[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]

..[ Phrack Magazine ]..
.:: 25 Years of SummerCon ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ] [ 69 ] [ 70 ]
Current issue : #68 | Release date : 2012-04-14 | Editor : The Phrack Staff
IntroductionThe Phrack Staff
Phrack Prophile on FXThe Phrack Staff
Phrack World NewsTCLH
LoopbackThe Phrack Staff
Android Kernel Rootkitdong-hoon you
Happy Hackinganonymous author
Practical cracking of white-box implementationssysk
Single Process ParasiteCrossbower
Pseudomonarchia jemallocumargp & huku
Infecting loadable kernel modules: kernel versions 2.6.x/3.0.xstyx^
The Art of Exploitation: MS IIS 7.5 Remote Heap Overflowredpantz
The Art of Exploitation: Exploiting VLC, a jemalloc case studyhuku & argp
Secure Function Evaluation vs. Deniability in OTR and similar protocolsgreg
Similarities for Fun and ProfitPouik & G0rfi3ld
Lines in the Sand: Which Side Are You On in the Hacker Class Waranonymous author
Abusing Netlogon to steal an Active Directory's secretsthe p1ckp0ck3t
25 Years of SummerConShmeck
International Scenesvarious
Title : 25 Years of SummerCon
Author : Shmeck
                              ==Phrack Inc.==

                Volume 0x0e, Issue 0x44, Phile #0x12 of 0x13

|=----------------------=[ 25 Years of SummerCon ]=----------------------=|
|=---------------------------=[ by Shmeck ]=-----------------------------=|

It's hard to believe that 2012 marks the 25th anniversary of SummerCon. In
the American hacking landscape, SummerCon remains the seminal conference
from which all others are modeled. In those early days, interactions
between hackers took place through BBSes, as shout-outs in assorted
textfiles, on telco voice bridges, and in the pages of Phrack and 2600. For
the most part, these interactions were all mediated through some kind of
communications infrastructure. SummerCon was an opportunity to change that.

In the 1980s, informal gatherings of hackers had begun to spring up all
over the place in America. The European scene was well-organized, with
groups like the Chaos Computer Club holding an annual congress of hackers
as early as 1984. 

There are various theories about why Europe organized more quickly than
America. America developed a strong counterculture in the 1960s and 1970s,
including an enthusiastic phreaking movement dating back to the early
1970s. Well-known anarchist and Chicago Seven conspirator Abbie Hoffman,
along with Al Bell, a well-known telephony enthusiast, launched the first
phreak magazine, YIPL: Youth International Party Line in 1971. YIPL became
TAP, based out of New York. Though Americans were enthusiastic, TAP found
an eager European audience, and Dutch and German activists carried the
torch and pushed the boundaries of phreaking in the 1970s. Those phreaks
were readily absorbed into the ranks of an already strong and
well-established anti-authoritarian movement in Europe. Large-scale
meetings, complete with technical demonstrations were the logical next
step, so the first big hacker conference, Chaos Computer Congress, took
place in Hamburg in 1984.

American hackers remained active during that period, but physical meetings
remained elusive. Nevertheless, something like a tipping point for the
American hacking scene must have occurred in the summer of 1987. On June 5
of that year, the first 2600 meeting was held in New York City. Only two
weeks later, in St. Louis, a small cadre of people who mostly knew each
other from exchanges on Metal Shop BBS and through Phrack profiles, met at
the Executive International Best Western to embark on a totally new way to
advance the American hacking agenda. The first SummerCon set the stage for
the way subsequent hacker conferences would be held. To this day PumpCon,
HoHoCon, DEFCON, and HOPE stick to the same formula.

Its organizers wanted to foster the physical interaction in meatspace,
eschewing the phosphorescent glow of their CRTs to hold a party like none
other. Mostly, if the reports from early editions of Phrack are to be
believed, though, it was to have a good time. SummerCon has always held its
primary goal as forging friendships, because that's how real dialogue and
information exchange happens. Yes, there were technical talks. That first
SummerCon in 1987 included a long list of technical discussions, but
because it was a small gathering, the agenda was ad hoc and seemingly

Most of the technical discussions centered on things that are pretty far
outside modern mainstream infosec discourse: BBSes, fiber optics, and
methods of blowing 2600 Hertz headlined the proceedings. In fact, the
attendees had a hard time getting started, not really knowing each other or
how to begin. But because everyone in attendance had some sort of technical
background, these purely technical discussions got people talking to each
other, which led to drinking, which led to partying, which, ultimately
helped the attendees forge long-lasting relationships with each other. It's
how cons have worked ever since.

