[HN Gopher] Room inspections at Resorts World confuse, annoy DEF...
___________________________________________________________________
Room inspections at Resorts World confuse, annoy DEF CON attendees
Author : jarsin
Score : 142 points
Date : 2024-08-09 23:15 UTC (2 days ago)
(HTM) web link (www.reviewjournal.com)
(TXT) w3m dump (www.reviewjournal.com)
| rolph wrote:
| why not actually, attend the convention, and learn how to perform
| security related procedure, rather than alienate the people most
| apt to help, and educate in the context of computer security.
|
| start with learning what hacking is, and talk about "living off
| the land" using field expedient improvised tools and materials.
| petre wrote:
| Sure, educate the mall cops about USB thumb drives.
| devwastaken wrote:
| The "inspection" was reportedly carried out in a threatening and
| illegal manner that held attendees against their will and coerced
| them to give up private belongings.
|
| The DA should prosecute the "security staff" for their illegal
| acts and make an example out of them. This is not the first time
| a hotel has done this, and they will continue to act outside the
| law until those responsible face felonies and prison time.
| philwelch wrote:
| https://archive.is/CqCfj
| illuminant wrote:
| Well I remember the times I went to (single digit) Def Cons.
| Cement in the toilet, sizable portions of the hotel lost power,
| haxors taking the event room doors off their hinges, those
| plotting to exploit the digital signage.
|
| Vegas + hacker cons, everything one might expect.
| DaSHacka wrote:
| As a more recent attendee, it's not like that at all anymore.
| The edgiest you'll get is some graybeard thinking they're "alt"
| and "punk" while advocating for checking IDs at registration
| and having quite literally identical political views to Brenda
| from HR. The attendees have overall been insanely passified, I
| presume a side-effect of the rapid growth and number of
| straight-lace SWE guys there because of their employers.
|
| Even this year, you will be trespassed from the con for putting
| up _googly eyes_ and there are 4-6 different villages dedicates
| to "break-times" and inclusivity.
|
| Probably for the best, no way a truly "edgy" and zany hacker
| con would've been able to find venues to host at nowadays
| anyway.
| cqqxo4zV46cp wrote:
| Undoubtedly some 'security' higher up trying to build their
| little fiefdom and expand their corporate influence. The absolute
| hilarity of the mere concept of this does distract me a bit from
| how invasive it is. Like, what do you think that you're looking
| for? What's cause for suspicion? They're almost certainly just
| looking for large quantities of 'computer stuff' in a single
| room. Aside from like, large antennas, I really can't imagine
| what correctly 'looks' sketchy.
| xyzzy123 wrote:
| What is the problem with having lots of computers in a room
| anyway?
| jen20 wrote:
| God help them during Re:Invent.
| firesteelrain wrote:
| The Venetian conference rooms and suites were used to 'hack' a
| satellite last year during Hack a Sat Finals. There were no
| issues. It is right next to the Caesars Convention Center. I know
| this is a new venue so maybe they are a little trigger happy
| mrandish wrote:
| They have to know the glorified mall cops doing such inspections
| have no ability to differentiate "hacking tools" from typical
| laptops and thumb drives (because they are the same thing).
|
| So the real goal must simply be intimidation. Of course, given
| the audience, that tactic is unlikely to have the desired effect.
| m463 wrote:
| The flipper zero is pretty distinctive, but I think the folks
| who would go to these conferences would leave it at home in a
| drawer.
| shagie wrote:
| Nevada is one where I would avoid having a flipper with me at
| all.
|
| https://www.toool.us/lockpicking-laws.php
|
| > 1. Every person who makes or mends or causes to be made or
| mended, or has in his possession in the day or nighttime, any
| engine, machine, tool, false key, picklock, bit, nippers or
| implement adapted, designed or commonly used for the
| commission of burglary, invasion of the home, larceny or
| other crime, under circumstances evincing an intent to use or
| employ, or allow the same to be used or employed in the
| commission of a crime, or knowing that the same is intended
| to be so used, shall be guilty of a gross misdemeanor.
|
| Having lock picks in your possession coupled with the
| circumstances that suggest you intend to use them would be a
| crime.
