Reuben edged into the session as it was starting.The speaker was some former DoD sort, who was going to talk about concepts like Acts of War, the Geneva Convention, and other constructs of international conflict as they applied to the acts of individual hackers. It promised to be particularly interesting to Reuben, who had a limited foreign affairs background from when he dabbled in the subject in college.Things that other people simply never thought about or knew, like the fact that the definition of “ter- rorism” differed between various federal agencies, were no secret to him as a result of those enlightening classes. While many here in the room looked up at the speaker as some distrustful standard-issue “Fed,” in the pejorative sense of the word, Reuben wasn’t so sure yet.
As the speaker detailed how the Geneva Convention defined combat- ants and non-combatants, and why the distinction was important, Reuben thought he was leading somewhere clever and insightful.That changed in short order, as the man went on from there to eventually suggest that China would launch a cruise missile at the home of some teenage script kiddie in Miami for defacing a website in their country. In reaction to the notion of all the hacking activity originating from China, he offered the excuse that it came from IP addresses allocated to universities, which must mean that they were just individual students.The problem with this was something Reuben (and everyone else who studied information warfare in the slightest) knew; in China, as in many countries where Internet access was restricted to the public, the centers of information warfare were in universities. Reuben was tempted to ask the man outright if he thought the audience was stupid. If Jack from last night, who was neither an inter- national affairs specialist nor an information warfare adviser, could grasp what was wrong with everything this cheesehead on the stage was saying now, why didn’t the cheesehead get it?
Leaving the session before he got any more annoyed, Reuben learned what he missed at the cDc event. He heard a snippet of a conversation about it, and just had to interject to make sure he wasn’t losing his mind.
“Wait, I’m sorry…I don’t mean to interrupt, but…did you say that they threw meat at the crowd?”
The small group that had been talking energetically about it looked at him with smiles, obviously happy to share the news, “Yup. RAW ham- burger. Can you believe it?”
Reuben shook his head as he laughed, looking at the ground in mock disbelief,“Actually, I can…but it’s even more out-there than I expected them to be. What did they announce?”
The stranger chuckled,“Nothing, really. It was hella freaky.They started out all serious, like a panel group…we were all, ‘what the fuck is this?’ But then out came these other guys…it was strange.They did a human sacri- fice to protect their new website, and started to let fly with the meat.”
Reuben had no idea what to say to that,“Now THAT is hard to
imagine.They didn’t announce anything, really? Just a new website? No new tool or anything like that? Peekabooty isn’t done?” he asked, referring to the anti-censorship system for web browsers that they had been working on.
“Yep, that’s it.They said the website would have a bunch of announce- ments but that it’d be after the Con. Lame, huh?”
“Yeah, I have to admit, it’s pretty lame. I’m surprised; as wild as they got, they always delivered something of value…but I guess not this time. It’s like a vaporware press conference.”
“That’s about it, man.They were all there too. Catch you later.” “Yeah, thanks…later, guys,” Reuben acknowledged as he walked off.
Raw meat…unbelievable, he thought.Only at DefCon!
Reuben walked to the bar. Waiting his turn to order another beer, he sat down at the last available table. Dragging the laptop out of his pack, he booted up and fished out the CD of presentations from the Black Hat Briefings. As the laptop slowly finished loading services, he popped in the CD and started browsing, looking for more information about the sessions he wasn’t able to get into.The thing about the Briefings was that there was usually more than one session that you wanted to catch at the same time. The information was so good, he wished there could be two of him to
catch it all.The CD helped, but he still wondered what was discussed by the speaker and wasn’t included on the CD.
