I recently attended the 2015 version of Black Hat at Mandalay Bay in Las Vegas. Black Hat is an annual conference dedicated to cyber and data security. It’s actually an international conference, with stops in Europe and the USA. The conference is always entertaining and most of the briefings are way over my head just based on the titles alone.
There are seven unwritten rules for Black Hat attendees. I’ve attended six Black Hat conferences so far and I’ve only seen this list posted a couple of times, but I think it applies every year — at least I’m going to do my best to stick to these every year.
The 7 unwritten rules for Black Hat attendees:
- Wireless: Stay away from all Wi-Fi and turn off your Bluetooth; hacks are happening
- Encryption: Try to encrypt any information you must send. Use a VPN; people are watching.
- Don’t put it down: Any device left alone is an invitation not just for theft but infection, etc.
- Don’t accept gifts: Someone friendly handing you a USB drive may be hoping to own your info.
- Anything can be hacked: ATMs, room keys, RFID cards, anything, so, be vigilant at all times.
- Try to fit in: If you’re just another person wearing jeans and a T-shirt, well, that helps w/above.
- Don’t be a sheep: The Black Hat “Wall of Sheep” lists all those who get hacked; yes, publicly! (see bullet No.1)
Of all the tech conferences I attend each year – a list which usually also includes Interop, CES, CTIA Super Mobility, Amazon Web Services, VM World and the Techwell conferences (Agile Development West, DevOps West, and Better Software West) – I think Black Hat is my favorite. And even though it’s comprised of 10,000 hacker geeks, it definitely has a cool factor. Plus one of my new favorite shows is CSI: Cyber. Yes, most attendees either looked like Phil from Modern Family or Vladimir Putin. I feel like I may have been one of the cooler looking guys there, but then again I was also felt like one of the tallest guys in South Korea for a week one year.
Recent developments in the automotive industry made this one especially interesting for me as I was fascinated by how a car could be hacked and controlled from a distance and driven into a ditch – oh and made to play Kanye West REALLY loud. That was one of the briefings I attended: “Remote Exploitation of an Unaltered Passenger Vehicle” presented by Charlie Miller and Chris Valasek.
This presentation was the culmination of a year’s worth of work on their part to take control of the computer system on a 2014 Jeep Cherokee and send it CAN messages to get it to do things like speed up, steer without driver input, override the anticollision mechanism, and yes…drive into a ditch with a nervous reporter inside. At Black Hat 2014, they had already taken control of the vehicle’s stereo system, but now they wanted to accomplish the big boy stuff and they did…a very enjoyable presentation – and these guys are polished presenters. I look forward to seeing what they’ve accomplished by Black Hat 2016. By the way, in case you didn’t hear about it, their work directly resulted in Chrysler’s recall of 1.4 million vehicles. Not bad.
Cybersecurity matters and most of us aren’t paying enough attention out there in the business world. The briefings at Black Hat are real eye openers to how vulnerable our systems and the technical customers we develop for really are and why digital/cybersecurity really matters.