|
| It wouldn't be a stretch to find someone with a flipper
| poking at things could run afoul of this law.
|
| It is in the "a flipper is legal, but be very cautious having
| it... and if you were some place where you shouldn't be and
| had a flipper, it could make things worse."
| aaron695 wrote:
| This was first talked about at the 2018 Defcon after the 2017 Las
| Vegas shooting, it seems exactly the same -
|
| https://www.csoonline.com/article/566069/vegas-hotel-room-ch...
|
| Disney also started a "Room Check" after the shootings -
| https://touringplans.com/blog/disney-in-a-minute-what-is-a-r...
|
| The sooner we have "The Raven Hotel" the better, but until then
| I'm not totally sure what you can do? Know it will happen and
| keep guns and laptops in locked bags when you are not there I
| guess?
|
| The man-children of HN are the first to cry when big corporations
| don't protect them, there's some irony this site is crying about
| it.
| gryfft wrote:
| Another fine upper management execution of the Politician's
| Syllogism [1]. 1.
| https://en.wikipedia.org/wiki/Politician's_syllogism
| RandomThoughts3 wrote:
| 1. It is not daily room searches. It's daily room _checks_ by the
| cleaning crew even when asked to not disturb.
|
| 2. The policy is for the cleaning staff to scrupulously applies
| the _usual_ policy with more attention than usual and reports out
| of the ordinary things to a support group with IT and security,
| which seems, well, fine? They are hosting a large group of people
| specialising in hacking. It is indeed more likely that something
| fishy with their IT will happen then than at any other point in
| time.
|
| The whole thing is just pretty much asking staff to be extra
| vigilant. There are plenty of precedents allowing me to suggest
| it's a very reasonable and good idea.
|
| The Twitter thread then quickly goes into crazy conspiratorial
| territory when they somehow think that the pictures shared imply
| search and seizure. Hotels never seize things and they don't
| rummage through your stuff. The whole thing is about security
| getting involved proactively if they see things in the open
| especially if they are plugged where they shouldn't be.
|
| Still amusing to see people who spent their whole careers arguing
| about extra invasive provisions to shield against potential
| sometime fairly remote security risk extremely spooked by room
| checking - a fairly standard procedure in every hotel.
|
| Edit: Downvoting me to death because you dislike what I say is
| not going to make it stop being common sense. At least, if you
| disagree, please have the courage to engage in honest discussion.
| Also please read the thread, 90% of the reply at the time of my
| edit are completely pointless because they didn't bother checking
| what the hotel is looking for and prefer trying (and predictably
| failing) to look smug.
| mattmaroon wrote:
| If the worry is IT issues, what's a room check going to do? Are
| they going to report people for having laptops?
|
| That's not what these checks are for. These started in response
| to the mass shooting at Mandalay Bay, and they're looking for
| an arsenal.
| rob74 wrote:
| That... makes more sense, actually. But, if they want to
| prevent something like that from happening again, they have
| to take a look at _every_ room in _every_ hotel whenever
| there is an event going on that could be targeted - which, in
| Las Vegas, I think is pretty much all the time?
| RandomThoughts3 wrote:
| Yes, that's what they do. The change here is just making it
| daily instead of every couple of day and reminding staff to
| scrupulously apply the usual policy as previously stated.
| Plus a bunch of pictures of what network equipments look
| like so they know.
| mattmaroon wrote:
| Yes, they do. The policy is not new. If you read the fine
| print you sign when you check into any hotel you will
| probably find it gives them the right to enter your room at
| any time.
|
| After the Mandalay Bay shooting MGM settlesd an $800
| million case. They were sued for negligence because had any
| employee just gone in the guys room they would have stopped
| the whole thing.
|
| After that daily checks have been the policy in a whole lot
| of places.
| rob74 wrote:
| Well, when _guests_ put the "do not disturb" sign on the door,
| hotels should respect their wishes, right? If I put that sign
| on the door and then find out that my room was entered
| nevertheless, I would also think really hard before booking a
| room at that hotel (chain) again, not because I had something
| to hide, but out of principle. Also, what are they hoping to
| find? An unlocked laptop with some kind of hacking software
| running? I don't think hackers worth their salt would be so
| naive (except maybe if they leave the laptop there as a
| "honeypot")?
