Return to the Weblog
Quote of the Day - If you hack the Vatican server, have you tampered in God's domain? - Aaron Allston
No Honor Among Thieves: Black Hat Conference Press Room Hack
To be completely accurate, the Black Hat Conference is a place where corporate security professionals and hackers meet up in a moment of hopeful Utopian neutrality, but it appears all was not in order at its most recent conference in Las Vegas. According to The Associated Press, three French journalists from the Global Security magazine allegedly hacked into a supposedly off-limits private secure network server for the conference's press room.
Hackers hacking? Who woulda thunk it?
Seeking to embarrass tech reporters who failed to login securely to the network, the journalists supposedly captured the login credentials from two other journalists from eWeek and CNET News. They then allegedly sought to post them on the infamous Wall of Sheep (aka "shame"), a "forum to embarrass security professionals who don't follow proper security procedures themselves," according to the AP. Once your name is listed, apparently, other security professionals know you just don't have the chops to avoid a hack and protect your company's network.
But their plan, if you can call it that, backfired.
Not only did the journalists' credentials get revoked and they found themselves ousted from the Black Hat conference, but also it appears Global Security's sponsorship of the conference is over, even though the magazine's logo still appears on Black Hat's sponsorship page. Organizers of the conference terminated their relationship with the magazine.
To top it off, the three journalists are infighting, with two claiming no knowledge of the hack and instead blaming a third. Marc Brami, director of the magazine's parent company, told the AP that fellow journalist Mauro Israel was responsible for the hack and that he and Dominique Jouniot didn't know about it. "I can't explain why he'd [Israel] do that," Brami said to Associated Press Technology Reporter Jordan Robertson. "He thinks it's some kind of game for him. I'm very angry with him. I've had a partnership with Black Hat for three years."
Then, at DEFCON 16, the hackers-only sister conference to Black Hat, the alleged hackers/journalists called a press conference, but then no-showed and failed to explain the situation from their perspective. An InformationWeek blogger, George Hulme, sees no shame in their hack, but conference organizers are none too happy. EFF lawyer Kurt Opshal is advising conference organizers whether they can pursue a civil action or criminal charges against the three journalists.
It's an interesting view of Karma.
Postscript: Opshal's had a busy couple of weeks. Massachusetts federal District Court Judge Douglas Woodlock issued an injunction to halt a DEFCON presentation on how to hack into that state's subway smart cards, called the Fare Media System. Opshal disagreed and asserted that the temporary restraining order is "violating their First Amendment rights." I don't know about that. Last time I checked, the First Amendment protection afforded by the Bill of Rights to the Constitution doesn't protect speech instructing others how to commit a crime.