Feeds

Rogue reporters kicked out of conference for network snooping

When hacks hack

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Black Hat Three rogue journalists were ejected from the Black Hat security conference after being accused of connecting monitoring tools to the press room computer network and sniffing reporters' passwords.

The reporters worked for French-based Global Security Magazine, a Black Hat media sponsor. According to screenshots posted here, the men intercepted passwords of journalists working for CNET News and eWeek, although CNET News says here that the username and password displayed were inaccurate. It's unknown how many other journalists the interlopers snooped.

The wireless networks at Black Hat, and Defcon, its sister conference which starts Friday, are widely considered hostile. It's expected that attendees will come armed with brand new exploits and test them on fellow participants. The networks used in press rooms are another matter altogether. They are ethernet based, and up to now have been presumed off limits to pranksters.

The presumption of privacy could prove to be key in determining whether the three men violated federal wiretap statutes, said Kurt Opsahl, an attorney for the Electronic Frontier Foundation.

"As a general rule, capturing the content or communications without consent of any of the parties is illegal."

According to reporters who witnessed the event, the three journalists spent much of the day huddling over their equipment, and later took their pilfered data to people manning the so-called Wall of Sheep, an outfit that scans the conference Wi-Fi network for people who send passwords and other sensitive data in the clear. They then slightly redact the information and display it on a projector, in an attempt to shame attendees who are caught, so to speak, with their pants down. The Wall of Sheep personnel rebuffed the offer in this case.

The men were identified as Mauro Israel, Dominique Jouniot and Marc Brami. Black Hat officials speculated they may have carried out their attack by setting up a DHCP server. Having been kicked out of the conference, they weren't immediately available for comment. CNET News, which asked them why they carried out the stunt, said they wanted to educate the public about the ease of sniffing people even on networks that are wired.

The event is another reminder that privacy, even on wired networks, only goes so far. Fortunately for us, all our traffic was sent through an encrypted tunnel courtesy of OpenVPN, a free and extremely powerful open source package. It may have taken three days to configure it, but the additional layer of security was well worth it. ®

Secure remote control for conventional and virtual desktops

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.