| RandomThoughts3 wrote:
| [flagged]
| tossandthrow wrote:
| > There are pictures in the thread you didn't bother
| reading.
|
| Apparently you need to be logged into X to see this. I did
| not see any thread under the post (a good reminder to use
| proper language when pointing such things out, the other
| person might not have seen there there is a thread).
|
| Regardless, I am not a user of X so I won't be able to see
| the thread. Thanks for inlightening with some examples!
| waciki wrote:
| > No, that's not how hotels work. Do not disturb is a
| courtesy afforded to you. Every hotel checks room regularly
| as a matter of compliance. You don't notice because these
| people are professional. The truth is you are not a guest
| but a customer.
|
| In the US? There are several countries where that would be
| illegal.
| beardyw wrote:
| HN guidelines
|
| > Please don't comment on whether someone read an article.
| "Did you even read the article? It mentions that" can be
| shortened to "The article mentions that".
| RandomThoughts3 wrote:
| [flagged]
| beardyw wrote:
| You forgot " ... you didn't bother reading."
| irjustin wrote:
| Hotels don't care about a laptop left around running. My
| guess property damage or simply disgusting room.
| Ekaros wrote:
| Or attempts to access any place not usually accessed.
| Wiring in general, but also questionable devices connected
| to networking or phone lines, if there is those around...
| ajsnigrutin wrote:
| > They are hosting a large group of people specialising in
| hacking. It is indeed more likely that something fishy with
| their IT will happen then than at any other point in time.
|
| Yeah, and a daily room check will help with that how exactly?
| Are they going to take laptops away from guest? Flipper zeros?
| SDRs?
| Faaak wrote:
| Sure, I'm certain that the cleaning staff know the difference
| between an nmap directed at your raspberry pi vs the one
| targetting the TV vlan of the hotel. smh
| giantg2 wrote:
| "Hotels never seize things and they don't rummage through your
| stuff."
|
| This absolutely happens today, although it is rare. Hotels have
| turned over a client's property from rooms or valet to police
| without a warrant. Some hotels will actually search your bags
| if you use their luggage room service. This started happening
| after the Vegas shooting and seems to be only a Vegas practice
| (or at least I haven't read articles on it happening
| elsewhere).
| irjustin wrote:
| I wonder what happened in the past to create these policies.
| Seems like some crazy things.
|
| They outright don't trust this group. Property damage?
| yodelshady wrote:
| There's always the chance of some idiot who thinks they're
| going to take down society with nmap and metasploit. The
| hotel's safe, but I'd be worried about some other legitimate
| customers getting mixed up in it.
|
| Though I also really don't want to be the one reviewing reports
| from housekeeping. "Yes, that's a laptop running hacky stuff,
| because it's a speaker rehearsing slides. Not a visually
| identical laptop running visually identical tools against
| slightly different numbers."
| prepend wrote:
| I think this was in response to the shooting a few years ago
| where the shooter put his DND on for days and had his guns and
| ammo out all over the room.
|
| I've had "room checks" at many hotels since then and they said
| it was for security purposes.
| michaelt wrote:
| What happened in the past was the 2017 Las Vegas mass shooting
| [1] - the deadliest mass shooting by a lone gunman in American
| history. It was conducted by shooting out of a hotel room
| window. The shooter had 24 guns and over a thousand rounds of
| ammunition in the hotel room - which went unnoticed partly
| because the guest put up the 'do not disturb' sign.
|
| The hotel owners have presumably decided that the high-
| probability-minor-damage risk to their business from a few
| paranoid types avoiding their hotel is not as great as the
| very-low-probability-enormous-damage risk from a copycat mass
| shooting.
|
| And so, ignoring the do-not-disturb sign and snooping on
| guests' rooms is the norm in Vegas these days.
|
| And if they happen to have a large block booking of
| particularly privacy-conscious people and so a noticeable
| fraction of the rooms are declining maid service, I can
| understand why they'd want to be ready to carry out some
| supplemental checks.
