Malicious Life Podcast: Hacker Highschool
Pete Herzog, co-founder of ISECOM and Hacker Highschool, wants our kids to learn about cybersecurity - especially the more advanced stuff like security analysis and hacking - check it out...
Fred O'Connor
Security professionals aren't the only ones heading to Black Hat and Def Con. Attackers are also converging in Las Vegas since both conferences present them with the perfect chance to test their hacking skills.
"Black Hat and Def Con are known as playgrounds for attackers of all kinds to target the attendees and try out tools, from rouge, innocent-looking networks to fake ATMs," said Shlomi Avivi, Cybereason's vice president of information security.
Avivi offered these tips to avoid having your log-in credentials plastered across Def Con's Wall of Sheep or falling victim to other hacks. "Paranoid as they may seem, these guidelines should be followed for your safety," he said.
Assume every network is either deliberately hostile or compromised. If you need Internet access, use a MiFi (if you don't have one, rent one) or tether your computer to your smartphone, preferably using a USB cable. Don't use any kiosk to log-in to your e-mail account, bank account or any other important accounts. These kiosks maybe compromised and could collect your log-in information.
A lot of people will be passing out USB dongles and CDs. Never put them in your machine, even if they're being handed out by a vendor. The dongles and CDs could be laced with malware, which will infect your machines if the storage devices end up in your computer. Also, if you come across a lone USB dongle, in a hotel lobby for example, leave it where you found it. Don't let your curiosity cloud your judgement and insert it into your machine. Don't assume it contains someone's vacation photos. Assume it's been compromised.
Erase all Wi-Fi networks that are saved on your laptops, tablets and smartphones. You don't want your device to automatically try to connect to one of these networks. "A lot of information can be gathered by those network searches and if someone sets up a fake network with the same name, your device will connect to it automatically," Avivi said.
Black Hat and Def Con attendees have been known to insert USB sticks into open ports when an unsuspecting attendee isn't paying attention to their machine. Vendors exhibiting at these shows are especially susceptible to this attack. The scenario plays out like this: While a sales representative is talking to a potential customer, another person quickly slips a USB stick into an open port on representative's laptop. The program stored on the USB stick then executes. That program could carry instructions to change the vendor's website, upload malware or carry out other harmful actions. To prevent this from happening, physically block your machine's USB ports. If you don't have a port blocker, duct tape works well.
Turn off Wi-Fi and Bluetooth on your mobile device when you're at either conference, even around vendor booths. "At Def Con, a lot of people set up fake cellular stations and try to steal SMS messages or eavesdrop," Avivi said.
Make sure your computers and devices are fully patched and updated. Don't forget to update Flash Player, Java browser plug-ins and the actual browser. "This is very, very important since hackers target exploits in these programs," he said.
Erase VPN/SSH keys and any source code that's on your laptop. "If your computer is stolen or its hard drive is copied while the device is unattended, you don't want this information getting out," Avivi said.
Purchase a pre-paid smartphone to use while you're at Black Hat and Def Con and toss it before you head home. Since these phones don't contain personal information, you won't expose sensitive data if the device is lost or stolen.
While this may seem like common sense, never leave your computer and mobile devices unattended, Avivi said. This includes when you leave your hotel room and your laptop stays behind, he added.
"Store it in the safe," he said.
Fred is a Senior Content Writer at Cybereason who writes a variety of content including blogs, case studies, ebooks and white papers to help position Cybereason as the market leader in endpoint security products.
Pete Herzog, co-founder of ISECOM and Hacker Highschool, wants our kids to learn about cybersecurity - especially the more advanced stuff like security analysis and hacking - check it out...
George Friedman and Jeremy Hammond are two very different people: the former is a capitalist middleman, the latter an anarchist-communist hacker. A spy and a hacker; but in certain respects, they’re actually quite similar in what lines they are willing to cross to get to their goal - check it out…
Pete Herzog, co-founder of ISECOM and Hacker Highschool, wants our kids to learn about cybersecurity - especially the more advanced stuff like security analysis and hacking - check it out...
George Friedman and Jeremy Hammond are two very different people: the former is a capitalist middleman, the latter an anarchist-communist hacker. A spy and a hacker; but in certain respects, they’re actually quite similar in what lines they are willing to cross to get to their goal - check it out…
Get the latest research, expert insights, and security industry news.
Subscribe