How not to get hacked during Consenus NYC 2018 (or any other conference)

Marsmensch
May 9, 2018 · 4 min read

This article is a brief but hopefully still useful hints and best practices that helped me not to get rekt deeply, even though i have a long history of attending security conferences like the famous https://www.defcon.org/, https://www.blackhat.com/us-18/ or http://www.ph-neutral.org/.

“Hacker Jargon” by Jeremy Keith is licensed under CC BY 2.0

Nobody can give you a guarantee, but there’s a lot of things you can do yourself to reduce your risk during (imho) the most dangerous days of the year of your crypto trading career.

Is attending a cryptocurrency related conference a risk?

I am practicing to think like a hacker for years. If you are a blackhat hacker targeting some of the new crypto traders, a conference like Consensus 2018 is one of these great times of the year where you get a lot of opportunities to pwn one or multiple attendees in many different ways with a lot less effort. Especially in regards to social engineering attacks.

“try to recall all of the attacks you have seen in the last year and dismissed because the attacker needed to be local to your network. Then realize that you are about to connect to that network.”

Rule #1 Bring a sterile machine

Depending on your preferences, you might want to stick on an iPad. Personally, i do a full backup of my main notebook reinstall it from a clean medium. Install only the bare minimum you need. If you are presenting, bring nothing but the presentations. This is also an excellent opportunity to test your backup & restore strategy on a regular basis ;-)

Just don’t if you can. If you are prompted to install a patch or update, be really cautious. Odds are that it will be malicious. Activate airplane mode and check for text messages and missed calls on a regular basis. For example, only check your work email in your hotel room or while taking a walk.

“Hacker humor.” by Aaron Muszalski is licensed under CC BY 2.0

Use a burner phone (a cheap, disposable cell phone) during the conference. Turn off Bluetooth, Wi-Fi and NFC on all your devices Make sure none of your applications can automatically turn them on. Setting up a fake cell tower is a piece of cake nowadays and your number is transmitted in clear text.

Limit Internet access to essential functions only and use a VPN on all devices. I recommend a service provider with a great track record as ProtonVPN.

Leave any radio-frequency identification (RFID/NFC) enabled devices, such as your work badge, passport or fancy contactless credit cards in your hotel room. These cards can be cloned by anyone in close range to you. Get a specially shielded envelope if you have to carry these cards for some reason.

Do not accept storage devices, USBs or files from people you don’t know. DO NOT charge phones, computers, or other devices in public charging stations. There are known attacks involving these stations. Get a portable battery pack instead.

This should be pretty straightforward. Avoid any unnecessary attention in the public. Don’t wear a shirt with your portfolio printed on it. Be mindful of whom you are talking to, and what you’re talking about. Especially if you are meeting someone for the first time.

These are the more important things to take care of. Follow these 7 simple (and tbh, surely annoying) rules and you will greatly reduce your exposure to potential hacking attempts.

Addressing these risks is important, but don’t forget you are at the conference to learn about the new & cool stuff, meet some new friends or even professional contacts.

“victory” by Damian is licensed under CC BY 2.0

Enjoy the time in NYC, see you there!

tales from the crypt(o)

staking, masternodes and tales from crypto land

 by the author.

Marsmensch

Written by

Chains, Containers, Retro & Whisky

tales from the crypt(o)

staking, masternodes and tales from crypto land

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade