User Unknown

Conventioneers, however, insist that they are motivated only by an abiding technical curiosity flavored with the illicit but benign thrill of trespass. Twenty-year-old Konceptor pulled off his first hack at age twelve, when his mom took him to her office for Bring Your Child to Work Day and he guessed her computer password. Eight years later, he calls hacking addictive: "When you get into a system and you realize you're not supposed to be there, you get a big rush."

Malicious behavior, on the other hand, is generally considered the province of "script kiddies"--a derisive term for neophytes who don't know the fundamentals and simply use the hacking programs now available on the Web. (One of them, Back Orifice, can be used to give another user remote access to your Windows 95 or 98 computer if you're fooled into installing it: The Trojan horse program is sometimes disguised as another application, or attached to other files.)

In associating destructiveness with inexperience, the term "script kiddie" also hints at many hackers' belief that understanding technology leads to a greater respect for its proper use. Recalling his experience with Unix, the breed of operating systems that runs on most high-powered servers, Lothos points out that learning about computers creates an appreciation of the work of others: "I've set up Unix boxes, I admin Unix boxes, I know what goes into it. And I would never maliciously remove someone's hard drive or delete any of the files." Further, hackers argue that they constitute a rigorous test market of sorts--that finding and publicizing flaws in computer systems forces manufacturers to fix problems that criminals will inevitably discover anyway. "Most manufacturers lie to customers and say their stuff is secure, and the work of hackers in exposing vulnerabilities is essential," charges Bruce Schneier, one of the most prominent figures in the field of cryptography and a Rootfest speaker. "You wouldn't have secure products if it wasn't for them."

Early Saturday evening, the Rootfest attendees are running a test center of their own. The tables in the back room strain under two dozen computers; speakers spew everything from Björk to the Cookie Monster theme as users play Quake 2 and wait for the hacking contest to begin. The rules call for each of five teams to set up a computer with a Web server, and to try to hack into every other team's server, leaving a mark on the victim's Web page. The network problems persist, however, and participants are getting impatient. One man plugs his laptop into the overhead projector and brings up The Matrix--he has the entire movie, dubbed from an original print, on his hard drive as one massive MPEG file.

By the time the network comes up, a couple of teams have taken off for the night, and the room is a little more subdued. The noise settles to intermittent suggestions and trash-talking, mixed with the unremitting clacking of computer keys. "Who's got 25?" cries out Lothos, referring to one of the assigned addresses within the room's network. "We just packeted you to death." ("Packets" are individual units of data sent over a network, and a surprisingly common bug in most operating systems will make a machine crash or reboot if it's sent a large enough packet.) The room settles back into the murmur of competitive exploration, of typists digging and nudging for weaknesses and holes.

Lothos watches with five other people as Bah_, a friend and Legions co-conspirator, uses a program to scan another contestant's machine for exposed points of entry. "This is sad," says Lothos, looking at Bah_'s monitor, "He's got all the script-kiddie tools. He's got a menu, even." Someone pulls Lothos to the side and offers him an edge on the competition--a little-known security analysis program written by one of the nation's top firms and clearly not destined for public consumption: As Bah_ pops in the CD-ROM, Lothos's benefactor asks a bystander to turn off his video camera.

Bah_ types in a few commands, and suddenly the screen is awash in a cascade of text describing each file as it's installed. "Are those all exploits?" Bah_ asks the man, realizing that each line means another way to look for a security weakness. "Oh my God, I love you." The lines keep scrolling up, and the group clustered around the screen falls silent for a second, waiting in the glow of new power, of new knowledge.