Feeds

Rogue reporters kicked out of conference for network snooping

When hacks hack

  • alert
  • submit to reddit

Protecting against web application threats using SSL

Black Hat Three rogue journalists were ejected from the Black Hat security conference after being accused of connecting monitoring tools to the press room computer network and sniffing reporters' passwords.

The reporters worked for French-based Global Security Magazine, a Black Hat media sponsor. According to screenshots posted here, the men intercepted passwords of journalists working for CNET News and eWeek, although CNET News says here that the username and password displayed were inaccurate. It's unknown how many other journalists the interlopers snooped.

The wireless networks at Black Hat, and Defcon, its sister conference which starts Friday, are widely considered hostile. It's expected that attendees will come armed with brand new exploits and test them on fellow participants. The networks used in press rooms are another matter altogether. They are ethernet based, and up to now have been presumed off limits to pranksters.

The presumption of privacy could prove to be key in determining whether the three men violated federal wiretap statutes, said Kurt Opsahl, an attorney for the Electronic Frontier Foundation.

"As a general rule, capturing the content or communications without consent of any of the parties is illegal."

According to reporters who witnessed the event, the three journalists spent much of the day huddling over their equipment, and later took their pilfered data to people manning the so-called Wall of Sheep, an outfit that scans the conference Wi-Fi network for people who send passwords and other sensitive data in the clear. They then slightly redact the information and display it on a projector, in an attempt to shame attendees who are caught, so to speak, with their pants down. The Wall of Sheep personnel rebuffed the offer in this case.

The men were identified as Mauro Israel, Dominique Jouniot and Marc Brami. Black Hat officials speculated they may have carried out their attack by setting up a DHCP server. Having been kicked out of the conference, they weren't immediately available for comment. CNET News, which asked them why they carried out the stunt, said they wanted to educate the public about the ease of sniffing people even on networks that are wired.

The event is another reminder that privacy, even on wired networks, only goes so far. Fortunately for us, all our traffic was sent through an encrypted tunnel courtesy of OpenVPN, a free and extremely powerful open source package. It may have taken three days to configure it, but the additional layer of security was well worth it. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.