Followers

Sunday, August 10, 2008

Reporters booted from Black Hat for hacking

By Humphrey Cheung

Las Vegas (NV) – Three French reporters attending the Black Hat computer security conference have been banned for life for sniffing the press room network. The hackers worked for a French security publication called Global Security Magazine and admitted to capturing login information of two other reporters covering the convention. Our legal sources tell us the three could face federal charges for wiretapping.

We’ve spoken to the two victims who are reporters from CNET and eWEEK. They told us the French reporters sneakily “huddled over their computers” while plugged into the Netgear Ethernet switches in the press room. The trio were also seen using an AirPcap USB capture card to sniff wireless traffic.

The French reporters captured traffic and then showed their results to the Wall of Sheep team in the hopes of getting the information posted. However, the team refused because there is an unwritten rule at Black Hat/Defcon that the press room network is off limits to scanning. Coincidentally, I was already in the room interviewing the Wall of Sheep team members and the French reporters let me take a picture of their screen.

I published that picture and a short accompanying article here. Shortly before the article went live, TG Daily’s editor in chief Wolfgang Gruener called CNET to warn them about a possible breach in their network security. Black Hat staff warned eWEEK’s Brian Price after our article went live.

Price confirmed to us that the login in the picture was indeed a valid one. That username and password has since been changed and Price is taking everything in stride. He told us that it was a good lesson in security and that he’ll be more careful in the future. On the CNET side, it appears the login information isn’t valid and that the French reporters possibly made up the information.

Image

The French reporters are Mauro Israel, Marc Brami, and Dominique Jouniot and they didn’t deny sniffing the network when confronted by Black Hat officials. They added that they conducted a classic man in the middle attack. The reporters have been permanently banned from Black Hat and Defcon, something which continues a long tradition of reporter bans at the hacker conventions. Last year, Dateline’s Michelle Madigan quickly escaped from Defcon after being caught secretly filming attendees. Before that, reporters and cameramen from Argentina and Israel had been booted.

Afterwards the head of Black Hat technical operations explained that people shouldn’t automatically assume that switched networks are safe from sniffing. He said there were several ways of obtaining traffic like arp address poisoning and running a rogue DHCP server to route traffic through the attacker’s laptop.

Kurt Opsahl, a senior staff attorney with the Electronic Frontier Foundation, said the French probably committed multiple crimes since there was a reasonable expectation of privacy on the press network. While he would not go on record about specific charges (since he wasn’t familiar with all the details), Opsahl said legal cases in the past have focused on whether people expect to be hacked on a specific network. At Black Hat and Defcon, you are almost guaranteed to be sniffed, hacked and owned by attendees, but the private press network is a different story. Another legal source told us the hacking attempt could be a federal felony under Title 18 section 2511 of the United States Code.

While the situation is very unfortunate and shady on the part of the French contingent, it does slam home the point that you can’t trust any network … even one that has been promised to be off-limits to scanning. As more details of the hacking emerged, several reporters in the room were scrambling to change their login details for their various content management systems.

Original here

No comments: