Techgage logo

Hackers on Planet Earth 2008: ‘The Last HOPE’

Date: July 22, 2008
Author(s): Rob Williams

The seventh HOPE conference was held this past weekend in NYC and I was there to take in the numerous talks. Such subjects covered were lock picking, Wikipedia’s evils, YouTube, FOIA, hardware hacking and a lot more. Special talks were also given by Steven Rambam, Steven Levy, Adam Savage and Jello Biafra.



Introduction

This past weekend, ‘The Last HOPE’ conference was held in the heart of New York City, at the legendary Hotel Pennsylvania. ‘HOPE’ of course stands for ‘Hackers on Planet Earth’, this latest iteration being the seventh, and also supposedly the ‘last’. The conference first launched in 1994 and proceeded to become a bi-annual affair in 2000. All but one conference was held at Hotel Penn, so over the years, the hotel itself has become an integral part of what makes HOPE the conference it is.

The back story is that the hotel was announced to be demolished in the near future, with the goal to build in its place a new office building (huge surprise there). Thanks to this, the future of HOPE was very uncertain, and so the ‘The Last HOPE’ moniker came about.

The problem up to the conference was that the 2600 staff remained incredibly vague with regards to HOPE’s real future. Even on a recent airing of one of Emmanuel Goldstein’s radio shows, Off the Wall, he remained entirely vague during a discussion with a fellow station host. While he did come out and state ‘facts’ that “last” means “last”, his conclusions were difficult to settle upon. After all, Emmanuel is a master of playing with words.

But I digress. When the show finally did begin, on Friday, it seemed like no time had passed before it was Sunday evening and we were celebrating the closing ceremonies. During the opening remarks, we were asked to remain silent for a few moments out of respect. After all, given that this was ‘The Last HOPE’, it would also likely be the last time most people in the room would have set foot inside the legendary NYC hotel.

Cue funeral anthems and out of nowhere come a handful of grim-faced pallbearers carrying a black-painted casket, which I assume said HOPE on it, but was unable to see clearly. At this point, most, if not everyone, had believed that this was indeed the last HOPE. To make matters even worse, I had heard from a fellow attendee earlier in the day that he heard from a friend that Emmanuel was indeed tired of handling the conferences, so it was time to shut things down.

The last speech was given by Emmanuel, who went on to speak a bit about the English language. He also apologized for not being entirely clear with his points in months past. To be more clear, he proceeded to show foils of a slide that showed ‘Last’ means ‘Final’… done. The room was near-silent, and I am confident I wasn’t the only attendee hit with an abrupt realization that this was indeed the final HOPE.

But he continued. Though not verbatim, Emmanuel said something to the effect that, “English words can take on other meanings, as well. Such as…” [cue comic] ‘Hi, were you at the last HOPE conference?’ … ‘Yes, I was, and I’ll be at the next one as well.’

At that point, he called up a website called ‘http://thenexthope.org‘ and in a few short nanoseconds, everyone in the room began cheering and clapping profusely. Indeed, the entire 2600 crew, among anyone else who knew of the conference’s true fate, was misleading thousands of people for many months. Talk about the ultimate hack!

The True ‘Hacker’ Spirit

Before I jump into brief reports on the conference itself, I should make sure that everyone reading this understands what a ‘hacker’ really is, since it’s not something I’ve discussed much at all on the site in the past. Prior to being introduced to a certain MMORPG game (Asheron’s Call) and then followed by beginning this website, hacking was my primary hobby. Due to lack of time in recent years, I haven’t delved much into anything hacking-related, except in small increments.

Contrary to what the mainstream media would like you to believe, the term ‘hacker’ is a broad one, and in no way implies a person who is up to no good. In fact, most people at the HOPE conference are the exact opposite of these stereotypes. They are white hat hackers interested in investigating anything and everything to see how it all works. This is contrary to the typical black hat who use their skills for malicious intent. Many ‘hackers’, including myself, have done some less-than-reputable things in our past, but that’s what happens when you are young and incredibly naive. Most people can say that though, about anything, hacking or not.


(Thanks to Alex for snapping this photo.)

