digg

Facebook Connect Join Digg About

See the original image at physorg.com

Hackers hacked at infamous DefCon gathering

physorg.com — In the end, it was hackers at DefCon that got hacked. After three days of software cracking duels and hacking seminars, self-described computer ninjas at the infamous gathering in Las Vegas found out Sunday that their online activities were hijacked without them catching on.

Who dugg this? Made popular Aug 13, 2008

submitted by

inactive Aug 12, 2008

1340 diggs
digg

91 Comments

TacticalPenguin, on 08/13/2008, -4/+69When you go to defcon, you're supposed to EXPECT to get hacked. This is news?
inactive, on 08/12/2008, -2/+56This could be happening already, in fact this may not be digg that I am posting on.

Once the public loses trust in the internet all hell could break lose.

It took a few years for people to become comfortable with purchasing things online as well as tasks like banking.
Iluvator, on 08/12/2008, -6/+50Oh my god, they're going to steal our interwebs!
Alphabet, on 08/13/2008, -2/+36BUAHAHA, I HACKED ALL YOUR COMMAS AND PERIODS BITCH
compgeek, on 08/13/2008, -2/+32and this is why they have the wall of sheep. I attended last year's defcon, the number of people who ran unprotected and thus got hacked and had their login posted on the wall of sheep was staggering. at a hacker playground like defcon you learn to watch your ass talk to almost nobody about your security setup or any exploit you've found and to very quickly spy on the other users there to see what they are running so you can hack them later in the "olympiad" portion of the defcon which is basically a series of hacker games
doctechnical, on 08/13/2008, -2/+28The article was a little devoid of detail, so I did some more looking around, evidently this technique was something called "BGP Hijacking", details here:
http://en.wikipedia.org/wiki/IP_hijacking
rockmusicnerd, on 08/13/2008, -1/+27Wow this article is retarded. Noone "hacked" Defcon. That network is already called the worlds most hostile wireless network. That stuff goes on every year. The speakers were just making their point.

"Hackers also competed in making spy balloons that floated above the casinos. " Really? I was there, and I'm pretty sure someone made a balloon carrying a passive wifi scanner and scanned the strip for 400 wifi networks. Spy balloons? Come on.

Seriously. Do your research before you write an article. Buried as a piece of *****.
CobaltBlue, on 08/13/2008, -2/+22Impressive, but I managed to hack your caps lock key.
dweeb79, on 08/13/2008, -6/+24"One seminar included a way to remotely turn off pacemakers regulating people's heartbeats. "

That's just mean.
sexybobo, on 08/13/2008, -2/+19SO it is a man in the middle attack just like they do at every defcon? The wall of sheep is a defcon staple.
http://blogs.zdnet.com/Ou/?p=660
Z_Man, on 08/13/2008, -1/+17Wow. Talk about failure to promote. You've been posting this on every story today. AND YOU HAVE NO DIGGS. GET OVER IT.
nater0ss, on 08/13/2008, -1/+14He actually was, he used Crash Override... "Mess with the best... he die like the rest"... mmm maybe he got hacked too...
crashdvis, on 08/13/2008, -5/+17Pwned is a term also popular among those who last saw a real vagina when they came out of their mothers.
CycloneTH, on 08/13/2008, -0/+11I was there. Half of that article is *****. Of course there was network scanning, it's a ***** HACKER convention. Anyone dumb enough to use a login service at the con is going to end up on the Wall of Sheep. Even with tor on I didn't go to any sites that required me to log in while I was there. I even cleared all my cookies before I came.

Even with all that, I'm pretty sure one or two of my accounts got compromised. (I cleared my cookies the day before the con, and I was connected to their network for a few minutes before I had thought to do so.)

As for the warballooning, we never got a chance to do it, and there would have been only one balloon there, anyway.
colonelxc, on 08/13/2008, -0/+10Yeah... this isn't news. Anyone on the wall of sheep deserved it for using cleartext protocols at Defcon.
colonelxc, on 08/13/2008, -0/+9ya rly
megamod, on 08/13/2008, -0/+8This is pretty dumb. All the routers above RIP and OSPF that use BGP have their paths/neighbors manually set up. They're are basically directly connected to each other so there is no chance that they'll be hacked at that GRAND level.

But it's always been known that if you can advertise to a router that you have access to the whole internet for 0 weight all the traffic in the surrounding networks would go to you. OSPF has secuirty options though.
CobaltBlue, on 08/13/2008, -1/+9Sdubois92 didn't really post that message. I hacked his account and posted it for him.
TripcodeMel, on 08/13/2008, -0/+8"Which ones?" "ALL OF THEM."
Takuro, on 08/13/2008, -0/+7Eh I think I might understand it...

Here is my sad attempt to explain it in laymen's terms:

Basically, you take router #1, a hacked router, that says, "Hey, I can route traffic to an IP address of 192.128.64.32." Router #2, a legit router, would say, "I can route traffic to 192.128.xxx.xxx." If a packet of data was sent through the net destined for 192.128.64.32, all other routers would say, "Hey, we recommend you go to router #1. He is extra specialized for handling the type of request you're making. His list of known IPs has a listing that is much much more specific than that of any other router." Boom. The data packets will be sent to what is seen as the more direct route. Whereas router #2 can handle IP addresses within the requested range, router #1 pretends it knows the IP address to a much closer precision.
Anpheus, on 08/13/2008, -0/+7Private/public key encryption will allow you to authorize websites, and thankfully all the major browsers come with support, but not all sites implement it. For example, under Firefox I know this about Digg: "This web site does not supply identity information."
roryk27, on 08/13/2008, -0/+6I'm the goddamn batman
MateyO, on 08/13/2008, -0/+6Agreed. Heck, I even made the sheep wall (Damn you, twitter iPhone client damn you to hell for losing my 8 year old low-priority, throwaway account.)

and it was 370 access points... 1/3 unprotected (although I didn't hear if you could actually DO anything with those unprotected accesspoints. It's worthless if you don't get an IP/Route/DNS.)

