There have been times when I’ve been spied on and I’ve spied on others. I’ve covered a few of these in other blog posts, but this time I’ll cover some items that have occurred in the past that I haven’t talked about before - some I’ve never mentioned in public. Don’t worry, they’re not that juicy, just mildly entertaining, at least to me. This involves other companies, actual businesses, and not traditional hacker scenarios I’ve discussed before. And yes as a disclaimer this is not from recent employment, this is from the past when the digital landscape was a bit more wild. These events happened a long time ago in an Internet galaxy far, far away.

Conferences

This happened more than once. When you go to a larger conference, there is the “public” network for attendees, and then there is a separate “private” network for staff, vendors, and other groups. For those conferences where reporters are going to be gathering information for articles, they are also usually added to the private network, or even have their own network. All of those vendor booths? On the private network. Granted this is usually wireless now, but in older times there was a lot of Ethernet being strung out all over the place.

At a lot of these conferences I would poke around on those private networks when I had access - especially when my employer had a vendor booth and equipment there. And depending on the employer, the software product they sold that provided network security was loaded up and deployed. Imagine doing this and seeing that another vendor was actively attacking other people on this private network, especially a competitor. I spotted this at both Black Hat USA multiple times and the infamous RSA conference more than once.

In the case of the Black Hat conference, it was easy to spot and track down. I was able to remotely identify the type of hardware being used, and that these were often not attacks running automatically - they were targeted attempts most likely being typed in by hand. As this was occurring during a talk, most of the booths did not have visitors and many on booth duty had run to the restroom or to get a snack. So it did not take much to track down the attackers. In one case it was aimed directly at machines operated by my employer while I was visiting the booth to say hello to co-workers. Yes, the attackers were both easily detected and a visual scan picked up the pair. Yes, there were two of them, so I walked over there, and one was doing all the typing while both of them were talking about the replies coming back from their efforts and weighing next steps.

I proceeded to say something. For the life of me I do not remember exactly what was said, but it was along the lines of “If you fuckers are going to commit actual felonies while at a conference packed with Feds, maybe you should be more stealthy.” The other times it was less obvious or I guessed who it was based upon them looking up from their computers across the vendor floor.

With RSA, I wasn’t sure if it was another vendor or not, but the attacks were much more sophisticated so I suspected it was quite possibly not a vendor but an attacker who had gained access to the private network. Like the less obvious attacks at Black Hat, it could have come from the massive vendor floor, a nearby hotel, or other side of the planet for all I knew.

Even at conferences being put on solely by my employer just for customers were not safe. A lot of gear was set up at the hotel conference room and we (the Security team, who was there doing security training as a part of this event) get called over because one of the computers being used at the conference had been popped. Fortunately the security team were all nerds and had tools (digital and physical), and we managed to scrape together enough gear to set up a Linux server and configured it to function as a gateway between the computers our company had brought in and the network provided by the hotel. We were even monitoring the traffic being turned away, and as near as we could tell there appeared to be at least three separate adversaries scanning and attacking. That hotel was a complete hot mess.

We didn’t know who the adversaries were, they could have been script kiddies, competitors, criminals, or foreign nationals. It did seem rather targeted in nature, based upon what was happening on the popped system where they were remotely trying to pull up information on the conference itself, like attendees and whatnot. This was how they knew the system was compromised as they lost control of the mouse and the keyboard, and they were watching the computer being remotely operated by someone else. Overall, the whole thing was less than pleasant.

Competitor

This one is a weird one indeed. I was approached by the competitive intel guy at work several jobs ago, and I was asked to attend a small conference being thrown by a direct competitor to our main products. I was there under my real name but the employer name used was completely different. It was an actual registered company so if the competitor checked it would not look like my actual employer. Yes, businesses did and still do this kind of shit.

The conference was a review of their existing products with a look at some of their future products planned for the next couple of quarters. The other attendees were potential customers. So I flew in the night before, and went downstairs in the morning. Unfortunately I was instantly recognized by another attendee who approached me and said, “hey aren’t you Simple Nomad? Didn’t you speak at Black Hat last year?” Or something that effect. He said it loud enough that I thought I was busted, but as I lowered my voice and said yes it’s me, I did have a short conversation with the guy and kept it light and friendly. I didn’t tell him I was spying, but fortunately since I had lowered my voice he matched my volume, and I thought I dodged a bullet.

I attended the morning sessions and it was all standard stuff as the future of their product direction info was going to happen after lunch. I spent a lot of time watching the competitor staff that was there since I was kind of getting bored, and I noticed that one of them had a spiral notebook where they took notes. In the morning there was coffee as well as donuts, muffins and other treats, so there was some accumulation of trash.

As many of you know, hotel conference rooms are often attended to by hotel staff that carry everything into the room on these large trays, and it is often a habit to pile up trash on these trays as they are left strategically around the conference room, usually next to a pillar and slightly out of the way. The spiral notebook competitor dude had been piling up their empty plate and other trash on top of this notebook, and at some point one of the hotel staff picked up the notebook along with the plate and carried it over to the tray. They announced a break for lunch, and I took the opportunity to grab my trash and empty plate, head over to the tray, and I spotted the notebook.

I looked around and everyone was moving around in multiple directions as some attendees were approaching sales personal, some were heading to the lunch line, and others were heading to the door to visit the restroom or to make business calls or whatever. As I had my laptop bag with me, I grabbed the notebook as I set down my plate and slipped it quickly into the laptop bag. Not two minutes later someone came by and took the tray to the back, so I felt lucky. I truly believe no one saw me as I was doing this without looking at the notebook but watching the other people in the room. Like a few others, I headed out and immediately went up to my room and dropped off the notebook.

When I headed back downstairs and started to walk in, I was greeted by the competitor person that checked me in as well as the largest sales person that was there, I guess to physically intimidate me. “We know who you are. You’re not allowed to attend this event.” There was no mention of the notebook, so I assumed it might have been that I did not in fact dodge that bullet when the guy recognized me. We stared at each other for a few seconds, and I shrugged and said something remarkable like “Okay” and headed back to my room. This event was supposed to be a full day and I had asked for a late checkout so I could use my room to contact work if needed, but I grabbed the rest of my stuff, checked out of the hotel, and headed to the airport to see about getting booked on an earlier flight home. My boss and the competitive intel co-worker found the whole thing rather entertaining as I called them while eating lunch at the airport waiting for my flight.

A week or so later I had gone to company HQ and I visited the competitive intelligent guy and handed him the spiral notebook. Plenty of notes on sales prospects including contact info, what they were interested in, and a few notes from internal meetings. Apparently well worth the effort. And since I was so quickly recognized, I was never asked to do it again.

Conclusion

This isn’t as common now, as most companies are not digitally attacking each other as blatantly as they were back then, although the whole competitive intel thing probably still happens a lot. Technologically nothing earth-shattering or ground-breaking occurred in these scenarios, but they are reflective of a time long gone and something I still chuckle about occasionally.