LAS VEGAS - Capture the flag might be only a game, but it was serious business at DefCon, the world's largest annual computer hacker convention. For 36 straight hours, eight teams of experienced hackers and serious security professionals played predator and prey as they tried to hack into competitors' networks while defending their own.

From my front-row seat as a member of the winning team, Sk3wl of R00t (hacker slang for "School of Root," where "root" refers to gaining administrator access to a system), I got a bird's-eye view of how new - and not so new - attacks could be launched and thwarted.

Each qualified team playing the game - organized by a Seattle security community group called the Ghetto Hackers  - controlled a pair of Windows machines running a variety of network and Web-based services that were connected to each other and a central scoring mechanism called the Scorebot via a Gigabit Ethernet network. Rest assured, this hacker network was not connected to the Internet.

As soon as the doors to the secluded hacker playground disguised as a hotel ballroom were opened at 10 a.m. July 30, the air was tense in this crowded room. The game scenario and the legitimately purchased Windows images were presented to participants two hours before the official noon start time. How would you like to have to lock down two Windows boxes in just two hours as you started to recognize that there were world-class exploit developers in the room - and on your network?

A team scored by attacking rivals' servers and stealing flags (data strings stored within the servers). The successful hacker then presented the stolen flags to the scoring system for credit. The overall score was a combination of credit for attacking other teams' servers and successfully defending your own services. Penalties were issued for excessive consumption of bandwidth, so simple port scans and brute force attacks were not used, and denial-of-service attacks were forbidden.

In the middle of the room sat the Ghetto Hackers' gear, necessary for keeping the game within bounds and blasting loud techno music for the entire 36-hour ride. We'd trained for the competition in small conference rooms with similar tunes blaring as white noise to desensitize. But by the time it was 2 a.m., and you were staring at a network trace flying by on a screen, you noticed that your heartbeat and your breathing synchronized with the music and the packet traffic. At that point, it was time to take a walk.

At the beginning everyone was organized with their supplies. Our cooler was stocked with ice and Coke. As time dragged on, people started bringing in food and drinks. At first we were organized and sent out someone for bread and cold cuts. But by the middle of Day Two we gave up and started ordering pizza. We stuck with soda for the most part, but as the contest wore on, a beer or two appeared. As we scanned the room (discreetly, of course) we saw the other teams behaving the same way if not more so. One team had a steadily draining bottle of Southern Comfort on top of its server.

The Ghetto Hackers' full-length equipment rack was ornamented by a large, red, wooden arch in the style of a Japanese archway complete with Asian script. Our Japanese language expert slunk over for a closer look and determined the writing on the wall to be complete gibberish, with no hidden message to help us crack the code.

Each team carefully arranged its equipment - everything from laptop Macs to Cisco switches, some piled 3 feet high on the allotted two tables - around the periphery of the room. Teams were supposed to have a maximum of 15 members, but no one stuck to that upper limit as the flow in and out of the room easily boosted each roster to more than 20 people.

The ground rules I agreed to dictate that I not divulge individuals' identities. But in general terms I can say the teams included at least two CTOs; security professionals from Ernst & Young, AOL and the University of California at Santa Barbara; and well-known and unknown hackers. Additionally, at least four teams had members hailing from the U.S. Department of Defense.

Click to see:

We mostly kept to ourselves and minimized visible screen space to avoid becoming vulnerable to "shoulder surfing" or other forms of spying.

You also had to do some reconnaissance to sniff out any secret deals being cut to share or trade information among teams. Think "Survivor," when it was good.