In response to the article that was posted by the Register (http://www.theregister.co.uk/2016/08/01/prn_and_pwning_inside_the_blackhat_vegas_noc_where_even_zeus_is_cool/), the DEF CON Network Operations Center Team (NOC) pride ourselves on making a network that allows the community to get Internet access, and have access to internal resources (Servers, etc.). The DEF CON NOC believes in privacy and anonymity for our attendees.
When users attach to the DefCon Secure (802.1x/PEAP) network, we have made the decision to do our best to make that data/traffic inaccessible, and the team does not allow for data monitoring, nor recording of the traffic. We do have overall bandwidth monitoring- but will never run driftnet, ntop or other tools that invade the privacy of the users on the secure network.
The DEF CON network resources, and staff who volunteer in the NOC at DEF CON currently do not have any part in the operations of the Black Hat network(s). The DEF CON NOC also doesn’t allow vendors to use the network as a place to demo or experiment with our user’s traffic.
Now… If you happen to attach to any network that does not have the more secure certificate authentication method enabled – all bets are off. Your traffic will be monitored – not by us, but by the people around you. We also ship the open WiFi network traffic off to the Wall of Sheep as well, and anyone on the unsecure network can and will easily Man-In-The-Middle your traffic.
If you want to get on the “DefCon” Secure network- follow the instructions that are posted on https://wifireg.defcon.org/. Each PEAP session that is created from the client to the controller is a unique session, and is not allowed to talk to any of the other users on the network once connected to the official network.
If you are concerned about someone capturing your credentials, you don’t want to register ad userid, or want to maintain anonymity we have also setup a common username and password of defcon/defcon. So if someone says that they captured your credentials, it’s really not that big of a deal, especially when everyone has a unique session.
You should still install and only trust the certificates that we have posted on https://wifireg.defcon.org/.
-The NOC Team
Sine Qua Non