The success of that first SummerCon naturally implied that another one
would be held the following year. Its organizers made a last-minute
decision to hold another one. Like modern incarnations of SummerCon, the
organizers dithered over details like location, letting inertia play a
significant role. While New York City was one possible contender, it was
held in St. Louis again. 

SummerCon '88 was a controversial one. The technical discussions came a
little more easily, and the attendees seemed a little more comfortable,
inviting outsiders into their ranks. But one attendee, Dale Drew, using the
handle "The Dictator",  was actually an informant working with the Secret
Service. He helped government agents videotape the proceedings through a
two-way mirror in his hotel room. This video evidence was eventually used
to indict conference organizer Knight Lightning (the nom de hack of Phrack
founder Craig Neidorf) on a federal count of criminal conspiracy as a part
of his now-infamous E911 criminal trial. Though the case against Neidorf
eventually fell apart, federal interest in SummerCon would remain an
ongoing theme for years to come. Other conferences have capitalized on
SummerCon mainstays like "Hunt the Fed", now immortalized as DEFCON's "Spot
the Fed" contest.

There was a SummerCon in 1990, but a wide federal dragnet for computer
crime and Knight Lightning's federal trial tainted it. Perhaps the most
chilling reminder of a bad era exists in the announcement for a
Christmastime event in Houston called XmasCon, who stated that their event
would "replace the painful memories of SummerCon'90 (SCon'90? What do you
mean? there was a SummerCon this year? HA. It surprised me too)." Clearly,
these were bad times in the hacker community.

In 1991, the freshly acquitted Knight Lightning rebranded SummerCon as
"CyberView," because he did not want to trigger any associations with the
previous event. Bruce Sterling's comprehensive report (Phrack 33:10,
http://www.phrack.org/issues.html?issue=33&id=10#article) included a
rationale for the new, if short-lived name. "The convention hotel, a seedy
but accommodating motor-inn outside the airport in St Louis, had hosted
SummerCons before. Changing the name had been a good idea. If the staff
were alert, and actually recognized that these were the same kids back
again, things might get hairy." In what can only be described as a
SummerCon miracle, a St. Louis swingers' group simultaneously occupied the
conference hotel. As with every SummerCon, booze was a factor.

SummerCon 92 saw a dramatic increase in the number of participants, with 73
reportedly in attendance. Summercon 93 was the last year a SummerCon took
place in St. Louis. Summercon 95 marked a changing of the guard, with the
event taking place in Atlanta, hosted by Erik Bloodaxe and his LoD
colleagues. Over 200 hackers came; several were arrested. The following
year, SummerCon 96 moved to Washington, DC. 

Periodically moving the conference became a ritual to prevent the event
from getting too stale and to ensure that a willing hotel could be found,
since SummerCon had a reputation of being a rowdy conference. The move to
Washington, D.C. offered an easy venue for members of the East Coast hacker
community; members of L0pht came in from Boston, hackers from Pittsburgh
had a simple commute, and the NYC scene was well represented. The local law
enforcement community was in full force as well, with several raids taking
place during the event.

During that time period, the organizers of SummerCon were losing enthusiasm
for running the event. It is a thankless job, and requires coordinating a
tremendous number of people, places, and event staff, all while keeping law
enforcement officials at bay. During Summercon 97 in Atlanta, a stalwart of
the DC hacking community going by the handle Clovis convinced the current
organizers to transfer the domain name to him so that he could take over
the organizational aspects of the conference. It was a relief to the
current organizers, who were frankly happy to be done with the annual

In 1998, Clovis, leaning heavily on his younger brother for organizational
support, threw SummerCon in Atlanta. For the next three years, SummerCon
would be held in Atlanta, though SummerCon 2000 was notable because the
hotel that was slated to host it conveniently lost contracts for the event
the day before it was to take place, leaving Clovis no rooms for technical
discussions. The nonplussed attendees set up shop in the Omni CNN Center
Hotel bar, where ad hoc presentations took place, much to the consternation
of hotel guest who did not expect to get a dose of information security
discourse over their cocktails. The hotel that originally objected to
hosting a hacker conference, did not mind the steady stream of bar sales
one bit.

Clovis had ambitious plans for SummerCon. For 2001, envisioned a global
conference, which would draw an audience from around the world. He thought
Amsterdam would be a good location, and looked into bulking up the
technical backend of the event. For the first time SummerCon would be shown
live through a RealStream video server to anyone who wanted to watch.

