On Hacking Humans at the RSA Conference

Tuesday, March 06, 2012


The age-old tradecraft of human intelligence was alive and well at the recent RSA Conference in San Francisco. 

Reportedly 22,000 people attended the event from cybersecurity professionals, FBI, CIA, NSA, MI5, MI6, various foreign intelligence services (China in various overt and covert forms), CIOs, lawyers, physical security staff, and longtime friends.  

While most attendees were worried about SIGINT and CYBINT, and the hacking of their Bluetooth and Wireless connections, the covert activities of foreign and corporate actors gather intelligence through overheard conversations, drilling of booth babes (male and female) on technical aspects of their technology and through the multitude of cocktail parties and imbibing of various libations long into the night.

It was a veritable cornucopia of data collection that makes big data analytics pale in its shadow.  There were no firewalls, human IDS/IPS or content filtering at this show. People openly discussed strategic plans, engineering specs and tactical activities whether over morning coffee or late night shots of Patron.

Various adversaries had an inclination to conduct data collection through HUMINT last week. It is hard to go wrong when there are 22k possibles. I am sure though that targeting was established long before the conference as CISOs, VPs, and others Tweeted and shared their impending attendance via various open methods. Combined with a solid listing of companies displaying their goods and the Expo floor was flooded with nation-states, foreign Intel services, corporate spies and the like.


HUMINT collection can take much longer to conduct but not at a conference like this one. It is low-cost and can yield intangible information that cannot be collected by online means.

I am quite sure that the use of human sources to gain access to information not accessible to other collection assets was in fully swing. Some of the activity as mentioned was clearly overt in nature as the Innovation Sandbox was flooded with foreign nationals.

The questions (some barely understandable due to heavy accents) drilled deeply into Sandbox participants technology stacks, all too eager to gain new customers and sell product.  The intellectual property flowed.

The conference was also fertile ground for disenchanted employees of tech companies left out of the last round of bonuses, as outward recruitment and company changes occurred right on the Expo floor.

The ‘false flag’ approach was also in vogue as human threat agents attempted to pass themselves off as an agent of a U.S. agency, major corporation or of a friendly government to solicit information.


I decided to partake in the forbidden fruits of HUMINT while at the conference. The transformation would take 5 hours and a walk from Nob Hill down to the Moscone working the hunch, walk and expressions along the way as I acquired a cane first and a hat second.

My pants were in traditional old man form, riding just above my stomach and a few inches below my chest leaving my socks to defend themselves on their own. Still, it is quite hard to hide the 52-inch shoulder width and relative girth but I would soon discover that it worked like a charm.

I had informed a few folks of my intent receiving text messages with increased frequency as the day continued. Once at the Moscone, I shielded my badge with a new name and identity removing a few identifying items from the Delegate badge case. The dim lights of the Moscone would be my ally.

Along the way to the Moscone, I was able to prove that:

  • People will move for an old man with a cane on a crowded street
  • Cars will stop more readily
  • Most will look at you happy they are not you as they quickly look away
  • You can knock over store displays without recourse
  • Mumbling during financial transactions is an understood norm
  • And most humorous, passing gas in a crowd seems to be acceptable


Schlepping along the intermittently lit hallways of the conference provided additional coverage.  I passed many people I knew, stepped into seminars with friends in attendance and delivering the message, and sat at tables of people already in full discussion on various partnerships and strategies. They allowed the tired old man to sit and rest. My movements slowed with my age and the slumping actually caused a backache that drove me to the persona of a cranky old man.

Throughout the afternoon, I was able to listen in on corporate plans for purchasing products, a firing, and a few discussions on pending partnerships, and a technical review of a new product, non-inclusively. I specifically pushed my way into no fewer than two of these conversations without anyone telling me to butt out! The amount of overheard data points is beyond human remembrance and something I would not repeat in these pages since it would be beyond proper decorum.

Regardless, I continued in this mode for about two hours self-identifying to a few folks along the way.  I decided to take a break strolling (not really) into the sunlight and over to Chevy’s.  There I broke bread with a friend and a new acquaintance. We returned about an hour later as my friends went ahead of me and we proceeded to attend the PK event in the Crypto Commons. The room was much darker provided additional air cover. I moved freely about the room and eventually settled on the left side, end of a row. 

The experiment went well with only two people recognizing me without overt prompting. One could tell from a distance so I changed my approaches after acknowledging the gaff. The other was someone I did not know, but who sat next to me at the PK event. He remembered me in Tina Turner hair from the year before and inquired if I was going to speak this year.  I asked him how he knew and he indicated that the age I portrayed for such an event was out of place so he looked more closely and watched as I sat down. Observant but not the norm at this event. Other activities occurred during the PK that will not make these pages.

All in all the hacking of humans is an easy task. Many sources unwittingly gave up sensitive data points. Much of the information gathered was first hand although I could not discern in some cases of it was second or third. Open telephone conversations and table talk provided a plethora of data points to be produced and analyzed into actionable intelligence.

Just imagine if you have a few dozen corporate spies or foreign intelligence agents collecting information. The haul would be immense!

Author's note: Special thanks to Chrysalis Rose for providing makeup services.

Possibly Related Articles:
Information Security
RSA Social Engineering Hacking Vulnerabilities Data Loss Prevention Intellectual Property Exploits Espionage Impersonators Jeff Bardin HUMINT Human Factor
Post Rating I Like this!
CP Constantine Aha! I knew I was right in never trusting the old..they're all ...up to something!

That's the flipside to conventions though, we're all so eager to share our stories with people that will listen, that sometimes, any ear is enough at a convention. There's an assumption of some shared pain we can connect upon.

More proof that private sector infosec people need something more of an established psychological support network going than the impromptu one we've built for ourselves with conventions and alcohol...
I can suggest the non-social, social network for senior IT and infosec people - Wisegate. Close gated community where Chatham House rules and no vendors allowed. Outside of that, old age and treachery live on ...
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.