Since most of the ‘hackers’ that the press portray are actually cracking into systems for personal gain, whether it be to earn cash in the end or just cause trouble, they should be considered ‘crackers’. ‘Hacker’ simply shouldn’t be used as a filler word, because it’s so inaccurate in the way it’s been used over the past few decades.

‘Hacker’ can be used to describe someone who performed an absolutely simple hack, to someone who really knows what they are doing and circumvent their own computers security features. If you edit a hidden .ini file on your Windows machines to alter some functionality, that’s hacking. If you reverse engineer an application on your machine, it’s still hacking. Hacking can take on a billion different forms, but the point is, ‘hacker’ should not be the term used to automatically label a real criminal. It’s foolish and only shows how inept some of the press actually are.

That all aside, I’m confident that many reading this are either hackers or want to call themselves one, so I may very-well be preaching to the choir. Just do your part. If you talk to someone who has the wrong understanding of what a ‘hacker’ is, set ’em straight!

In this short article, I’ll cover a few of the talks I saw while at the conference. Given the sheer size of the event though, and the fact that there were well over 100 different talks, I was only able to attend a handful, about twenty. So while I will speak about a few here that I was enthralled with, there were likely many others that I was unable to see, due to other talks occurring at the same time. With that said, read on!

Fri: Hardware Hacking, FOIA, Insecure Locks, Wikipedia

Citizen Engineer: Consumer Electronics Hacking and Open Source Hardware

MAKE magazine has become somewhat of a phenomenon over the past few years, and they are of course very well-known in the hacking community. After all, hacking covers a wide spectrum of things, and building your own products from scratch is undoubtedly a form of hacking. This talk was given by two of MAKE’s most active members, Phillip Torrone and Limor Fried, who just launched a new “Citizen Engineer” video series.

They showed off two new videos that were recently made available on the web site, which covered both building a SIM card reader and also, get this, taking an ordinary pay phone and hacking it to work in your house. Both projects require patience and certain technical know-how, but as long as you are willing to learn, both should be easily possible with the nicely-presented how-to videos.

The pay phone project interested me most, for two reasons. The first is that many early phone phreaks used payphones as the target of their hacks, and they’ve become a product synonymous with 2600 magazine. The second reason was simply because it’s COOL. Imagine the looks you’d receive, having someone over, and them catching wind of the PAY PHONE on your wall. Talk about a conversation starter!

The best part might be the price. Aside from the tools you’d require, many pay phones are now being decommissioned, resulting in thousands sitting in warehouses. This results in the ability to find one as low as $50 if you look in the right places. That’s less than most house phones nowadays, and they will pale in comparison to something this unique.

A Hacker’s View of the Freedom of Information Act

Throughout history, events will occur that will be written or typed and kept, whether it be government-related or something of a more personal nature (such as an FBI file, or documents relating to a certain crime). Eventually, that information will be cataloged and stored somewhere, in case it’s needed again in the future, and for historical reasons.

The FOIA came into effect many years ago which allows this stored information to be had by anyone who asks, depending on what it is, and whether or not it’s confidential. As Phil Lapsley discussed in this talk, if you are creative, you can sometimes acquire information you were not meant to see, with a little bit of creative thinking.

The general scope of the talk was to inform people on what the FOIA is, and how the process works to receive information requested. He made certain to let people know that receiving information you request will not be a quick process. Usually, the minimum is 60 days, but he’s has personally received some information almost a year after it was originally requested.

What information could you possibly want? Well, if there is some classic case that you are curious about, you could see about requesting related documents. Or, if you somehow think there may be an FBI file on yourself or someone you know, that’s another possibility. This talk was exceptionally informative though, and I regret leaving without a DVD copy. Be on the lookout for the audio though, which should become available in the weeks to come on the official site for this particular conference.

Undoing Complexity: From Paper Clips to to Ball Point Pens

The name of this talk is a little odd, in that it’s hard to tell what it’s actually about without showing up. Matt Fiddler and Marc Tobias are professional lock-pickers who wanted to let everyone know how the majority of locks nowadays are not as secure as the companies who develop them would hope you’d believe. They covered everything from a normal house lock to the most secure high-security locks on the market.

