July 18, 2014 By Fran Howarth 3 min read

“The fearful stayed home,” many say about the Wild West. Lawlessness was common. In old Western movies, heroes were distinguished by their white hats; the bad guys wore black hats. Today, use of the black hat term has morphed. The bad guys don’t necessarily carry guns or ride horses, but they do have other tools at their disposal that they use for ill effect. The term now refers to hackers — those who are adept at breaking into computer systems and networks with malicious intent, often looking to steal valuable information for their own personal gain or to cause other damage.

Black Hat conferences began in 1997 as computer security events offering highly technical briefings and training sessions for and by hackers, consultants and security professionals from the private and public sectors. There are now spinoff conferences around the world attended by thousands.

Black Hat Has Become Notorious

Black Hat conferences are notorious for the serious security limitations and vulnerabilities that they expose, from hacking enterprise security systems to smartphones, ATMs and even insulin pumps. But that is not where the notoriety ends; in reality, they are more like the Wild West than the normally tame, run-of-the-mill security conferences. Black Hat conferences highlight lax security practices by attendees, which hackers are keen to expose. They will try anything, including hacking Wi-Fi and other connections; breaking into devices, hotel rooms and ATMs and cracking credit cards. Those that are successfully hacked can be named and shamed on the “Wall of Sheep,” an electronic bulletin board on which the details of those who have been compromised are publicly displayed. Unless careful precautions are taken, no one is immune.

Take the Right Precautions

So how should attendees prepare themselves? The advice to stay at home will, of course, not sit well with many, but it really is the safest option. If you are bent on going, taking the right precautionary measures starts before you leave home is essential during the conference and continues after you get back.

Before you leave home, consider what you can afford to lose. If you must take any form of computer, take one that is stripped to the minimum; leave sensitive data elsewhere. If that is not possible, back everything up, install stringent security controls, encrypt sensitive data and make sure everything is patched. Go to your local ATM and get cash. Get as much as you could conceivably need, and then get a bit more. If previous conferences are anything to go by, the ATMs at the airport and the conference hotels will have been hacked and using credit cards at the event is probably asking for trouble.

At the conference, trust no one. If you must take devices with you, exercise extreme caution. Keep them with you at all times. Do not use free Wi-Fi connections — in fact, turn off Wi-Fi and Bluetooth on all devices. Stay away from the Internet altogether if you’re not using a VPN. Do not use public charging stations as these can, and probably will be, hacked. Leave anything with an electronic chip that can be intercepted locked in a hotel room safe, but remember that the supposedly secure hotel key cards have been hacked at previous conferences. And if you are given anything at the conference, such as a USB device, do not trust it — it is bound to be tainted. Convinced you should leave everything at home yet?

Don’t let down your guard when you get home again. Every device that you felt compelled to take with you needs attention. This is where having taken a stripped-down device comes in handy since this can now be wiped without fear of losing anything important — and wiping it clean really is the best option. If that’s not possible, then a full scan of the device should be performed. This may be something that will take many hours, but it is almost definitely worth it. If needed, devices can have clean disk images restored from backup security programs. Change the passwords on everything just to be sure. You didn’t take enough cash? Keep a careful eye on all bank accounts and statements in case you were targeted, and watch out for any emails or other messages related to the event — they may be trying to phish you.

Did I Forget to Mention Defcon?

Neither Black Hat nor Defcon are for the faint of heart. They are full of the modern gunslingers, albeit using more modern tools. Where once they were looking to steal your possessions and newly-found gold, sensitive data is the new gold and hackers want to get their hands on it. Be prepared and don’t let them. Trust no one, and don’t be the next publicly shamed sheep.

More from

Change Healthcare discloses $22M ransomware payment

3 min read - UnitedHealth Group CEO Andrew Witty found himself answering questions in front of Congress on May 1 regarding the Change Healthcare ransomware attack that occurred in February. During the hearing, he admitted that his organization paid the attacker's ransomware request. It has been reported that the hacker organization BlackCat, also known as ALPHV, received a payment of $22 million via Bitcoin.Even though they made the ransomware payment, Witty shared that Change Healthcare did not get its data back. This is a…

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

How I got started: AI security researcher

4 min read - For the enterprise, there’s no escape from deploying AI in some form. Careers focused on AI are proliferating, but one you may not be familiar with is AI security researcher. These AI specialists are cybersecurity professionals who focus on the unique vulnerabilities and threats that arise from the use of AI and machine learning (ML) systems. Their responsibilities vary, but key roles include identifying and analyzing potential security flaws in AI models and developing and testing methods malicious actors could…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today