I have just found a new best friend and his name is Pyr0. I didn't choose him because he is entertaining or fun to be with - although he is both. Nope, it's just that, more than anything, you wouldn't want Pyr0 to be your enemy.

Got anthrax in your laboratory? Pyr0 could steal it. Millions of dollars in a virtual bank account? He could spirit it away. A Lotus Esprit guarded by invisible motion sensors? It's gone in less than 60 seconds. Pyr0 is a hacker. In fact, he is just about the scariest hacker you could possibly imagine, a man who can get into any computer, past any security system and through any door just for fun.

With his sidekicks Ryan Jones, 33, and Chris Nickerson, 29, from Denver, Colorado, Pyr0 - a.k.a 30-year-old Luke McOmie - has breached security at banks, biolabs, hospitals, financial trading houses, law firms and multimillion dollar companies from Beverly Hills to New York. If you are a mover and shaker in the world of security, these guys are your worst nightmare - or, perhaps, the answer to your prayers.

Because, while he once flirted with the seamier side of the hacker world, Pyr0 is now one of the good guys, a man paid tens of thousands of dollars a week to put his knowledge of the dark arts to use in capers that wouldn't look out of place in a Mission Impossible movie.

I find him in Las Vegas, milling around Defcon, the annual gathering of hackers from all over the world. This is where you come if you're an aspiring script kiddie wanting to hone your hacking skills; or a security consultant eager to warn of a new threat; a Black Hat hacker looking for a fresh criminal enterprise; or an undercover spook seeking out solutions to The Next Big Thing, the smart threat that could take down a country's infrastructure.

This year, its 16th, Defcon is held at the Riviera Hotel and Casino on Las Vegas Boulevard, a fitting venue you might say, given that it was one of the settings for the original Ocean's Eleven movie. Some 8,000 individuals, mostly white males dressed in combat pants and black T-shirts, are here to hack and play. At a gathering like this, there is a whiff of anarchy in the air. These guys might look geeky but they're smart, and they know it. There are pony-tailed consultants made rich on the ignorance and paranoia of the rest of us. There are wan kids with “I live in my parents' basement” stickers on their Apple Macs or “Carpe Noctem” emblazoned on their T-shirts. There are talks and workshops where the jargon could turn a hyperactive child into a narcoleptic (Time-Based Blind SQL Injections Using Heavy Queries: A Practical Approach to MS SQL Server, MS Access, Oracle, MySQL Databases and Marathon Tool, anyone?). There are fat boys who really should get out more and sexy girls in PVC and stockings. There are parties with naked table dancers and competitions where hackers hack hackers or try to spot undercover FBI agents.

It all sounds like fun, and it is. But underlying all this chaos is something serious, something that goes to the heart of all our lives, to commerce, industry and travel, to communications, health and entertainment: The survival and viability of the world wide web. Because unbeknown to most of us, there is a constant battle between the forces of good and evil over how the internet and its attendant technology should be used or abused. This annual gathering is one of the reasons why, so far, the forces of good are on top.

So, what exactly are hackers, what motivates them and what is it exactly that they do? The word hacker means different things to different people. It has fallen into common parlance to mean someone who breaks into other people's private computer networks or websites, usually to cause unwanted mischief or to steal money. In fact, a hacker can be much more than that.

We will talk about Pyr0 and the dark side a little later. First, however, I meet Jon Callas, one of the world's foremost cryptographers, a man whose sole aim is to make the internet safer for us all to use. He has been working with computers since the 1970s and he has watched as the meaning of hacking has changed.

“Back then, before the internet, it meant to manipulate something to do something it wasn't intended for,” he says. Now the chief technology officer for the PGP Corporation, a major computer security software firm, Callas still has the pony-tailed shambolic look that only a man at the top of his game can carry off in the boardroom. “You would find solutions to problems with things you had available - we used to say we made furniture with an axe. And when you'd finished, you called the end product ‘a good hack'.

“It was different back then. You would contact people like IBM and ask if you could use their computing power or phone lines linking other computers after office hours. The community was so small that no one abused it. It was self-policing and it worked. It was a privilege.”

Hark back 25 years to the movie War Games, in which a computer geek gets inside a US Department of Defense missile control centre, sparking the threat of global thermonuclear war, and that spawned what we imagine a hacker to be. The internet made it real and the proliferation of home computers made it potentially dangerous.

Mostly for fun, curious youngsters would try to crack passwords into self-contained systems and have a look around. But that was before the internet spelled commerce; and that, of course, equalled credit-card payments, money and fraud.

With the advent of the profit motive came new definitions of the word. There are now White Hat, Black Hat and Grey Hat hackers. The Whites do legal stuff for good reasons, the Blacks do it for criminal financial gain, and the Greys sometimes do bad things with good motives.

In between the games, partying and gambling, I try to persuade Black Hats to show me some cool stuff, but there are problems. The usual response is: “Are you wearing a wire?” but the difficulty is more fundamental than that. If they do something they shouldn't (which they do all the time), they are committing a federal offence, and if they show me, I am committing an offence if I don't immediately call the cops.

So I meet Loki, a systems administrator with a big corporation in Minnesota, in a darkened room in Circus Circus Hotel, over the road from Defcon, just to see exactly what a hack is. Because of the legal constraints, what he does is small beer, but as a demonstration of just what it is that these guys do, it works for me. He's going to take us into a university - outside the US - to show how we could change someone's grades, find out about students and, although we don't go this far, take a look at people's credit-card details.

Hackers look for vulnerabilities in programming and when they find them, they write instructions into that programme, making it possible for them to execute commands. This is called an exploit.

Previous successful exploits are sometimes posted on archive websites such as milw0rm.com so that they can be used again and again on vulnerable websites. It's a bit like buying an off-the-peg suit.