|
| [1] https://en.wikipedia.org/wiki/2017_Las_Vegas_shooting
| intunderflow wrote:
| If this is true then why does the hotels list of what to
| search for include USB drives, breadboards and wifi routers,
| not guns?
| hsbauauvhabzb wrote:
| And defcon dates? That shooting wasn't during defcon, if I
| recall correctly..
| giantg2 wrote:
| The guns are on a separate list for an existing protocol.
| This is just an extention, probably temporary and only
| applied to DEFCON guests. The point is that the prior
| attack has chance how the industry views room privacy vs
| guest safety (liability) for any type illegal activity
| (even if there's no indication the tools are being used
| illegally).
| tempfile wrote:
| Perhaps DEFCON should be hosted in a safer country :^)
| dtech wrote:
| I fail to see how this is relevant for DEFCON _specifically_.
| If this was a general policy sure.
| michaelt wrote:
| A small number of Walter Mitty types believe hotel maids
| are planning to hide undetectable snooping devices inside
| their electronic devices - a so-called "evil maid attack" -
| and so choose not to have their room cleaned.
|
| In the normal operation of a hotel, such guests are
| uncommon - but I expect defcon attracts several orders of
| magnitude more such people.
| giantg2 wrote:
| I aee a lot of disagreement here. It's not that it's specific
| to DEFCON of "hacking equiptment". It's that the prior attack
| has given hotels the will and potential legal cover to do
| room checks/searches. They can now apply this to anything,
| such as "hacking" equiptment, guns, hotplates, etc. There are
| even examples of hotels handing over property from rooms or
| valets to law enforcement without a warrant.
| trogdor wrote:
| > There are even examples of hotels handing over property
| from rooms or valets to law enforcement without a warrant.
|
| Do you have evidence of that happening?
| gaws wrote:
| > I wonder what happened in the past to create these policies.
| Seems like some crazy things.
|
| Caesar's Palace and the MGM got hacked.
| jedberg wrote:
| I posted it above, but it's a combination of the festival
| shooting and DefCon attendees hacking the maid tracking system
| to make it look like their rooms were cleaned/inspected when
| they were not.
|
| https://news.ycombinator.com/item?id=41229322
| Metacelsus wrote:
| Wasn't this a thing last year too?
| johncessna wrote:
| It's been an issue in the past, and the articles mention it.
| saagarjha wrote:
| Yes, they've been doing it for a while.
| spacecadet wrote:
| I stayed at a hotel directly behind the convention center, no
| room searches...
| intunderflow wrote:
| Per the image in the linked post daily room searches are
| mandatory for people staying on property who booked as part of
| the DEFCON room block
| jacoblambda wrote:
| Your room was certainly searched (effectively required in all
| the big strip hotels after the 2017 shooting) but those
| searches are mostly housekeeping crew phoning in anything
| particularly "problematic looking" during regular cleaning and
| a separate set of dedicated staff doing random walk-ins every
| day or other day (generally without touching anything) where
| they step in look around for 30 seconds and go to the next
| room. It's designed to be exactly the thing you never notice
| while you are there unless you don't leave your room.
| spacecadet wrote:
| Interesting! Except I put a game camera in my room facing the
| door. I couldn't even get fresh towels without calling 4
| times. Maybe I was just lucky.
| intunderflow wrote:
| More images are included by the same poster at this URL,
| disclosing what the hotel considers hacking tools:
| https://x.com/d0rkph0enix/status/1822879409126162779
|
| Seems like whoever drafted this policy has no idea what they're
| talking about given USB drives and empty breadboards are on here
| cyberge99 wrote:
| I blame Hollywood, not the hotel staff. They can't be expected
| to know what each and every stray circuitboard is/does. Not all
| circuitboards are bombs, but almost all modern bombs have
| circuit boards.
| Hizonner wrote:
| Anybody who gets their worldview from the movies deserves a
| big, hearty chunk of any resulting blame.
| themaninthedark wrote:
| I remember a thread, either Twitter or Reddit where quotes
| from the book Lolita was used as evidence that most/all men
| are scum and perverts....
| xboxnolifes wrote:
| More and more I feel that most if not all people get a good
| portion if their world views from media.
