August 7, 2008 6:30 PM PDT

Black Hat expels reporters in network snooping

Kurt Opsahl, left, a senior staff attorney at the Electronic Frontier Foundation, discusses the ejection of the three French journalists over networking snooping allegations.

(Credit: Declan McCullagh/CNET News)

Robert Vamosi of CNET News co-wrote this story.

Updated 10:30 p.m. with comment from Brami.

LAS VEGAS--Three journalists for a French security magazine were kicked out of the Black Hat security conference after they allegedly sniffed the press room computer network on Thursday.

The journalists work for Global Security Mag, which was a media sponsor of the event. Two of the men, Dominique Jouniot and Mauro Israel, could not be reached for comment.

The third, Marc Brami, director of the magazine, told CNET News later that he blamed Israel for the incident, which Brami described as "a joke." Brami said Israel is a security expert who occasionally blogs and likes to sniff networks as a prank. Brami said he did not know what Israel was up to until it was too late.

"It was a big mistake," Brami said via telephone. "(Israel) said it was a joke and that he didn't think it was important."

Organizers required the men to leave the conference, confiscated their badges, and barred them from Defcon, a sister security conference that runs over the weekend, and from all future events, a Black Hat representative said.

Asked to comment on his ban from the events over the incident, Brami said: "It's not good for my magazine, but also it is not so good for Black Hat...maybe they lost a good supporter. For us, it was like a joke."

The reporters' badges sit on a chair after they were confiscated.

(Credit: Declan McCullagh/CNET News)

The men were seen huddled over a table in the two press rooms for much of the day and took their computer to the Wall of Sheep (a project that monitors wireless network activity), asking them to display the alleged usernames and passwords of journalists.

The Wall of Sheep organizers refused to do that, saying that they do not monitor the traffic of the press room. A reporter from TG Daily was standing nearby, took a photo of the screenshot, and wrote a short article about it.

CNET News was listed as one of the alleged victims, but the username and password displayed were inaccurate. A journalist from eWeek, on the other hand, confirmed that the username and password he used had been exposed.

Asked why they allegedly sniffed the press room network and attempted to embarrass other journalists, the French journalists said they wanted to educate the public about the privacy dangers with using public Internet connections, the Black Hat representative said. They cited journalists working in China covering the Olympics, she added.

A security expert who works for Black Hat speculated that the men may have re-routed a protocol in the network switch and redirected the traffic through their machine in a classic man-in-the-middle attack.

Unlike the Wi-Fi network that the Wall of Sheep is monitoring, the closed, local area network the press room uses is considered a safe zone at the event, said Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation.

While he couldn't comment on the legalities of the situation without knowing the specifics, Opsahl said it sounded like it could have been a violation of the federal wiretap statute.

"As a general rule, capturing the content of communications without the consent of any of the parties is illegal," he said.

"It's important to have press come here and be able to communicate securely with their home offices," Opsahl added. "It's just not good manners to try and crack into the press network."

Click here for full coverage of Black Hat 2008.

Recent posts from News - Security
Microsoft: Expect four bulletins on Patch Tuesday
Protesters decry NASA hacker's extradition
Chrome suffers first security flaw
Microsoft proposes age-limited digital playgrounds
Microsoft slams Google on privacy
Add a Comment (Log in or register) 21 comments (Showing first 20 comments)
by mrparamus August 7, 2008 7:16 PM PDT
This is hardly the first incident of its kind. Several years ago, I found active key loggers on several press room computers at the CTIA show in Atlanta. The log files had the user IDs and passwords for many of the journalists covering that show. I printed out 40 pages worth of those keystrokes and gave the info to the show mgt, but don't know if they did anything about it. Caveat: Don't assume press room computers are any more secure than an Internet cafe.
Reply to this comment
by SlimGem August 7, 2008 7:52 PM PDT
What's good for the goose is good for the gander.
Hack 'em and crack 'em one and all.
Reply to this comment
by jef5623 August 7, 2008 10:54 PM PDT
Thankfully, we won't have more of such network snooping events since the 7th age of computing is near.
Reply to this comment
by igl00lgi August 8, 2008 12:10 AM PDT
The best off the the hackers at this conference get of on being the best off the best. But most are not.
Reply to this comment
by 6itu August 8, 2008 2:18 AM PDT
As a former journalist for the french edition of CSO Mag (IDG), and working in the I.T. security for the last 10 years, I can swear that neither Jouniot or Israel have a press card or have ever been journalist.
THIS is not, and will definitely NOT be an attitude of a responsible member of the french press.

Marc Olanie
Reply to this comment
by benjaminstraight August 8, 2008 2:59 AM PDT
This is Cloak and Dagger stuff.
Reply to this comment
by 78cherche August 8, 2008 3:35 AM PDT
These journalists need to grow up, they remind me of myself 9 years ago when I first found out about network spoofing while taking a few classes in networking. I went around gleefully sniffing passwords etc, for a few months.

Get over it already - they look like little drunken children first exposed to alcohol.
Reply to this comment
by 78cherche August 8, 2008 3:36 AM PDT
These journalists need to grow up, they remind me of myself 9 years ago when I first found out about network spoofing while taking a few classes in networking. I went around gleefully sniffing passwords etc, for a few months.

