I Attended This Hacker Conference and All I Got Was All the Data on Your Hard Drive

At around 8 p.m., a ghetto hacker strolls over to talk to Viega. "You submitted your own token, didn´t you?" he asks.

"What do you mean?" Viega replies, and he keeps up the pretense for several minutes of back-and-forth, but eventually his smile gives him away. To score points, players submit the tokens they've stolen to a scoring server. Bacon player Pravir Chandra, a cheerful guy in a Hawaiian-print shirt who does security work for AOL, noticed that there didn't seem to be anything stopping teams from submitting their own token, so Bacon tried it. The game is, after all, about hacking. Cheating is encouraged. The organizer congratulates them, then heads back to fix the flaw.

But by now, other teams are scoring. Pretty soon one called Sk3wl of Root overtakes Bacon for the lead. (Sk3wl means "school" in hacker lingo, and root access to a Unix computer will let you do anything; the team is made up of graduate students in cybersecurity at the Naval Postgraduate School.) Later, Viega gets up to stretch his legs and heads over to the Sk3wl of Root table to say hello. For many, the Con provides a chance to get together with friends you usually encounter only in cyberspace.

Thanks to the insane hours he´s been pulling at his start-up, combined with the demands of a young family, Viega arrived in Vegas with a major case of stress. Somehow, staying up all night hacking appears to be an effective antidote; as the game progresses, he becomes more and more relaxed, and he settles in. Two other players seem as stuck to their chairs as Viega, but others duck out to sample the pool party or catch a nap.

Just before 2 a.m., Viega complains that some of Bacon´s services aren´t locked down. Unlike some teams, which have a clear leader and delineation of duties, Bacon is just a group of smart friends who got together for the qualifying round and then gathered again in Vegas. They each take on tasks as they think of them, and most players are more interested in attacking than defending. Of course, there are risks to this kind of ad hoc strategy, and about an hour after Viega´s comment, the non-locked-down nature of Bacon´s system is confirmed. "We're owned," Viega groans. "The title of the PHP interface reads "Sk3wled by Root.""