| dang wrote:
| (This comment was originally posted to another thread, but we
| merged it hither)
|
| _DEFCON attendees having mandatory daily room searches by
| conference block hotels_ -
| https://news.ycombinator.com/item?id=41222930
| nabla9 wrote:
| DEFCON conference attendees have a history of hacking hotel room
| keys, property management systems, filling pools with bubbles and
| doing all kind of mostly harmless but annoying shenanigans in
| hotels they reside during the conference. The conferences have
| changed a lot but something always happens.
|
| The right policy would be to always respect customer privacy and
| if they can't be trusted to behave, refuse them.
| alwa wrote:
| In this case, then, you feel that the right policy would be to
| deny them accommodation outright rather than accommodating them
| on the condition that you'll glance in the room once a day?
| multimoon wrote:
| I'm not sure what the hotel is hoping to gain here, and the
| argument in this thread is very weird.
|
| The argument for this in the comments below seems to be
| justifying this saying that the hotel is doing safety checks
| because of a prior mass shooting, which was unrelated to DEFCON,
| or that they're looking for "suspicious networking equipment"
| which none of the staff is trained on how to go find let alone
| even identify.
|
| Moral implication of do not disturb aside, this seems very poorly
| executed and meaningless. If the management of the hotel for some
| reason is paranoid and doesn't like these guests, then don't
| accept their business.
| JohnMakin wrote:
| The argument is this has been going on for a long time and
| isn't anything new or surprising. It's even happened at past
| events and has always been known to the organizers as
| commonplace. It isn't justifying the behavior, but attempting
| to put it into context.
| alwa wrote:
| I noticed that a hotel I stayed at reworded their door signs to
| say "cleaning not required," which seemed to me a sensible way
| to reframe expectations.
|
| Legal obligations aside, how would a provider of public
| accommodation figure out who to refuse the business to? Do they
| size up guests at checkin to see if they look hacker-ish?
|
| Is that more fair than a bumbling effort at deterrence by
| advertising your existing security policy, of casting eyes in
| every room every day--a policy you apply uniformly to every
| member of the public who wants to rent a room?
| devinegan wrote:
| Vegas local here, after Oct 2017 no Vegas hotel room on the strip
| is going 24 hours without hotel staff seeing the inside of a room
| - every hotel has this policy. I don't know why people expect
| privacy in Vegas, there are more cameras and technology watching
| you here than anywhere else in the US.
| unsupp0rted wrote:
| > I don't know why people expect privacy in Vegas
|
| I expect privacy in any home where I live, whether it's for a
| decade or for a day.
|
| When the door closes, it's "my personal space" for the duration
| I paid for.
|
| Of course, now Vegas begs to differ.
| jhbadger wrote:
| Then you must not rent your home. I've lived in rented
| apartments my entire adult life and while not daily
| inspections, everywhere I've lived the management has
| mandatory inspections every few months to check on fire
| alarms and other maintenance issues as well as making sure
| residents aren't violating policy by having more than two
| pets, trashing the apartment, allowing roaches and other
| pests to fester, etc. It can be annoying, but if I don't own
| it, it's not really "my" home.
| unsupp0rted wrote:
| Landlords are legally obligated to give 24 hours of notice,
| if not multiple days of notice, depending on jurisdiction.
|
| And they can't come do inspections day after day.
| FickleRaptor wrote:
| These aren't landlords and notice is typically given as
| part of the room registration process. That's not the
| behavior in question.
| akira2501 wrote:
| The obvious question is "would these inspections have stopped
| Route 91?" I strongly suspect that would have had NO impact.
| The guest was known to them, was a high roller, known to get
| comps, and used the service elevator over several days to load
| the room with weapons hidden in cases. All for the purpose of
| attacking a large outdoor festival next to the hotel.
|
| The other obvious question is, did the people who "cyberattack"
| them do so from _inside_ their own hotel? Is there some reason
| to think simple visual room inspections are going to help
| prevent their networks from being attacked?
|
| None of these are logical responses to the stated problems.
| They're just ways to reduce privacy with a very thin corporate
| liability excuse tacked onto the end of it. I don't trust that
| they can people safe, and I don't trust their motivations in
| deploying these "techniques."
