back to article Et tu, Brute? Then fail, Caesars: When it's hotel staff, not the hackers, invading folks' privacy

The hacking world's summer camp has ended. The last of the Black Hat USA, BSides Las Vegas, and DEF CON attendees and organizers have now left Sin City after a week of lectures, networking, and partying. What unfolded over those seven or so days will have knock-on effects for years to come – not just from researchers and …

  1. ciaran

    Security Theater

    Yes, its obviously just theater. Surely one of the attendees could have found a way to infer the amount of metal in a room? Or inconspicuous metal detectors in the hallways? Then they could bring the police along to a search when there was an actual suspicion.

    So did any random foreign infosec hero get detained at the airport on the way out?

    Great article, thanks.

  2. Richard 12 Silver badge

    Caesars have proven themselves incompetent

    I'll be kind and assume that firearms are banned by policy, so an innocent guest isn't likely to open fire on an intruder.

    What if there actually had been someone in that hotel who genuinely did intend harm via gunfire?

    What exactly is going to happen when someone barges in on them unannounced?

    It seems to me that's an effective way to get your employees shot dead. Along with a few innocent bystanders.

    And what are the thousands of normal paying guests going to think when a couple of burly someones bursts into their room unannounced with no ID?

    That's a ****ing terrifying experience.

    Are they ever going to want to stay there again?

  3. Pascal Monett Silver badge

    Forget about staying there again. I've just read the article and now I don't even want to go there.

  4. Warm Braw Silver badge

    I reached much the same conclusion from watching an episode of CSI! I assume it's not the history of Mob corruption and violence, the 171 murders (excluding the 58 in the mass shooting) of 2017, the brutal climate, the permanent twilight of the casinos or the fact the entire town only exists to separate people from their money that makes it such a desirable destination. Because, if it is, DEF CON might as well pack up and go home: humanity has chosen a different path.

  5. Destroy All Monsters Silver badge
    Paris Hilton

    Re: Caesars have proven themselves incompetent

    What if there actually had been someone in that hotel who genuinely did intend harm via gunfire?

    What if there actually had been someone in that hotel who did not intend harm via gunfire but was packing and a bit nervous about unannounced visits?

    Matrix_Lobby_Scene.mov

  6. Edward Clarke

    Re: Caesars have proven themselves incompetent

    "It is legal to carry concealed or openly in a bar or restaurant, even while consuming alcohol. One cannot possess a firearm if their blood alcohol content is more than .10 BAC (NRS 202.257). It is legal to carry openly or concealed inside a casino, on the Las Vegas Strip, or at the Fremont Street Experience."

    https://www.nevadacarry.org/

    https://www.nevadacarry.org/open-carry.html

    But wait, there's more - Nevada is a "Stand Your Ground" state.

    https://www.shouselaw.com/blog/nevada-stand-ground

    That naked lady in the shower would have been legally able to shoot both of those guys. Might have lost her room deposit though.

  7. Androgynous Cupboard Silver badge

    Re: Caesars have proven themselves incompetent

    Well now that I know everyone can be armed in the hotel and you're allowed to shoot people if you feel threatened, I for one would be able to sleep soundly in my hotel bed. Dreaming of cinder-block walls.

  8. ZPO

    Re: Caesars have proven themselves incompetent

    It is highly unlikely that firearms are banned by policy in the hotel space. Firearms are banned from the floors of casinos (at least they were last time I was there). There are thousands of people quite legally carrying concealed firearms in Las Vegas on a daily basis. Spoiler alert - nobody gets hurt.

    People forcing their way into hotel rooms while not wearing obvious uniforms and presenting legitimate identification (verified with the front desk) are going to get shot at some point. It will be an interesting court case when that happens. The policies needs to be modified. Hopefully the video of hotel "security" doing a lot more than a visual check will result in actual change instead of a couple BS press releases.

  9. Teiwaz Silver badge

    Re: Caesars have proven themselves incompetent

    Spoiler alert - nobody gets hurt.

    Until lots of people do, then there's a short period of angst, followed by a long period of paranoia after the NRA kicks the usual up a gear. Then business as usual until it happens again, few lessons, seemingly learnt.

  10. Chez

    Re: Caesars have proven themselves incompetent

    >People forcing their way into hotel rooms while not wearing obvious uniforms and presenting legitimate identification (verified with the front desk) are going to get shot at some point.

    Not terribly likely, unless entry was genuinely forcible; gun owners are fairly responsible about these sorts of things, specifically when deadly force can and cannot be used.

    A man in Texas was acquitted of manslaughter charges after killing several deputies during a no-knock raid in which the police failed to announce that they were actually police, making the raid indistinguishable from a well-coordinated home invasion. Hotel staff opening your door with a keycard is fairly different from that sort of forceable entry.

  11. Doctor Syntax Silver badge

    Re: Caesars have proven themselves incompetent

    "That naked lady in the shower would have been legally able to shoot both of those guys. Might have lost her room deposit though."

    And a surcharge for cleaning the blood off the carpet.

  12. Doctor Syntax Silver badge

    Re: Caesars have proven themselves incompetent

    "Hotel staff opening your door with a keycard is fairly different from that sort of forceable entry."

