.: Attending a hacker conference

Saturday, July 19, 2008

Attending a hacker conference

Attending a hacker conference
Posted by Michael Horowitz Post a comment

* Share
* Email
* Print

If there was ever a place for Defensive Computing it's at a hacker conference. So today, while attending The Last HOPE conference a number of my previous postings came to mind.

First there was the list of available Wi-Fi networks (see below) at the conference which, at times, showed four computer-to-computer networks (using the Windows XP terminology). These networks, also known as ad-hoc networks, are not governed by a router. While they may be set up on purpose, they are more likely to be accidental creations on the part of non-technical computer users, or, a purposeful trap set by someone with ill intentions. I wrote about this back in May, see A Warning About Free Public Wi-Fi.

Everyone knows not to send anything sensitive, such as a password, over a wireless network. At a hacker convention, even a wired Ethernet connection to the outside world should be treated with caution. Not to pick on hackers, at any convention or at any hotel, a wired Ethernet connection deserves the same caution as a public wireless network. Back in January, I wrote that "Wired connections to the Internet in a hotel are not, by their very nature, more secure than wireless connections." See Ethernet connections in a hotel room are not secure.

What to do? Rent a personal VPN.

The classic use for a VPN is an employee of a company using it to make a secure, encrypted connection to the home office. But, someone without a corporation, can rent a VPN that offers a secure connection to the VPN provider. Once data gets to the VPN company, they dump it, unencrypted, on the Internet with everything else. The point being to encrypt everything coming into and out of your computer to protect it from any local bad guys.

The down side is speed. The speed test at Speakeasy.net showed that while I was connected to my VPN, the speed dropped by over half compared to using the Internet in an unprotected way.

The laptop I had with me was running the Online Armor firewall instead of ZoneAlarm and, as I noted a few days ago, I really missed not being able to see a log of intrusion attempts on my machine. At home, behind a router on my personal LAN, this isn't very interesting, but at a hacker conference, using a shared Wi-Fi network, it would have been fascinating to see who, if anyone, was knocking on my virtual door.
What to do? Rent a personal VPN.

The classic use for a VPN is an employee of a company using it to make a secure, encrypted connection to the home office. But, someone without a corporation, can rent a

No comments:

Post a Comment

Who Is the San Francisco Hacker?

By Damon Poeter, ChannelWeb
7:15 PM EDT Fri. Jul. 18, 2008

San Francisco Department of Technology employee Terry Childs was in a jail cell Friday, accused of illegally locking out fellow authorized network administrators from the city computer network he helped build. But as the case against Childs entered its sixth day, questions remained about his motivations for the alleged crimes, the extent of the damage he allegedly did and whether the San Francisco District Attorney's Office has the expertise necessary to prosecute such a high-profile cybercrime case.

Childs, 43, plead not guilty Thursday to four felony counts of computer network tampering and one count of causing losses in excess of $200,000 as a result of the alleged tampering. Arrested last Sunday and arraigned Tuesday, Childs' bail has been set at $5 million. He has a bail hearing scheduled for next Wednesday at 9am PT.

Those are the basic facts, but dig a bit deeper and the picture grows cloudy. Here are some questions raised in the course of ChannelWeb's investigation of the ongoing case:

How much damage was done to the City and County of San Francisco's FiberWAN network?

Childs stands accused of causing losses in excess of $200,000 and on Friday, a Department of Technology official said there were still "huge portions that Mr. Childs locked everyone out of."

But the official, Department of Technology deputy chief Ron Vinson, also insisted that "we have control over our FiberWAN network. ... We continue to work with our forensics team that we brought on to regain access, but we have maintained operability. We have not seen any downtime."

Childs will retain some benefits but will not collect a paycheck from the city while he awaits trial, having been placed on unpaid administrative leave, Vinson said.

"Technically, he's still an employee of the city," Vinson said, adding that the department had the green light to fill Childs' position in the interim. "When something like this happens, I'm authorized to backfill the position."

Vinson also said the department would accelerate its plans to increase security on the FiberWAN network. He said the procurement process for "a full analysis of the [network] architecture" would begin next week, with the goal of moving network security issues "from containment to long-term remediation."

Has Childs been willing to cooperate with investigators or not?

Media reports in the days since Childs' arrest say the Pittsburg, Calif. man has refused to divulge to authorities an administrative password he allegedly created to lock down San Francisco's main IT network. His attorney, Erin Crane, painted a different picture Thursday.

The attorney told reporters following Childs' plea hearing that her client had "been willing to hand over the passwords since Tuesday." She further described the case against her client as a "big misunderstanding," according to numerous reports.

Crane, a San Francisco Public Defenders Office conflict panel member, was appointed Thursday to defend Childs when the original public defender, Mark Jacobs, removed himself from the case, citing a conflict of interest because Jacobs is a county employee whose payroll records are part of the same network with which Childs is charged with tampering.

Vinson said Friday that if Childs had been willing to cooperate, that hadn't been relayed to the Department of Technology.

"Crane's quote was news to me. That Mr. Childs was ready to give up information since Tuesday, we'd never heard of such a thing. The only thing we've heard from pub defenders' office is that he loves kittens," Vinson said, referring to a quote attributed to Childs' former attorney Mark Jacobs.

Does San Francisco have the expertise and experience to prosecute this case?

San Francisco District Attorney Kamala Harris has called the case "unique" and on Friday, a spokesperson for her office reiterated that "the DA has said that this case is the first of its kind we've seen in her tenure."

The case against Childs will be prosecuted by Conrad Del Rosario of the DA's office's Special Prosecution Division, the spokesperson said. She wasn't able to verify Friday what the Special Prosecution Division's particular mandate was.

Local defense attorneys familiar with the case raised doubts about the ability of the DA's Office to prosecute the case without outside help.

"For one thing, I haven't heard of the San Francisco DA's office and their high-level cybercrime unit, so I suspect they're scrambling on this," said Ian Loveseth, a San Francisco criminal attorney and member of the Public Defenders panel. "They may have to go out of their house to get some expertise.

"This may be the reason why you've got the PR people on behalf of the city saying everything's under control and the DA's office talking about all the damages caused," Loveseth said.

Randi Sue Pollack, another local criminal attorney, has served as lead defense on a federal network hacking case. She said it's rare to see cybercrime prosecuted at the state level.

Why was Childs' bail set so high?

Setting bail at $5 million for Terry Childs certainly raised eyebrows. Crane, Childs' attorney, called the figure "ridiculously high."

But one source close to the case claimed that Childs had $11,000 in cash in his possession when he was arrested at his Pittsburg, Calif. home Sunday. The source, speaking to ChannelWeb on the condition of anonymity, speculated that possession of such an unusually large amount of cash helped prosecutors' argument that Childs was a flight risk.

San Francisco District Attorney's Office spokesperson Erica Derryck would not comment on a direct question about Childs' alleged possession of such a large amount of cash. She did say that part of the reason bail was set so high was out of concern that Childs might disappear.

"What I can say about the bail being set at the level it was set at is that there were questions about flight, as well as about the full extent to which the alleged behavior [Childs was charged with] might have caused continuing damage and whether there was an ongoing threat going forward," Derryck said.

So who is Terry Childs?

The man accused of hijacking San Francisco's main IT network has been depicted by sources in various news reports and blog posts as everything from a gentle, quiet fellow who's been the victim of a giant misunderstanding to a disgruntled loner bent on revenge.

Dana Hom, a former colleague of Childs' at San Francisco's Department of Technology, told reporters Thursday that Childs was "very gentle," "very low-key" and "extremely competent." Hom, who said he served as chief operations officer from 2000 to 2004 at the department, known then as the Department of Telecommunications and Information, said, "I don't believe it's in Terry's character to do such a thing."

On the flip side, Tricia Liebert, a TechRepublic blogger, wrote a post Wednesday that claimed, with no identified sourcing, that Childs had been stalking a co-worker in recent weeks.

Meanwhile, in ChannelWeb's own forums, readers were mixed in their reactions as the story has developed. For some, Childs is a sort of IT hero for his alleged exposure of a security flaw in a municipal computer network. For others, no methods should be off limits to authorities trying to get Childs to divulge the master password he allegedly created to lock other administrators out of the network.

So far neither Childs' own attorneys nor the investigators and prosecutors lined up against him have given any real insight into the man himself. But by pleading not guilty, Childs has opened up the possibility of a whole, long trial ahead of us for that.

.

Saturday, July 19, 2008