|
| I'd rather sleep in the tunnels with the homeless at this
| point.
| jarsin wrote:
| I agree with you that it probably would not have stopped it,
| but Steve Wynn at the time was convinced his staff would have
| discovered him.
|
| He claims they implemented policies in 2015 to enter and
| inspect all rooms after more than 12 hours of DnD. In other
| interviews he admits they "profile" everyone that enters
| their hotel.
|
| https://nypost.com/2017/10/08/vegas-shooting-wouldnt-have-
| ha...
| Marsymars wrote:
| > He claims they implemented policies in 2015 to enter and
| inspect all rooms after more than 12 hours of DnD.
|
| Eh, I guess I'd trip flags there. I typically put up the
| DnD on checking in at a hotel and leave it up until I check
| out. It's not a principled stance or anything, I'm just
| never staying for an amount of time (i.e. more than a week)
| where I'd need housekeeping services so figure I can save
| the housekeeping staff some effort and save some water.
| beefnugs wrote:
| Its all about the security theatre.
|
| If they really have "more cameras than anywhere else" and
| if that even mattered, then its already covered.
|
| It would be orders of magnitude cheaper to put cameras in
| every single room, with a big sign saying this camera turns
| on every 4 hours with a big red light, and then if you
| cover it up a physical presence will occur.
|
| Instead they go with: SHOW ME ALL YOUR USB DRIVES. Same
| shit as covid, if you make it normal for "officials" to
| touch and make copies of everything all the time
| everywhere, then there is no such thing as crime anymore
| yay
| michaelt wrote:
| If the objective is to check whether anyone's hiding an
| AR-15 in their hotel room, presumably you have to check
| under the bed and in the closet and in the bathroom,
| which a fixed camera couldn't do.
|
| Also I think the average hotel guest is completely fine
| with maids entering during the day when the room's
| unoccupied, but would not appreciate a camera in the
| bedroom, with or without a big sign and a big red light.
| gosub100 wrote:
| of course they wouldn't have, but if they don't change their
| policies at all, they have 2 new problems: some patrons will
| perceive your property as not taking security seriously if
| other hotels have "beefed up security" while yours doesn't.
| Secondly, if there were another shooting, even if it wasn't
| nearly as big as the Route 91 massacre, in court they could
| point to your lack of doing anything whatsoever "in the face
| of the nations worst shooting".
| devinegan wrote:
| " Authorities have said he brought 23 weapons in 10 suitcases
| into the room and set up cameras inside and out to watch for
| police closing in on him."
|
| If they are looking through everyone's rooms I would hope
| they find this now as he took days to get all of the guns and
| ammo up to his suite. I am not law enforcement and can't say
| for sure though. The US has done a lot worse in the name of
| terrorism (I believe this was a terrorist act).
| thih9 wrote:
| Are other hotels near popular places in the US following the
| same procedure? Or is Vegas at higher risk?
| gs17 wrote:
| It supposedly is a policy for major chains. Hilton in DC did
| it to me and claimed the whole chain does it.
| eltoxo wrote:
| I had never in my life heard of this before now and I am no
| stranger to hotels.
|
| I would go straight to the front desk, demand my money back
| for that day and then never stay with hotel again along with
| making sure the corporate office got a nice email about their
| bullshit policy.
|
| Maybe over priced Vegas hotels can do this but any hotel I
| have ever stayed at needs to make the customer happy because
| the competition is so fierce. Most hotels will go out of
| their way to make sure you are happy. Not randomly inspect
| your room like you are a child.
| wkat4242 wrote:
| > I don't know why people expect privacy in Vegas, there are
| more cameras and technology watching you here than anywhere
| else in the US.
|
| Yeah I can't imagine ever willingly going there (eg unless my
| work forces me to). It's a very curious choice for a community
| with so many privacy activists. The shooting excuse for the
| inspections is stupid. Anyone could walk in and set up in 10
| minutes.
| heyitsstanley wrote:
| "the shooting excuse" implies that the hotels have some
| ulterior motive for wanting to enter rooms at least once per
| 24 hours?
|
| what motive would they have that is so important that they
| insist on spending money on low skill headcount to enter
| thousands of rooms per day?
