AOH :: ISNQ5992.HTM

Reporters booted from Black Hat for hacking




Reporters booted from Black Hat for hacking
Reporters booted from Black Hat for hacking



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-762411621-1218190514=:12169
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://www.tgdaily.com/content/view/38794/108/ 

By Humphrey Cheung    
TG Daily
August 07, 2008 

Las Vegas (NV) =E2=80=93 Three French reporters attending the Black Hat computer 
security conference have been banned for life for sniffing the press 
room network.  The hackers worked for a French security publication 
called Global Security Magazine and admitted to capturing login 
information of two other reporters covering the convention.  Our legal 
sources tell us the three could face federal charges for wiretapping.

We=E2=80=99ve spoken to the two victims who are reporters from CNET and eWEEK.  
They told us the French reporters sneakily =E2=80=9Chuddled over their 
computers=E2=80=9D while plugged into the Netgear Ethernet switches in the press 
room.  The trio were also seen using an AirPcap USB capture card to 
sniff wireless traffic.

The French reporters captured traffic and then showed their results to 
the Wall of Sheep team in the hopes of getting the information posted.  
However, the team refused because there is an unwritten rule at Black 
Hat/Defcon that the press room network is off limits to scanning.  
Coincidentally, I was already in the room interviewing the Wall of Sheep 
team members and the French reporters let me take a picture of their 
screen.

I published that picture and a short accompanying article here.  
Shortly before the article went live, TG Daily=E2=80=99s editor in chief 
Wolfgang Gruener called CNET to warn them about a possible breach in 
their network security.  Black Hat staff warned eWEEK=E2=80=99s Brian Price 
after our article went live.

Price confirmed to us that the login in the picture was indeed a valid 
one.  That username and password has since been changed and Price is 
taking everything in stride.  He told us that it was a good lesson in 
security and that he=E2=80=99ll be more careful in the future.  On the CNET 
side, it appears the login information isn=E2=80=99t valid and that the French 
reporters possibly made up the information.

The French reporters are Mauro Israel, Marc Brami, and Dominique Jouniot 
and they didn=E2=80=99t deny sniffing the network when confronted by Black Hat 
officials.  They added that they conducted a classic man in the middle 
attack.  The reporters have been permanently banned from Black Hat and 
Defcon, something which continues a long tradition of reporter bans at 
the hacker conventions.  Last year, Dateline=E2=80=99s Michelle Madigan quickly 
escaped from Defcon after being caught secretly filming attendees.  
Before that, reporters and cameramen from Argentina and Israel had been 
booted.

Afterwards the head of Black Hat technical operations explained that 
people shouldn=E2=80=99t automatically assume that switched networks are safe 
from sniffing.  He said there were several ways of obtaining traffic 
like arp address poisoning and running a rogue DHCP server to route 
traffic through the attacker=E2=80=99s laptop.

Kurt Opsahl, a senior staff attorney with the Electronic Frontier 
Foundation, said the French probably committed multiple crimes since 
there was a reasonable expectation of privacy on the press network.  
While he would not go on record about specific charges (since he wasn=E2=80=99t 
familiar with all the details), Opsahl said legal cases in the past have 
focused on whether people expect to be hacked on a specific network.  
At Black Hat and Defcon, you are almost guaranteed to be sniffed, hacked 
and owned by attendees, but the private press network is a different 
story.  Another legal source told us the hacking attempt could be a 
federal felony under Title 18 section 2511 of the United States Code.

While the situation is very unfortunate and shady on the part of the 
French contingent, it does slam home the point that you can=E2=80=99t trust any 
network =E2=80=A6 even one that has been promised to be off-limits to scanning.  
As more details of the hacking emerged, several reporters in the room 
were scrambling to change their login details for their various content 
management systems.


--1457021584-762411621-1218190514=:12169
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com 
--1457021584-762411621-1218190514=:12169--

Site design & layout copyright © 1986-2014 CodeGods