It was daunting. Everything was expensive. Clovis' younger brother had to
figure out a mountain of customs paperwork to ship all the t-shirts and
conference badges overseas. In short, every part of SummerCon 2001 was an
enormous headache, but in the end it was a fantastic event.

About 200 attendees descended on Amsterdam to try an American-style hacker
conference. It was very different than the Chaos Computer Club congresses,
and nothing at all like the Dutch hacking camp HAL. Many attendees didn't
understand why it was held at such an expensive hotel. But the global
breadth of attendees and speakers was impressive, and it was generally
considered to be a successful conference by all who attended or watched
online. The hotel, though pricey, was incredibly easy to work with and
provided a safe, enjoyable environment in a tourist-friendly part of

But Clovis' brother, weary from filling out customs forms, was not so
enamored with the idea of doing SummerCon overseas again, and so SummerCon
2002 took place in Washington, D.C. Unlike the affable and easy-going Dutch
hotel support staff a year prior, the sales director of the Renaissance
Washington D.C. had little patience for the SummerCon organizers. Not
mincing words, she announced to Clovis and his staff, "I know about you
guys. I know about hacker conferences. If anything happens at this hotel,
any kind of funny business, I will throw you all out. We have Presidents of
the United States here. I will throw you out." This was six hours before
the conference was slated to begin. In spite of her concerns, the
conference was successful, the hotel bar did brisk business, and nobody got

SummerCon enjoyed a stand in Pittsburgh for two years where Redpantz became
a member of the planning committee and began to emcee. In these years,
SummerCon began to select venues based on how agreeable the bar staff was,
because, all things being equal, SummerCon is, in the words of the noted
hacker X, "also about drinking a lot of beer." There were several alcohol
related incidents in Pittsburgh. One of the organizers was cited by the
Pittsburgh Police Department for "simulating a sex act," an incident that
he has never lived down. It was in this time period that members of the FBI
Cyber Division began to actually offer presentations at SummerCon. If you
can't beat 'em, join 'em. 

Austin was the site of SummerCon 2005. Internal political squabbling
amongst the organizers and the lack of a clear promotional plan for
SummerCon meant that attendance was very low-perhaps even lower than the
first SummerCon. It was a boozy event and had plenty of quality technical
discussions, but only a few people showed up, including some very nice
individuals from San Antonio. Luckily, the hotel was also backed with
bikers from the annual Republic of Texas motorcycle rally, and everyone was
down to party.

Nevertheless, the organizers knew it was time to press the reset button,
and a select group was invited to SummerCon 2006 to address the ongoing
viability of the event. The organizational core agreed that the next three
years should be in Atlanta, with every effort take to rebuild the
reputation of SummerCon. That effort to rejuvenate the reputation as the
hacker conference with the highest level of technical expertise, coupled
with the heaviest intake of alcohol per attendee was well received by the
organizational core and future attendees. It was an old formula, and a
return to our roots: offer great presentations to get the conversation
going, and keep everyone as drunk as possible. 

SummerCons in Atlanta were predictably rowdy; in 2007 Billy Hoffman did his
best to finish his presentation, and slurred the words, "If I'm not making
any sense ya'll just throw a shoe at me or something." Immediately, an
attendee threw a shoe that barely missed the staggering speaker, making a
loud WHUMP as it struck the projection screen. "Well, okay then..." Billy
replied, as he continued his lecture. The SummerCon organizational staff
believes that this exchange was the framework for an event that transpired
in Iraq in 2008, when an angry man threw his shoes at a surprised President
George W. Bush. 

When SummerCon moved to New York City in 2010, it had a reputation as a
technical smorgasbord and a relentless booze-fest, which, honestly, is a
perfect combination. There are very few things you can do to improve on
that formula, but the SummerCon organizers found a way, by inviting a
burlesque troupe to participate in event planning and hosting an after

Being located in New York City made the event to heavy-hitters in the
security industry, and the technical aspects of the conference expanded in
line with the party dynamic. In 2011, the organizers accepted some
sponsorship money, which permitted them to invest more heavily in the
presentation side of the event, flying in speakers from far-flung and
exotic places like California and Michigan. It also meant that the after
party was more outrageous, and was featured as an "Event of the Week" in
the local events newsletter "Time Out New York."

There are few things as dependable in the hacking world as SummerCon.
Though it has evolved from a small, invite-only gathering to a large,
structured conference, it has never lost sight of the importance of its
mission: bringing together the brightest minds in information security for
the best party of the year. Raise your glass, and toast another 25 years of

[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2021, Phrack Magazine.