I Attended This Hacker Conference and All I Got Was All the Data on Your Hard Drive

Being "owned"–when an outsider takes control of a system–is probably what most people think of when they think of hacking. PHP is a scripting language used to generate Web pages, and in this case, Sk3wl of Root has used it to leave a note letting Bacon know who´s in charge. But hacking can be a stealth activity as well; it´s often in an attacker´s interest not to get caught.

Many of the applications the teams must run are services. Most of us use such services every day without thinking–programs that allow us to access e-mail and other information held on some remote computer. If they are compromised, the consequences can be serious.

Most businesses don´t publicize their security problems, so it´s difficult to find out how pervasive they are. But according to a survey of businesses done last year by the U.S. Secret Service, CSO magazine, and the government-funded security center CERT at Carnegie Mellon University, 125 of 500 respondents admitted that their companies had suffered financial loss because of e-crimes. A separate report published by CERT confirmed what hackers have known for years, that "vendors continue to produce software with vulnerabilities, including vulnerabilities where prevention is well understood." Thousands of weaknesses are discovered in major software products every year, many of them by the people who come to Def Con.

Capture the Flag serves as something of a laboratory-both at Def Con and, increasingly, elsewhere. One of the first times it was played here in Vegas, an NSA employee told Jeff Moss that the agency planned to use the game internally. Today, versions of Capture the Flag are used in government and academia for training. "With security, the devil is so much in the details," explains Giovanni Vigna, a professor at the University of California at Santa Barbara who uses a version of the game for one of his final exams. "Until you do it, you don´t really know it."

Classroom gaming experience and tighter leadership may help explain why the two teams assembled around graduate programs have managed to take the lead in this year´s game. By 9 a.m., Bacon has dropped to fourth place. Still, the players maintain an almost scary focus, and two hours later there´s still no sign of breakfast, never mind lunch. The team manages a couple scores over the next few hours-but not enough to catch up. Sk3wl of Root and a team called Enemy Combatants battle it out for the title. By afternoon, it´s clear that winning is out of the question for Viega and his team. But they aren´t going down quietly.

Martin Murray, a 21-year-old and one of the few Bacon players with a Windows laptop, walks casually across the room and jumps over the table separating the scoring tower from the main floor. In plain view of anyone bothering to look, he walks over to the projector, unplugs it from the scoring system, and plugs his laptop in.

Suddenly the scores disappear and are replaced by an unhappy shade of blue familiar to any Windows user. On the screen is what looks like a long error message, but close to the top you can easily see the words "Bacon . . . Owns . . . Ghetto."

There´s loud cheering from the floor. A voice comes over the speaker system: "FYI, if anyone saw what just happened, someone owned the projector connection, that's all." The scores come back up, showing Sk3wl of Root with a lead that will last all the way to the finish line. For Bacon, the game is over.

Robin Mejia is a freelance writer in Santa Cruz, California.