Secure-travel advice for Black Hat... and your local Starbucks
Connecting state and local government leaders
The annual Black Hat USA security conference is not exactly hostile, but you’ll run into a lot of people who pride themselves on their hacking skills.
The annual Black Hat USA conference being held in Las Vegas July 27-Aug. 1 is not exactly a hostile environment, but if you go, you will be with a lot of people eager to demonstrate their hacking skills on the less witting among them. The opening ceremonies typically include a reminder that although Wi-Fi connections are provided, attendees are responsible for their own security when connecting.
So if you are representing your agency at the conference, don’t neglect the basics for secure use of your laptop, tablet or any other Internet-enabled device you take with you.
Black Hat is not as rough a neighborhood as its older sibling, DEF CON, where “Spot the Fed” has been a popular game for 20 years. This year feds have been advised to sit out DEF CON (Aug. 1-4) in the wake of the Edward Snowden revelations that have increased some anti-government feelings. But government is always a juicy target for people interested in establishing their hacker creds.
Not that attacks at Black Hat single out government. “What I’ve found is that it’s more of a passive scanning,” said Jeff Debrosse, director of advanced research projects for Websense Security Labs. “It’s not targeted, it’s targets of opportunity.”
The crowd attending Black Hat is varied, Debrosse said. “I don’t run into really dangerous people there; I run into serious people with varying degrees of expertise and skill,” from script kiddies to those who set up their own femtocells to capture cellular traffic. That means you can’t assume that any connection is secure. Even when plugging in in your hotel room, it’s probable that the hotel is using a wireless bridge at some point that could expose you.
“Leverage VPNs,” Debrosse advised those working at the conference. “I’m always about encryption, encryption, encryption.”
Debrosse offered some common-sense tips for protecting yourself at Black Hat. And even if you’re not going, they also apply to just about any out-of-office experience you might have. They include:
- Make sure your devices are fully patched and antivirus software is updated.
- Delete cookies and clear your browser history and cache to limit residual information about your habits.
- Encrypt sensitive files or — better yet — go with full-disk encryption.
- Do as little on the road as possible. Back up your devices before leaving and while on site, save work to the cloud or a removable drive, then revert to the back-up state when you return.
- Turn off Bluetooth and Wi-Fi and any applications that use them whenever you can.
- Don’t charge devices at public ports, which can give outsiders access to them.
- Don’t take candy (or USB drives) from strangers.
- Leave any Radio Frequency ID devices such as badges, passports or cards in your room.
- Use wired connections when available and be careful when connecting wirelessly. Wi-Fi pineapples — rogue hotspots that indiscriminately identify themselves as any network your device is looking for — can deliver you into the enemy’s hands.
- Avoid sending sensitive data while on site, use your VPN at all times and when roaming use a high-speed cellular connection if possible. It’s not perfect, but can be safer than Wi-Fi.
In general, be careful about anything you do online, and do as little of it as possible. If you stay safe at Black Hat, you probably will be in good shape almost anywhere you go.
Personally, I favor a ballpoint pen and a notebook (paper) when traveling. They are easy to get through airport security, difficult to hack, and my handwriting is a match for any encryption.