Vulnerabilities / Threats // Insider Threats
8/6/2014
04:05 PM
Tal Klein
Tal Klein
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

The Illegitimate Millinerís Guide to Black Hat

A less-than-honest "Abe" goes undercover to get a behind-the-scenes look at Black Hat and its infamous attendees.

For this, my most clandestine assignment to date, Dark Reading asked me to go undercover among the hacking Black Hat masses to clear away the fog of public relations, false bravado, and one-upmanship in order to take a true pulse of this shadowy gathering.

My nom de plume for this incognito mission: Abe Abrahamson. (Who wouldn't trust a man named Abe?) A quick call to Kevin Mitnick to vet the aforementioned hypothesis with regard to my alter ego was met with his cunning impersonation of a disconnected number message (which I knew to be code for "Your cover is impeccable, grasshopper").

Under said auspices, and with my ticket to Las Vegas in one hand and a potent gin and tonic in the other, I settled into my seat and began to work on Abe's backstory, something learned from reading The Grugq's Guide to OPSEC and Thai Cuisine (amazing how much the two have in common). You see, one does not simply stroll into the world of a Bangkok hacker without knowing the rules.

  • Rule 1: Always smoke cigarettes.
  • Rule 2: Always have a backstory.
  • Rule 3: Well, I stopped reading the slide deck before Rule 3, but I want to believe it's "One does not speak of OPSEC when one's mouth is full of Thai cuisine."

After hacking my airplane's WiFi by cross-site scripting my credit card information at the login page, I learned from a stout United Airlines first officer that smoking is not permitted due to FAA regulations. Vaping is a gray area, and I didn't want to bring undue attention to myself before becoming fully immersed in Rule 2, so I endeavored to test my alter ego with the hoi polloi in preparation for prime time.

I began by socially engineering the friendly looking San Franciscan seated next to me in the exit row.

"Hi there. Name's Abe. Like Honest Abe, but I assure you, no relation whatsoever to Mr. Lincoln, although I do drive one," I began. "A Lincoln, that is, for I am a milliner. I design hats."

"Oh?" said the man, clearly falling for my ruse.

"Yes, my father was a haberdasher from Cornwall. But I never had the generalist's touch," I said, enriching my story with impeccable detail. "I knew from a young age that designing hats was my calling. No slinging silly bespoke buttons and frivolous silk ties from a fading red-bricked storefront in Cheshire for me. I would design hats!"

"So you make hats?" he replied, obviously impressed.

"Not so to speak. A hat-maker makes hats," I replied with confidence. "I am a milliner. I design hats."

"What's the difference?"

Cornered! Clearly this tourist in disguise was an expert hacker with full marks in social engineering. I had inadvertently walked into one of those infamous "capture the flag" contests, so I shifted strategy to earn his confidence with the hacker's secret handshake.

"I, er… I specialize in a certain kind of hat," I said, regaining my balance. "A black hat, if you get my meaning."

"You only make black hats? Like for hipsters or something?"

Oh, he was a wily one, clearly skilled in the dark arts. I was merely an amateur learning the ropes.

Thinking quickly I feigned a fit of narcolepsy, closing my eyes and going limp -- apart from the hand that still clutched my cocktail, the aid of which allowed my ruse to lapse into a real sleep that lasted until the plane descended on to the tarmac.

Avoiding eye contact with the flag bearer beside me, I rang my contact on the ground, a Mr. Hoff, who assured me that my cover was still good, but that it would be best to head for my hotel posthaste. Things were afoot. Wheels were in motion. Balls were in the air, and other such clichés of the trade.

Upon my arrival at Mandalay Bay, Mr. Hoff administered a brief Turing test of sorts, asking me to identify mine among a scroll of 1.2 billion passwords. Fortunately, the list was alphabetized, so I was able to find FlyingColours123 in no time. With the smug satisfaction of a test well passed, I was spirited away to a cocktail party, whereupon Mr. Hoff had me hobnobbing and rubbing elbows with various information security luminaries.

Honest Abe was once again fully engaged. With the aid of conversation's finest lubricants, my charade knew no bounds. I discussed iOS jail breaks, Faustian USB accessories, and the cuts of attendees' jibs (or hats, as it were). You see, through cunning interrogation, I learned that, though this tradeshow is called "Black Hat," it is about more than mere variations of the quintessential Chapeau Noir.

