Hackers on Planet Earth 2008: ‘The Last HOPE’

Keynote Address: Steven Levy

Steven Levy is an American journalist who is very-well known in the hacking community thanks to his journalistic attention to the culture. His first book was called ‘Hackers: Heroes of the Computer Revolution’, which became hugely popular and also inspired many hackers out there. The most interesting thing about the book is that it was first published in 1984… before many of us even touched a computer. So in some regards, it was a bit ahead of its time.

His talk summarized mainly what the word ‘hacker’ means to him, and also what it’s become known as in the general media, something that I touched up on in this article’s introduction. When Levy first decided to tackle “Hackers”, he never even used a computer before. That would be like me wanting to write a book on quilts. So, he studied up, interviewed countless people and produced a legendary book. I’ve yet to read it personally, but his talk has inspired me to go pick up a copy.

Over the years, he’s also had the benefit of meeting numerous key people in the industry, such as Bill Gates, Steve Jobs and also Steve Wozniak, so he definitely knows a thing or two about both early and current hackers. His talk didn’t delve much into anything specific, but he relayed numerous experiences (such as locating Einstein’s brain) and I highly recommending checking it out if you can find it online, or through the 2600 store whenever the DVD’s are available.

Methods of Copying High Security Keys

Though it might come as a surprise to some, lock-picking exists as a serious hobby by many people world-wide. Groups exist where members meet up and discuss the latest locks on the market, various techniques, et cetera. If you are not a lock-picker (like me), then you might be interested to know just how easy it is nowadays to duplicate a key, as long as you have the original for a certain period of time, as proven by Barry Wels and Han Fey.

There are many companies that create high-security locks, such as Medeco (who I mentioned on the last page, and were picked on a lot during the conference for good reason), who claim their products are virtually unpickable (via pick, bumping), but it was proven before and again at HOPE that their keys are still very-much copyable, among almost every other popular key on the market.

The duplication can be done with either clay or silicone, the latter which is far more expensive, but more accurate. The simple explanation is that you make an imprint of both sides of the key, by closing both sides of a device together that press either the clay or silicone into the key. After a few minutes, the material can be removed and the key imprint left in tact. Liquid metal can be used to fill up the imprint and then pop out a key a few minutes later.

That might all sound simple, but it is. In the majority of their tests, the duplicated keys worked the majority of the time, with the exception of really high-security models that have strange angles or incredibly unique designs that cannot simply be copied with such a method, such as the keys that require magnets. The kits for duplication cost a few hundred dollars, but if some keen person wants a duplicate for a certain reason, the price can be easily stomached.

Bagcam: How Did TSA and/or the Airlines Manage To Do That To Your Luggage?

Most everyone reading this travels, I’m sure, but have you ever gotten to your destination, only to find your luggage in far worse shape than it was preceding the plane ride? algormor has had this happen far more than once, so he went out to investigate just how it was happening.

The Bagcam was born. It sounds simple, but is rather creative. He hacked a camera into his main piece of luggage, to spy on whatever was happening on the outside world. Because of this, the bag would capture video whenever it was out of his hands, and whenever motion occurred. He got to see behind TSA’s closed doors, and even airport staff shoving his luggage onto the plane.

Throughout all of his adventures, he hasn’t found anything jaw-dropping, but he’s confident it will happen, especially given that he travels rather frequently. What was interesting in his videos was how different airports could handle things so differently. Some were far better than others, of course, with an Alaskan airport being the most common-sense of them all, it seems.

I couldn’t find his web site, so I can’t link to one unfortunately, but he welcomes anyone to go and try this project themselves, if so inclined. It requires mounting a small recordable camera into the bag, making sure to drill a small hole for the lens to poke through, and then setting it to turn on and record whenever motion is detected. It’s hard to find a good camera at a good price, but they are out there. The key is to get one with superior battery-life and a sufficient memory card. I’m looking forward to seeing what else he manages to capture.

Addendum: algormor’s web site can be found at http://algormor.org/, where the entire presentation can be found in both HTML and PDF format, and soon, video.

Featured Speaker: Steven Rambam

Rambam’s lecture was one that I was looking forward to most, as he always has rather impressive stories to tell. He was meant to speak at HOPE Number Six, only to be carried away by FBI agents as soon as he hit the stage – a nice publicity stunt. It ended up being nothing more than that, and Rambam was free to leave the following Monday… one day after the conference ended.

That aside, he’s a PI for an NY firm who knows how to find people that are hiding. In fact, that was mostly what his talk focused on, and if you at all care about privacy, I highly recommend finding a copy to watch, or at least watch the one he gave shortly after the last HOPE.

Though his three-hour talk was far too broad to cover in a simple blurb here, one of the most interesting parts was with regards to his ‘victim’, Nick Daken, who volunteered to be found, over and over, and over. The goal was for Nick to keep hidden as much as possible, while Steven would attempt to find him. The overall goal is to show that privacy is dead, and as much as you might try to cover your tracks, you are going to be found by someone who’s determined.

Not surprisingly, Steven found Nick 9 out of the possible 10 times that they were going for, which was cut short due to the amount of money they were each likely to spend on the tenth adventure. Like most of the talks here, I highly recommend checking this one out since it was captivating and can really open eyes, but is far too long to talk about verbatim in here. If you can’t find this exact talk, the one from two-years-ago on Google video will suffice.

Phreaks, Confs and Jail

Though hacking can be as innocent a hobby as any, there are times when some hackers will participate in certain activities that are less-than-reputable. This talk was given by The Prophet, a regular contributor to 2600 magazine, and also Barkode, a friend who had very similar interests in all things hacking.

During the talk, many experiences were delivered, along with what ‘Confs’ are, where users could get into an unused teleconference to talk to multiple friends at a time. The experiences relayed are both rather hilarious and eye-opening… mainly because so much of their fun simply can’t be had in the same way anymore.

Both TProphet and Barkode have been in run-ins with the law, for various reasons, but neither were for for reasons that caused undue harm or issues for other people involved. Barkode did relay an interesting experience where the FBI went to his house and actually forced his mother out of the shower, all while he was not even there, but rather en route to of all things, a 2600 meeting.

Another humorous experience is calling a Fred Meyer store, and asking to be put through to a certain extension, which of course was tied to the internal PA system. Legally, if an announcement is made over the PA, then the store has to honor whatever price is mentioned. You can only imagine the exploits here, and that day in particular, Fred Meyer sold straight out of bananas. Of course these are all ‘hacks’ that shouldn’t be exploited, but they are still no-less hilarious.