Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reporters At Black Hat Get Bounced For Hacking

Posted by Soulskill on from the no-brownie-points-for-you dept.

rickb928 and several others have written to inform us that three reporters for the French publication "Global Security Magazine" were booted out of the Black Hat convention for uncovering the login information of other reporters. Quoting the AP: "The separate, wired Internet connections set up for reporters are supposed to be off-limits to hacking and the Wall of Sheep. Even so reporters who didn't take the extra step and log onto the Internet through an additional secure connection like a virtual private network, risked having their data exposed to colleagues sitting just feet away. It didn't appear to be a complicated hack. The network was working properly, but it wasn't set up to shield each journalist's computer from one another."

15 of 128 comments (clear)

  1. Did they forget there role? by pauljuno · · Score: 4, Funny

    Did these journalist not understand what their role was at this event? The Wi-Fi connections were free targets and that was understood. The hard-wired connections were off limits to all involved and only for the press, as I understand it. What were they thinking?

    1. Re:Did they forget there role? by SanityInAnarchy · · Score: 4, Insightful

      You'd think the organizers of the Black Hat convention could properly secure a wired network.

      Which they did. They just didn't secure it from the other journalists.

      Consider that it is actually impossible to do so, and allow journalists to bring their own laptops. The best you can do is secure a network, not secure the computers on the network, without insisting on admining each such computer -- think Mordac-style.

      I'd lay the blame with the Black Hat organizers.

      For kicking them? Maybe.

      But for allowing it to happen? Not so much.

      --
      Don't thank God, thank a doctor!
    2. Re:Did they forget there role? by SanityInAnarchy · · Score: 4, Insightful

      Each group of journalists could have had their own separate connection to a properly configured router

      Implying they could attack each other, still.

      Another thing - there's any number of industry-standard authentication & encryption systems out there. IPSEC, 802.1X, Radius, etc.

      And if someone didn't even bother to use SSL, what makes you think they'll set all these up on their own computer?

      The organizers were just lazy...

      For what? Not mandating every journalist use a known-good computer? For not blocking port 80 in favor of 443? For allowing these people on the Internet at all?

      Tell me -- given that it's impossible to idiot-proof a single computer, how are you proposing that they idiot-proof an entire network of humans -- humans who can and will make mistakes?

      --
      Don't thank God, thank a doctor!
  2. I guess by Korbeau · · Score: 5, Interesting

    nobody plays Uplink enough these days.

  3. Re:Switches are not expensive by foom · · Score: 4, Informative

    Are they using a hub for wired connections at a security conference? Seems like the most plausible explanation for a simple "hack" like this with the network "working correctly"...

    It's a common misconception that switches prevent snooping. Switches are *not* security devices, they are an performance optimization. As such, they mostly "fail open".

    If you flood the switch with many different MAC addresses, such that its internal ethernet routing table fills up, it will usually simply direct *all* traffic to your port, rather than potentially incorrectly dropping some traffic you should have received.

    And then you can snoop to your heart's content, with nobody else the wiser.

  4. Re:Many low cost switches... by LostCluster · · Score: 4, Interesting

    We're all taught in network design class that a switch unlike a hub doesn't send traffic that's not yours to you, then learn in security class that it's easy to turn a switch into a hub.

  5. Two people... by Eggplant62 · · Score: 4, Interesting

    ... are seated in a noisy restaurant, yelling back and forth to each other from one side of the table to the other. I'm sitting 3 tables away and can hear them.

    Am I hacking??

    1. Re:Two people... by Ortega-Starfire · · Score: 5, Funny

      Yes.

      Die, Hacker!

      --
      ---- Liquid was a patriot ----
  6. Re:Not Surprised by Lehk228 · · Score: 5, Funny

    well technically he was bounced for GETTING CAUGHT hacking. there is a difference.

    --
    Snowden and Manning are heroes.
  7. Re:Many low cost switches... by CrazedWalrus · · Score: 4, Interesting

    I don't understand this very well, so someone who does please chime in.

    Switches use your ethernet card's MAC address (not IP) to know how to route ethernet frames on across the switch. It knows that MAC AB:CD:EF:etc is on port 1, and 12:34:56:etc is on port 2. Because you can daisy chain switches, it actually has to remember a many MACs to 1 port sort of mapping.

    Switches can only remember a finite number of MAC addresses, so if you overflow the memory of the switch with bogus MAC addresses, it fails over to hub mode and just broadcasts all the packets to all the ports. It's not pretty, and would cause the network to get slower, but at least it would continue to work.

    As I can't see hubs being used at a Black Hat conference, I'd guess this is the sort of thing the reporters did. I'm sure there's a name for it... probably "ARP Cache Smashing" or something, but I don't know it.

    Anyway, if someone can give a better explanation, I'd be grateful.

  8. Re:Not Surprised by fmwap · · Score: 4, Informative

    and even one more difference, from TFA:
    Organizers said the trio was caught when they took their purloined password prizes to Wall of Sheep workers and asked them to post the information. The workers refused.

    So...they turned themselves in.

  9. Re:Many low cost switches... by el+americano · · Score: 5, Funny

    If only their were experts who knew the specification of network switches and how not to expose users to casual snooping, then we could set up a conference where such people get together to share their knowledge of these type of vulnerabilities.

    --
    Those are my principles. If you don't like them I have others. -Groucho Marx
  10. Re:Many low cost switches... by LostCluster · · Score: 4, Informative

    "ARP poisioning" is what it's called, and your explaination sums it up pretty well. If the other side of a port is claiming to have enough MAC addresses reachable by it the cache will fill and the switch will start over with a blank cache which renders it into a hub until it learns what's really where, then gets poisioned again, rinse, wash, repeat.

    Dumb switches will fall for this trick and have no way for anybody to notice, smarter switches will log this and let the admin know there's more than one MAC address being reported on a port... you just trace to who's on the other end of the report and you've busted them.

  11. To prove a point by SpaceLifeForm · · Score: 4, Insightful

    That the wired lan was not secure.

    The reporters that allowed their login/passwords
    to be sniffed should be the ones exposed on the Wall of Sheep.

    Talk about being led into a false sense of security.

    They *knew* the Wireless was not secure.

    But to *ASSUME* the wired LAN was to be trusted
    clearly shows their ignorance of security.

    The reporter that exposed the problem should not
    be booted from future conferences, he should be
    welcomed back!

    --
    You are being MICROattacked, from various angles, in a SOFT manner.
  12. Re:Not Surprised by Adriax · · Score: 4, Funny

    The offending journalist was caught when, after stealing the passwords, he stood up and shouted "Yes, I am invincible!" with a bad russian accent.

    --
    I don't suffer from insanity, I enjoy every minute of it!