Black Hat expels reporters in network snooping

Journalists for French magazine thrown out of the security conference and permanently banned for allegedly sniffing network passwords of their fellow journalists.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
3 min read
Kurt Opsahl, left, a senior staff attorney at the Electronic Frontier Foundation, discusses the ejection of the three French journalists over networking snooping allegations. Declan McCullagh/CNET News

Robert Vamosi of CNET News co-wrote this story.

Updated 10:30 p.m. with comment from Brami.

LAS VEGAS--Three journalists for a French security magazine were kicked out of the Black Hat security conference after they allegedly sniffed the press room computer network on Thursday.

The journalists work for Global Security Mag, which was a media sponsor of the event. Two of the men, Dominique Jouniot and Mauro Israel, could not be reached for comment.

The third, Marc Brami, director of the magazine, told CNET News later that he blamed Israel for the incident, which Brami described as "a joke." Brami said Israel is a security expert who occasionally blogs and likes to sniff networks as a prank. Brami said he did not know what Israel was up to until it was too late.

"It was a big mistake," Brami said via telephone. "(Israel) said it was a joke and that he didn't think it was important."

Organizers required the men to leave the conference, confiscated their badges, and barred them from Defcon, a sister security conference that runs over the weekend, and from all future events, a Black Hat representative said.

Asked to comment on his ban from the events over the incident, Brami said: "It's not good for my magazine, but also it is not so good for Black Hat...maybe they lost a good supporter. For us, it was like a joke."

The reporters' badges sit on a chair after they were confiscated. Declan McCullagh/CNET News

The men were seen huddled over a table in the two press rooms for much of the day and took their computer to the Wall of Sheep (a project that monitors wireless network activity), asking them to display the alleged usernames and passwords of journalists.

The Wall of Sheep organizers refused to do that, saying that they do not monitor the traffic of the press room. A reporter from TG Daily was standing nearby, took a photo of the screenshot, and wrote a short article about it.

CNET News was listed as one of the alleged victims, but the username and password displayed were inaccurate. A journalist from eWeek, on the other hand, confirmed that the username and password he used had been exposed.

Asked why they allegedly sniffed the press room network and attempted to embarrass other journalists, the French journalists said they wanted to educate the public about the privacy dangers with using public Internet connections, the Black Hat representative said. They cited journalists working in China covering the Olympics, she added.

A security expert who works for Black Hat speculated that the men may have re-routed a protocol in the network switch and redirected the traffic through their machine in a classic man-in-the-middle attack.

Unlike the Wi-Fi network that the Wall of Sheep is monitoring, the closed, local area network the press room uses is considered a safe zone at the event, said Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation.

While he couldn't comment on the legalities of the situation without knowing the specifics, Opsahl said it sounded like it could have been a violation of the federal wiretap statute.

"As a general rule, capturing the content of communications without the consent of any of the parties is illegal," he said.

"It's important to have press come here and be able to communicate securely with their home offices," Opsahl added. "It's just not good manners to try and crack into the press network."

Click here for full coverage of Black Hat 2008.