HOPE arrives in New York

The sixth biennial Hackers on Planet Earth (HOPE) hacking convention took place in New York City on July 21- July 23 with thousands of mostly black-clad attendees thronging the Hotel Pennsylvania in midtown Manhattan for a three-day smorgasbord of workshops, panels and lectures on network security, activism, do-it-yourself technology and hacking in all its forms. HOPE featured over 60 one-hour forums inside two auditoriums. Forum titles included "Password Cracking and Time-Memory Tradeoff," "Lock Picking" and "Law Enforcement Wiretaps." These forums were hosted by hackers, ex-government employees and software celebrities. Several of the attendees were veterans of previous incarnations of HOPE and of other popular hacker conventions such as DefCon in Las Vegas and ShmooCon in Washington, DC. Several speakers, were conference stalwarts, such as long-imprisoned hacker Kevin Mitnick (whose social-engineering presentation was a highlight of the last HOPE, held in 2004), free-software pioneer Richard Stallman, and punk-rock provocateur Jello Biafra. July 21 was big on topics heavy with political overtones, such as "Building the Anti-Big Brother Databases" and "Bin Laden, National Intelligence, and More." More lighthearted events, such as a new version of the popular panel devoted to the art of lockpicking and an LED art-making workshop run by New York's Graffiti Research Lab, helped keep the mood buoyant throughout the day. "There's [a] big misconception about this conference," said Lazlow, HOPE's comedic MC and host of XM Radio/nationally syndicated tech radio show "Technofile." "It's not a bunch of kids trying to hack into the Pentagon. The goal of this conference is to share information. Curiosity is not a crime and this is a great opportunity for people to learn about surveillance, security and privacy from experts." "At tomorrow's 'Bin Laden, National Intelligence and More' you'll find a lot of ex-law enforcement; that's going to be a great one," Lazlow added. "Last year one of the panelists asked for an audience member's Social Security number and then on the spot, showed him what information is available on the internet. It's a great learning opportunity.... HOPE's goal is to share information. Though there is a $75 admission fee, HOPE will probably break even, if not lose money." Perhaps one of the conference's most well received developments came on July 21 when Hacktivismo, an international group of hackers, human rights workers, lawyers and computer security experts, announced the release of ScatterChat (scatterchat.com), a free, open source application designed to facilitate secure and private communication over the internet. ScatterChat is an instant messaging client that provides end-to-end encryption and was designed for non-technical human rights activists and political dissidents operating behind oppressive national firewalls. Free software activism takes center stage July 21 also featured an impassioned keynote address by Richard Stallman, who lashed out against spyware and DRM, or digital rights management–which Stallman is fond of calling "digital restriction management," or "digital handcuffs." "Lots of proprietary software has malicious features," Stallman said. "They put in spy features, features designed to restrict the user, and back doors. One proprietary program you may have heard of that spies on the user is Windows XP," he said to laughter and boisterous applause. He also criticized TiVo, which he said collects data on user preferences. Stallman preached the exclusive use of free software as an antidote to potential DRM issues. "All proprietary software is 'just trust me' software, where you surrender to the blind faith of a developer who might not deserve it," he said. "The user of non-free programs is a prisoner of his software." He also criticized the notion that in the future, most applications would be run online. "You simply can't have control over what a program does unless you're running your copy... if everyone's running Google's copy of a program, we can't all have control over what Google's copy does," he said. A later panel titled "The Future of Wireless Pen Testing" came out swinging against holes in several methods for 802.11 wireless security. "Remember WEP?" Frank Thornton, an expert on wireless security and one of the speakers on the panel, said to peals of laughter from the audience. "Or even MD5?" The panelists discussed the urgent need for a more bulletproof way to secure wireless networks; the standard 64-bit and even 128-bit encryption provided by WEP has long been shown to have serious weaknesses, and newer schemes such as WPA, they said, have some flaws. Later panels varied broadly in scope. A panel on the European hacking community, including representatives from Germany's notorious Chaos Computer Club, discussed cultural differences between Europe and the US. An intriguing evening presentation on "Hacking the Mind," which drew eerie similarities between buffer overflows, shell code and hypnotism, attracted crowds. Of course, what sort of hacking event would be complete without providing really fast, really free wireless internet? With the help of network consultants Rainbow Internet Services and ISP Net Access Corp., HOPE is offering all attendees free access to 155-Mbps upload and download speeds by pointing a micro dish at Times Square. Conference panelist arrested On July 22, Steven Rombom, the owner and CEO of Pallorium Inc., a company that bills itself as the largest privately held online investigative service in the US, was arrested by FBI agents just moments before he was to lead a HOPE panel discussion on privacy. Rombom's fellow panelists said four men clad in dark blue FBI jackets quietly entered the auditorium, asked Rombom if he had any weapons on him, and then escorted him out the door along with his laptop and other equipment that contained the PowerPoint slides that were to make up the bulk of his scheduled two-hour presentation. "If you know Steve then you know he's very flamoyant, and at first I thought it was just PR, you know?" said Kelly Riddle, a private investigator from San Antonio who was to speak alongside Rombom. "So, they asked him to step out in the hallway, placed the handcuffs on him and started to lead him off." Rombom was going to discuss how he dug up–in just 4.5 hours of searching private and public databases–more than 500 pages worth of data on HOPE attendee Rick Dakan, who agreed to be the guinea pig for the project. "All I had given him was my email and name. He knew everywhere I'd lived, every car I had driven, and even someone else in Alabama who was using my Social Security number since 1983," said Dakan, who was attending the conference for a book he is working on about hacker conferences. "He found all my friends, pictures of friends, knew about my brother's criminal history." The FBI's New York field office released a complaint against Rombom on July 24, charging Rombom with obstruction of justice and with witness tampering, alleging that in April 2006 Rombom impersonated a federal investigator at the request of a client who had hired him to locate a government informant who was central to the client's money-laundering indictment in 2003.