July 18, 2014 By Fran Howarth 3 min read

“The fearful stayed home,” many say about the Wild West. Lawlessness was common. In old Western movies, heroes were distinguished by their white hats; the bad guys wore black hats. Today, use of the black hat term has morphed. The bad guys don’t necessarily carry guns or ride horses, but they do have other tools at their disposal that they use for ill effect. The term now refers to hackers — those who are adept at breaking into computer systems and networks with malicious intent, often looking to steal valuable information for their own personal gain or to cause other damage.

Black Hat conferences began in 1997 as computer security events offering highly technical briefings and training sessions for and by hackers, consultants and security professionals from the private and public sectors. There are now spinoff conferences around the world attended by thousands.

Black Hat Has Become Notorious

Black Hat conferences are notorious for the serious security limitations and vulnerabilities that they expose, from hacking enterprise security systems to smartphones, ATMs and even insulin pumps. But that is not where the notoriety ends; in reality, they are more like the Wild West than the normally tame, run-of-the-mill security conferences. Black Hat conferences highlight lax security practices by attendees, which hackers are keen to expose. They will try anything, including hacking Wi-Fi and other connections; breaking into devices, hotel rooms and ATMs and cracking credit cards. Those that are successfully hacked can be named and shamed on the “Wall of Sheep,” an electronic bulletin board on which the details of those who have been compromised are publicly displayed. Unless careful precautions are taken, no one is immune.

Take the Right Precautions

So how should attendees prepare themselves? The advice to stay at home will, of course, not sit well with many, but it really is the safest option. If you are bent on going, taking the right precautionary measures starts before you leave home is essential during the conference and continues after you get back.

Before you leave home, consider what you can afford to lose. If you must take any form of computer, take one that is stripped to the minimum; leave sensitive data elsewhere. If that is not possible, back everything up, install stringent security controls, encrypt sensitive data and make sure everything is patched. Go to your local ATM and get cash. Get as much as you could conceivably need, and then get a bit more. If previous conferences are anything to go by, the ATMs at the airport and the conference hotels will have been hacked and using credit cards at the event is probably asking for trouble.

At the conference, trust no one. If you must take devices with you, exercise extreme caution. Keep them with you at all times. Do not use free Wi-Fi connections — in fact, turn off Wi-Fi and Bluetooth on all devices. Stay away from the Internet altogether if you’re not using a VPN. Do not use public charging stations as these can, and probably will be, hacked. Leave anything with an electronic chip that can be intercepted locked in a hotel room safe, but remember that the supposedly secure hotel key cards have been hacked at previous conferences. And if you are given anything at the conference, such as a USB device, do not trust it — it is bound to be tainted. Convinced you should leave everything at home yet?

Don’t let down your guard when you get home again. Every device that you felt compelled to take with you needs attention. This is where having taken a stripped-down device comes in handy since this can now be wiped without fear of losing anything important — and wiping it clean really is the best option. If that’s not possible, then a full scan of the device should be performed. This may be something that will take many hours, but it is almost definitely worth it. If needed, devices can have clean disk images restored from backup security programs. Change the passwords on everything just to be sure. You didn’t take enough cash? Keep a careful eye on all bank accounts and statements in case you were targeted, and watch out for any emails or other messages related to the event — they may be trying to phish you.

Did I Forget to Mention Defcon?

Neither Black Hat nor Defcon are for the faint of heart. They are full of the modern gunslingers, albeit using more modern tools. Where once they were looking to steal your possessions and newly-found gold, sensitive data is the new gold and hackers want to get their hands on it. Be prepared and don’t let them. Trust no one, and don’t be the next publicly shamed sheep.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today