Rogue reporters kicked out of conference for network snooping

When hacks hack


Black Hat Three rogue journalists were ejected from the Black Hat security conference after being accused of connecting monitoring tools to the press room computer network and sniffing reporters' passwords.

The reporters worked for French-based Global Security Magazine, a Black Hat media sponsor. According to screenshots posted here, the men intercepted passwords of journalists working for CNET News and eWeek, although CNET News says here that the username and password displayed were inaccurate. It's unknown how many other journalists the interlopers snooped.

The wireless networks at Black Hat, and Defcon, its sister conference which starts Friday, are widely considered hostile. It's expected that attendees will come armed with brand new exploits and test them on fellow participants. The networks used in press rooms are another matter altogether. They are ethernet based, and up to now have been presumed off limits to pranksters.

The presumption of privacy could prove to be key in determining whether the three men violated federal wiretap statutes, said Kurt Opsahl, an attorney for the Electronic Frontier Foundation.

"As a general rule, capturing the content or communications without consent of any of the parties is illegal."

According to reporters who witnessed the event, the three journalists spent much of the day huddling over their equipment, and later took their pilfered data to people manning the so-called Wall of Sheep, an outfit that scans the conference Wi-Fi network for people who send passwords and other sensitive data in the clear. They then slightly redact the information and display it on a projector, in an attempt to shame attendees who are caught, so to speak, with their pants down. The Wall of Sheep personnel rebuffed the offer in this case.

The men were identified as Mauro Israel, Dominique Jouniot and Marc Brami. Black Hat officials speculated they may have carried out their attack by setting up a DHCP server. Having been kicked out of the conference, they weren't immediately available for comment. CNET News, which asked them why they carried out the stunt, said they wanted to educate the public about the ease of sniffing people even on networks that are wired.

The event is another reminder that privacy, even on wired networks, only goes so far. Fortunately for us, all our traffic was sent through an encrypted tunnel courtesy of OpenVPN, a free and extremely powerful open source package. It may have taken three days to configure it, but the additional layer of security was well worth it. ®

Broader topics


Other stories you might like

  • Symantec: More malware operators moving in to exploit Follina
    Meanwhile Microsoft still hasn't patched the fatal flaw

    While enterprises are still waiting for Microsoft to issue a fix for the critical "Follina" vulnerability in Windows, yet more malware operators are moving in to exploit it.

    Microsoft late last month acknowledged the remote code execution (RCE) vulnerability – tracked as CVE-2022-30190 – but has yet to deliver a patch for it. The company has outlined workarounds that can be used until a fix becomes available.

    In the meantime, reports of active exploits of the flaw continue to surface. Analysts with Proofpoint's Threat Insight team earlier this month tweeted about a phishing campaign, possibly aligned with a nation-state targeting US and European Union agencies, which uses Follina. The Proofpoint researchers said the malicious spam messages were sent to fewer than 10 Proofpoint product users.

    Continue reading
  • Now Windows Follina zero-day exploited to infect PCs with Qbot
    Data-stealing malware also paired with Black Basta ransomware gang

    Miscreants are reportedly exploiting the recently disclosed critical Windows Follina zero-day flaw to infect PCs with Qbot, thus aggressively expanding their reach.

    The bot's operators are also working with the Black Basta gang to spread ransomware in yet another partnership in the underground world of cyber-crime, it is claimed.

    This combination of Follina exploitation and its use to extort organizations makes the malware an even larger threat for enterprises. Qbot started off as a software nasty that raided people's online bank accounts, and evolved to snoop on user keystrokes and steal sensitive information from machines. It can also deliver other malware payloads, such as backdoors and ransomware, onto infected Windows systems, and forms a remote-controllable botnet.

    Continue reading
  • International operation takes down Russian RSOCKS botnet
    $200 a day buys you 90,000 victims

    A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe.

    The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney’s Office in the Southern District of California.

    It seems that RSOCKS initially targeted a variety of Internet of Things (IoT) devices, such as industrial control systems, routers, audio/video streaming devices and various internet connected appliances, before expanding into other endpoints such as Android devices and computer systems.

    Continue reading
  • If you're using older, vulnerable Cisco small biz routers, throw them out
    Severe security flaw won't be fixed – as patches released this week for other bugs

    If you thought you were over the hump with Patch Tuesday then perhaps think again: Cisco has just released fixes for a bunch of flaws, two of which are not great.

    First on the priority list should be a critical vulnerability in its enterprise security appliances, and the second concerns another critical bug in some of its outdated small business routers that it's not going to fix. In other words, junk your kit or somehow mitigate the risk.

    Both of these received a CVSS score of 9.8 out of 10 in severity. The IT giant urged customers to patch affected security appliances ASAP if possible, and upgrade to newer hardware if you're still using an end-of-life, buggy router. We note that miscreants aren't actively exploiting either of these vulnerabilities — yet.

    Continue reading

Biting the hand that feeds IT © 1998–2022