DefCon, Black Hat bring extra cybersecurity concerns to Las Vegas
Kwame Joyner, a barman on the Strip, knows to turn off his Wi-Fi this week and be careful surfing the internet.
Like many others on the Strip, he knows plenty of hackers and cybersecurity specialists are in town. They may want to test their skills on local networks.
“It is amazing to me that we have enough of a reputation now that people here know to turn things off,’’ said Brad, who was wearing black shoes, socks, shorts and T-shirt topped with a cowboy hat. Brad, like many information technology gurus attending the DefCon conference, declined to give his last name for security reasons.
Now in its 25th year, DefCon attracts as many as 25,000 people with the skills to hack into computers, phones and other gadgets connected to the internet. The show has grown in size over the years as IT security has become a mainstream issue. The conference, which began Thursday and runs through Sunday, is being held for the first time at Caesars Palace to accommodate the bigger crowd.
DefCon comes on the heels of Black Hat, a conference and trade show for cybersecurity professionals. The six-day Black Hat show, which attracted more than 15,000 people, ended Thursday at Mandalay Bay.
While the conferences are a lucrative business for both Mandalay Bay and Caesars, filling up hotel rooms and restaurants during what is traditionally a slow period for the convention and meeting industry, they do require extra security precautions.
“All of Vegas prepares. There are memos that go out to the IT teams to let them know who is in town,’’ said Melanie Ensign, a spokeswoman for DefCon. “We have seen more outreach to smaller businesses to be aware.”
Hotel cybersecurity
“We do take steps to monitor our systems during this prestigious gathering. As the host venue, we can be a tempting target for some mischief,’’ said Gordon Absher, a spokesman for MGM Resorts International, the parent company of Mandalay Bay. “We use this as an opportunity to remind our employees of the importance of protecting our computers and systems from unauthorized use.’’
“Just as we do year-round, we ask our employees to follow our ‘see something, say something’ protocol and alert security and their managers of any suspicious activity,’’ said Jennifer Forkish, vice president of corporate communications for Caesars Entertainment Corp.
Employees at both hotels said they were warned by managers to be cautious when using their smartphones at work to browse the internet. The UPS center at Caesars warned potential customers this week that it will only accept email attachments. No requests to print material on a USB flash drive or email link will be accepted.
All Black Hat and DefCon attendees interviewed, including exhibitors, said they were taking precautions to keep their personal information safe. All said they turned off their Wi-Fi and Bluetooth connections. Some said they are putting their phone into airplane mode while at the conferences and using virtual private networks to access the internet. Yet others are using so-called burner phones that they will discard once the conference is over.
Other attendees said they preferred to stay at hotels not hosting the conventions. Many, especially those attending DefCon, were concerned about using their credit cards and withdrawing money from ATMs at the convention. Hewlett Packard, an exhibitor at Black Hat, gave away holders that prevent people from reading the data on your credit card.
“I would be hesitant to use any ATMs at DefCon,’’ said David Venable, a cybersecurity specialist who attended Black Hat and is attending DefCon.
Cash only
“The big thing for me is cash only. You don’t want to swipe a card,’’ said Glenn, 23, who is attending his first DefCon. He said he is putting his phone in airplane mode while at the conference.
DefCon is an unusual conference in many respects. It is run by volunteers and has no corporate sponsorship. Aside from the speakers, organizers don’t know who is actually attending. This is not an error on their part; it is their policy.
There is no online registration requiring attendees to fill our their names, addresses and work places. They pay $260 in cash at the entrance and receive a generic badge. No ID is required.
Credit cards are not accepted, because they are a form of identity. Many attendees just give an alias, like Newgnu, a man with a goatee and dressed in all black with a white styrofoam hat.
Press are not allowed to photograph in the hallways and are required to ask anyone for permission to photograph them. Some attendees are from government agencies like the FBI, CIA and National Security Agency and want to remain incognito.
“Most of the time, these government people don’t want to be recognized. It could put their purpose at risk,’’ said Ensign.
DefCon creates two networks for their conference attendees to use, one open and one that requires a login and password. The open one is for attendees to practice their hacking skills. DefCon asks attendees not to interfere with the hotel’s free Wi-Fi for guests, said Ensign.
“We are all here because we are learning to protect people such as those that come here as tourists,’’ she said.
Chris, a data security IT analyst attending DefCon, agreed with Ensign.
“We can do things, but most of us have a set of morals that we generally stick by.’’ Neither Chris nor any other DefCon or Black Hat attendee interviewed had heard of any hacks this week.
Brad, who has been attending DefCon for more than a decade, said the conference has “matured’’ over the years and people don’t commit hacks at the hotels or around town like they used to.
“We are boxing with the gloves on, not off,’’ he said.
Las Vegas may have even benefited from their pranks over the years, Brad said.
“Vegas is a lot more secure because of the things we have done. They had to grow up with us.”
Contact Todd Prince at tprince@reviewjournal.com or 702-383-0386. Follow @toddprincetv on Twitter.
