Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

DEFCON, Hotel Sneek & Peeks, and The Law

with one comment

DEFCON 26 was last week and as usual there was some hacker drama. It is an inevitability that drama will rise out of the con because, well, hackers know drama! In fact, they cause a lot of drama and that is their thing as a community. So, this year’s drama is brought to you by two factors. The first factor is that the DEFCON community has a long history of being kinda unruly and causes mischief, and some of that mischief is illegal while other pranks just cause heartburn for the people and the venues that the conferences are held at. However, in a post Mandalay Bay mass shooting era, the pranks and the mischief may not be tolerated as well by the casino’s like Mandalay Bay or Caesar’s because they are on edge and the community of hacker snowflakes need to take that into account when they attend.

While the conference owners/operators try to combat and police their hackers, it is still not uncommon to find attendee’s doing things that might damage the systems of the casino (like mess with WIFI using deauth) or to mess with the artwork (e.g. put googly eyes on all the statues and artwork in Caesars) So it is understandable why, as some have said this year, that “Caesar’s hates us” In fact, when you have a convention like DEFCON in Vegas and the whole town is being told not to use ATM’s, you phone, your blue tooth, your wireless, or anything electronic while the con is there, you pretty much have a bad reputation that YOU are in fact reinforcing right?

Just sayin…

Anyway, this last DEFCON we had a new wrinkle post the mass shooting at Mandalay as I alluded to last year. It seems that since the shooting the hotels have decided that they can “sneak & peek” any room they feel they need to in case the occupant might be planning something like this incident. Now you have a zillion hackers known for odd if not bad activities in the properties and a conference on hacking where shenanigans go on all the time and add this new rule and you get wailing and gnashing of teeth. It seems that the hotel had been just opening doors and walking in on guests there for DEFCON as well as going into their rooms while they were out and pawing through their things. In some cases it was said that the hotel security people had taken things like lock picks from the rooms, confiscated, because REASONS! People took to Twitter and complained saying that this was illegal and made things more dangerous for women (some had been walked in on and at least one may have been walked in on by someone not in security) and this was illegal search and seizure! The Fourth Amendment was being violated and this was targeting poor hackers!

WE ARE BEING PROFILED!

ERMEGERD!

Well, yes you security snowflake you were being profiled because look at your collective history! Honestly people, you have a bad reputation with the hotels and you expect anything else? At best we are tolerated for the money kids, we are not a beloved institution that is welcomed to Vegas, you need to wake up. While I personally think it is pretty shitty that these security folks were walking on on people with no knock in some cases, it is also my opinion that it is not illegal and that the Fourth Amendment is not being violated here because they are not doing so at the behest of the government or agents thereof, i.e. cops. I had an interesting exchange with a lawyer I know on Twitter about this and the salient point he gives is that you are not really given Fourth Amendment privileges here and that the contract you sign when you rent the space allows for these actions. What’s even more salient is that it is likely in the small print you are signing off to!

 

 

 

 

The gist here is as I said, you cannot rely on the Fourth Amendment here and that they have the legal right to do what they did. It’s sucky, but it is the law and you have to abide by it or not stay in their casino. Now, given what happened last year with the mass shooting, and that the Mandalay Bay is in fact suing the victims of the attack as a pre-emptive strike on law suits against them for allowing this to happen, you kinda see what the situation is right? The casino’s are covering their asses and using the law to do so. In a case where you, the snowflake hacker who wants to act all furtive and hide shit all week denying access to the room “because reasons” does not exactly engender the right tone to make the Casino think you are just a snuggy bear and not going to potentially do something like a mass shooting right? Think about it, how many of you all went out there and put the DND sign all week? If you were in the hotel security shoes and have to profile your guests now because of a mass shooting terrorist incident how would it look to you as a security professional?

Hotels are soft targets and as that goes they have to tread the line between security and ease of access and fun. In the case of attacks like that which was carried out at Mandalay Bay, you have to realize that the “Soft Targets” are the hardest to secure from a security perspective. Fuck, come on you guys YOU ARE SUPPOSED TO BE SECURITY PROFESSIONALS RIGHT? You should get this if anyone ever could! Yes, it is shitty for them to just be walking in on people but once again, they have the right to do so just as you have the right to not stay at their brand anymore. However, what if you denied them access by adding your own layer of security to stop them from at least walking in on you?

Say you are at the hotel and you know they can do this, or in fact anyone else with a modicum of technological know how, ya know, like HACKERS, who can pick locks and bypass PROX CARDS! What do you do in a situation like that to protect yourselves? Well, you could start by getting a simple door stop or a door stop with an alarm right? For all the women who were walking in on and scared, this technology might have made some difference in the threat right? It would have stopped the door from being opened and given you warning that something was happening. These tools would give you the ability to enhance your personal security AND allow you to call the front desk in the knowledge that unless they have a battering ram they are not going to get into the room quickly and you can make the call.

It’s my suggestion you spend the money and use them…

For a bunch of people who claim to be security professionals including and up to physical security you all seem kinda snow-flake like to me of late. Either don’t use their hotels anymore or assess the situation and adjust accordingly. For fucks sake people! I have said it before and I will repeat myself now, you are now targets of not only hotel searches because you seem scary but also because YOU ARE TARGETS OF NATION STATES BECAUSE YOU ARE AN ASSET!! How long till you finally figure this out? Hotel sneak and peeks by nation state actors including our own are NOTHING NEW! It’s just that now you are the targets as well because you now work in a space where you can and will be targeted.

Wake up.

K.

 

UPDATE: Dave Cochran makes a reasonable point about the dickishness level of the no knock on the people involved here. Yes, it is dickish, but, it is still not against the law per the cited text here. So, yeah, you don’t like it you can go elsewhere or you can try to get the hotels to not be dicks about it.

See what works.

Written by Krypt3ia

2018/08/14 at 14:13

Posted in DEFCON

One Response

Subscribe to comments with RSS.

  1. You have to wonder what circumstances would stop this, or at least get them to knock first. Is it that they walked in on a naked person who sues them without knocking? Is it some high profile type that has this done to them. I am completely with you and what you are saying but I am also not so green that I don’t realize that if the wrong public figure or powerful person were walked in on, this would end in a heartbeat. Can you imagine some female actress, singer or high profile corporate person were walking out of the shower and found a security guard starting at them or going through their belongings? It would end right there, there would be horrible publicity (sadly worse than what they’re doing preemptively suing shooting victims) and then there would be law suits and tons of news. I get it, but if they think that because the hackers deserve it they’ll observe no related fall out, that’s full asshattery.

    brooke

    2018/08/14 at 18:26


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: