Fake Password Reset E-mail Hits 7,500 Black Hat Registrants

← Back to Stories (view on slashdot.org)

Fake Password Reset E-mail Hits 7,500 Black Hat Registrants

Posted by timothy on Sunday July 22, 2012 @05:48PM from the perfectly-natural-return-to-your-homes dept.

An anonymous reader writes "7,500 Black Hat USA 2012 attendees may have been surprised to get a fake password reset e-mail sent to accounts they used to register for the conference. Black Hat has apologized and explained the lame phishing spam attempt."

36 of 67 comments (clear)

Min score:

Reason:

Sort:

I would be deeply saddened by Anonymous Coward · 2012-07-22 17:50 · Score: 5, Funny

...if any of them fell for it.
1. Re:I would be deeply saddened by Mabhatter · 2012-07-22 18:31 · Score: 4, Insightful
  
  They totally deserve that? Why would you sign up for a "Black Hat" event with an important account? The trusting fools!
2. Re:I would be deeply saddened by Karmashock · 2012-07-22 20:04 · Score: 1
  
  It would be pretty choice irony.
  They should make that part of the event. Every time they should use the registrant's information to try and scam the whole group.
  Not take money or whatever. But just as a challenge and a reminder.
  
  --
  I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
3. Re:I would be deeply saddened by flyneye · 2012-07-22 22:47 · Score: 2
  
  Why be saddened? They signed up for it, paid with (possibly) their credit card, showed their I.D. at the desk for their room, walked in plain view of security cameras placed by both the hotel and the FBI facial recognitioin database team, hung out in their bugged rooms, chatted in bugged elevators, walked the floors with undercovers all around. 7500 show up, but 8000 in attendance hmmmmmmm. I wouldn't be surprised if half of them fell for it.
  
  --
  *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
4. Re:I would be deeply saddened by Anonymous Coward · 2012-07-22 23:39 · Score: 2, Interesting
  
  First off, Black Hat is not for the elite. Black Hat is the watered down version of DefCon, made palatable for people and businesses who are afraid of being associated with the criminal element of hacking. While there is some good information to be had at Black Hat, it is generally a pale shadow of what can be found at DefCon. That said, DefCon is a pale shadow of its former self, not in terms of attendance for sure, but definitely in terms of content. For content you must now go to B-Sides, Skytalks, etc., or smaller group meetings in a non-public venue. As far as the "why sign up" using an important account question, what a stupid question. The account is not you, if you are dumb enough to fall for a phishing attempt, it does not matter if it is your main or a throw-away account, as the mentality that falls for such things rarely uses a unique password for each and every on-line service, list membership, etc. Protecting yourself against this kind of crap requires you to not only have a brain, but to use it, ask relevant questions, and trust no sources, ever, no matter what.
5. Re:I would be deeply saddened by postbigbang · 2012-07-23 00:25 · Score: 2
  
  By your description, I don't think you've been to either. I don't consider myself "elite" but I *am* very interested in the latest war stories and postures by varying agencies, ostensible hacker groups, and listening to the delicious screeds of various hacking icons.
  That they were p0wn3d is hilarious. I don't believe their story regarding how it was some fool at ITN that did it, either. Someone ate their lunch. They should know better. The payload was a useless malformed URL, by the way, not a real one.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
6. Re:I would be deeply saddened by Legion303 · 2012-07-23 00:59 · Score: 1
  
  "7500 show up, but 8000 in attendance hmmmmmmm."
  to be fair, 400 of those extras are hotel union staff who stand around and get surly if you try to move your own conference table two inches to the right because it's blocking access to your heart medication.
7. Re:I would be deeply saddened by LordLimecat · 2012-07-23 01:45 · Score: 3, Informative
  
  This wasnt something "to fall for"-- the emails were legit in that they really came from BlackHat registration. That everyone thinks the summary is accurate is little hillarious.
  I mean, the article wasnt exctly lengthy, and they even gave an executive summary:
  
  This morning, some idle hands browsed their way to a screen that looked like this:
  We would provide a better screenshot, but that actually ends in sending an email. Call it a 'feature'. The link provided in the email is to an onsite host on our registration network.
  Basically, a volunteer went to a place they shouldnt have, which resulted in reset emails being fired off to everyone.
  Nowhere does it say or imply that it was phishing attempt. Im glad the editors are continuing the fine tradition of not even opening the links of the article they are supposed to be reviewing.
8. Re:I would be deeply saddened by Shoten · 2012-07-23 02:01 · Score: 4, Interesting
  
  You've clearly never even looked at the speakers list or topics for Black Hat. It's not at all watered down; in fact, there used to be a time when a good enough talk would be given at both...but at Defcon, the talk would leave out certain details and depth. By no means is what's delivered light, either...Moxie Marlinspike revealed how to subvert SSL, for example. Dug Song and Thomas Lopatic revealed how to root a Checkpoint Firewall (back when Checkpoint was the big one to get). Major and very serious vulnerabilities in AMI meters (used for Smart Grid) were revealed by IOActive...the list goes on. And you get an incredible mix of major industry players like Cisco and Apple speaking frankly (there's a talk this year on the security architecture of Apple's IOS) along with independent researchers and even lateral thinkers. Jose Nazario...now the Senior Manager for Security Research at Arbor networks, and a Board Member at the Honeynet Project, gave a talk when he was fresh out of finishing his Ph.D. in biochemistry...on viral propagation algorithms for computer viruses. It turns out that what he did his thesis on...viral propagation models for biological viruses...mapped directly to the concept, and the man never worked a day in the biochem field after he finished his doctorate.
  So, just because you're not able to afford the ticket, or for some reason you can't gain entry into the infosec field (past criminal record, perhaps? Caught with the ganja, were we?), don't try to tarnish the people trying to share information at the front end of things.
  
  --
  
  For your security, this post has been encrypted with ROT-13, twice.
9. Re:I would be deeply saddened by Shoten · 2012-07-23 02:08 · Score: 1
  
  It wasn't a phishing email. Here's the email body itself:
  This is a note from BlackHat 2012.
  ________________________________________
  You have requested a new password. Here are your details:
  Username:
  Password:
  To sign in, please go to this URL:
  https://svel1023/BH12/Admin/
  Okay...so that link, if you notice, wouldn't even work. (Try it and see for yourself if you like.) It turns out that this was a software error; a password provisioning function at ITN (the event company supporting BH) sent the email to everyone instead of (presumably) the intended recipient. Indeed, the headers of the email indicate that it emanated from ITN's email server as well. So, the OP is ass-poundingly dishonest in referring to this as a "lame phishing attempt".
  
  --
  
  For your security, this post has been encrypted with ROT-13, twice.
10. Re:I would be deeply saddened by wiedzmin · 2012-07-23 04:04 · Score: 1
  
  Okay...so that link, if you notice, wouldn't even work. (Try it and see for yourself if you like.)
  That link is to a server on a local network, to which attendees (if they're dumb enough to use an electronic device, connected to a network, to check their email, while at BlackHat) could have been connected during the conference.
  
  --
  Bow before me, for I am root.
11. Re:I would be deeply saddened by Shoten · 2012-07-23 05:48 · Score: 1
  
  Only if that server is on the same local network as the conference. Which it isn't.
  
  --
  
  For your security, this post has been encrypted with ROT-13, twice.
How many peeps fell for it? by Snotnose · 2012-07-22 17:55 · Score: 2, Insightful

The only newsworthy chunk of info here is, How many of these peeps fell for it? These are the elite, what percentage fell for it?
1. Re:How many peeps fell for it? by Sir_Sri · 2012-07-22 18:00 · Score: 4, Insightful
  
  These are the elite
  No, some of them are elite hackers, some of them are just trying to keep up with the mischief elite hackers are going to be creating or trying to feel like they're part of the culture.
2. Re:How many peeps fell for it? by Snotnose · 2012-07-22 18:08 · Score: 1
  
  Ya, I mispoke. These are the ones who think they're elite. I suspect half the attendees are like the script kiddies in MW who load a cheat onto their PS3, then brag about how good they are.
  Still, how many of these peeps fell for it?
3. Re:How many peeps fell for it? by Anonymous Coward · 2012-07-22 18:34 · Score: 1
  
  Still, how many of these peeps fell for it?
  You lazy ass... if you want to know, be a man... hack you way through and examine the server logs.
4. Re:How many peeps fell for it? by PolygamousRanchKid+ · 2012-07-22 21:16 · Score: 2
  
  Black Hat attracts a lot of "hang arounds" . . . journalists, and folks who just want to see who attends, and what they are talking about. So some folks in these groups might be more susceptible to a simple phishing attack.
  
  --
  Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Re:I can explain. by Anonymous Coward · 2012-07-22 17:56 · Score: 3, Funny

I can tell, since it's actually the second post.
the ironing by Anonymous Coward · 2012-07-22 18:26 · Score: 1

is delicious
1. Re:the ironing by philip.paradis · 2012-07-22 18:37 · Score: 4, Funny
  
  Man, I've heard of some strange fetishes in my time, but savoring the flavor of freshly ironed clothing is a first in my book. Do you prefer light or heavy starch?
  
  --
  Write failed: Broken pipe
2. Re:the ironing by schroedingers_hat · 2012-07-22 21:30 · Score: 1
  
  I wouldn't go so far as to call it a fetish, but freshly ironed/fresh out of the dryer pants/underpants feel pretty good.
3. Re:the ironing by WrongSizeGlass · 2012-07-22 23:10 · Score: 3, Insightful
  
  Actually, it's a Simspons reference from "The Simpsons: Grift of the Magi (#11.9)" (1999)
4. Re:the ironing by Mikkeles · 2012-07-22 23:16 · Score: 2
  
  Actually, he irons his 'grilled' cheese sandwich. It gives it that soupcon of je ne sais quoi.
  
  --
  Great minds think alike; fools seldom differ.
A real hacker conference would test antendees :) by Anonymous Coward · 2012-07-22 18:41 · Score: 2, Insightful

It would be great to keep out the script kiddies. I have just the test to determine if someone is a hacker. Just ask them what they like to hack. If they answer with responses like "i like breaking into xyz systems" then deny them a ticket. If they answer with "i like to hack on xyz" and go into how they configured/wrote/learned about some system then let them in. Hacking isn't about breaking into systems or clicking on some button to attack something. It is literally the joy of learning. While breaking into a system might be hacking it's not so unless there is a learning component to it. I like to hack. I hack stuff together all the time. I throw some GNU/Linux distribution together (and having known nothing prior enjoy that). I'm a hacker. I *could* break into a system... but can't say I ever really have. Sure. I've exploited a bug or two for fun. That was a hacking as I learned something and enjoyed it. However someone clicking a button (something any computer users knows how to do) to join in on a DDoS attack on some web site is not hacking. You'd have to be the dumbest person on earth or at least over the age of 40 (loss of skills/memory/ability etc) to call that hacking.
The Reply by azalin · 2012-07-22 18:41 · Score: 5, Insightful

An automatic reply should have been sent to everyone who fell for it:
Your reservation has been revoked. Please invest some time in learning basic security guidelines before applying again.
Best regards
1. Re:The Reply by Anonymous Coward · 2012-07-22 19:07 · Score: 1
  
  That would be a neat trick since the URL is essentially unresolvable for anyone not on their network.
  
  This is a note from BlackHat 2012.
  You have requested a new password. Here are your details:
  Username:
  Password:
  To sign in, please go to this URL:
  https://svel1023/BH12/Admin/
  
  svel1023 looks like a username to me. Maybe the volunteer who sent the email out?
Shit security by FormOfActionBanana · 2012-07-22 18:42 · Score: 4, Interesting

Shit security on their end, and that posting does NOT look like an apology.
And what's this BS about expecting the most hostile network? I thought that was DEFCON...

--
Take off every 'sig' !!
Makes me smile by pbjones · 2012-07-22 19:11 · Score: 1

What a laugh! I read the article, but it still makes me smile. one of their own ranks, doing this for 'fun'.

--
There was an unknown error in the submission.
Re:I can explain. by sumdumass · 2012-07-22 19:57 · Score: 1

But it was the first second post?
Re:I got one by Anonymous Coward · 2012-07-22 20:18 · Score: 1

"A few hours later they sent me a follow-up email with a link to an explanation."
_That_ was the real attack. I bet you were curious and now you're infected.
Re:I can explain. by Pieroxy · 2012-07-22 20:43 · Score: 1

But it was the first second post?
No, it was the second first post.

--
Write boring code, not shiny code!
Re:I got one by jtownatpunk.net · 2012-07-22 21:08 · Score: 1

Oh, I'm sure the link was valid. Anyone who clicked it is banned for life from all future events.
Re:Good for the goose... by ThatsMyNick · 2012-07-22 22:32 · Score: 1

And anyone caught in cross fire can die too. Right?
"Attempt"? Bad article summary by syntap · 2012-07-23 00:34 · Score: 1

"Lame phishing spam attempt" should be reworded to "sucessful phishing spam launch that took advantage of an insider security threat".
If it is in the recipient's inbox, the spam happened sucessfully. If it didn't, it was an unsucessful attempt.
A read of TFA shows no mention of the word "lame". In fact the statement does what it should do... describes what happened and what action was taken. "The email this morning was an abuse of functionality by a volunteer who has been spoken to. This feature has since been removed as a precautionary measure."
This kind of thing would not happen if ... by Skapare · 2012-07-23 04:07 · Score: 1

... we just get rid of the old legacy email system. What kind of black hatter still uses that spam infested crap.

--
now we need to go OSS in diesel cars
Re:A real hacker conference would test antendees : by DerekLyons · 2012-07-23 05:03 · Score: 1

Hacking isn't about breaking into systems or clicking on some button to attack something. It is literally the joy of learning.
The 1970's called - they want to drop off the disco balls and bell bottom trousers for the rest of your nostalgia trip.

You'd have to be the dumbest person on earth or at least over the age of 40 (loss of skills/memory/ability etc) to call that hacking.
No, you'd have to be someone using the word as it's been commonly used for thirty odd years now.