Defcon 16: Hacking and Publicity- How Far is Too Far?

he EFF tried to get the gag order lifted off the three MIT students who had planned a presentation on how Boston's subway system was vulnerable to some hacks. However, a judge has left the gag order in place, saying that it will be discussed at a hearing next Tuesday. He also ordered the students to hand over more information.

US District Judge Douglas P. Woodlock issued the order at the request of the Massachusetts Bay Transit Authority, which sued the three students and MIT on Friday. It forbids Zack Anderson, 21, RJ Ryan, 22 and Alessandro Chiesa, 20, from "providing program, information, software code or command that would assist another in any material way to circumvent or otherwise attack the the security" of the MBTA's fare system.

"It's a very dangerous precedent," EFF staff attorney Marcia Hoffman told reporters at the Defcon hacking conference in Las Vegas. "Basically, what the court is suggesting here is that giving a presentation involving security to other security researchers is a violation of federal law. As far as I know, this is completely unprecedented and it has a tremendous chilling effect on sharing this sort of research."

The three French reporters are accused of hacking reporters' network connections -- Marc Brami, Mauro Israel, and Dominique Jouniot -- by using a sniffer on the private press network connection.

According to this blog posting by Wired.com's Kim Zetter, Black Hat representatives said that the reporters sniffed the network to prove a point when it comes to accessing untrusted networks, and that they wanted to convince organizers to post the names of reporters caught accessing Web sites insecurely (in this case, probably the production systems of their respective publications) on the "Wall of Sheep."

Wall of Sheep got its start in 2002, when Markus and friends were sniffing wireless LAN traffic at Defcon. It turned out there were plenty of people putting their data out on those networks. "We were saying there are so many of them, they are everywhere." Inspired by a T-shirt, they decided to call the people they could spy on "sheep," and they started sticking paper plates on the wall with some of the user details they'd found. They list login names, domain or Internet Protocol addresses and partial passwords.

Q: Is there a free network at DEFCON?
A: Yes. It would be fair to describe the network as ‘hostile’. It has been described as ‘the worlds most hostile network’, but such descriptions are just attempts at flattery. It is recommended that if you want to connect to the DEFCON network pretend that you are sharing out your entire hard drive to 5,000 hackers.

In one popular two-hour session security researchers explained how to make a fake key out of a credit card that can open certain types of Medeco M3 locks.

Other sessions focused on the security issues with social networks, exploiting Google gadgets, and medical identity theft, among many other topics.

Out in the halls and side rooms, hackers were involved in a wild assortment of activities that would make any rational network administrator shudder. One of the most controversial is a "Race to Zero" contest in which contestants modify sample viruses and throw them at antivirus products to see if they are detected.

The show, typically not vendor-oriented, also had a "Buzzword Survivor" event in which 10 people signed up to listen to 30 straight hours of vendor pitches. Whoever lasts through all that marketing speak will share a $10,000 prize. Oddly, non-contestants were also sitting in.

"Virtually all conventional pin-tumbler locks are vulnerable to this method of attack, and frankly nobody has really considered it or looked at it before," says Marc Weber Tobias, one of the researchers.

The researchers showed Threat Level how they could create the simulated keys from plastic simply by scanning or photographing a Medeco key, printing the image onto a label and placing the label onto a credit card or other plastic to cut out the key with an X-Acto blade or scissors and then use the key to open a lock covertly.

A collaboration of various medical researchers in the academic field has led to proof that pacemakers can be remotely hacked with simple and accessible equipment. [Kevin Fu], an associate professor at the University of Massachusetts at Amherst, led the team. [Kevin] first tried to get documentation from the manufacturers, believing they would support the effort, but they were not interested in helping. They were forced to get access to an old pacemaker and reverse engineer it. They found that the communication protocol used to remotely program the device was unencrypted. They then used a GNU radio system to find access to some of the machine's reprogrammable functions, including accessing patient data and even turning it off.

Let’s not have a collective heart attack, at least not yet. The people on the right side of the security fence are the ones who have figured this out so far. But this has very serious implications for the 2.6 million people who had pacemakers installed from 1990 to 2002 (the stats available from the researchers). It also presents product liability problems for the five companies that make pace makers.