• PC World
• »Security

He couldn't be more than 12 years old--a "tween," in the parlance of the Britney Spears generation. But that doesn't stop him from possessing the swagger of a pop star as he takes a swig of Jolt Cola, stubs out a cigarette, and squints at the screen that has held his attention for the past 6 hours.

With the sides of his scalp shaved bare, he resembles a Mad Max ruffian perched amidst yards of cable and tables piled high with jury-rigged circuit boards, souped-up laptops, and phone-surveillance equipment. He's one of hundreds of hackers who have turned the Alexis Park Resort in Las Vegas into a makeshift commando station for the annual hackers convention, Def Con (from the military's term for its levels of alertness).

Throughout the weekend, tag teams of hackers will work furiously to "get root on" (gain control of) a server the conference organizers have set up, while fending off opponents trying to oust them. It's an age-old game of capture the flag, played out on a digital field.

But it isn't all games for this underage cybersoldier. Because hacking has become nothing in recent years if not a good career move. Yesterday's hackers are today's security gurus, with more corporations counting on them for protection.

Once considered the domain of geeks and freaks, hacking now claims members ranging from the body-piercing-and-gothic crowd to the Bermuda-shorts-and-loafers contingent. The latter are hackers and ex-hackers who now work as systems administrators and consultants.

One reason there are so many types of hackers these days is that hacking--at least as manifested in its simpler forms such as Web page defacement and denial-of-service attacks (which overwhelm a site with data to prevent users from accessing it)--has never been easier.

Tools of the Trade

The Internet is filled with Web sites that offer tips and tools for the neophyte hacker. Kids, criminals, and terrorists are some of the people who avail themselves of this information--so more and more intruders are knocking at port doors.

"The barrier to entering the hacker world has become very low," says 30-year-old Jeff Moss, a former hacker and security consultant who founded Def Con. "If you have a political motivation against wheat farmers and you want to deface [their] Web page, you could just go online and learn how to [do it]."

Despite tighter Web security and stricter penalties for breaking into systems, hacking attacks have more than tripled in the past two years. The government's Computer Emergency Response Team reported about 5000 cases of corporate hacking in the United States in 1999 and more than 17,000 cases in 2000.

And those are just recorded cases; to avoid negative publicity, most companies don't report attacks. The statistics cover network break-ins (which can give a hacker access to data files), Web site vandalism, denial-of-service attacks, and data theft. The FBI estimates that businesses worldwide lost $1.5 trillion last year due to security breaches perpetrated from within and without.

The risks are personal and professional: Hackers can steal passwords and bank account numbers from your home PC or grab trade secrets from your company network. Last October, criminal hackers broke into Microsoft's corporate network and accessed source code for its software.

Hacking also poses risks for national security--sophisticated terrorists or hostile governments could conceivably crash satellite systems, wage economic warfare by interfering with financial transfers, or even disrupt air traffic control.