ATM scam at DEFCON clearly the work of ironic criminals

[mongo]

[url="http://www.engadget.com/2009/08/03/atm-scam-at-defcon-clearly-the-work-of-ironic-criminals/#comments"]engaget[/url]

[quote]The hooligans in this case have a dry sense of humor or are extremely unlucky: Either way, we can't help but get a chuckle out of the fact that someone placed their smart card skimmin' faux ATM at the Riviera Hotel Casino in Las Vegas -- during DEFCON, the world's largest hacker convention. No one can say exactly how long the kiosk was there -- at least the kids were smart enough to place it right outside the security office, one of the few places in the conference center not under surveillance. It was picking up on this last fact that aroused the suspicion of Brian Markus, CEO of Aries Security. When shining a light through the glass panel that should house a camera, he instead found the PC that was set up to skim people's data. He then notified security, who removed the device and once again made the world safe for hackers and their bank accounts.[/quote]

Every year, I like to read the articles relating to this convention. It's amazing to think of so many hackers descending on Vegas, all hell bent on hacking each other (and enjoying the convention). I read a great article a few years ago about a computer magazine guy who was told to go cover the convention. He wisely went totally lo-tech, leaving his phone and computer at home, and doing everything with an old 35mm camera, pencil, and notepad. He only carried cash, and scraped the magnetic strip off his ID (which he made sure never to take out of his wallet anyway). He said he'd never been more scared of getting a computer virus/identity theft/whatever in his whole life... It makes sense. You go to a convention of MMA guys, you're pretty sure the ONLY thing they can do to you is break you into tiny pieces. With DEFCON, your mind can't even wrap itself around the millions of different ways the people surrounding you could destroy your life.

[|Elflocko|]

Our firewalls always see increased traffic when they're in town...

[|Bunghole|]

Since hacking is illegal, why are they allowed to have a convention that celebrates and encourages their illegal activity?

[|Elflocko|]

[quote name='Bunghole' date='03 August 2009 - 05:07 PM' timestamp='1249340862' post='787972']
Since hacking is illegal, why are they allowed to have a convention that celebrates and encourages their illegal activity?
[/quote]


Technically, hacking [b]isn't[/b] illegal; only if you cause monetary loss (stealing, intellectual property, etc), or break in to some place you're not supposed to. Like NORAD.

The true nature of hacking is folks trying to find holes in networks or software applications that can lead to breaches. That's how M$, Apple, and *Nix find the holes in their software. It's the bad apples (no pun intended) that make the vast majority of hackers look bad.

[|Bunghole|]

[quote name='Elflocko' date='03 August 2009 - 08:04 PM' timestamp='1249344256' post='787990']
Technically, hacking [b]isn't[/b] illegal; only if you cause monetary loss (stealing, intellectual property, etc), or break in to some place you're not supposed to. Like NORAD.

The true nature of hacking is folks trying to find holes in networks or software applications that can lead to breaches. That's how M$, Apple, and *Nix find the holes in their software. It's the bad apples (no pun intended) that make the vast majority of hackers look bad.
[/quote]
Are most of these people freelancers, or are they in the employ of the various software giants?

[|Elflocko|]

[quote name='Bunghole' date='04 August 2009 - 08:04 AM' timestamp='1249394641' post='788068']
Are most of these people freelancers, or are they in the employ of the various software giants?
[/quote]


Both.

Some of them are double agents.

So to speak.

On a related note, here's an interesting article detailing some things to do and not do during DEFCON:

[quote][b]Attending Defcon and Black Hat can make you feel a bit like a deer in a forest full of hunters.[/b]

The iPhone, love it, but leave it at home when going to Defcon, experts say.


With virus-infected USB drives, Wifi network sniffing, badges with built-in microphones and even security experts getting hacked, it seems like it's only a matter of time until your number comes up if you're not careful.

I asked some security experts for suggestions on what they do to protect themselves at the events and here is what they said.

Do's:
• Have minimal software on your laptop, such as only the operating system and necessary applications.

• Make a backup of your computer before you leave for the conference and then wipe everything and reinstall when you get home.

• Disable Bluetooth and Wi-Fi on all devices.

• Use an EVDO wireless card.

• Only connect to the Internet when you must.

• Use a virtual private network and--if you can--use RSA ID authentication and stop all direct connections to the computer.

• Run Linux off a USB key, back up documents online, and start with a fresh operating system every day.

• In addition to using updated security, application, and system software (antivirus in particular) and installing patches, use an operating system-level firewall.


• Use a disposable camera and a pre-paid cell phone.

• Lock up your equipment in your hotel room when you are going to be gone.

• Take the drives with you when you leave the laptop in the hotel room.

• Ask to be listed as a non-registered guest at the hotel so people can't get your room number or acknowledgement that you are staying at the hotel.

Don'ts:
• Don't plug into any Ethernet jacks.

• Stay off the Wi-Fi networks at the airport and the events.

• Don't use the ATMs in the vicinity of the conferences.

What to leave at home:
• Your laptop and smart phone. You can't be attacked if you don't bring your equipment. If you must bring it, consider leaving it in the hotel room. [/quote]