The Black Hat Briefings tended to be the kind of in-depth, no-holds- barred bad news about vulnerabilities and cutting-edge attack methods that could only be presented to a fairly trustworthy audience.The price of the conference was far out of reach of any standard teen hacker, and the content was beyond the grasp of any script kiddie at any age, fortunately. As a result, the speakers felt comfortable divulging things in depth that they’d never dis- close so fully anywhere else.The bad news was that with multiple sessions of such quality going simultaneously, it was a real challenge to pick the best ses- sions to attend, and there were always tradeoffs. Of course, this was the best kind of problem to have…better to be immersed in useful data in one ses- sion and worrying what you might be missing elsewhere than bored no matter where you went. And during breaks and meals, the intermingling of the audience members invariably acted as fertile ground for enlightening dis- cussion. Whenever possible, Reuben tried to remember which missed ses- sions most interested him, based on what he’d heard from others, and sought to capture as much of the data as possible. At this point, it was pretty much down to looking at whatever material was on the CD, as many of the Black Hat attendees didn’t come to DefCon; those who did tended to be tight- lipped about the real good information, for obvious reasons. He sipped his beer as he flipped through presentation slides, reading rapidly. Putting the beer down, he noticed how quickly he was ripping through the material, and smiled to himself, thinking back…
Reuben had always been a voracious reader throughout his life, reading nearly anything that stretched his mind, but preferring things that added to the stock of information in his mind. Above and beyond the obvious bene- fits of a life devoted to such absorption of knowledge was the ability to read quickly and extract useful information from a mass of text.These days, it served him particularly well, as he subscribed to over a dozen trade periodicals, some of them weekly publications, and read through them comprehensively.This in turn allowed him to see certain trends before they came to fruition, including technologies that were poised for widespread adoption.
Reuben had learned to program at an early age, and shortly thereafter was lucky enough to have his own computer to play with, but hadn’t really figured out how to leverage his proficiency until much later in life. He went to college to study marketing instead of computer science, as he didn’t feel particularly interested in what a CS degree would lead him to at that point in time. His other extracurricular activity was Junior Achievement, and he showed promise as a future M.B.A., and thus he picked that path.
In the few short years after college, however, two things became apparent to him; one, that he was not happy in the corporate world, and two, that he was invariably drawn to computer-heavy aspects of his work. Being able to teach others how to best use computers gave way to doing complex spreadsheets for financial modeling, and later on, database design and analysis. Combined with evolution of programming methodologies, the advent of widespread networking and computers on nearly every desktop, the nature of being a professional geek had transformed into something that Reuben wanted to be. From there, it was a fairly straight- forward path; the Web was starting to grow, and it was a trivial effort to become a capable webmaster and start his own small business. Once he noticed the glut of web designers coming, he applied himself to learning more about networking, and moved toward that, getting a job with a local integrator, LAN-Incorporated Systems, or just “LIS,” as they liked to call themselves.
In his first week there, however, something came to light. Reuben had always been fascinated by hackers, and although he himself had never crossed the line by breaking into systems, he had studied the methods and means over the years, even practicing on his own system and home at times. While waiting outside the office of his new employer one cold morning, he noticed a mistake in how the deadbolt of the door was
installed, making it easy to pop open. Once let in, he notified the manager who opened the door for him, and figured that would be the end of it.
Later that morning, the president of LIS came by Reuben’s cubicle, asking about it. Reuben quickly explained the nature of the problem, to which the president merely replied with a smile, “Show me.” Reuben grabbed his small black bag (he always carried some kind of bag to store
various small handy gadgets) and walked to the door, as other employees started following in curiosity.
Once outside the door in question, Reuben reached into his bag and pulled out his Swiss army knife, opening up the fish scaler. Slipping the metal of the scaler under the bolt between door and jamb, he pulled on the door with one hand and the knife with the other…and the bolt was pushed back into the door, which opened instantly.
The following few seconds marked a turning point for Reuben. He’d always assumed that should anyone know what he was capable of, they’d never believe that he’d not abuse the ability, and instead feel that he’d be untrustworthy. When he told his manager of the problem, he wasn’t
thinking ahead to how it might turn into a demonstration of his black-bag skills, but now he was beyond the point of no return, and sure that he’d screwed himself but good. But what followed was quite unexpected.
The president looked in smiling amazement. “Do it again!” Reuben stepped back outside and repeated the action, able to do it even more quickly now for having sorted it out once. As he re-entered through the “locked” door, the smiles on everyone’s faces helped him relax a bit.
