Hackers Invade Las Vegas for Epic Lulz Conventions

[Sidepocket]

LAS VEGAS (AP) - The threat of online data theft is becoming worse as criminals grow increasingly sophisticated at pilfering information from companies, government agencies and consumers, a former White House security adviser said Wednesday.

Richard Clarke, the former top counterterrorism adviser to President Bush, told a hacker conference that basic flaws in the Internet's infrastructure should be remedied in part through government and international intervention.

"We're building more and more on top of cyberspace, and we haven't secured it," Clarke said. "(The threat) gets worse every year."

Thousands of professional hackers, government agents and computer security enthusiasts descended on Las Vegas Wednesday. They're in town for pair of conventions focused on exposing the latest computer vulnerabilities and spurring companies to craft ways to avert future attacks.

Influencing much of the discussion at the Black Hat and Defcon conventions are two major computer attacks this year - a well-coordinated strike on the Baltic state of Estonia that crippled the Web sites of banks, media outlets and government agencies, and a data breach at the parent company of T.J. Maxx and Marshalls stores that exposed at least 45 million credit and debit cards to potential fraud.

The attacks are reminders that online criminals are increasingly driven by money and ideology, rather that the challenge of infiltrating a vulnerable computer system or Web site, experts said.

"The motivation is different, and the resources behind it are different, which makes it a much greater threat" than in previous years, said Jim Christy, director of Futures Exploration in the Department of Defense's Cyber Crime Center.

Black Hat, the more mainstream of the two events with scores of corporate sponsors and registration fees that run into the thousands of dollars, signed up some 4,000 attendees for two days of presentations.

By comparison, Defcon is considered more of a renegade affair. The three-day event bills itself as the world's largest underground hacking convention, and is known for its more motley attendance and series of wild hacker competitions. Defcon starts Friday.

In recent years, many of the biggest technology companies have come to embrace the ability of Black Hat and Defcon hackers to publicly poke holes in their products, even sponsoring contests to discover problems and make their technologies safer.

But the demonstrations can put corporations in an uncomfortable position, as some of their most profitable products can suffer attacks that would potentially expose their customers' private information or damage critical infrastructure.

Some of the juiciest consumer targets at this year's hacker conventions are Apple Inc.'s iPhone, social networking Web sites, software for routing voice calls over the Internet, and Microsoft Corp.'s Vista operating system.

Digital music and video downloads are also on hackers' radars.

A researcher is scheduled to unveil a new tool Thursday showing how easy it's become to remotely tamper with digital media files to spread malicious computer code such as viruses and spyware.

Other sessions will explore vulnerabilities in the computer systems that control energy and water distribution systems, and problems in keeping major computer-code flaws that have been discovered by hackers out of the hands of criminals before companies can fix them.

Christy said he is particularly interested in a demonstration later Wednesday of the flaws in forensics software used by law enforcement to scour e-mail and other files in their investigations.

http://www.lasvegassun.com/sunbin/stories/.../080110111.html