Post by: Fred O'Connor
Security professionals aren't the only ones heading to Black Hat and Def Con. Attackers are also converging in Las Vegas since both conferences present them with the perfect chance to test their hacking skills.
"Black Hat and Def Con are known as playgrounds for attackers of all kinds to target the attendees and try out tools, from rouge, innocent-looking networks to fake ATMs," said Shlomi Avivi, Cybereason's vice president of information security.
Avivi offered these tips to avoid having your log-in credentials plastered across Def Con's Wall of Sheep or falling victim to other hacks. "Paranoid as they may seem, these guidelines should be followed for your safety," he said.
Don't connect to any public network.
Assume every network is either deliberately hostile or compromised. If you need Internet access, use a MiFi (if you don't have one, rent one) or tether your computer to your smartphone, preferably using a USB cable. Don't use any kiosk to log-in to your e-mail account, bank account or any other important accounts. These kiosks maybe compromised and could collect your log-in information.
Pass on the free USB dongles and CDs
A lot of people will be passing out USB dongles and CDs. Never put them in your machine, even if they're being handed out by a vendor. The dongles and CDs could be laced with malware, which will infect your machines if the storage devices end up in your computer. Also, if you come across a lone USB dongle, in a hotel lobby for example, leave it where you found it. Don't let your curiosity cloud your judgement and insert it into your machine. Don't assume it contains someone's vacation photos. Assume it's been compromised.
Erase saved Wi-Fi networks
Erase all Wi-Fi networks that are saved on your laptops, tablets and smartphones. You don't want your device to automatically try to connect to one of these networks. "A lot of information can be gathered by those network searches and if someone sets up a fake network with the same name, your device will connect to it automatically," Avivi said.
Physically block your laptop's USB ports
Black Hat and Def Con attendees have been known to insert USB sticks into open ports when an unsuspecting attendee isn't paying attention to their machine. Vendors exhibiting at these shows are especially susceptible to this attack. The scenario plays out like this: While a sales representative is talking to a potential customer, another person quickly slips a USB stick into an open port on representative's laptop. The program stored on the USB stick then executes. That program could carry instructions to change the vendor's website, upload malware or carry out other harmful actions. To prevent this from happening, physically block your machine's USB ports. If you don't have a port blocker, duct tape works well.
Turn off Wi-Fi and Bluetooth connectivity on your mobile device
Turn off Wi-Fi and Bluetooth on your mobile device when you're at either conference, even around vendor booths. "At Def Con, a lot of people set up fake cellular stations and try to steal SMS messages or eavesdrop," Avivi said.
Patch your applications
Make sure your computers and devices are fully patched and updated. Don't forget to update Flash Player, Java browser plug-ins and the actual browser. "This is very, very important since hackers target exploits in these programs," he said.
Delete sensitive information
Erase VPN/SSH keys and any source code that's on your laptop. "If your computer is stolen or its hard drive is copied while the device is unattended, you don't want this information getting out," Avivi said.
Buy a burner phone
Purchase a pre-paid smartphone to use while you're at Black Hat and Def Con and toss it before you head home. Since these phones don't contain personal information, you won't expose sensitive data if the device is lost or stolen.
Don't forget physical security
While this may seem like common sense, never leave your computer and mobile devices unattended, Avivi said. This includes when you leave your hotel room and your laptop stays behind, he added.
"Store it in the safe," he said.