Incident Response, TDR, Vulnerability Management

Black Hat topics include hacking parking meters, social networks

On the agenda this year at the 2009 Black Hat conference are topics ranging from the psychology of social networking to hacking parking meters.

Eager attendees got a taste of what's to come at the conference, to be held July 25 to 30 in Las Vegas, during a webcast Thursday in which selected speakers gave a preview of their talks.

In a talk called, “Psychotronica: Exposure, Control, and Deceit” researcher Nitesh Dhanjani, senior manager and leader of application security services at Ernst & Young, plans to discuss how the information users post in their social networking profiles can aid in law enforcement investigations.

In his preview talk, Dhanjani discussed how it is possible for law enforcement to determine, with a great deal of accuracy, if someone committed a crime by analyzing the information they post online.

Dhanjani discussed how an individual involved in the business of selling stolen credit card numbers online accidentally  give himself away. This individual used one handle on the various criminal message boards he participated in and a different handle for his non-criminal life. But one time, he slipped up and made the mistake of posting his criminal message board email address to a dating site in which he enrolled, effectively revealing his double life, Dhanjani said.

“The more information we put out there, the more difficult it is to lie,” Dhanjani said.

He added that this same social-networking data could help an attacker crack a user's password, for example.

Meanwhile, in “‘Smart' Parking Meter Implementations, Globalism, and You,” Joe Grand, a hardware hacker who is president of research-and-development firm Grand Idea Studio, plans to show how to break into parking meters.

People typically park their car, put money in the meter, and walk away – without ever thinking about the potential financial risks or social implications if there was a security breach against the parking meter, Grand said.

Many cities are beginning to implement “smart systems,” enabling parking meters to connect to internet networks, store credit card information and audit logs. For instance, in 2003, San Francisco replaced approximately 23,000 mechanical parking meters with electronic units that generate an estimated $30 million annually in fare collection revenue, Grand said. Cities such as Atlanta, Boston, Chicago, Los Angeles, New York, Philadelphia, and San Diego, all are considering this technology, he added.

“The more embedded, electronic and networked they become, the more problems we are going to see,” Grand said.

He said attacks against these new electronic parking meters can include changing date and time, causing a denial of service, retrieving or modifying audit logs, or tampering with the funds or information stored in the machine.

Grand will present at Black Hat with Jacob Appelbaum, a software hacker and developer for the Tor Project, a free system that enables users to communicate anonymously on the internet, and Chris Tarnovsky, who runs Flylogic Engineering, a company that analyzes secure chips.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.