I Attended This Hacker Conference and All I Got Was All the Data on Your Hard Drive

To the uninitiated, it looks like the people playing capture the Flag are simply hunkered at their laptops. The bulk of their time is spent poring over line after line of computer code, thinking of ways to penetrate it, and writing several lines of code to try out an idea. Most of the time, it doesn't work.

Every few minutes, the Ghetto Hackers throw a video clip up on the wall to break the monotony. A lot of it is classic arrested-development stuff: women in skimpy outfits using heavily vibrating power tools, that sort of thing. Meanwhile, over by the bar, some attendees project a "Wall of Shame," listing the usernames and first few password characters of fellow attendees who have been foolish enough to troll without encryption on the Con's wireless network.

One of the applications featured in this year´s game, a multiuser domain, or MUD, was probably included in recognition of the amount of time most of these guys have spent online during their lives. MUDs are text-based multiuser online games that players can log onto remotely. They´ve been around since the ´80s; geeks will recognize them as the precursors to games like EverQuest. A MUD isn´t all that different from a chat room, and people have been meeting in MUDs for decades. Each team is required to run a MUD and let players from other teams log in.

Early on, Viega discovers a weakness in the MUD´s access controls, rules that should limit what he is able to do. Soon he has gained "wizard" privileges, which give him the power to do things a regular user can't–like write code that allows him to burgle some tokens.

As the afternoon heads into evening, the Bacon table is littered with empty chip bags and liquor bottles. Viega and company have killed a bottle of Jack Daniels and one of Bailey's, and a liter of Wild Turkey is on its way.