Vulnerabilities / Threats
7/28/2016
09:30 AM
Connect Directly
Twitter
LinkedIn
RSS
50%
50%

How To Stay Safe On The Black Hat Network: Dont Connect To It

Black Hat attendees may have changed their titles and now carry business cards but hackers gotta hack and there's no better place to do it than Black Hat.

As one of the guys that’s kept the network running at Black Hat for the last 14 years, I’m often asked the same question, “How do I stay safe on the Black Hat network?” It’s a simple and straightforward question and I always respond with a simple and straightforward answer: “Don’t connect to it.”

Now, maybe I’m giving attendees a little bit of a hard time... But the reality is that the only network you can be confident you’re not going to get owned on is the one you’re not connected to -- and even that’s no guarantee.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

The problem with getting thousands of highly intelligent, highly skilled, information security professionals together in one place, is that you’ve just gotten thousands of highly intelligent, highly skilled, information security professionals together in one place. We may have changed our titles and maybe now we carry business cards, but hackers gotta hack and there’s no better place to do it than Black Hat. Black Hat attendees have access to some of the most highly sought-after training classes and speakers from all over the globe. They get to learn from the people who created the tools they use every day and wrote the books that helped them become professionals in the first place.

Now all that talent and technique has to go somewhere, and it often ends up being tested out on the Black Hat network. While a lot of the “malicious” traffic on the network can be attributed to exploration, demonstration, and plain old curiosity, that doesn’t mean that everyone on the network has your best interests in mind. A high concentration of infosec professionals seems to attract malicious hackers as well; they like to test the attendees and get a rush from owning the very people that should know better.

But what if you don’t know better? What if you’re new to all this and have somehow found yourself in the deep end? Don’t sweat it, I’ve got a few tips that will hopefully keep you connected without the side effect of bringing home an uninvited guest.

Calm Down
Seriously, calm the hell down. You’re lucky enough to be at one of the most exciting security conferences in the world, so enjoy it. If you spend the entire conference looking at your electronics in a deranged, paranoid state, you’re going to be miserable.

Opt Out
This is a rather severe approach, but if the idea of walking among all the hackers that Black Hat, B-Sides, and DEF CON bring to Las Vegas in a single week freaks you out to no end, just disconnect. Let everyone know that you’ll have very limited access to electronic communications, power down your laptop, turn off your phone, and chill. Let’s face it, there’s enough hype around the things that happen at these conferences that just telling someone you can’t be reached for a few days, or even a week, should be fine. If they give you a hard time, tell them to Google where you’re going.

Connect
If you can’t live without packets flowing through your life, then just take some precautions. When it comes to your devices, here’s what you should do… at a minimum.

  • When you’re not using your computer, shut it off: not sleep, not hibernate, off! Locking your computer and walking away is not an option. If it’s not in use, it’s in your hands, and it’s off. Got it?
  • Got Full Disk Encryption on that machine? Why not? Fix that before you come. I’m not mad, I’m just disappointed.
  • If it can be patched or updated, do it. I shouldn’t have to say this, really, but update and patch all of your devices before you come to Las Vegas. I see all the requests to Windows Update flying around the network throughout Black Hat. It’s actually one of the largest uses of bandwidth. Why wasn’t this done sooner? What it tells me is that you connected an insecure laptop to a public network and then decided to patch it. You’ve left a window of opportunity, and you should be ashamed.
  • Disable all the things. Turn off WiFi and Bluetooth, and not just on your laptop, but on all the other gadgets you brought with you as well. Limit your attack surface, know what transmits a signal and when it’s doing it. If you’re not using your phone, turn it off, or put it in airplane mode. You can check it periodically when the mood strikes, but limit the amount of time you’re available to attack.
  • So, you’re taking the plunge, and you’re connected to the conference WiFi. You better be using a VPN. Most corporate machines should come with some kind of VPN software already installed for when you’re reaching back to the home office, but if this is your personal machine, or you don’t want to be restricted by corporate filters, VPN services are cheap, and there are lots of options. 
  • Use two-factor authentication. This is another simple method to provide great security and not enough people are doing it. Use 2FA on all your accounts that support it. This means if you somehow get your login and password stolen, you still greatly shrink the window of opportunity for an attacker. Gmail, Twitter, and Facebook all support 2FA, so set it up before you take off for Vegas.

General Safety
There are things outside locking down your laptop that limit your exposure and are just good general behaviors to practice while moving around the hotel and conference area.

  • Don’t plug into anything. Okay, maybe you can plug into a power outlet, but if you see somewhere you think looks like a good place to charge your phone and it’s a USB port, leave it alone. I’ve seen “charging stations” that were specifically set up to get you to plug in, and own you. Charge your devices in your room or off your own power sources. Why is your battery low, anyway? Didn’t I tell you to turn your phone off?
  • Don’t plug anything in. You didn’t think I’d let this one sneak by did you? Every year we have people dropping random USB drives around the conference floor. At Black Hat USA 2015 someone was literally throwing USB drives into open classroom doors. It’s not just a story, it happens! So if you see a drive on the ground, do us a favor, pick it up and put it in the nearest trash can. Oh, and if you see the guy dropping them, throw him in there, too.
  • Avoid ATM Machines. Just consider all of the ATM machines in the hotels surrounding the conference area to be out of order. Several of them are always compromised and on one occasion a full-size ATM was rolled into DEF CON and left in the conference area. Seriously.
  • Use cash when you can. This may be considered slightly contrary to what I said above, but hear me out. When conducting financial transactions, use cash where you can. Just bring the cash with you from home or from an ATM off the strip. Skimmers are plentiful in Las Vegas, and especially during the week of Black Hat/DEF CON. I wince whenever I see a “norm” using an ATM or swiping their credit card in complete ignorance, it pains me somewhere deep inside.
  • Leave your company badge in your room. I often see people walking around with their company badge hanging off their belt at security conferences and I have no idea why. It’s incredibly common in the Expo Hall, but certainly not limited to there. Do your security team a favor and take off your badge, you’re not at the office, and no one’s impressed that you work for Microsoft. Off!

Black Hat is a blast and you’re lucky that your company sees the value in having you attend, so enjoy it. Now get out there and learn everything you can from the smartest speakers and trainers in our industry. Be smart and stay safe because the only thing you want to be compromised at Black Hat should be the demos on stage and your liver.

Reated Black Hat 2016 content:

 

 

Neil R. Wyler (a.k.a. Grifter) is an information security engineer and researcher located in Salt Lake City, Utah. Neil is currently with RSA as a threat hunting and incident response specialist. He has spent over 16 years as a security professional, focusing on vulnerability ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
EmmaM384
50%
50%
EmmaM384,
User Rank: Apprentice
10/23/2016 | 7:44:35 PM
The Black Network Safe?
People those mostly looking any information in online but the black hat users getting such like information.
lorraine89
50%
50%
lorraine89,
User Rank: Ninja
10/20/2016 | 10:14:18 AM
Identity theft
Staying safe is not something that the user should stop using a certain website or a tool for staying safe and secure. The web is a bad place as of now in terms like you never who is spying on your online activites. It is therefore advisable to stay safe from these hacking attempts and to secure your IP with PureVPN that provides encrypted online connection and also offers 5 plus multi logins so that is a plus. 
katetaylor
50%
50%
katetaylor,
User Rank: Apprentice
10/1/2016 | 4:35:11 PM
Re: 2016
I totally agree with you getting exposed to cyber threats is very common these days and the best thing we can do is to go anonymous over the internet on all the devices, the best tool is a VPN service to safeguard your privacy and security and it also helps us to bypass all the geo-restrictions and gives us the power to access all the blocked websites from anywhere in the world.
Ventamepacher3E
50%
50%
Ventamepacher3E,
User Rank: Apprentice
9/15/2016 | 12:08:30 PM
2016
Stay safe and anonyme is The difficulty in 2016
rdusek483
50%
50%
rdusek483,
User Rank: Apprentice
8/8/2016 | 9:41:09 AM
Re: Definitely beware ATMs
I wonder if anyone is selling RFID-security wallets that read the cards in them and send the data 'home'?
kittenmalibu
50%
50%
kittenmalibu,
User Rank: Apprentice
8/5/2016 | 10:07:37 AM
Definitely beware ATMs
My husband has an RFID wallet, and he's either had his card skimmed, or duped.It's only been 2 days!
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/3/2016 | 5:18:07 PM
Yep
This is precisely my thinking and strategy whenever I attend an event at MIT.  I'm sure as shootin' not connecting to the network of the university with some of the brightest hacking minds in the world.

Actually, I don't ever connect to the network at any conference I go to.  It's just best practice -- and having 4G helps.
LisaJ227
50%
50%
LisaJ227,
User Rank: Apprentice
8/2/2016 | 10:32:42 AM
The best wishes
Actually the article is informative enough! As for the first aid for your protection, it is vpn, which can help you to enhance your security and stay private when it is necessary for you. Some people say that it doesn't protect your system, but to be exact it is the only service which can try to do it and do it well. As for me, I prefer expressvpn  https://www.bestvpnrating.com/service/expressvpn the cost is rather high, but at the same time the result satisfies me.

As for the suggestion not to pay vie the net, nowadays it is impossible as it is the most convenient and the fastest way as you can avoid a lot of problems concerning queues.

On the whole, for staying secure you should just follow all the tips, as there is no flexible decision yet.
String46
50%
50%
String46,
User Rank: Apprentice
8/1/2016 | 9:22:57 PM
Stay Safe
This reminds of when I was training rookies at the State prison where I worked as an Officer for 10 years. One asked how he could minimize the risk of being attacked by an inmate or inmates.  He wasn't too pleased when I replied, "Simple. Don't show up for work."

They got the picture.

Great post.
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
7/29/2016 | 4:03:26 PM
Re: General Consensus
Anytime I am at a security conference (or any IT conference for that matter), two features I turn off are wifi and bluetooth. I know too much, have done too much, and I am paranoid to the nth degree.
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
Secure Application Development - New Best Practices
Secure Application Development - New Best Practices
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.