Phishing

If it looks like a phish…it may not always be

July 23, 2012

Roughly 7,500 attending this week's Black Hat conference in Las Vegas received a dodgy looking email on Sunday.

The message arrived from a non-Black Hat email address and included the subject line "Your admin password." The body went on to say: "This is a note from BlackHat 2012. You have requested a new password. Here are your details." The email left the username and password blank and included a link (which was dead) to sign in.

The note apparently didn't surprise many. Delegates --- and press -- have learned to tread very, very carefully during the week of Black Hat and DefCon, especially when making wireless connections to what is dubbed the world's most hostile network.

But what many figured was a poorly designed phish actually wasn't one at all. It turned out, a conference volunteer took advantage of functionality that allowed him or her to deliver the mass email. Why they did it, who knows.

Recognizing that a breach is no way to begin a hacker con that specializes in revealing security vulnerabilities while naming and shaming the offenders, Trey Ford, Black Hat's general manager, compiled a blog post to run damage control.

This morning, some idle hands browsed their way to a screen that looked like this:


We would provide a better screenshot, but that actually ends in sending an email. Call it a 'feature'. The link provided in the email is to an onsite host on our registration network.

We have reviewed the server logs, we know the user, host, and have spoken with the volunteer who has emailed each of you this morning.

So disaster averted, it appears. But just think: The fun that is Black Hat 2012 is only starting.

prestitial ad