What got me was how rabid they were with protecting the Defcon WiFi infrastructure. Bring up a wifi device with that SSID and you were instantly DDOS'd, and the MAC address was banned from the network. Sure, you can get around that, but it was pretty cool, just the same.
speedk0re, on 08/12/2008, -11/+16if zero kewl wasn't there this ***** wouldn't have happened... he would've uploaded the davinci virus
borez, on 08/13/2008, -0/+5What that 8 or 9 times I've read this comment, I've lost count.
sdubois92, on 08/13/2008, -2/+6is everyone on Digg going to post a comment trying to sound like they are a hacker?
YourSexyMama, on 08/13/2008, -0/+4going to?!?
JakeyG14, on 08/13/2008, -0/+4You're no batman.
placidified, on 08/13/2008, -3/+6Who stole my tubes ? And why is digg upside down ?
mmijatov, on 08/12/2008, -3/+6So what is the defense against this? Presumably it won't matter if your connection to the website in question is encrypted if the hackers have already intercepted the data being transmitted. Perhaps an RSA security token would do the trick? Even if they know your password and username, they won't know how to decrypt the security code which changes every minute.
MoreBeer, on 08/13/2008, -1/+4Of course, I could man-in-the-middle you to capture the RSA... take your one-time password (and PIN), hang up on you and make my own connection to the secure web server. Not that I would do that. Unless it's for really good porn. DefCon alum Kamisky released info earlier in the month, and Mike Zusman presented that he was able to procure SSL certs for legit domains from clueless vendors by saying the cert was 'for testing on my internal network'. Now about that really good porn?
JudgeMonkey, on 08/13/2008, -2/+5And awesome, when can I get a linux version. That crap on my eeePC and the retirement homes will be forced to do my bidding.

You may be expecting the elderly armies at your door right after this compiles.
newl, on 08/13/2008, -0/+3Two words describe this: Well duh!
misterjangles, on 08/13/2008, -0/+3With a non-ssl site I don't think there is any way to know - if your dns client thinks that you are on the right site, everything will just appear normal. With an SSL site, the hacker could generate a phony cert, but your browser should warn you about it. So the next time you are logging into your bank and get a warning about an invalid cert, you might want to get suspicious!
smotpoker, on 08/13/2008, -0/+3I would suspect the best defense would be just using encryption when/where available (as Anpheus suggested). Though it isn't foolproof, I would think any site that has the key/certificate stored on your system would be easily distinguished from an impostor site... this doesn't keep anyone from recording enough crypted connections to crack, though

The only other thing I know of would be using some sort of NIDS (such as snort) to monitor the network for malicious activity... my knowledge of wifi is limited but I'm pretty sure many MITM-type attacks would be detected and possibly even passive recording...
Gogara, on 08/13/2008, -1/+3http://dictionary.reference.com/browse/infamous
1. having an extremely bad reputation: an infamous city.

There are no qualifiers; it doesn't matter that the people who think poorly of hacking don't know the difference between the hat colors. If you walk up to someone on the street and describe the event, chances are 80% of people will respond condescendingly.
BobScratchit, on 08/13/2008, -6/+8At least they don't have to worry about their virginity being hacked.
borez, on 08/13/2008, -0/+2What's that... it's late.
samuraiswordsmn, on 08/13/2008, -0/+2The horrible terminology in this article made me cringe.
Nabukadnezar, on 08/14/2008, -0/+2these attacks are old stuff for certain Romanians hackers. we were poisoning bgp tables for all kind of purposes 7-8 years ago
http://bogus-software.com/
smackert, on 08/13/2008, -0/+2An explanation, how-to, and examples. http://web.mit.edu/net-security/Camp/2003/DBowie_I ...
Kebie, on 08/13/2008, -0/+2Pretty much the best security for attending Defcon is not bringing any sort of computer.
roryk27, on 08/13/2008, -0/+2you do know that that says orally right?
inactive, on 08/13/2008, -0/+2It was me. I went through 14 hackers around the world.
elfprince13, on 08/13/2008, -1/+3this happens every year. wall of shame much?
inactive, on 08/13/2008, -0/+2That's what she said.
jzp-digg, on 08/14/2008, -0/+1This fails for networks that properly manage their customer edges. There is NO reason as-path forgery should be allowed, and isn't on many networks. Focus on the as-path rather than thee hand-wringing of scaling problems with prefixes.

Don't buy from networks that have crap policies. Don't build networks with crap policies. Complain to networks with crap policies.
tech42er, on 08/13/2008, -0/+1Quantum encryption? ;)
Seth024, on 08/13/2008, -0/+1I hacked your incorrect spelling and grammar and I fixed it.
glitch47, on 08/13/2008, -0/+1@CycloneTH-- i hope you realize Tor is NOT secure. Some embassies had their logins hacked by sniffed tor exit nodes. Tor is anonymous but not secure.

More info by Bruce Schneier here:
Lesson From Tor Hack: Anonymity and Privacy Aren't the Same
http://www.schneier.com/essay-182.html
Show 51 - 92 of 92 discussions
Add a Comment

Login or register to comment!
Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.