Fake Password Reset E-mail Hits 7,500 Black Hat Registrants 67
An anonymous reader writes "7,500 Black Hat USA 2012 attendees may have been surprised to get a fake password reset e-mail sent to accounts they used to register for the conference. Black Hat has apologized and explained the lame phishing spam attempt."
I would be deeply saddened (Score:5, Funny)
Re:I would be deeply saddened (Score:5, Insightful)
They totally deserve that? Why would you sign up for a "Black Hat" event with an important account? The trusting fools!
Re: (Score:2, Interesting)
First off, Black Hat is not for the elite. Black Hat is the watered down version of DefCon, made palatable for people and businesses who are afraid of being associated with the criminal element of hacking. While there is some good information to be had at Black Hat, it is generally a pale shadow of what can be found at DefCon. That said, DefCon is a pale shadow of its former self, not in terms of attendance for sure, but definitely in terms of content. For content you must now go to B-Sides, Skytalks, etc.,
Re: (Score:3)
By your description, I don't think you've been to either. I don't consider myself "elite" but I *am* very interested in the latest war stories and postures by varying agencies, ostensible hacker groups, and listening to the delicious screeds of various hacking icons.
That they were p0wn3d is hilarious. I don't believe their story regarding how it was some fool at ITN that did it, either. Someone ate their lunch. They should know better. The payload was a useless malformed URL, by the way, not a real one.
Re:I would be deeply saddened (Score:5, Interesting)
You've clearly never even looked at the speakers list or topics for Black Hat. It's not at all watered down; in fact, there used to be a time when a good enough talk would be given at both...but at Defcon, the talk would leave out certain details and depth. By no means is what's delivered light, either...Moxie Marlinspike revealed how to subvert SSL, for example. Dug Song and Thomas Lopatic revealed how to root a Checkpoint Firewall (back when Checkpoint was the big one to get). Major and very serious vulnerabilities in AMI meters (used for Smart Grid) were revealed by IOActive...the list goes on. And you get an incredible mix of major industry players like Cisco and Apple speaking frankly (there's a talk this year on the security architecture of Apple's IOS) along with independent researchers and even lateral thinkers. Jose Nazario...now the Senior Manager for Security Research at Arbor networks, and a Board Member at the Honeynet Project, gave a talk when he was fresh out of finishing his Ph.D. in biochemistry...on viral propagation algorithms for computer viruses. It turns out that what he did his thesis on...viral propagation models for biological viruses...mapped directly to the concept, and the man never worked a day in the biochem field after he finished his doctorate.
So, just because you're not able to afford the ticket, or for some reason you can't gain entry into the infosec field (past criminal record, perhaps? Caught with the ganja, were we?), don't try to tarnish the people trying to share information at the front end of things.
Re: (Score:1)
It would be pretty choice irony.
They should make that part of the event. Every time they should use the registrant's information to try and scam the whole group.
Not take money or whatever. But just as a challenge and a reminder.
Re: (Score:3)
Why be saddened? They signed up for it, paid with (possibly) their credit card, showed their I.D. at the desk for their room, walked in plain view of security cameras placed by both the hotel and the FBI facial recognitioin database team, hung out in their bugged rooms, chatted in bugged elevators, walked the floors with undercovers all around. 7500 show up, but 8000 in attendance hmmmmmmm. I wouldn't be surprised if half of them fell for it.
Re: (Score:2)
"7500 show up, but 8000 in attendance hmmmmmmm."
to be fair, 400 of those extras are hotel union staff who stand around and get surly if you try to move your own conference table two inches to the right because it's blocking access to your heart medication.
Re: (Score:2)
It wasn't a phishing email. Here's the email body itself:
This is a note from BlackHat 2012.
________________________________________
You have requested a new password. Here are your details:
Username:
Password:
To sign in, please go to this URL:
https://svel1023/BH12/Admin/ [svel1023]
Okay...so that link, if you notice, wouldn't even work. (Try it and see for yourself if you like.) It turns out that this was a software error; a password provisioning function at ITN (the event company supporting BH) sent the email to every
Re: (Score:2)
Okay...so that link, if you notice, wouldn't even work. (Try it and see for yourself if you like.)
That link is to a server on a local network, to which attendees (if they're dumb enough to use an electronic device, connected to a network, to check their email, while at BlackHat) could have been connected during the conference.
Re: (Score:2)
Only if that server is on the same local network as the conference. Which it isn't.
Re:I would be deeply saddened (Score:4, Informative)
This wasnt something "to fall for"-- the emails were legit in that they really came from BlackHat registration. That everyone thinks the summary is accurate is little hillarious.
I mean, the article wasnt exctly lengthy, and they even gave an executive summary:
This morning, some idle hands browsed their way to a screen that looked like this:
We would provide a better screenshot, but that actually ends in sending an email. Call it a 'feature'. The link provided in the email is to an onsite host on our registration network.
Basically, a volunteer went to a place they shouldnt have, which resulted in reset emails being fired off to everyone.
Nowhere does it say or imply that it was phishing attempt. Im glad the editors are continuing the fine tradition of not even opening the links of the article they are supposed to be reviewing.
Re: (Score:3, Funny)
Re: (Score:2)
But it was the first second post?
Re: (Score:2)
But it was the first second post?
No, it was the second first post.
How many peeps fell for it? (Score:2, Insightful)
The only newsworthy chunk of info here is, How many of these peeps fell for it? These are the elite, what percentage fell for it?
Re:How many peeps fell for it? (Score:5, Insightful)
These are the elite
No, some of them are elite hackers, some of them are just trying to keep up with the mischief elite hackers are going to be creating or trying to feel like they're part of the culture.
Re: (Score:1)
Ya, I mispoke. These are the ones who think they're elite. I suspect half the attendees are like the script kiddies in MW who load a cheat onto their PS3, then brag about how good they are.
Still, how many of these peeps fell for it?
Re: (Score:1)
Re: (Score:1)
Still, how many of these peeps fell for it?
You lazy ass... if you want to know, be a man... hack you way through and examine the server logs.
Re: (Score:3)
Black Hat attracts a lot of "hang arounds" . . . journalists, and folks who just want to see who attends, and what they are talking about. So some folks in these groups might be more susceptible to a simple phishing attack.
the ironing (Score:1)
is delicious
Re:the ironing (Score:5, Funny)
Man, I've heard of some strange fetishes in my time, but savoring the flavor of freshly ironed clothing is a first in my book. Do you prefer light or heavy starch?
Re: (Score:2)
Re:the ironing (Score:4, Insightful)
Re: (Score:3)
Actually, he irons his 'grilled' cheese sandwich. It gives it that soupcon of je ne sais quoi.
A real hacker conference would test antendees :) (Score:2, Insightful)
It would be great to keep out the script kiddies. I have just the test to determine if someone is a hacker. Just ask them what they like to hack. If they answer with responses like "i like breaking into xyz systems" then deny them a ticket. If they answer with "i like to hack on xyz" and go into how they configured/wrote/learned about some system then let them in. Hacking isn't about breaking into systems or clicking on some button to attack something. It is literally the joy of learning. While breaking int
Re: (Score:2)
The 1970's called - they want to drop off the disco balls and bell bottom trousers for the rest of your nostalgia trip.
No, you'd have to be someone using the word as it's been commonly used for thirty odd years now.
The Reply (Score:5, Insightful)
An automatic reply should have been sent to everyone who fell for it:
Your reservation has been revoked. Please invest some time in learning basic security guidelines before applying again.
Best regards
Re: (Score:1)
That would be a neat trick since the URL is essentially unresolvable for anyone not on their network.
This is a note from BlackHat 2012.
You have requested a new password. Here are your details:
Username:
Password:
To sign in, please go to this URL:
https://svel1023/BH12/Admin/ [svel1023]
svel1023 looks like a username to me. Maybe the volunteer who sent the email out?
Shit security (Score:5, Interesting)
Shit security on their end, and that posting does NOT look like an apology.
And what's this BS about expecting the most hostile network? I thought that was DEFCON...
Makes me smile (Score:2)
What a laugh! I read the article, but it still makes me smile. one of their own ranks, doing this for 'fun'.
Re: (Score:1)
"A few hours later they sent me a follow-up email with a link to an explanation."
_That_ was the real attack. I bet you were curious and now you're infected.
Re: (Score:2)
Oh, I'm sure the link was valid. Anyone who clicked it is banned for life from all future events.
Re: (Score:2)
And anyone caught in cross fire can die too. Right?
"Attempt"? Bad article summary (Score:2)
"Lame phishing spam attempt" should be reworded to "sucessful phishing spam launch that took advantage of an insider security threat".
If it is in the recipient's inbox, the spam happened sucessfully. If it didn't, it was an unsucessful attempt.
A read of TFA shows no mention of the word "lame". In fact the statement does what it should do... describes what happened and what action was taken. "The email this morning was an abuse of functionality by a volunteer who has been spoken to. This feature has since
This kind of thing would not happen if ... (Score:2)
... we just get rid of the old legacy email system. What kind of black hatter still uses that spam infested crap.