1.
Based on an EventTechBrief.com
Article by Michelle Bruno
Getting Hacked is a Nasty Business.
Events are in for a Rude Awakening.

2.
A conference was hacked. This time, hackers
managed to obtain personal details from attendees
of two conferences hosted by the Linux Australia
User Group. Michael Robinson, program director,
cyber forensics at Baltimore’s Stevenson University,
took a look at media reports of the incident to
describe what may have happened and provide
some advice on how event organizers can do a
better job of protecting their attendees from what
could be inevitable.
It happened again...

3.
Beware the Innocent E-mail...

4.
Organizers admit that hackers gained unauthorized
access to one of their servers, but Robinson says,
“It’s pretty unlikely that someone broke in from the
Internet and hit that server.”
A more plausible explanation is that an end user
connected to the network was duped into clicking
on a link from the Internet or an email. In doing so,
he inadvertently released malware that moved
laterally across the network to grant a hacker
access to the server that contained all of the
attendee data.

5.
An end user is anyone on a computer connected to
the network including a conference planner,
registration assistant, systems administrator, or
accountant. “If their computers are compromised,
it’s not that difficult to get access to the registration
data,” Robinson explains.
The vulnerability to which Linux Australia
succumbed was the fact that “it stored attendee
data from multiple conferences on one central
server, which means that when the server was
compromised, it affected all of the attendees from
all of its conferences for several years.”

6.
Hackers are Paid Professionals...

7.
Robinson surmises that the hackers of the Linux
Australia User Group knew what they were doing.
“The people who attend Linux Australia events are
[for example] systems administrators that work for
the Australian and New Zealand governments. They
have root-level access to sensitive information on
their computer systems and networks.” With
something as simple as an attendee email address,
hackers can launch phishing attacks on them in the
same way they likely attacked the conference.

8.
Taking a Server Offline Won't
Solve the Problem

9.
The remedies for these types of attacks aren't clear-
cut. Linux Australia reportedly decommissioned the
infected server, strengthened security on the new
one and installed a number of monitoring tools. In
addition, “websites for the conferences will in the
future be archived six months after a conference
concludes and then kept on a separate server and
deleted from [the event management software],"
organizers say. That may not be enough according
to Robinson.

10.
“Typically when a system gets infected, the help
desk will come along and take that one server
offline. However, if the hacker leapfrogged through
the network, taking a server offline doesn’t fix the
problem. The server is taken offline, but the bad guy
is still in the network. He can move laterally to the
new server and compromise that one as well,”
Robinson explains.

11.
Attackers are onto
Conferences as Targets
What happened to the Linux Australia User Group is only the
tip of the iceberg in terms of how conferences can be harmed
by hackers, hacktivists or the disgruntled. Robinson lists a
number of "bad" hacks of which organizers should be aware:
Hackers with the right skills can download registrant information
from a self-service registration kiosk onto a USB drive.
Wireless jammers can interrupt on-site networks including
audio-visual equipment.

12.
Attackers are onto
Conferences as Targets
Pineapple routers (costing about $150) can intercept data
transmissions from attendee devices.
An IMSI-catcher can intercept cell phone data and “spy” on
conference-goers.
Fake websites can be easily built to intercept registrant
information (including credit card numbers)
Social hacktivists can wreak havoc on an event with denials of
service attacks and other tactics.

13.
There are some Simple Fixes...

14.
Event organizers are not entirely defenseless. While
some organizers will work with cyber security
professionals to build in safeguards and monitoring
systems, there are simple precautions all event
hosts can take.
Robinson advises that organizers first communicate
to attendees the measures they have in place to
protect their information and advise them NOT to
use the same passwords for the conference that
they use for other work or their personal accounts.

15.
There are other measures that organizers can take
such as instructing IT to isolate and encrypt the
registrant database and training end users to avoid
clicking on links of any kind unless they are
absolutely sure of the source. “End users are the
biggest threat to network security,” Robinson says.
Also, security contractors and staff can learn how to
spot and disarm jamming and routing devices on
site.

16.
But Wait. There's More.

17.
Besides the obvious consequences
—embarrassment, loss of attendee confidence, and
a potential drop in future attendance—the Linux
Australia User Group and others before them have
had to endure a “baptism by fire,” Robinson says.
“Imagine trying to meet your goals to ‘do more with
less’ and then all of a sudden you get hit with
something like this? Your reputation is damaged,
you incur more costs, and your attendees could sue
you. Your day is going to get a whole lot worse.”
Michael Robinson is
at mrobinson4614@stevenson.edu.

18.
Read the full article
and subscribe to the
newsletter at
www.EventTechBrief.com
@EventTechBrief
Images used under a Creative Commons License via Flickr users:
Photosteve101; Al Ibrahim; James Lee; Hannaford;
OTA Photos; & Living in Monrovia