The Norman Transcript

August 16, 2008

Busted by Defcon's Wall of Sheep


Last weekend saw me once again attending the annual Defcon computer security conference in Las Vegas. The conference's 8,000 or so attendees, who came from all around the globe, were made up of the normal groups of hackers, crackers, feds and wannabes. As usual, almost every three- or four-letter U.S. federal agency was represented, along with all branches of the military and major computer-oriented corporations. Once again, I found myself surrounded by the smartest computer people in the world.

I came away from the conference with many stories to tell, and I will devote the next three or four of the newspaper columns that I write to tell them.

This week, I'll explain how the Defcon Wall of Sheep busted my e-mail account. Yes, you read that right, I got hacked, though it's not as bad as it sounds; I did it on purpose, eyes wide open.

Defcon provides a number of wireless networks for use by conference attendees. These are open, unsecured wireless networks that do not require a password or "key" to use, just like the wireless networks that you will find at IHOP or La Baguette. Anyone within range can connect to these networks, and connect they do, surfing Web sites and engaging in one of Defcon's most risky activities: checking e-mail. The working phrase is "caveat emptor," for the Defcon wireless networks are widely regarded as among the most hostile in the world.

One of the giant rooms used by Defcon has a number of tables setup at one end. The tables are filled with computers and other interesting pieces of electronic gear. On one of the tables sits a projector connected to a computer, which displays a huge screen on one of the walls. This is the Wall of Sheep, on which appear the user names, partially obscured passwords and type of Internet activity of people who get busted. Wall of Sheep volunteers are constantly monitoring and analyzing activity, or "traffic," on the wireless networks. They are, in their own words, "looking for evidence of users logging into e-mail, Web sites, or other network services without the protection of encryption. Those we find get put on the Wall of Sheep as a good-natured reminder that a malicious person could do the same thing we did... with far less friendly consequences."

I visited the Wall of Sheep area and asked if I could do a test of their system. I discussed what I wanted to do with a helpful fellow who told me to go ahead, if I dared. I retrieved my laptop computer from my hotel room, returned to the Wall of Sheep area and engaged in one of Defcon's most dangerous activities: I checked my e-mail using the default security settings in Microsoft Outlook.

The helpful fellow told me that it would take some time to analyze all of the network traffic that they were monitoring, and that I should return after an hour or so to check the results. I left the area, and went to a security seminar.

Later, I returned to the Wall of Sheep to see if I had been caught. User name after password after activity type slowly scrolled up and down the projection on the wall. "Holy ****," I cried out, after a minute or two of viewing. "There I am." I started laughing.

Sure enough, there was my e-mail address (same as my user name) and the first three characters of my password, with the rest of the password obscured. The helpful fellow who I'd met before was still there. He looked up at me with a sly, all-knowing grin. "Would you like to be removed from the Wall of Sheep?" he asked. "Yes sir, please, if wouldn't mind," I replied. A few keystrokes later, my entry on the Wall of Sheep was obscured enough to where you couldn't tell what it had said before.

We then had a nice discussion about e-mail security, which ended with him saying, "You know, our group isn't going to do anything with what we find, other than project it on a wall. However, there are a lot of scary people at Defcon who are analyzing the same traffic that we are, and they won't hesitate to use your user name and password to mess with your life. If you can, you might want to call someone at a remote location and have that person change your password. That is, if it's not too late."

Gulp. I returned to my hotel room, called my daughter back in Oklahoma, had her login to my hosting account (which, fortunately, uses a different password than my e-mail) and change my e-mail password. God was smiling on me, or maybe, laughing at me. No, He was laughing with me, not at me; yeah, sure, that was it. Somehow, I had stayed one step ahead of the bad guys, just barely.

Next week, I'll explain why I ended up on the Defcon Wall of Sheep, and how you can better secure your e-mail connections.

Dave Moore has been repairing computers in Norman since 1984, when he borrowed $1,200 to buy a Commodore 64 system. He can be reached at 919-9901 or www.davemoorecomputers.com.