Black Hat always has its circus-style controversies. Three French journalists were kicked out of the show today because they allegedly stole the passwords of fellow reporters and tried to get the results posted publicly.
Such attacks are common here at Black Hat and its sister conference (the wilder one) Defcon. The conferences officially have a “Wall of Sheep” screen that displays the usernames and passwords of people who mistakenly allow them to sniffed on open, unprotected Wi-Fi networks at the conference. The Wall of Sheep is a kind of joke meant to shame people into learning using unencrypted Wi-Fi isn’t wise.
But the three French journalists apparently obtained the usernames and passwords of several journalists on their own and tried to pass them on to the security experts running the Wall of Sheep. I’m sure they thought it was a prank. A reporter from TG Daily wrote about it, setting in motion a series of events that got the French scribes booted from the show.
The journalists learned from the story what happened. Among those spied upon was Ellinor Mills, the security tech reporter for News.com, who said she felt violated but noted that her own password posted by the French journalists was incorrect. Another reporter whose username and password was stolen was Brian Prince of eWeek. He said the information stolen was accurate and that he worked only on the closed wired network of the press room.
News.com’s Robert Vamosi, Mills, and other journalists involved had to piece together what happened during the day, missing some of the conference proceedings. Here’s Vamosi’s account (and see me in the picture on the left). He surmised that the French journalists used snooping hardware to snatch passwords. They apparently wanted to teach a lesson about the need to be vigilant about security.
Kurt Opsahl, an attorney for the Electronic Frontier Foundation, visited the press room and said that federal law prohibits eavesdropping on a closed computer network without the consent of the party being watched. The legal question at hand is whether the journalists broke the law by breaking into a closed network or just pulled a prank on an open network. The wired press room network is closed, while the Wi-Fi network is open and known to be hostile.
In any case, the show organizers say they want journalists to feel safe at the conference and kicked the offending journalists out of the show. The three French reporters have been identified as Mauro Israel, Marc Brami, and Dominique Jouniot. They were reporters for Global Security magazine. They could not be located for comment. They’re banned from all future Defcon and Black Hat shows.
The press room is in a tizzy about this now and it’s really quite amusing. Last year, a similar journalistic controversy erupted at Defcon. There, a Dateline NBC reporter tried to get into the hacker conference without revealing her identity. She was outed by the show organizers in front of a crowd and fled from the scene. I don’t know what it is about these hacker shows that bring out the worst in journalists. The press is going to find itself unwelcome if things keep going this way. I’m glad I get to come here. I’m writing this on the pressroom wired network right now. So please don’t publish my password. But I haven’t dared to surf on the
Wi-Fi network in a show full of security researchers.
At dinner tonight, McAfee’s Dave Marcus said, “The irony is that this is a hacker conference. What do you expect will happen?”