|
| honestly i'm struggling to sort out what scheme they're
| running that makes this headcount investment worthwhile.
| anon373839 wrote:
| This comes as news to me! I've stayed in Vegas numerous times
| since then, and I almost always decline housekeeping. I've
| never had anyone come into the room (to my knowledge, anyway).
| I wonder how selectively this is enforced.
| gs17 wrote:
| Were you there 24/7? In DC they barged in (well, knocked and
| then went away when I answered before they could get in)
| around 4 PM.
| quantified wrote:
| Being aboveboard about the evil maid... this can be a new pwning
| vector for the conference.
| jedberg wrote:
| Since the festival shooting Vegas hotels have a policy of
| entering every room every 24 hours. If you skip housekeeping,
| they get suspicious and then they send security to check on you.
|
| Some clever hackers figured out how to use the phone system to
| make them think housekeeping had been there[0], so now they do
| inspections when BlackHat/DefCon is in town because they don't
| trust their own tracking systems.
|
| [0] One of the hotels had housekeeping dial *5 on the room phone
| when they entered the room to clean, and then *5 again when they
| left. So some hackers would put out their "do not clean" sign and
| then just dial *5 twice 10 minutes apart so no one would get
| suspicious.
| Shank wrote:
| I think your post contradicts itself. It sounds like they "do
| inspections" every day of the year.
|
| > Since the festival shooting Vegas hotels have a policy of
| entering every room every 24 hours
|
| > so now they do inspections when BlackHat/DefCon is in town
| because they don't trust their own tracking systems
|
| What's the difference between these two statements? It sounds
| to me like the only point is that they have a manual ledger to
| track inspections, which is probably for the best, given that
| any would-be domestic terrorist would surely know how to use
| Google and find this information too.
| pathartl wrote:
| I think they mean that cleaning services will passively do
| inspections, but past cons have marked their rooms as being
| already cleaned in their system. They do manual inspections
| during Defcon because they can't rely that cleaning services
| have gotten to their room.
| FickleRaptor wrote:
| This is has nothing to do with the behavior in question.
| jedberg wrote:
| Sure it does. The reason they do security sweeps is because
| they don't trust the attendees. Normally they mostly leave it
| up to the housekeepers. They only do sweeps when big
| conferences with known "tech nerds" are in town.
| FickleRaptor wrote:
| That's not the behavior that's in question.
| jedberg wrote:
| What then is the behavior in question?
| pas wrote:
| One theory is some kind of attempt at getting rid of
| people as fast as possible, because they sold the rooms
| for "too cheap"?
|
| https://news.ycombinator.com/item?id=41229769
| emchammer wrote:
| Clever hacking pranks used to involve filling a house with
| popcorn, or putting a car on the roof. Subtly pitch-
| shifting the audio from a presenter's microphone up an
| octave over the length of a hour. Cement in the toilet or
| power outages is not a hack, and it's no wonder that hotels
| do not trust conference attendees with how pathetic these
| "hacks" have become. Changing electronic displays is lame;
| once randos figured out that they could change construction
| signs to NAZI ZOMBIES AHEAD, it was over (the Iraqi video
| billboard porn was pretty funny). Hotels are places where
| people are expected to behave nicely, and there are actual
| bad people who go around trying to destroy things. Don't be
| surprised when you walk around waving a Flipper Zero trying
| to break into rooms and get ejected. You want to pull a
| hack? Assemble a scale-model space shuttle indoors with
| working fins and get people to think it is an integral
| attraction.
| Shank wrote:
| Why does DEF CON have to happen in Vegas? I can understand
| staying after Caesars Palace abruptly terminated their contract,
| but in future years, is there any real glue that keeps people
| there? I mean supposedly this is one of the most paranoid groups
| of people congregating in one place. Wanting hotel room privacy
| should be something that should be factored into the venue-search
| in-general, right?
|
| Are there any huge advantages to staying in Vegas? Why not
| another city, perhaps with negotiated privacy for rooms at choice
| hotels?
| zebomon wrote:
| Las Vegas has a uniquely scalable infrastructure for
| conventions. Lodging, restaurants, meeting spaces,
| entertainment.
