Last year Hutchins, now Linton targeted Black Hat/DEF CON At midnight on Thursday Matt Linton, a senior Google engine
Last year Hutchins, now Linton targeted
Black Hat/DEF CON At midnight on Thursday Matt Linton, a senior Google engineer who was one of the key players in sorting out the Spectre security hole mess, went to his hotel room in Caesars Palace and found his room key no longer worked.
When he went to reception to find out what the problem was he was met by two security guards who took him to the room, told him pick up his stuff and escorted him off the premises. He was also given a written warning that he would be prosecuted if he stepped foot in the hotel again, which considering itâs the main venue for this yearâs DEF CON hacking conference, is a considerable embuggerence, considering the show is one all hardcore hackers try to get to.
According to the hotelâs security director âThey donât take kindly to threats,â he said. “Sir, your speech has consequences so you better think about that in the future before you threaten,” was another comment from the security team.
This apparently stemmed from a jokey tweet earlier in the week, which you can read in full below:
If I had the time, budget, and motive to launch really good attacks in Vegas, I would:
â Attack random Defcon nerds who are probably mostly broke and powerless
âï¸ Attack ppl at BlackHat who are way more likely to be in positions of power somewhere with ð° to drop on tickets
â Matt Linton ð¦ð¨âð»âï¸âï¸ð¥ð» (@0xMatt) August 8, 2018
While somewhat off-colour, anyone with an ounce of security knowledge could see that this was a joke about how hackers attack the dumbest and easiest low-hanging fruit. But it was enough to earn him a visit from the Las Vegas Police Department the next day.
By the account of one person who was there, the matter was quickly and amicably resolved. Once Linton explained the context of the comment the LVPD were completely satisfied and even liked and retweeted his explanation online.
Things get weird
So the matter appeared settled. But then Linton was booted out by Caesars and, to add insult to injury, he was charged half of the day rate for his room, despite being ejected into Las Vegas in the early hours of the morning with little hope of finding a hotel room.
Linton told The Register that â[the hotel] definitely told me that the conference organizers were worried about my âthreat to their venueââ. This seems highly unlikely – DEF CON organisers would be able to see the tweet for what it was and understand the joke.
Itâs doubly unlikely the organisers objected because the Black Hat and DEF CON hacking conferences have plenty of members who were persecuted by law enforcement in the early days of the industry. Nowadays the NSA, CIA and defense contractors routinely recruit at the two shows because they recognise the talented people who attend have skills that are needed.
Whatâs more likely is that the recent history of Las Vegas had something to do with this. On October 1 last year the city suffered one of the worst mass shootings in American history when a scumbag whose name isnât worth remembering killed 58 people and injured 851 others shooting from his room in the Mandalay Bay hotel – which coincidentally hosts the Black Hat conference Linton spoke at this year.
The atrocity hit the city hard and inspired the #vegasstrong movement but also put the police on high alert to prevent any repeat of the incident. Noted security writer Kim Zetter, who was also attending this yearâs conferences, had her room at the Mandalay Bay forcibly searched because she didnât want housekeepers rummaging through her room.
Because I declined to have maid service in my hotel room at BlackHat, two security guys came to my room and demanded I open my door and let them do a walkthrough search. The hotel never gave me a headsup and the two guys thought I should just believe that they are hotel security.
â Kim Zetter (@KimZetter) August 10, 2018
Given itâs the wee hours of the morning here in Las Vegas there has been no response from the hotel about the situation.
DEF CON organisers tell El Reg they haven’t seen any mention about the incident and are checking to see what happened. But this looks suspiciously like this is another case of overzealous big corporate butt-covering leading to blowback.
“I don’t actually think anyone at DEF CON complained – I think [the hotel employee] was just trying to make me feel like nobody was on my side so I would stop asking for escalations,” Linton told The Reg.
It was only last year that the FBI arrested Marcus Hutchins, the youthful hacker who killed off the mass Wannacry ransomware attack that nearly crippled the UKâs National Health Service, as he left DEF CON â on charges that alleged he might have written some malware as a teenager.
Revealed: El Reg blew lid off Meltdown CPU bug before Intel told US govt â and how bitter tech rivals teamed up
Hutchins has since been stranded in the US for a year while the Wisconsin department of the FBI tries to get its case together that heâs a dangerous criminal, seemingly on the evidence of a single stool pigeon. Linton’s case isn’t as serious, but it seems to be part of a pattern of paranoia.
In the opinion of this vulture someone at the Caesars probably panicked and decided to kick Linton out just to be on the safe side. This is, after all, the land of the lawsuit and corporates are terrified of getting sued.
After the Mandalay Bay murders, the litigation started flying and MGM, which runs the hotel, actually sued the survivors of the abomination so that it could get legal protection from legal suits against those who survived – the first time such a tactic had been seen.
Linton is well respected in the security industry – not just for his Spectre work but also because he does important work mentoring younger security talent. He is also is a volunteer emergency medical technician who heads to disaster zones when the need is there. His banning from DEF CON threatens to cast a shadow over the conference, and wonât help convince the elite hackers who attend that they are in a friendly environment. Â®
Splunk Software As a SIEM