The alleged attackers -- identified as Mauro Israel, Mark Brami and Dominique Jouniot -- from Global Security Magazine, were immediately kicked out of the show and have received a lifetime ban from the annual conference, a Black Hat spokeswoman told SCMagazineUS.com. The magazine was a media sponsor of the conference.
Mark Opsahl, senior staff attorney at the Electronic Frontier Foundation (EFF), an online watchdog, said during an impromptu press conference that the three men may have violated Nevada law that prohibits intercepting such data without both parties consenting.
The journalists were caught after being spotted leaving the press room and going to the Wall of Sheep, a new attraction at Black Hat and a long-standing tradition at sister conference Defcon. The project publicly posts the usernames and partially obscured passwords of attendees whose wireless connections are insecure.
But in the case of the press room incident, the reporters "sniffed" traffic over a wired network that was assumed safe from Wall of Sheep shame. An SC Magazine editor, who was sitting next to Israel, said at one point that Israel turned to him and said: "Do you like my sniffer?"
At least one victim, staff writer Brian Prince of eWeek, confirmed that his credentials were swiped after another reporter took a picture of the "hack" screen shot on one of the French reporter's computers.
Prince's details for logging into eWeek's content management system were lifted, the Black Hat spokeswoman said. Prince said his laptop has virtual private network capabilities, but he didn't use it because he had "an assumption of security."
"I feel like my privacy was violated," he said. "I assumed I was secure."
Another victim is believed to be a reporter from CNET News. Her company's website was apparently pilfered, but the username and password showed on the screen shot were wrong, she said.
Members of the Wall of Sheep denied the French reporters' requests to have the credentials posted on the Wall of Sheep, the Black Hat spokeswoman said.
She said the three men told her that they were sniffing for traffic sent in clear text to warn media members of the dangers of insecure connections.
"It's important to have press be able to come here and communicate securely with their home offices," EFF's Opsahi said. "It's just not good manners to try to crack into the press network here."
He said the same measure of protection is not extended to attendees using insecure wireless connections, as there are numerous signs posted throughout the event warning users of the hostile network. But the press room network is not viewed in such a way, and the law would likely agree.
"It's designed to be a safe harbor within a fairly stormy sea," Opsahl said.
Prince said he has changed his login details, but does not plan to pursue any charges.
The three men could not be immediately reached for comment.