Reporters booted from conference for hacking
With thousands of hackers milling around the Black Hat convention here, and widespread snooping on the public WiFi network, one place was supposed to be off limits: the press room.
But in a case of reporters spying on other reporters, three journalists working for the French publication Global Security Magazine were booted Thursday from the hackers' conference after they were allegedly caught hacking into the private computer network set up for the media.
The French journalists captured what they claimed were usernames and passwords of reporters from at least two media outlets — eWeek and CNET News. The eWeek reporter told organizers his login credentials looked like they were legitimate, while the CNET information appeared to be bogus.
Black Hat attendees are warned that the conference's public wireless network is being monitored by hackers. People who send sensitive personal data over it are cautioned they might have that information posted on the Wall of Sheep, a forum to embarrass security professionals who don't follow proper security procedures themselves.
The separate, wired Internet connections set up for reporters are supposed to be off-limits to hacking and the Wall of Sheep. Even so reporters who didn't take the extra step and log onto the Internet through an additional secure connection like a virtual private network, risked having their data exposed to colleagues sitting just feet away.
It didn't appear to be a complicated hack.
The network was working properly, but it wasn't set up to shield each journalist's computer from one another. The French journalists — identified by organizers as Dominique Jouniot, Marc Brami, Mauro Israel — apparently set up their own server to siphon off traffic passing through the media room's central router.
Brami is listed on the magazine's Web site as director of parent company S.I.M. Publicite, while Jouniot and Israel are on the "scientific committee."
Brami said in an interview with The Associated Press that Israel was responsible for the hack and that he and Jouniot didn't know about it.
"I can't explain why he'd do that," Brami said. "He thinks it's some kind of game for him. I'm very angry with him. I've had a partnership with Black Hat for three years."
The magazine has been one of Black Hat's sponsors. Organizers said that because of Thursday's incident, that partnership is over.
E-mails from The Associated Press to Jouniot and Israel were not immediately returned Thursday night.
"The design of the network was to isolate it from the rest of the public network — it's not designed to isolate it from one computer in the press room to another computer in the press room," said Dominique Brezinski, Black Hat's technical director. "They took advantage of that."
Organizers said the trio was caught when they took their purloined password prizes to Wall of Sheep workers and asked them to post the information. The workers refused. When questioned, one of the French journalists said he was trying to "educate the press" about the importance of sending data securely, organizers said.
Kurt Opsahl, senior staff attorney for the Electronic Frontier Foundation, said his organization is investigating whether Black Hat organizers can take legal action against the French journalists. He said the breach may have even broken criminal laws.
The EFF is a civil liberties group focused on free speech and privacy on the Internet and often takes up journalists' legal cases.
"There are lots of notices that the WiFi network is a hostile network and is actively being monitored," he said. "People are aware that it's going on. The important distinction is what the expectations are (in the media room)."