Lock-picking a simple lock is not all that difficult with the right tools, but more advanced locks, such as the ones Medeco develops for high-security applications (think government-grade), are designed with much more elaborated mechanisms to both be lock-pick-proof and also bump-proof. Bump picking is the process of bumping a lock while a custom key or pick is inserted. The first thing Matt and Marc demonstrated on stage was bump-picking Medeco M3 locks, successfully. Surprisingly, all it took to break into one was fifteen seconds and eight to fifteen bumps.

The problems evidenced here are obvious. Medeco (and others, I’m sure), boast about having the most secure locks in the world, and because of this, they are used all over the place, especially in high-security environments. But as evidenced on stage, even their “Bump Proof” locks could be opened with bump-picking… go figure.

As the testing and results progressed over the years, Medeco has shunned both Matt and Marc off, which is no surprise. But instead of fixing their locks, they simply choose to ignore the situation. There are of course locks out there that are very, very hard to pick, but it’s important to realize that certain locks might very-well be easy to break into. It pays to read up on that particular lock, and understand the results of lock-picking attempts.

After all, if an eleven-year-old can pick a lock with little effort, then those with the ability to mend their own keys or have intense knowledge of lock mechanics will have even less problem.

Wikipedia: You Will Never Find a More Wretched Hive of Scum and Villainy

Alright, so Wikipedia isn’t entirely evil, but it can be thanks to ‘evil’ editors. The talk was presented by Virgil Griffith, who created the now ultra-popular WikiScanner, a web-application that has the ability to scan all of Wikipedia to find out which articles are being edited by which users/organizations, and who might be up to some shady business.

Who would ever edit in a wrong detail, you ask? Well, this goes far beyond the little brat who thinks it’s just hilarious to write ‘penis’ all over the Xbox 360 page. No, this focuses more on companies and corporations who actually a) have less-than-desirable truths about them that they don’t want the general public to know or b) falsify their entry to make the company or product appear better than it actually is.

It’s probably not much of a surprise, but this happens a LOT. There have even been ‘web wars’ where companies edit other (competitor) stories to make them look worse than they actually are. It’s hilarious really, but it’s also a real problem. With Virgil’s tools, all of which were shown off at the conference, we can all find out first-hand who is making the edits, exactly what they edited and potential reasons, and also view various trends. He went over so many different tools, that it’s hard to cover here in a small blurb, but it was very interesting to say the least. Stay tuned to his website for all current and upcoming tools.

Sat: Steven Levy, BagCam, Steven Rambam, Confs & Jail

Keynote Address: Steven Levy

Steven Levy is an American journalist who is very-well known in the hacking community thanks to his journalistic attention to the culture. His first book was called ‘Hackers: Heroes of the Computer Revolution’, which became hugely popular and also inspired many hackers out there. The most interesting thing about the book is that it was first published in 1984… before many of us even touched a computer. So in some regards, it was a bit ahead of its time.

His talk summarized mainly what the word ‘hacker’ means to him, and also what it’s become known as in the general media, something that I touched up on in this article’s introduction. When Levy first decided to tackle “Hackers”, he never even used a computer before. That would be like me wanting to write a book on quilts. So, he studied up, interviewed countless people and produced a legendary book. I’ve yet to read it personally, but his talk has inspired me to go pick up a copy.

Over the years, he’s also had the benefit of meeting numerous key people in the industry, such as Bill Gates, Steve Jobs and also Steve Wozniak, so he definitely knows a thing or two about both early and current hackers. His talk didn’t delve much into anything specific, but he relayed numerous experiences (such as locating Einstein’s brain) and I highly recommending checking it out if you can find it online, or through the 2600 store whenever the DVD’s are available.

Methods of Copying High Security Keys

Though it might come as a surprise to some, lock-picking exists as a serious hobby by many people world-wide. Groups exist where members meet up and discuss the latest locks on the market, various techniques, et cetera. If you are not a lock-picker (like me), then you might be interested to know just how easy it is nowadays to duplicate a key, as long as you have the original for a certain period of time, as proven by Barry Wels and Han Fey.

There are many companies that create high-security locks, such as Medeco (who I mentioned on the last page, and were picked on a lot during the conference for good reason), who claim their products are virtually unpickable (via pick, bumping), but it was proven before and again at HOPE that their keys are still very-much copyable, among almost every other popular key on the market.

The duplication can be done with either clay or silicone, the latter which is far more expensive, but more accurate. The simple explanation is that you make an imprint of both sides of the key, by closing both sides of a device together that press either the clay or silicone into the key. After a few minutes, the material can be removed and the key imprint left in tact. Liquid metal can be used to fill up the imprint and then pop out a key a few minutes later.

That might all sound simple, but it is. In the majority of their tests, the duplicated keys worked the majority of the time, with the exception of really high-security models that have strange angles or incredibly unique designs that cannot simply be copied with such a method, such as the keys that require magnets. The kits for duplication cost a few hundred dollars, but if some keen person wants a duplicate for a certain reason, the price can be easily stomached.

Bagcam: How Did TSA and/or the Airlines Manage To Do That To Your Luggage?

Most everyone reading this travels, I’m sure, but have you ever gotten to your destination, only to find your luggage in far worse shape than it was preceding the plane ride? algormor has had this happen far more than once, so he went out to investigate just how it was happening.

The Bagcam was born. It sounds simple, but is rather creative. He hacked a camera into his main piece of luggage, to spy on whatever was happening on the outside world. Because of this, the bag would capture video whenever it was out of his hands, and whenever motion occurred. He got to see behind TSA’s closed doors, and even airport staff shoving his luggage onto the plane.

Throughout all of his adventures, he hasn’t found anything jaw-dropping, but he’s confident it will happen, especially given that he travels rather frequently. What was interesting in his videos was how different airports could handle things so differently. Some were far better than others, of course, with an Alaskan airport being the most common-sense of them all, it seems.

I couldn’t find his web site, so I can’t link to one unfortunately, but he welcomes anyone to go and try this project themselves, if so inclined. It requires mounting a small recordable camera into the bag, making sure to drill a small hole for the lens to poke through, and then setting it to turn on and record whenever motion is detected. It’s hard to find a good camera at a good price, but they are out there. The key is to get one with superior battery-life and a sufficient memory card. I’m looking forward to seeing what else he manages to capture.

Addendum: algormor’s web site can be found at http://algormor.org/, where the entire presentation can be found in both HTML and PDF format, and soon, video.

Featured Speaker: Steven Rambam

Rambam’s lecture was one that I was looking forward to most, as he always has rather impressive stories to tell. He was meant to speak at HOPE Number Six, only to be carried away by FBI agents as soon as he hit the stage – a nice publicity stunt. It ended up being nothing more than that, and Rambam was free to leave the following Monday… one day after the conference ended.

That aside, he’s a PI for an NY firm who knows how to find people that are hiding. In fact, that was mostly what his talk focused on, and if you at all care about privacy, I highly recommend finding a copy to watch, or at least watch the one he gave shortly after the last HOPE.

Though his three-hour talk was far too broad to cover in a simple blurb here, one of the most interesting parts was with regards to his ‘victim’, Nick Daken, who volunteered to be found, over and over, and over. The goal was for Nick to keep hidden as much as possible, while Steven would attempt to find him. The overall goal is to show that privacy is dead, and as much as you might try to cover your tracks, you are going to be found by someone who’s determined.

Not surprisingly, Steven found Nick 9 out of the possible 10 times that they were going for, which was cut short due to the amount of money they were each likely to spend on the tenth adventure. Like most of the talks here, I highly recommend checking this one out since it was captivating and can really open eyes, but is far too long to talk about verbatim in here. If you can’t find this exact talk, the one from two-years-ago on Google video will suffice.

Phreaks, Confs and Jail

Though hacking can be as innocent a hobby as any, there are times when some hackers will participate in certain activities that are less-than-reputable. This talk was given by The Prophet, a regular contributor to 2600 magazine, and also Barkode, a friend who had very similar interests in all things hacking.

During the talk, many experiences were delivered, along with what ‘Confs’ are, where users could get into an unused teleconference to talk to multiple friends at a time. The experiences relayed are both rather hilarious and eye-opening… mainly because so much of their fun simply can’t be had in the same way anymore.

Both TProphet and Barkode have been in run-ins with the law, for various reasons, but neither were for for reasons that caused undue harm or issues for other people involved. Barkode did relay an interesting experience where the FBI went to his house and actually forced his mother out of the shower, all while he was not even there, but rather en route to of all things, a 2600 meeting.