| 0cf8612b2e1e wrote:
| Surely DEFCON has more limited attendance than any number
| more mainstream conferences.
|
| Search results are saying that defcon sees some 30k people.
| The 2023 Chicago Auto Show had 300k. Major city with all the
| amenities.
|
| https://www.chicagoautoshow.com/the-2023-chicago-auto-
| show-c...
| njbooher wrote:
| BSides, BlackHat, and DEFCON happen yearly on the same week in
| August in Las Vegas, and many people attend more than one.
|
| I would be happy if the location or date of all 3 changed. The
| peak temperature outside was around 110deg all week this year.
| FickleRaptor wrote:
| The surface of the sun was booked.
|
| Also, it's always been in Vegas, so there's inertia, and part
| of the draw is the attendance synergy with the rest of the
| hacker summer camp events like black hat, bsides, and others.
| There's no good reason to change, and a lot of good reasons to
| stay.
| monocasa wrote:
| Because August was historically Vegas's off-season, being a
| bajillion and a half degrees outside, and they could get a good
| deal on conference space.
| Animats wrote:
| The gun crowd gets upset about this, too.[1]
|
| [1] https://www.firearmsnews.com/editorial/2nd-amendment-
| nightma...
| gorbachev wrote:
| Since these are apparently being done while people are out of
| their rooms, according to the article, what do they expect to
| find? Surely everyone planning on doing something malicious would
| leave their tools behind...
|
| Also why aren't they targeting laptops? That's probably the #1
| "hacking tool" in anyone's arsenal.
|
| But, hey, I bet this looks great on a Powerpoint presentation to
| the board of directors.
| michaelt wrote:
| _> what do they expect to find?_
|
| Hopefully nothing!
|
| But there was a 2017 mass shooting so they're looking out for
| travellers carrying fourteen AR-15 rifles, 1600 rounds of
| ammunition and 50 pounds of explosives.
|
| IDK what the mentions of "hacking tools" are. But if I was
| running a hotel and I was hosting defcon, I'd give all staff
| refresher training on "don't plug in that USB stick you found
| dropped in the parking lot" and suchlike.
| FickleRaptor wrote:
| I was walking through resortsworld when a security guard started
| walking next to us. After about 50 feet, he demanded our ID,
| informed us we were on private property, and threatened to have
| us arrested for trespassing, all in the same sentence. The issue
| was that my colleague was one of the amateur radio VE for the ham
| radio village and happened to have his handheld with him. The
| guard was aggressive, entitled, and arrogant.
|
| Yesterday, I poked another friend to see where they were at the
| conference. They were not at the conference. They were stuck at
| resorts world three hours after the conference had started. Their
| conference badges had been confiscated by security. The security
| team had tried to force them to throw them in the garbage, and
| for a while it appeared that security had thrown them away after
| they had confiscated them. It's literally just a fancy gameboy!
|
| This isn't a safety issue, it's deliberate, malicious abuse by a
| vendor who knowingly sold a discounted room block to defcon
| conference attendees and then, through persistent and abusive
| behavior, tried to force those customers to leave once they
| checked in. The issue was mentioned early in closing ceremonies
| as something that will be addressed with the vendor once all
| conference attendees have been checked out of the hotels. This
| wasn't random room check for caches of weapons. It was not a
| safety search. It was luggage contents searches for the lulz,
| seemingly intended as harassment. Either they didn't want us
| there in the first place, or they wanted the revenue for the
| rooms forfeited. This was not behavior in good faith and the
| specific acts that I witnessed personally and others whom I trust
| communicated to me that they had experienced directly, could only
| be intended as harassment or profoundly extreme incompetence.
|
| For 20 years, I've stayed almost exclusively at Hilton properties
| when I travel, with the exception of Vegas for HSC. I'm almost
| certain to switch to another company after this, unless they
| issue a really, really, excellent apology.
|
| Quit your BS excuses about how this was a legitimate safety
| issue. This was almost entirely limited to one hotel. Somehow
| another 10+ major hotels, including Caesars who non-renewed the
| conference contract, managed to not do any of this.
|
| Edited for spleling.
___________________________________________________________________
(page generated 2024-08-12 23:00 UTC)