Ethical hacking conference coming to Charleston, WVA

Published 30 September 2010

A major ethical hacking event will take place in Charleston, West Virginia, 23-24 October; the event will focus on “white hat hacking” — meaning learning how to think like the “black hat hackers” or bad actors and how they operate; a Hacker Village will be set up at the Charleston Civic Center featuring a network of systems designed with vulnerabilities so attendees can try their stuff with mentors on hand

One version of the root of the word “hacker” traces it to early computer programming classes in the 1960s at the Massachusetts Institute of Technology, where students would “hack away” for hours at a keyboard to make programs do things they were never intended to do.

A half-century later, Hollywood made sure that many now see hackers as socially hopeless nerds or ninja-stealthy cyber-crooks.

Douglas Imbrogno writes that clarifications are, therefore, in order when talking about the upcoming first-ever Charleston, West Virginia event, Hack3rCon, dreamed up by a guy on the board of Hackers For Charity.

The event will see ethical hackers gather, with that number “3” in the event’s name standing in for the letter “e” as a wink to the data-crunching at the heart of all computing — and hacking.

Ethical hacking is sanctioned, authorized activity on your own network,” says Rob Dixon.

Hack3rCon will take place 23-24 October at the Charleston Civic Center during CharCon, the city’s annual board game and role-playing convention.

Dixon, who manages cyber-security operations for the state of West Virginia, says Hack3rCon will appeal to anyone in any way responsible for information technology and cyber-security for any size operation, whether five people or 100,000

The event will focus on “white hat hacking.” This means learning how to think like the “black hat hackers” or bad actors and how they operate.

Dixon has competed in — and won in 2009, along with two fellows from South Carolina and Illinois — a hands-on “Defend the Flag” contest, put on in a partnership between DHS and the MS-ISAC or Multi-State Information Sharing and Analysis Center.

Imbrogno notes that these are games with a serious twist in which participants try to hack into computers with vulnerabilities engineered into them, to learn how the bad actors think and work.

Dixon has pulled Hack3rCon together with the CharCon staff as well as the local technology group, co-founded by Bill Gardner, IT manager for the Charleston law firm Flaherty Sensabuagh Bonnasso.

Many noted speakers in the field will be attending, and they are identified on the Hack3rCon Web site by their names and handles in the online world — for example, “Irongeek” and “pwrcycle.”

Some of the guys are going to talk about defensive stuff. Some of the speakers are going to talk about offensive stuff,” said Dixon.

Irongeek” is Adrian Crenshaw, who has worked in the IT industry for a dozen years and runs the information security Web site The site specializes in videos and articles that illustrate how to use various tools for security and “penetration test,” a way to test a network’s security by mimicking an attack from a malicious source.

Imbrogno notes that a Hacker Village will be set up at the Civic Center featuring a network of systems designed with vulnerabilities so attendees can try their stuff with mentors on hand. There will also be a traditional capture-the-flag contest featuring a network computer armed with Backtrack, a popular open source pen-test toolkit. Whoever cracks the computer first wins a Netbook with Backtrack installed.

Crenshaw will also bring to Hack3rCon a newer contest of his own design called “King of the Network Hill,” said Dixon. “It’s basically a system with a certain kind of vulnerability — you try to take over the system, and lock everyone out and see how long you can maintain it.”

Both Gardner and Dixon say the aim of Hack3rCon is to help people understand weaknesses in their computer networks before they’re sniffed out by someone else.

The goal,” says Dixon, “is to find the vulnerabilities on your own system before the bad guys do.

We’ll talk about the ethics around that — the proper way to conduct a penetration test and especially proper authorization. A lot of people say, ‘Well, aren’t you afraid you’re going to teach something they shouldn’t know?’” Dixon asks. “The de facto answer is — the bad guys already know this.”

If you are interested in attending, see Hack3rCon for details