Another humorous experience is calling a Fred Meyer store, and asking to be put through to a certain extension, which of course was tied to the internal PA system. Legally, if an announcement is made over the PA, then the store has to honor whatever price is mentioned. You can only imagine the exploits here, and that day in particular, Fred Meyer sold straight out of bananas. Of course these are all ‘hacks’ that shouldn’t be exploited, but they are still no-less hilarious.

Sun: Lazlow Jones, Adam Savage, YouTomb, Jello Biafra

Grand Theft Lazlow: Hacking the Media by Laughing at Them

Lazlow Jones is another speaker who’s been around the block and knows a thing or two. He’s been in radio for a number of years and has been a writer for just as long. He also happens to be one of the developers for Grand Theft Auto, all the way back to GTA III. Given that the series is a media favorite, this talk seemed entirely appropriate.

The fact of the matter is, as he pointed out, the media has a misconstrued vision of anything nowadays. Back to what was mentioned on the introduction page, the media loves to call any ‘cracker’ or criminal a hacker, and also happen to focus on completely inane things that should make no difference to anyone. He went on to even say that the most important media issue nowadays is celebrity vaginas, and “If Bin Laden had a vagina, the paparazzi would have found him by now”.

With celebrities worshipped the way they are, it’s no surprise that getting the truth into the news is very difficult. Nowadays, reality shows are the most popular form of entertainment on the TV, which is evident by the fact that TV news and even online news rate such news stories so highly, above far more important stories from around the world.

He went on to explain that most important issues are difficult to explain to people, which is one good reason that they are so often looked over. How many people truly understand what the DMCA is? Net neutrality? It’s hard to explain such issues to a non-techy person, so he suggests one way of explaining things is through comedy, which is one way that the GTA series has excelled over the years.

“It seems like these days, the only media that are holding the politician’s feet to the fire are comedians… so if that’s the way we need to go, then that’s the way we need to go.” He mentions that through comedy, the point can be put across, as long as it’s done with a straight mind and you are not blatantly favoring one side. It’s an interesting tactic, but there are countless YouTube videos out there from this presidential campaign alone to show that some people have the right idea.

Featured Speaker: Adam Savage

Adam Savage is of course one of the primary MythBusters on the popular Discovery show, but you might not immediately picture him as a hacker. Well, considering the amount of tinkering and building he does, he’s most-definitely a hacker, regardless of how you look at things.

His talk mainly focused on questions from the audience, but before he got into those he discussed how obsessive he can be, and boy, this man is obsessive. He has an odd attraction to the Maltese Falcon, and since there were only two of these built for the movie, neither of which he could easily acquire, it was his goal to create an exact duplicate.

The real Maltese Falcon is made of lead, and is incredibly heavy, so it took him more than one try. He tried to design one with brass, iron I believe, and using different techniques to get it as close to the original as possible. In the end, he’s still not entirely happy with his latest result, but that’s where the obsessiveness (and also perfectionism) comes into play. My question is, what does he plan to do with the FIVE Maltese Falcon’s he has lying around now?

YouTomb: A Free Culture Hack

YouTube has quickly become the go-to site for countless videos. You could spend hours upon hours simply searching around for different videos that pique your interest. But every-so-often, videos will be abruptly removed for various reasons, but mostly copyright infringement. YouTomb exists to let us know right away what videos have been removed and why.

The new service, being built as a joint venture between some folks at Harvard and MIT, scans all of Wikipedia (as fast as their server allows) and keeps track of all the videos scanned. As soon as a video goes down, for any reason, their main page will update and show which videos have been pulled out, and the reason.

It goes beyond the simple reporting, though. It shows off the ID of the video, who requested it to be removed, how long it was made available and also how many views it had prior to being removed. As I write this, I see numerous Top Gear episodes that have been removed by the BBC… some that were available for over 500 days!

Right now, their site shows off cool information, but they are looking into see if it would be possible (legally) to cache the videos uploaded, and then host them on their own site, effectively showing people the exact videos that were taken down. I have a feeling that such a thing would not be that possible, but as it stands, the information we do get is sufficient enough to keep an eye on things.