Apparently, for some unknown reason, they didn’t see him as a threat at all, but rather as something very interesting…and on their side. It was possible to openly dabble in the black arts of security without being branded an enemy or threat. From that point onward, Reuben was “that guy” who knew about “those things,” and was a valuable resource for specific insights into security implications when such views were needed. His main focus was other things, though, as the need for such insights was infrequent and unreliable.
As firewalls and other security measures became less exotic to their clientele, however, Reuben increasingly specialized his skills in the arena of security, and eventually even started a fledgling division that focused on offering security solutions to the client base. For whatever reason, though, it didn’t quite work out. It could have been that the solutions were too expensive for their type of clients, that there wasn’t enough marketing yet, or simply that security wasn’t as much of a priority as it became in later years. In the end, Reuben realized that he’d grown to crave work that he’d not be able to do without going to another employer. And that’s where he
was now, unfortunately, skilled, trained, innately predisposed, and unable to find enough use for it without leaving a company that had nurtured tremendous growth in his skills and talents. He was very attached to LIS, and hated the thought of leaving…but he also hated the idea of not being able to earnestly pursue security work in the future, which seemed to be where things were heading.
Reuben shook his head, not wanting to think about that just now, and went back to his beer and reading the presentations.There were some things he wanted to play with, but they’d have to wait until he got back home to play with his other machines, as they all ran on Linux, and his laptop wasn’t set up with anything besides Windows.
The bar swelled with more people suddenly; the session Reuben had left was over, and it looked like people were getting tired and calling it a day for attending more talks. He didn’t blame them, as he’d long since learned to conserve his energy and be selective. It started to seem like the people who didn’t attend the Black Hat Briefings prior to DefCon didn’t have any more energy left over than he did, at least. Either way, he had little interest in any of the three sessions that were starting just then, and resumed combing through the information on the CD.
Finishing off both the last of his beer and the information on the disc, he shut down his laptop and put it away. Deciding against a second beer, he just sat for a bit and watched the crowd.I usually hook up with some better conversation by now, he thought.I don’t seem to have found anyone with any- thing too engaging, though. Not surprising, I don’t know that I have much in mind myself this time. Perhaps tonight at the Black and White Ball, when everyone’s par- tying… Reuben was starting to worry that this would be a less productive Con than he was accustomed to, in terms of what he could learn directly in conversation.
The Black and White Ball was the big social event of DefCon, the name (and corresponding dress code) a clever play on the mixture of “blackhats” and “whitehats” that attend. A large room was cleared for something akin to a hacker prom, and a good number of people danced and drank and partied. At the same time, smaller parties tended to form ad hoc in numerous rooms around the hotel. It was a time when people got
together and socialized hard, only talking tech because they were geeks and, well, that’s something geeks tended to do whenever they meet.
Another attendee stood in the bar, looking around with his open laptop in hand, obviously hoping for an empty table in the bar where he could sit. Reuben motioned him over as he packed up his stuff. “I’m just about to get out of here…go ahead, take this table.”
“Right on, thanks.”The guy looked a little nervous for some reason. Who knew…maybe he had to work on a deliverable for his job and was behind the eight-ball on it.There always were the demands on geeks, par- ticularly since there seemed to be too few of them. It was only busier for good security geeks, as they were the rarest of the bunch. It seemed like the dot-com boom was undergoing some strangeness, and geeks were under more pressure lately because of it. After a year or two of feeling like perhaps he’d been missing out, Reuben was starting to feel happy he never jumped onto the dot-com bandwagon. Certain things about the compa- nies just never sat right with him, but above all else he despised slogan- shouting, mantra-chanting, buzzword-using, successory-buying managers. People who made much ado about the latest self-help book clearly needed to learn less about psychobabble and more about actually running a busi- ness, in his experience. And geeks like this poor nervous guy were getting the brunt of the problems caused by such managers.
Reuben walked out of the bar, and went outside to soak up some of the heat and walk around before the next session, which he was increas- ingly curious about.