July 18, 2014 By Fran Howarth 3 min read

“The fearful stayed home,” many say about the Wild West. Lawlessness was common. In old Western movies, heroes were distinguished by their white hats; the bad guys wore black hats. Today, use of the black hat term has morphed. The bad guys don’t necessarily carry guns or ride horses, but they do have other tools at their disposal that they use for ill effect. The term now refers to hackers — those who are adept at breaking into computer systems and networks with malicious intent, often looking to steal valuable information for their own personal gain or to cause other damage.

Black Hat conferences began in 1997 as computer security events offering highly technical briefings and training sessions for and by hackers, consultants and security professionals from the private and public sectors. There are now spinoff conferences around the world attended by thousands.

Black Hat Has Become Notorious

Black Hat conferences are notorious for the serious security limitations and vulnerabilities that they expose, from hacking enterprise security systems to smartphones, ATMs and even insulin pumps. But that is not where the notoriety ends; in reality, they are more like the Wild West than the normally tame, run-of-the-mill security conferences. Black Hat conferences highlight lax security practices by attendees, which hackers are keen to expose. They will try anything, including hacking Wi-Fi and other connections; breaking into devices, hotel rooms and ATMs and cracking credit cards. Those that are successfully hacked can be named and shamed on the “Wall of Sheep,” an electronic bulletin board on which the details of those who have been compromised are publicly displayed. Unless careful precautions are taken, no one is immune.

Take the Right Precautions

So how should attendees prepare themselves? The advice to stay at home will, of course, not sit well with many, but it really is the safest option. If you are bent on going, taking the right precautionary measures starts before you leave home is essential during the conference and continues after you get back.

Before you leave home, consider what you can afford to lose. If you must take any form of computer, take one that is stripped to the minimum; leave sensitive data elsewhere. If that is not possible, back everything up, install stringent security controls, encrypt sensitive data and make sure everything is patched. Go to your local ATM and get cash. Get as much as you could conceivably need, and then get a bit more. If previous conferences are anything to go by, the ATMs at the airport and the conference hotels will have been hacked and using credit cards at the event is probably asking for trouble.

At the conference, trust no one. If you must take devices with you, exercise extreme caution. Keep them with you at all times. Do not use free Wi-Fi connections — in fact, turn off Wi-Fi and Bluetooth on all devices. Stay away from the Internet altogether if you’re not using a VPN. Do not use public charging stations as these can, and probably will be, hacked. Leave anything with an electronic chip that can be intercepted locked in a hotel room safe, but remember that the supposedly secure hotel key cards have been hacked at previous conferences. And if you are given anything at the conference, such as a USB device, do not trust it — it is bound to be tainted. Convinced you should leave everything at home yet?

Don’t let down your guard when you get home again. Every device that you felt compelled to take with you needs attention. This is where having taken a stripped-down device comes in handy since this can now be wiped without fear of losing anything important — and wiping it clean really is the best option. If that’s not possible, then a full scan of the device should be performed. This may be something that will take many hours, but it is almost definitely worth it. If needed, devices can have clean disk images restored from backup security programs. Change the passwords on everything just to be sure. You didn’t take enough cash? Keep a careful eye on all bank accounts and statements in case you were targeted, and watch out for any emails or other messages related to the event — they may be trying to phish you.

Did I Forget to Mention Defcon?

Neither Black Hat nor Defcon are for the faint of heart. They are full of the modern gunslingers, albeit using more modern tools. Where once they were looking to steal your possessions and newly-found gold, sensitive data is the new gold and hackers want to get their hands on it. Be prepared and don’t let them. Trust no one, and don’t be the next publicly shamed sheep.

More from

The rising threat of cyberattacks in the restaurant industry

2 min read - The restaurant industry has been hit with a rising number of cyberattacks in the last two years, with major fast-food chains as the primary targets. Here’s a summary of the kinds of attacks to strike this industry and what happened afterward. Data breaches have been a significant issue, with several large restaurant chains experiencing incidents that compromised the sensitive information of both employees and customers. In one notable case, a breach affected 183,000 people, exposing names, Social Security numbers, driver's…

What can businesses learn from the rise of cyber espionage?

4 min read - It’s not just government organizations that need to worry about cyber espionage campaigns — the entire business world is also a target.Multipolarity has been a defining trend in geopolitics in recent years. Rivalries between the world’s great powers continue to test the limits of globalism, resulting in growing disruption to international supply chains and economics. Global political risk has reached its highest level in decades, and even though corporate attention to geopolitics has dropped since peaking in 2022, the impact…

How I got started: AI security executive

3 min read - Artificial intelligence and machine learning are becoming increasingly crucial to cybersecurity systems. Organizations need professionals with a strong background that mixes AI/ML knowledge with cybersecurity skills, bringing on board people like Nicole Carignan, Vice President of Strategic Cyber AI at Darktrace, who has a unique blend of technical and soft skills. Carignan was originally a dance major but was also working for NASA as a hardware IT engineer, which forged her path into AI and cybersecurity.Where did you go to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today