Featured Speaker: Jello Biafra

Jello has been a HOPE regular for the past five or six conferences and it’s always an experience to listen to him rant. He’s very left-wing and not afraid to speak his mind. He’s a former vocalist for the Dead Kennedy’s, a popular punk band (and a kick-ass one at that) from the early 1980’s. Their songs were also left-wing and focused on a variety of politics.

After the conference, Jello didn’t have DVD’s available (there were some disagreements somewhere down the line), so I don’t remember his speech word-for-word, nor will attempt to. During the speech however, he tackled numerous topics with common-sense ideas for improving the state of things. But as it seems, politicians seem to enjoy messing with things more than helping things lately, but it’s all a matter of opinion.

This talk and others will undoubtedly become available on the official HOPE website in the weeks to come, so I highly recommend checking it out once they become available. I can only write blurbs that usually cannot give true credit to where its due, and each one of the talks I’ve talked about today, I’d listen to again entirely without question.

Final Thoughts

As you can probably tell, there was a lot going on during the conferences. Tons of workshops, tons of talks, and tons of fun. Though I’ve wanted to attend in the past, this was the first HOPE that I’ve ever attended, and I’m already looking forward to the next one. It’s very rare you can go to a place where there are thousands of like-minded people under one roof, and like they say, ‘There’s no place like HOPE’.

During the article, I only touched up on the talks presented, but there was much more happening than that. On floor two, there were many workshops and vendors (I did walk away with a few books, including the new 900-page 2600: A Hacker Odyssey) and many people to walk up to and start a conversation with. It’s an interesting place, to say the least, and one I highly recommend anyone check out if you are at all interested in technology, and of course breaking it and finding out how it works.

On the second page, I briefly mentioned Club-Mate, which is a German ‘energy drink’ that was imported for the conference. They brought in five palettes worth, but I’m not sure how much exactly sold while there. I’m somewhat of a glutton when it comes to energy drinks, and it’s rare when I try one that I I can’t stand (except Full Throttle Mother, gross), so I knew I had to try Club-Mate. Believe it or not, the tag line translated to English is, “One Gets Used to It”, so you can imagine how odd the first sip was.

I can honestly say that it wasn’t “delicious”, but I can’t help but want more. It’s a very unique taste and is somewhat refreshing compared to most other energy drinks out there which taste the same. I should also mention that it’s not a traditional ‘energy drink’, but its effects are the same, and anyone who’s been drinking it for a while will attest to its ‘zing’ factor.

At the conference, a few other unique projects were undertaken, such as Radio Statler! (Statler is the old name of the hotel) and AMD, or Attendee Meta Data. The first was a live radio station that was using a leased call sign, and was broadcast online and also locally, with music and live streams of the talk. Tons of work went into this over the course of the weekend, but it worked extremely well. I listened whenever I got back to the hotel and it was a lot of fun.

The AMD project was a tracking project. Many people at the conference had RFID tags equipped in their badges, and as they roamed the entire conference, regardless of whether it was on floor 2 or 18, they would be trackable via a special web site. The idea behind this is of course just to show the cool capabilities that RFID can avail you, and it goes without question… this project was pulled off well.

After signing in, you could set up a nickname through their site, adding details such as interests, so that you could locate someone else there who shares the similar likes, making the chances higher that you will have something to talk about. The site tracking feature was one of the coolest though, with the ability to look at blueprints for both floors and get a general idea of where people were, and which room had the most people. In the end, it was great fun, and no one had to be injected with a tag!

I could talk about the conference all day, but I’ll cut it short here. I attend many conferences and similar shows, as seen in our trade shows section, but HOPE is unlike any of those. People who attend this one have a sincere passion for what they do, and most aren’t good at what they do for the sake of money, but rather because of an insatiable obsession to figure things out. To wrap up, I’ll show eight photos taken while at the conference. There would be more, but many didn’t come out, thanks to my leaving the external flash back at the hotel. Oops.

The Next HOPE‘ happens in two years at the same location, and I’m already preparing to go. Hopefully this article filled in enough gaps for you if you always wondered what happened at HOPE, or weren’t there this year to see what was going on.

Discuss in our forums!

If you have a comment you wish to make on this article, feel free to head on into our forums! There is no need to register in order to reply to such threads.

Copyright © 2005-2020 Techgage Networks Inc. - All Rights Reserved.