Based on an EventTechBrief.com Article by Michelle Bruno

Getting Hacked is a Nasty Business.Events are in for a Rude Awakening.

A conference was hacked. This time, hackersmanaged to obtain personal details from attendeesof two conferences hosted by the Linux AustraliaUser Group. Michael Robinson, program director,cyber forensics at Baltimore’s Stevenson University,took a look at media reports of the incident todescribe what may have happened and providesome advice on how event organizers can do abetter job of protecting their attendees from whatcould be inevitable.

It happened again...

Beware the Innocent E-mail...

Organizers admit that hackers gained unauthorizedaccess to one of their servers, but Robinson says,“It’s pretty unlikely that someone broke in from theInternet and hit that server.” A more plausible explanation is that an end userconnected to the network was duped into clickingon a link from the Internet or an email. In doing so,he inadvertently released malware that movedlaterally across the network to grant a hackeraccess to the server that contained all of theattendee data.

An end user is anyone on a computer connected tothe network including a conference planner,registration assistant, systems administrator, oraccountant. “If their computers are compromised,it’s not that difficult to get access to the registrationdata,” Robinson explains. 

The vulnerability to which Linux Australiasuccumbed was the fact that “it stored attendeedata from multiple conferences on one centralserver, which means that when the server wascompromised, it affected all of the attendees fromall of its conferences for several years.”

Hackers are Paid Professionals...

Robinson surmises that the hackers of the LinuxAustralia User Group knew what they were doing.“The people who attend Linux Australia events are[for example] systems administrators that work forthe Australian and New Zealand governments. Theyhave root-level access to sensitive information ontheir computer systems and networks.” Withsomething as simple as an attendee email address,hackers can launch phishing attacks on them in thesame way they likely attacked the conference.

Taking a Server Offline Won't Solve the Problem

The remedies for these types of attacks aren't clear-cut. Linux Australia reportedly decommissioned theinfected server, strengthened security on the newone and installed a number of monitoring tools. Inaddition, “websites for the conferences will in thefuture be archived six months after a conferenceconcludes and then kept on a separate server anddeleted from [the event management software],"organizers say. That may not be enough accordingto Robinson.

“Typically when a system gets infected, the helpdesk will come along and take that one serveroffline. However, if the hacker leapfrogged throughthe network, taking a server offline doesn’t fix theproblem. The server is taken offline, but the bad guyis still in the network. He can move laterally to thenew server and compromise that one as well,”Robinson explains.

Attackers are ontoConferences as Targets

What happened to the Linux Australia User Group is only thetip of the iceberg in terms of how conferences can be harmedby hackers, hacktivists or the disgruntled. Robinson lists anumber of "bad" hacks of which organizers should be aware:

Hackers with the right skills can download registrant informationfrom a self-service registration kiosk onto a USB drive.

Wireless jammers can interrupt on-site networks includingaudio-visual equipment.

Attackers are ontoConferences as Targets

Pineapple routers (costing about $150) can intercept datatransmissions from attendee devices.

An IMSI-catcher can intercept cell phone data and “spy” onconference-goers.

Fake websites can be easily built to intercept registrantinformation (including credit card numbers)

Social hacktivists can wreak havoc on an event with denials ofservice attacks and other tactics.

There are some Simple Fixes...

Event organizers are not entirely defenseless. Whilesome organizers will work with cyber securityprofessionals to build in safeguards and monitoringsystems, there are simple precautions all eventhosts can take.

Robinson advises that organizers first communicateto attendees the measures they have in place toprotect their information and advise them NOT touse the same passwords for the conference thatthey use for other work or their personal accounts.

There are other measures that organizers can takesuch as instructing IT to isolate and encrypt theregistrant database and training end users to avoidclicking on links of any kind unless they areabsolutely sure of the source. “End users are thebiggest threat to network security,” Robinson says.Also, security contractors and staff can learn how tospot and disarm jamming and routing devices onsite.

But Wait. There's More.

Besides the obvious consequences—embarrassment, loss of attendee confidence, anda potential drop in future attendance—the LinuxAustralia User Group and others before them havehad to endure a “baptism by fire,” Robinson says.“Imagine trying to meet your goals to ‘do more withless’ and then all of a sudden you get hit withsomething like this? Your reputation is damaged,you incur more costs, and your attendees could sueyou. Your day is going to get a whole lot worse.”

Michael Robinson isat mrobinson4614@stevenson.edu.

Read the full articleand subscribe to the

newsletter atwww.EventTechBrief.com

@EventTechBrief

Images used under a Creative Commons License via Flickr users:Photosteve101; Al Ibrahim; James Lee; Hannaford; OTA Photos; & Living in Monrovia