Black Hat attendees may have changed their titles and now carry business cards but hackers gotta hack and there’s no better place to do it than Black Hat.

Neil R. Wyler (Grifter), Threat Hunting and Incident Response Specialist, RSA

July 28, 2016

7 Min Read

As one of the guys that’s kept the network running at Black Hat for the last 14 years, I’m often asked the same question, “How do I stay safe on the Black Hat network?” It’s a simple and straightforward question and I always respond with a simple and straightforward answer: “Don’t connect to it.”

Now, maybe I’m giving attendees a little bit of a hard time... But the reality is that the only network you can be confident you’re not going to get owned on is the one you’re not connected to -- and even that’s no guarantee.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

The problem with getting thousands of highly intelligent, highly skilled, information security professionals together in one place, is that you’ve just gotten thousands of highly intelligent, highly skilled, information security professionals together in one place. We may have changed our titles and maybe now we carry business cards, but hackers gotta hack and there’s no better place to do it than Black Hat. Black Hat attendees have access to some of the most highly sought-after training classes and speakers from all over the globe. They get to learn from the people who created the tools they use every day and wrote the books that helped them become professionals in the first place.

Now all that talent and technique has to go somewhere, and it often ends up being tested out on the Black Hat network. While a lot of the “malicious” traffic on the network can be attributed to exploration, demonstration, and plain old curiosity, that doesn’t mean that everyone on the network has your best interests in mind. A high concentration of infosec professionals seems to attract malicious hackers as well; they like to test the attendees and get a rush from owning the very people that should know better.

But what if you don’t know better? What if you’re new to all this and have somehow found yourself in the deep end? Don’t sweat it, I’ve got a few tips that will hopefully keep you connected without the side effect of bringing home an uninvited guest.

Calm Down
Seriously, calm the hell down. You’re lucky enough to be at one of the most exciting security conferences in the world, so enjoy it. If you spend the entire conference looking at your electronics in a deranged, paranoid state, you’re going to be miserable.

Opt Out
This is a rather severe approach, but if the idea of walking among all the hackers that Black Hat, B-Sides, and DEF CON bring to Las Vegas in a single week freaks you out to no end, just disconnect. Let everyone know that you’ll have very limited access to electronic communications, power down your laptop, turn off your phone, and chill. Let’s face it, there’s enough hype around the things that happen at these conferences that just telling someone you can’t be reached for a few days, or even a week, should be fine. If they give you a hard time, tell them to Google where you’re going.

Connect
If you can’t live without packets flowing through your life, then just take some precautions. When it comes to your devices, here’s what you should do… at a minimum.

  • When you’re not using your computer, shut it off: not sleep, not hibernate, off! Locking your computer and walking away is not an option. If it’s not in use, it’s in your hands, and it’s off. Got it?

  • Got Full Disk Encryption on that machine? Why not? Fix that before you come. I’m not mad, I’m just disappointed.

  • If it can be patched or updated, do it. I shouldn’t have to say this, really, but update and patch all of your devices before you come to Las Vegas. I see all the requests to Windows Update flying around the network throughout Black Hat. It’s actually one of the largest uses of bandwidth. Why wasn’t this done sooner? What it tells me is that you connected an insecure laptop to a public network and then decided to patch it. You’ve left a window of opportunity, and you should be ashamed.

  • Disable all the things. Turn off WiFi and Bluetooth, and not just on your laptop, but on all the other gadgets you brought with you as well. Limit your attack surface, know what transmits a signal and when it’s doing it. If you’re not using your phone, turn it off, or put it in airplane mode. You can check it periodically when the mood strikes, but limit the amount of time you’re available to attack.

  • So, you’re taking the plunge, and you’re connected to the conference WiFi. You better be using a VPN. Most corporate machines should come with some kind of VPN software already installed for when you’re reaching back to the home office, but if this is your personal machine, or you don’t want to be restricted by corporate filters, VPN services are cheap, and there are lots of options. 

  • Use two-factor authentication. This is another simple method to provide great security and not enough people are doing it. Use 2FA on all your accounts that support it. This means if you somehow get your login and password stolen, you still greatly shrink the window of opportunity for an attacker. Gmail, Twitter, and Facebook all support 2FA, so set it up before you take off for Vegas.

General Safety
There are things outside locking down your laptop that limit your exposure and are just good general behaviors to practice while moving around the hotel and conference area.

  • Don’t plug into anything. Okay, maybe you can plug into a power outlet, but if you see somewhere you think looks like a good place to charge your phone and it’s a USB port, leave it alone. I’ve seen “charging stations” that were specifically set up to get you to plug in, and own you. Charge your devices in your room or off your own power sources. Why is your battery low, anyway? Didn’t I tell you to turn your phone off?

  • Don’t plug anything in. You didn’t think I’d let this one sneak by did you? Every year we have people dropping random USB drives around the conference floor. At Black Hat USA 2015 someone was literally throwing USB drives into open classroom doors. It’s not just a story, it happens! So if you see a drive on the ground, do us a favor, pick it up and put it in the nearest trash can. Oh, and if you see the guy dropping them, throw him in there, too.

  • Avoid ATM Machines. Just consider all of the ATM machines in the hotels surrounding the conference area to be out of order. Several of them are always compromised and on one occasion a full-size ATM was rolled into DEF CON and left in the conference area. Seriously.

  • Use cash when you can. This may be considered slightly contrary to what I said above, but hear me out. When conducting financial transactions, use cash where you can. Just bring the cash with you from home or from an ATM off the strip. Skimmers are plentiful in Las Vegas, and especially during the week of Black Hat/DEF CON. I wince whenever I see a “norm” using an ATM or swiping their credit card in complete ignorance, it pains me somewhere deep inside.

  • Leave your company badge in your room. I often see people walking around with their company badge hanging off their belt at security conferences and I have no idea why. It’s incredibly common in the Expo Hall, but certainly not limited to there. Do your security team a favor and take off your badge, you’re not at the office, and no one’s impressed that you work for Microsoft. Off!

Black Hat is a blast and you’re lucky that your company sees the value in having you attend, so enjoy it. Now get out there and learn everything you can from the smartest speakers and trainers in our industry. Be smart and stay safe because the only thing you want to be compromised at Black Hat should be the demos on stage and your liver.

Reated Black Hat 2016 content:

 

 

Read more about:

Black Hat News

About the Author(s)

Neil R. Wyler (Grifter)

Threat Hunting and Incident Response Specialist, RSA

Neil R. Wyler (a.k.a. Grifter) is an information security engineer and researcher located in Salt Lake City, Utah. Neil is currently with RSA as a threat hunting and incident response specialist. He has spent over 16 years as a security professional, focusing on vulnerability assessment, penetration testing, physical security, and incident response. He has been a staff member of the Black Hat security briefings for over 14 years and is a member of the senior staff at DEF CON where he is the department lead for contests/events/villages/parties and the demo labs. Neil has spoken at numerous security conferences worldwide, including Black Hat, DEF CON, and the RSA Conference. He has been the subject of various online, print, film, and television interviews, and has authored several books on information security. Neil is also a member of the DEF CON and Black Hat review boards. Follow him on Twitter at @Grifter801.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights