Feeds

Rogue reporters kicked out of conference for network snooping

When hacks hack

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Black Hat Three rogue journalists were ejected from the Black Hat security conference after being accused of connecting monitoring tools to the press room computer network and sniffing reporters' passwords.

The reporters worked for French-based Global Security Magazine, a Black Hat media sponsor. According to screenshots posted here, the men intercepted passwords of journalists working for CNET News and eWeek, although CNET News says here that the username and password displayed were inaccurate. It's unknown how many other journalists the interlopers snooped.

The wireless networks at Black Hat, and Defcon, its sister conference which starts Friday, are widely considered hostile. It's expected that attendees will come armed with brand new exploits and test them on fellow participants. The networks used in press rooms are another matter altogether. They are ethernet based, and up to now have been presumed off limits to pranksters.

The presumption of privacy could prove to be key in determining whether the three men violated federal wiretap statutes, said Kurt Opsahl, an attorney for the Electronic Frontier Foundation.

"As a general rule, capturing the content or communications without consent of any of the parties is illegal."

According to reporters who witnessed the event, the three journalists spent much of the day huddling over their equipment, and later took their pilfered data to people manning the so-called Wall of Sheep, an outfit that scans the conference Wi-Fi network for people who send passwords and other sensitive data in the clear. They then slightly redact the information and display it on a projector, in an attempt to shame attendees who are caught, so to speak, with their pants down. The Wall of Sheep personnel rebuffed the offer in this case.

The men were identified as Mauro Israel, Dominique Jouniot and Marc Brami. Black Hat officials speculated they may have carried out their attack by setting up a DHCP server. Having been kicked out of the conference, they weren't immediately available for comment. CNET News, which asked them why they carried out the stunt, said they wanted to educate the public about the ease of sniffing people even on networks that are wired.

The event is another reminder that privacy, even on wired networks, only goes so far. Fortunately for us, all our traffic was sent through an encrypted tunnel courtesy of OpenVPN, a free and extremely powerful open source package. It may have taken three days to configure it, but the additional layer of security was well worth it. ®

Designing a Defense for Mobile Applications

More from The Register

next story
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.