Get over it already - they look like little drunken children first exposed to alcohol.
Reply to this comment
by johnwmgibson August 8, 2008 7:08 AM PDT
The "journalists" in question don't need to grow up, just grow a brain. However, if they indeed hacked the network at "THE" major security conference in the world, then, perhaps, the conference organizers also need to be questioned about the horridly inadequate security of the press network. No one should "feel safe" when there's an open network connect like that. Joke or not, they did point up a very serious problem.
Reply to this comment View all 3 replies
by Kings X Rocks! August 8, 2008 9:29 AM PDT
This is the comment that made me giggle:

"As a general rule, capturing the content of communications without the consent of any of the parties is illegal," he said.

...of course it is...and that's why people don't ever do it!!!
Reply to this comment
by TV James August 8, 2008 9:46 AM PDT
Boy, that's rich. Talk about irony.

Maybe these "victims" should have been vetted before being issued press credentials. If you're that easy to hack at a hacking convention, how can you effectively and accurately report on something you obviously don't understand yourself?
Reply to this comment
by Ngallendou August 8, 2008 9:50 AM PDT
For too many Frenchmen, the rest of the world remains a... joke upon whom we smile benignly. Everything we do has as its objective to educate the ignorant, exposing their non-Cartesian stupidity. Well, if we get caught, we shall laugh it off like mothers whose babes spit up on them
Reply to this comment View reply
by alegr August 8, 2008 11:26 AM PDT
I thought protocols that require plaintext login went out of vogue years ago.

And you thought old NTLM authentication was bad!
Reply to this comment
by c1_ken August 8, 2008 3:32 PM PDT
The three individuals tossed out should be allowed to return to the event - as soon as it can be reasonably ascertained that hell has frozen over. Kudos to the organizers that the press is allowed. Not all of the press are security savvy so it's good that there is some kind of safe zone. Hopefully the press will use this to educate the public about the potential risks involved in using a public network.
Reply to this comment
by ferretboy88 August 8, 2008 6:03 PM PDT
Its "ok" to do anything you want in the name of security. Sure.
Reply to this comment
by Harrison912 August 8, 2008 11:33 PM PDT
Well, it looks like the black hat guys actually had white hats on! Good go'in fellas!

As a web site owner of safety and security products, I'm glad to see the security of communication is also kept safe.
Reply to this comment
by jatos August 9, 2008 4:34 AM PDT
Question begs: what happens if someone trys to repeat the trick and doesn't reveal they are doing it?
Reply to this comment
 See all 21 Comments >>
Powered by Jive Software
advertisement

Latest tech news headlines

Resource center from News.com sponsors
Same great protection. Reengineered for speed.
Norton Internet Security™2008

Click Here!
Norton still delivers award-winning protection and now uses 83% less memory and scans 48% faster than the competitor average. Get a FREE trial today!

Click Here!
Norton Beats the Competition

See how Norton Internet Security™2008 uses less memory, while scanning and booting faster than the competitor average.

Norton Protection Blog

Read the latest from our security experts as they help protect people from evolving online threats.

Protect Your Bluetooth Connection

Don't let fraudsters sink their teeth into your Bluetooth connection.

Vishing - What you need to know

Meet the latest ID theft scam: Voice Phishing.

Take Norton for a Test Drive Today!

Act now to get your FREE trial of Norton Internet Security 2008.

About News - Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

News - Security topics

Featured blogs

advertisement
advertisement
Click Here

Inside CNET News

Scroll Left Scroll Right
  • Nanotech: The Circuits Blog

    SanDisk stock surges on buyout rumors

    Stock for flash memory maker SanDisk is up on rumors that a buyout by Samsung is in the works.

  • Gallery

    Images: The art of 'Spore' prototypes

    Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.

  • The Open Road

    Analysts as a lagging indicator of success

    Gartner, Forrester, and other analyst firms tend to be great predictors of the past, probably because that's where they get their money.

  • Outside the Lines

    EIC Squared: Chrome, iPods, and a Dell-Salesforce union

    On this week's EIC Squared podcast CNET's Dan Farber and ZDNet's Larry Dignan discuss Google's latest rocket launch--the Chrome browser--as well as Apple's iPod event next week and a Dell-Salesforce.com union.

  • Video

    Katie Couric reflects on first Webcast

    The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.

  • News - Wireless

    Start-up launches spectrum marketplace

    A new company called Spectrum Bridge has launched a Web site for buying and selling wireless spectrum licenses.

  • Video

    YouTube plays party politics

    During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.

  • News - Gaming and Culture

    Are Demo and TechCrunch50 fragmenting their audiences?

    With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.

  • News - Cutting Edge

    Execs predict next Google-like tech

    On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.

  • Gallery

    Photos: Future Combat Systems, here and now

    The U.S. Army has ambitious plans for a widespread high-tech refresh of its vehicles and other soldier gear. It's also finding a way to make some parts happen sooner rather than later.

  • Crave

    Leaked specifications of the LG Prada II

    Leaked specifications of the LG Prada II.

  • Green Tech

    Duke Energy to invest in mini solar power plants

    Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.