I met one sober bloke by the name of Jeremiah Grossman, crowned by a white hat, which I wrongly presumed to be in defiance of the status quo. He kindly stood me corrected. His hat was white, he explained, because he and his compatriots protected companies from black hatters who meant them ill. I also met chaps from Microsoft whose hats were blue, the explanation of which became lost in a hazy fog of disconnected memories aswirl in tinkling glasses, and perhaps a jester cap and bells.

The next morning, I awoke on the carpet facing the exhibit hall, my head resting on a makeshift pillow of ATM receipts. I had danced toe to toe with the infosec royalty I'd come to study and, like a butterfly out of metamorphosis, emerged as one of them. But what great epiphany could be drawn from this cyber transformation? Only this:

Heavy hangs the head that wears a black hat.

Tal Klein is Vice President of Strategy at Adallom. Previously, he was senior director of products at Bromium where he led product marketing and strategy from stealth mode to a multimillion-dollar business, disrupting the enterprise information security landscape. Prior to ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
TalKlein
50%
50%
TalKlein,
User Rank: Author
8/11/2014 | 7:58:44 AM
Re: "Heavy hangs the head that wears a black hat."
Yes, in the immoral words of 90's pop divas En Vogue, "back to life, back to reality." I would like to imagine that for all the money I've lost in Vegas, I've gained a cornucopia of knowledge, but we shall see. Thank you for the opportunity to go deep undercover. I doubt anyone who met me in Vegas suspected my ruse. :)
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/11/2014 | 7:41:32 AM
"Heavy hangs the head that wears a black hat."
"Abe" -- Hope your "heavy head" is a little lighter now that you are back at home after all the revelry at Black Hat (not to mention the mind-blowing research and info from all the briefings). Thanks for your witty view of all the fun going on behind the scenes. 
TalKlein
50%
50%
TalKlein,
User Rank: Author
8/8/2014 | 11:17:38 AM
Re: try harder whitehats
From an OPSEC perspective, it would seem contrary to a Black Hat's cause to identiy themselves as a Black Hat. No?
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/7/2014 | 9:20:23 PM
Re: try harder whitehats
I would agree with that, I have not heard anybody identifying themselves black hats, they always think they are white hats, if not gray hats.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/7/2014 | 2:29:36 PM
Re: BH is for WHitehats
Really appreciate your honesty, there "Abe."
TalKlein
50%
50%
TalKlein,
User Rank: Author
8/7/2014 | 1:08:42 PM
Re: try harder whitehats
yes, honey four zeros, you might have a point there. Shall we meet in the expo hall by the popcorn machine and compare tchotchkes?
TalKlein
50%
50%
TalKlein,
User Rank: Author
8/7/2014 | 1:06:30 PM
Re: BH is for WHitehats
Sir, as I write this, I am in the midest of a Jiu Jitsu headlock administered by the same Jeremiah Grossman you speak of. I wish him no ill, he is a champion of industry, a man among men, a

I'm sorry I passed out there for while. What were we talking about?
honey0000
50%
50%
honey0000,
User Rank: Apprentice
8/7/2014 | 11:06:42 AM
BH is for WHitehats
I esp am laughig at the part of the article where you reference jeremiah grossman as being "against" the status quo by attending blackhat. You are severly incorrect. Jeremiah grossman is perfect for attending blackhat. As well as all other whitehat fools who think they are at a "dark" conference obtainig leet iformations about upcoming trends or zero.

What a f*cking joke to the real commuity.

 

LOL

 

like a real BH is going to pay 3K for your training courses/attendance. And if a BH's firm pays for it? They are passed out and not in attendance of * talks or the conference itself. Have fun "learning" at BH kids. lolol
honey0000
100%
0%
honey0000,
User Rank: Apprentice
8/7/2014 | 10:55:07 AM
try harder whitehats
conferences are for tools. try harder.

real blackhats DONT GO TO BLACKHAT

Conferences are for sellouts and wishers.

 
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5208
Published: 2014-12-22
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbit...

CVE-2014-7286
Published: 2014-12-22
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVE-2014-8015
Published: 2014-12-22
The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.

CVE-2014-8017
Published: 2014-12-22
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.

CVE-2014-8018
Published: 2014-12-22
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur1...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.