Tales from the Black Hat NOC: Data in the Clear

Aug 01, 2016 | by Dave Glover

I started my day by reading an article about how to stay safe during Black Hat and DEF CON. There were suggestions like - don't bring a laptop, not to bring your smartphone, to leave your wallet at home, and only carry cash. Why would such recommendations be made? Black Hat and DEF CON attract security professionals, as well as hackers. Because of this audience - any and possibly all electronic devices are subject to possible being eavesdropped on, hacked or pwnd.

As I sit here in the Network Operations Center, pouring over the data that is being captured by the RSA NetWitness Suite, I am amazed at what I see.

At a conference where folks should be concerned over "digital eavesdropping," I see no evidence of concern. People are going about their day checking their Match Profiles looking for "The One", visiting their Ok Cupid messages to see if they received a response to the note they left, retrieving their email via POP3, or chatting over IRC.

The reason this is interesting to me is that we are at one of the biggest security conferences, and all of this data is being transmitted in the clear without a second thought. Everything that you are reading, viewing and transmitting is in the clear. How do I know? Using the RSA Netwitness Suite, collecting a combination of logs and full packet capture, everything that you do is available for curious eyes to peruse. That email that you send to your cousin about the vacation plans? All of it is available to anyone with a network sniffer. The picture from last night that you posted on Match? That's available as well.

The leads me to my recommendation: be smart. When possible, use encrypted protocols such as HTTPS, or when setting up POP3 mail -try to configure it for SSL. All of the data that you transmit in the clear is available to anyone who can capture and view network packets. These include tools such as RSA Netwitness Suite and Wireshark as well as others.

Try to stay safe while here at the conference, and when you go back to your homes. Remember - eyes are watching always.

Author: Dave Glover

Category: Research and Innovation, RSA Point of View

Keywords: Black Hat, Black Hat 2016, Black Hat NOC, NetWitness, RSA, RSA Netwitness