In our case, 37-year-old Loki, who is married and has a ten-year-old son, finds out from Google that the university, let's call it the Foxtrot Academy, invites students to post photographs on one of its servers using a photo-sharing programme called Coppermine. Some time ago, someone found a fault in Coppermine and wrote an exploit, which he put on milw0rm for everybody else to use.

Loki gets a copy of the exploit, sends it through to the Foxtrot Academy website and, bingo, he is inside as if he were an administrator with limited access. He then adapts another off-the-peg exploit to bypass the need for passwords and, suddenly, we are looking at files entitled Finance, Housing, Market and so on. We don't open any of them, but it's a fair bet that Market contains details of sales of university sweatshirts and paraphernalia, possibly with customer and credit card details. Accomplished hackers write their own exploits. Individuals who simply use off-the-peg exploits, without ever adapting them or writing their own, are called script kiddies.

As more and more companies, individuals and institutions do business over the internet and make increasing use of wireless networks to carry out functions remotely, their vulnerabilities increase. One way to find out just how vulnerable they are is to hire people such as Pyr0.

He tells me about one of his cases involving Symbolic Motors in La Jolla, California. Symbolic, which supplies Ferraris, Lotuses, Aston Martins and Bentleys to the stars, is arguably the most lucrative dealership in the States. It wanted to find out just how good its multi-million dollar security system was, so Pyr0 and his friends Ryan Jones and Chris Nickerson, who call themselves ethical hackers, went to work.

“First we did a bit of dumpster-diving, looking in their trash, to find out who their computer company was,” says the spiky-haired Pyr0. “Then I paid a visit, posing as one of their technicians and got access to the company's servers. I secretly installed a wireless network behind a desk while I was there, which allowed Ryan, who was in a car outside, to begin hacking into their computer system remotely.” While Jones was downloading Symbolic's files - details of sales, prices, film-star customers and so on - Pyr0 was wandering around the building taking pictures. There was no alarm security above the ground-floor showroom and the roof skylights were not alarmed. In the showroom, he worked out the blind spots in an array of motion sensors.

Meanwhile, Nickerson, dressed to kill and posing as a potential customer, was taking pictures with a camera disguised as a Zippo lighter. He stuck a tiny wireless camera on to the back of a Bentley advertising display aimed at the keypad that switched the alarm system on and off. Outside in the car, Jones zoomed in on his computer and captured the code when a member of staff punched it in.

That night, they broke in through the unalarmed skylights, exploited the motion sensors' blind spots, crawled to the alarm keypad and switched off the system. They opened the showroom doors, drove out a Lotus and returned it, parking it the wrong way round.

“The owner was pissed off when he came in the next morning, but then he realised that he ought to take better advice over his security,” says Pyr0. “When I was a kid, I used to do some dark stuff - mostly trying to get free phone or internet time, and I was charged over it twice, although I have no record. The thing is today a Black Hat hacker could do so much damage to a company or to an individual if they didn't have their computer security up to date. There is so much money to be made out there these days. For me, I think growing up and having two sons changed me and made me more responsible. I still get to face tough hacking challenges, but now I do it for good reasons.” The White Hat star of this year's show is Dan Kaminsky, the 29-year-old director of penetration testing at IOActive, a Seattle-based security consultancy.

Several months ago, Kaminsky realised that the system that turns website names that humans read into numbers that computers read (the Domain Name System) was flawed across the entire internet and had been for years. It meant that you might type in your bank's website address but be redirected by crooks to a spoof site on which you would innocently type in all your secret details. And almost every site on the internet was vulnerable.

Some hackers I speak to estimate that Kaminsky could have sold his discovery to organised criminals for as much as $10m. Instead, he secretly called together all the major internet players and kept his discovery quiet until a remedial “patch”, a temporary programming solution, could be found and distributed. Some say he saved the internet as we know it.

Several hackers have rented the house that was once used by the Rat Pack when they stayed in Vegas, and I meet Kaminsky there. According to public records, the house was once owned by Frank Sinatra.Inevitably, the latest occupants are called the Hack Pack.

“At first, no one believed me,” says Kaminsky. “Then they just said it was a bug, then they began to realise just how potentially damaging this could all be. After that, it was amazing to see how everyone worked together to find a temporary solution to the problem. It isn't completely fixed yet, but it will be. And a year or so down the line, the internet will be more secure than it has ever been. I feel very proud to have played a part in that.”

So, what are we to think of the Defcon hackers? According to the US Department of Defense (DoD), they were once a hindrance, but now, collectively, they're viewed as a huge, unpaid resource. As a measure of just how seriously they are taken, the DoD is joined this year by officials from the Department of Homeland Security, the National Security Agency, Air Force Cyber Command, the Federal Bureau of Investigation, the Naval Criminal Investigative Service, the Internal Revenue Service and the Air Force Office of Special Investigations. Each has at least one officer on the floor wearing a badge, but they all have undercover agents here, too.

Jim Christy, director of future exploration at the DoD Cyber Crime Center, says: “When Defcon started, we used to see it as a nuisance. Sixteen years on, our view has changed. Once a year all the knowledge out there is pooled and it allows us to see where the next threats are coming from. These guys have become our eyes and ears.”

Hackers are rightly sometimes vilified. The basement bunnies and script kiddies give the pastime a bad name, while organised criminals lure the Black Hats with the promise of easy money.

But when, by contrast, you hear how great the good guys are, you realise that hackers reflect nothing more than society at large. Some of them are good, some of them are bad and, on the whole, I take my (white) hat off to them.

Explore Tech & Web

• Personal Tech

• The Web

• Gadgets & Gaming