re more likely to think of Mark Zuckerberg, or Steve Jobs and Steve Wozniak, who famously built blue boxes, devices for (illegally, yes) exploring the phone network. Jobs later said, "If we hadn’t made blue boxes, there would have been no Apple."
That more generous definition of the word hacker — as a technological innovator, someone who bends existing systems to see what they can do — probably contributes to Def Con’s increased attendance. Schneier, for one, describes it as a "a very large, semi-corporate event" with hackers and hacking as a kind of edgy sideshow for some of the more straight-laced security professionals. Dead Addict points out two realizations about the hacker community over the past twenty years. First, law enforcement came to understand hackers "are not the bad guys." Second, members of the information security community, many of whom had military backgrounds (and the rigid mindsets that sometimes grow out of such training), "realized that those people at Def Con 1 would indeed be the leaders of the computer industry."
That brings us to today, the era of the hacker ascendant. To put it bluntly, if there was ever a battle between the hacker mindset and a more conventional approach to information technology, the hackers won. Today’s technology is built by hackers (or those descended from them), from Facebook to the iPad. The FBI recruits at Def Con; General Keith B. Alexander, director of the NSA, gives the convention’s keynote in which he asks for help — help because it’s the hackers who understand the technology better than he can hope to, and they’re the people who can make sure it’s everything we need it to be. (And to have productive conversations about who "we" are, and what "we" need our technology to do.)
"We know we can break things, but how can we make things better?"
It might be that now, as the people who started Def Con edge into their 40s, the hacker community as a whole feels a greater responsibility toward the technology it has in large part created. "I think what we see today is a lot of maturity. You see Def Con as the event where people who really care, who want to make things better from a security point of view, really come together from around the world," says Nils Puhlmann, Chief Security Officer at Zynga. "It started out as a culture of ‘let’s break things,’ to now more like ‘we know we can break things, but how can we make things better?’"
That sense of ownership, of responsibility, arguably matters more now than ever. As technology becomes ubiquitous, the stakes get raised. To give one example: twenty years ago, the much-hyped piece of malware was Michelangelo, a virus that would overwrite key sectors on a computer’s hard drive if it were booted up on March 6th, making any data on the drive irretrievable for most users. Today it’s Stuxnet and its variants, sophisticated pieces of state-funded code, designed to infiltrate networks, spy on users, and destroy hardware. Cyberwarfare has become an admitted reality; meanwhile, as author and activist Cory Doctorow puts it, "We’re at a moment now where everything we do involves the internet and computers, and we’re just before the moment where everything we do will require the internet and computers."
At the same time, as Schneier points out, "As tech becomes more ubiquitous, people understand it less." Technology’s no longer in the hands of a powerful few, and collectively, we’re immersed in more and more technology that’s beyond most people’s capacity to completely understand. "I also believe that end users shouldn’t have to care about security. They do have to care about security. but I would really consider that a failing of the hardware and software and computing industry," says Dead Addict. It’s that profound failure — at base, a deeply connected world, but one that’s troubled when it comes to trust and security — that the hackers at Def Con are working to remedy.
Photos courtesy Def Con