Part 1 of 4

21 August 2001

By Kurt Foss, Planet PDF Editor

You've seen the name, read the headlines and heard the protestors.

Now fetch the remote -- Dmitry Sklyarov could be coming to a VCR near you.

Videotapes (and other media types) of the various recent DEF CON Nine speaker presentations -- including what at the time seemed destined to be one of the least-viewed sessions -- are now available for purchase from The Sound of Knowledge.

The last time slot on the hard-partying event's final day, July 15, featured three topical sessions of varying degrees of interest to those still present -- and still standing -- at the annual 'HackerFest.'

Wedged between the more popular "NTFS Alternate Data Streams" and "The Impact of P2P on Security in the Enterprise" sessions was, as things turned out, the real sleeper of the conference.

As the videotape appears to confirm, the "eBooks Security: Theory and Practice" session drew a small crowd relative to the record 5,000-plus DEF CON Nine attendees -- which was even smaller by the time Dmitry Sklyarov, a young software programmer for Moscow-based ElcomSoft Ltd., finished his nearly hour-long presentation.

Editor's Note: Many who've followed this situation as it's developed over the past weeks have wondered if there might have been something said or shown during Dmitry Sklyarov's presentation that sealed his fate (which at the time of publication was still unknown). The fact is, the warrant for his arrest had already been issued five days before he gave this presentation. Still, we wondered, too, about what exactly had transpired. This commercially available conference videotape provides some insight into what Skylarov said, how he said it (in what context) and, perhaps as importantly at certain points, what he did *not* say (at least while the video camera was rolling).

In addition, "eBooks Security: Theory and Practice" seems destined now to become a bona fide collector's item -- at least in certain circles. With no concern about spoiling the story's plot, Planet PDF offers the following review.

Lights, Camera ... Interruption

The opening scene shows a wide view of the hotel conference room and audience -- a head-count upwards of 20 seems generous, with the possibility of others sitting outside the video camera's view. Here's a good spot to pause the tape momentarily: Recent events can't help but make one wonder who might be in this audience.

Had you been among those attending this DEF CON Nine session live, you might well have earned a free t-shirt in DEF CON's annual "Spot the Fed" contest, where attendees point out suspicious lurkers they believe are government agents. [NOTE: Winners receive a free 'I spotted the Fed!" t-shirt, while the spotted ones get one announcing 'I am the Fed!']

An omen of disruptions yet to come? Before Sklyarov even finished his brief self-introduction, a conference host waving a second microphone abruptly cut him off as he approached Sklyarov and ElcomSoft colleague Andy Malyshev at the speakers' table. The two appeared mildly startled, even as the host made a seemingly odd, not well-understood request:

Host: "I just cant resist ... [hands Dmitry his microphone] ... Will you please say 'Where are the nuclear vessels in Alameda?'" [audience breaks into laughter, while Dmitry looks puzzled and uncertain what to do].

Dmitry: "I don't know."

Host, emphasizing the key word he especially wants to hear the young Russian -- with a passable command of English -- pronounce: "Would you say that please, would you say, 'Where are the nuclear vessels in Alameda?' Would you say right now ..."

Dmitry, seemingly not trying to be funny: "Right now... "

Host: "You say, ... say, 'Where are the nuclear vessels in Alameda?'"

Dmitry, giving in, but still clearly confused: "Where are all the nuclear wessels in Altameden?"

The audience cheers loudly, approving of his perfectly Russian pronunciation. Both Dmitry and Andy share in the laugh, while still appearing a bit unsure what has just transpired.

Host, sensing their confusion, whispers aloud that 'in one of our popular movies, a man with a Russian voice speaks that line: You sound just like him!'

NOTE to non-Trekkies: The actual line [WAV: 286kb], which was actually bungled by the DEF CON host, is from the movie "Star Trek IV: The Voyage Home." The speaker was Pavel Chekov [JPG: 17kb], the Russian-born Ensign of the Starship Enterprise (and in real life, born in Manhattan, NY to Russian parents).

Going Boldly Forward

OK, Let's start again," Sklyarov says in his halting English, proceeding to set a more serious tone for the remainder of the session.

"I'm an employee of ElcomSoft company," he says, "and we are developing security-related software for Windows platform. I'd like to start my speech with several words about the goals of this presentation."

He explains that the "initial information" on eBook security was obtained while conducting research for his dissertation, which was "dedicated to estimating degrees of security for different electronic publishing solutions."

The project included studying a variety of on-the-market solutions that the respective developers claim to be secure. "But they are not," Sklyarov says, signalling his conclusions. "Any publisher puts himself in big danger by being guided only by information obtained from that technology developer."

Faced with findings highly critical of several software companies and their products -- most notably Adobe Systems and its portable document format (PDF)-based eBooks technologies -- Sklyarov says they weighed several ideas of how to release the critical details. They discarded one idea -- creating a limited functionality product that could be used to publicly demonstrate the alleged security flaws they'd discovered -- because they believed it was too easy for a company to ignore the information and continue with business as usual.

Instead, they opted to develop something slightly different -- a limited functionality tool that offered, for a price, the option of full functionality.

"It's the story of Advanced eBook Processor's (AEBPR) creation," Sklyarov said, making the first reference to the controversial software product developed and briefly sold by ElcomSoft. The company issued its first product press release on June 22, and began taking orders for the $100 software product.

CONTINUED in Part 2 of 4