Friday, August 04, 2006


Defcon Organizers Try Stop Counterfeits

By DAN GOODIN ,
08.04.2006, 05:13 PM

The thousands of people who waited an hour or more to get into Defcon drove home what a hot ticket this 14-year-old computer-hacking event has become.

In years past, when would-be attendees couldn't afford the admission price, they put their hacking skills to work by creating counterfeit badges. This year, organizers turned to Joe Grand, a designer of consumer electronics hardware, to come up with something that couldn't be easily duplicated. Admission this year costs $100.

"This particular badge, because it's electronic, is hard to counterfeit," Grand said as he pointed to a circular plastic badge with two blinking lights at the top. "To make something like this in a few days could cost a lot of money."

The circular badge's deceptively simple design features the Defcon logo of a skull and crossbones and a smiling face. Two light-emitting diodes designate the eyes, and a tiny microprocessor inside causes them to blink in four different ways.

But the processor isn't something sold at Radio Shack or other electronics stores, said Grand, whose San Diego-based company, Grand Idea Studio, licenses hardware designs to electronics manufacturers. Trying to embed the processor into plastic less than 1/8-inch thick would also be a difficult undertaking.

Grand has added other features to the circuitry in the hopes that attendees will give the badges new capabilities. He said he wouldn't be surprised if someone figures out a way to make the processor act as a remote control that can turn hotel televisions on and off.

In past years, attendees have managed to counterfeit badges anyhow, despite designs meant to thwart copying. A shiny gum wrapper was once used to replicate a badge's holographic icon, Grand said. Another time, hackers were able to duplicate badges even though they had liquid pulsing through them.

"Every time they've taken steps to stop counterfeiting, and every time somebody always figures out a way to counterfeit the badge," Grand said.

Grand's design, and the inevitable attempts to circumvent it, are part of the spirit of Defcon, where some of the world's best-known hackers gather to share ideas and try to one up each other in their endless crusade to get machines to act in ways they weren't designed to behave.

Defcon is also an opportunity for computer-security experts to air some of the latest research.

Greg Conti, a computer science professor at the United States Military Academy, prepared a report that shows just how much information free Web services such as Google Inc. and Yahoo Inc. have about typical Internet users. He wrote a program that allows anyone to see the kind of personal details - including a complete list of every search item ever entered, every location surveyed on a map, and entries put in electronic calendars - routinely stored by such sites.

"I was shocked, and I think other people will be shocked, to learn the information they've been handing over," Conti said in an interview ahead of his presentation. "What we're doing is implicitly trusting a handful of companies with a tremendous amount of our personal information."