How not to get hacked during Consenus NYC 2018 (or any other conference)
This article is a brief but hopefully still useful hints and best practices that helped me not to get rekt deeply, even though i have a long history of attending security conferences like the famous https://www.defcon.org/, https://www.blackhat.com/us-18/ or http://www.ph-neutral.org/.
Nobody can give you a guarantee, but there’s a lot of things you can do yourself to reduce your risk during (imho) the most dangerous days of the year of your crypto trading career.
Is attending a cryptocurrency related conference a risk?
I am practicing to think like a hacker for years. If you are a blackhat hacker targeting some of the new crypto traders, a conference like Consensus 2018 is one of these great times of the year where you get a lot of opportunities to pwn one or multiple attendees in many different ways with a lot less effort. Especially in regards to social engineering attacks.
“try to recall all of the attacks you have seen in the last year and dismissed because the attacker needed to be local to your network. Then realize that you are about to connect to that network.”
Rule #1 Bring a sterile machine
Depending on your preferences, you might want to stick on an iPad. Personally, i do a full backup of my main notebook reinstall it from a clean medium. Install only the bare minimum you need. If you are presenting, bring nothing but the presentations. This is also an excellent opportunity to test your backup & restore strategy on a regular basis ;-)
Rule #2 Don’t use the conference Wi-Fi to connect to the Internet
Just don’t if you can. If you are prompted to install a patch or update, be really cautious. Odds are that it will be malicious. Activate airplane mode and check for text messages and missed calls on a regular basis. For example, only check your work email in your hotel room or while taking a walk.
Rule #3 Mobile devices stay in your hotel room
Use a burner phone (a cheap, disposable cell phone) during the conference. Turn off Bluetooth, Wi-Fi and NFC on all your devices Make sure none of your applications can automatically turn them on. Setting up a fake cell tower is a piece of cake nowadays and your number is transmitted in clear text.
Rule #4 Use a VPN to encrypt all communication
Limit Internet access to essential functions only and use a VPN on all devices. I recommend a service provider with a great track record as ProtonVPN.
Rule #5 Contactless is bad
Leave any radio-frequency identification (RFID/NFC) enabled devices, such as your work badge, passport or fancy contactless credit cards in your hotel room. These cards can be cloned by anyone in close range to you. Get a specially shielded envelope if you have to carry these cards for some reason.
Rule #6 Anything USB is scary, avoid it!
Do not accept storage devices, USBs or files from people you don’t know. DO NOT charge phones, computers, or other devices in public charging stations. There are known attacks involving these stations. Get a portable battery pack instead.
Rule #7 Keep a low profile
This should be pretty straightforward. Avoid any unnecessary attention in the public. Don’t wear a shirt with your portfolio printed on it. Be mindful of whom you are talking to, and what you’re talking about. Especially if you are meeting someone for the first time.
Summary
These are the more important things to take care of. Follow these 7 simple (and tbh, surely annoying) rules and you will greatly reduce your exposure to potential hacking attempts.
Addressing these risks is important, but don’t forget you are at the conference to learn about the new & cool stuff, meet some new friends or even professional contacts.
Enjoy the time in NYC, see you there!