It's Friday morning at the Minneapolis Convention Center, and a flock of hackers are eyeing the man in a dark blue suit and tie. One teenager says he tried to call the pay phone next to the FBI agent, but it was out of service. Another walks slowly past the man, returns, and reports, "I don't think he's saying anything. I think he's just got the phone off the hook."
Paying close attention to law enforcement and telephone lines comes naturally to the people assembled at the Minneapolis Convention Center May 21-23. They're here for Rootfest, the first hacker convention in the Midwest, and the latest in a growing lineup of such events that started with Las Vegas's Defcon six years ago. Though it's officially billed as a "computer security convention," the implicit understanding is that most attendees will be hackers and sympathetic figures in the security field; the name refers to "root," the term for the log-in account needed to gain full access to a computer's operating system. The man in the blue suit, invited as a speaker to explain federal policies on hacking, eventually leaves the gathering--supposedly called away on a case--but speculation buzzes throughout the weekend that other spooks remain, either from the Bureau or from the Office of Naval Intelligence. Being over 30 or wearing a suit is an automatic cause for suspicion: Most of the 150-some conventioneers, some of whom have come from as far away as Los Angeles and the Netherlands, are young men who favor glasses, long hair, and large T-shirts. They make for a decidedly anarchic-looking group, their large single room bookended by a graphic design convention to the south and a dance-line competition to the north.
Among themselves, the hackers talk and joke amicably, nonconspiratorially: They've come to Minneapolis to learn, but also to meet face to face, to attach human voices to Internet chat nicknames. And they've come to play with toys, the more bleeding-edge, the better. People walk the halls bearing technofetishes like the newest Palm Pilot, a pager that can be used to surf the Web; cell phones and video cameras are practically de rigueur. At the back of the room, on a long row of tables, computers are being set up for play. One lanky teenager builds a mound of four PCs ("mostly dumpster-dived," he says), including one eye-catching, old-fashioned portable with a tiny hinged screen that displays letters in a burned-out yellow tint. The entropy of quick-and-dirty technophilia begins to eat away at the Convention Center's coordinated interior--chairs pulled out of formation, a multicolored vine forest of cables cascading from the backs of machines and squirming onto the floor.
At the center of this digital wilderness is 20-year-old Lothos, the founder and sole organizer of Rootfest. Dressed in an odd blend of business casual and postadolescent MTV garb--denim shirt and playful necktie clashing with baggy tan corduroys and a topknot--he darts anxiously from the registration table at the front door to the networking gear in the back corner, fretting about last-minute cancellations by speakers and the embarrassing lack of high-capacity Internet access. The connection he promised attendees, beamed by satellite from the roof of the Convention Center to a receiving station a few blocks to the north, isn't going up according to schedule.
But though Rootfest is probably the most ad-hoc operation the Convention Center has ever seen (the registration table is being run by Lothos's mother and his girlfriend), it's not bad for a first-time event whose founder just finished his freshman year studying computer science at a Minnesota college he refuses to identify. Lothos says his hacking days are now behind him, but he decided to pull together Rootfest to provide a gathering place for hackers and help improve their public image. "The media portrays us as criminals, pretty much," he says, noting that government agencies seem to rank the act of breaking into a computer system--regardless of motive--in the same category as theft, vandalism, and fraud.
Indeed, headlines about hacking's dangers accompany Rootfest like background music: Shortly before the convention, a grand jury indicted a Texas 19-year-old who, authorities say, is Zyklon, a hacker Lothos used to run with in the group Legions of the Underground. LoU itself gained notoriety earlier this year when people claiming to be part of the group announced their intention to attack government systems in Iraq and China, while other members denied having any such plans. Closer to home, Rootfest made news before the convention itself started, when the city of Minneapolis took the Convention Center off its wide-area network. Minneapolis chief information officer Dan Saelenz now downplays the decision, saying the city used the occasion "as an educational opportunity to remind people about security in the network world today."
To an anxious computer user, Rootfest might indeed seem like a training camp for renegade geeks determined to break into your network, delete your files, and steal your credit-card number. One of the speakers, Matt Willis, offers an introductory discussion on how to circumvent firewalls--systems used to limit access to internal networks via the Internet. In the back of the room, a hacker shows off a list of logins and passwords he discovered on a corporate server simply by making a lot of educated guesses. (A surprisingly high number of users apparently choose the same string of letters for their login and their password.)