    DEF CON attendees probably don't assume that unlocking the door requires official sanction. If there's a next year they'll probably ensure the locks only open for their own keys.

  13. phuzz Silver badge

    Re: Caesars have proven themselves incompetent

    Spoiler alert - nobody gets hurt.

    In 2017 there were 155 deaths and 165 injuries due to firearms in Las Vegas. That's not including the 59 dead and 441 injured in the Mandalay shooting that year.

    (source)

  14. BillG Silver badge
    FAIL

    Re: Caesars have proven themselves incompetent

    Minimum wage security people.

  15. JohnFen Silver badge

    Re: Caesars have proven themselves incompetent

    "DEF CON attendees probably don't assume that unlocking the door requires official sanction."

    Given that the majority of hotel locks are ludicrously insecure, nobody should assume that unlocking the door can only be done by authorized personnel. It doesn't even require above-average hacking skills.

  16. JohnFen Silver badge

    Re: Caesars have proven themselves incompetent

    Damn, Edward, that's scary stuff. I think you've convinced me to expand my avoidance of Vegas to include the entire state of Nevada.

  17. Anonymous Coward
    Anonymous Coward

    Re: Caesars have proven themselves incompetent

    > And a surcharge for cleaning the blood off the carpet.

    No. That was of Caesars own doing, from the actions of their incompetent staff.

  18. LucreLout Silver badge

    Re: Caesars have proven themselves incompetent

    A man in Texas was acquitted of manslaughter charges after killing several deputies during a no-knock raid in which the police failed to announce that they were actually police, making the raid indistinguishable from a well-coordinated home invasion. Hotel staff opening your door with a keycard is fairly different from that sort of forceable entry.

    It is, but I'm not sure you can expect a young lady who is naked in the shower on a night to make the same determination we can from the safey of our (hopefully) fully clothed desks with the facts in evidence.

  19. BuggerOff

    Re: Caesars have proven themselves incompetent

    "opening your door with a keycard is fairly different from that sort of forceable entry."

    Because counterfeiting key-cards wasn't demonstrated 5 minutes after the technology was rolled out.

  20. Androgynous Cupboard Silver badge

    Re: Caesars have proven themselves incompetent

    Thank you phuzz, for pointing out the nine hundred pound pink tapdancing elephant that ZPO is wilfully ignoring.

  21. Sgt_Oddball Silver badge

    Re: Caesars have proven themselves incompetent

    Do none of these doors have a chain or latch to prevent external access when occupied? I was fairly certain they're a standard thing. But if the staff are circumventing these then it'd be no surprise if someone vented them for this at some point unless they announce their visit.

  22. gc23

    Re: Caesars have proven themselves incompetent

    Chances are good few, if any, of those deaths resulted from a permitted gun carrier (they don't like to publish all the facts).

  23. Korev Silver badge

    Staff cost reductions maid

    the hotel promotes skipping maid service to save staff costs

    fixed that for you...

  24. ChrisElvidge

    Re: Staff cost reductions maid

    I would have thought skipping maids were more expensive than the non-skipping variety.

  25. Teiwaz Silver badge

    Re: Staff cost reductions maid

    I would have thought skipping maids were more expensive than the non-skipping variety.

    What about the cost benefit analysis on stripping maids, bet they're cheaper than the skipping ones (especially when booked from guys in flamboyant costumes).

  26. Warm Braw Silver badge

    Re: Staff cost reductions maid

    bet they're cheaper

    Probably cheaper than maids-a-milking whose number is strictly limited and who are to be found only for a short time each year.

  27. Korev Silver badge
    Terminator

    This year was a stroke of genius: the badges contained a retro roleplaying game you could access via USB, 30 LEDs, and other IO ports. You could unlock new RPG levels if you connected your badge to another badge types – human, press, speaker and so forth – with the lights telling you if the link was successful.

    Baring in mind the target audience, wouldn't many of them just "help themselves" to the extra levels?

  28. imanidiot Silver badge

    Seeing at to what the point of DefCon IS, if you can get yourself the levels by hacking your badge than props to you. IT is however encouraged to share your methods and attack vectors if you are successful so that others may learn.

  29. Anonymous Coward
    Anonymous Coward

    "Et tu Bruté"

    Not sure if the title was meant to mean something in french. The accent hints at a yes ...

    Be insured it makes no sense at all.

    You guys need to try harder at french :)

  30. Sixtysix
    FAIL

    Re: "Et tu Bruté"

    Caeser Palace... Brute... stabbed in the back

    The classics? Latin? Roman Emprire?

    ...Ohhhhh I get it.- look everyone! Look! See the troll in it's natural habitat: the Interwebs!

  31. Credas Silver badge

    Re: "Et tu Bruté"

    Be insured it makes no sense at all.

    Rather like your English. :)

  32. Wensleydale Cheese Silver badge

    Re: "Et tu Bruté"

    "You guys need to try harder at french"

    Try Latin.

  33. Def Silver badge
    WTF?

    Re: "Et tu Bruté"

    Be insured it makes no sense at all.

    Given the general level of grammar and spelling on the Internet these days, I really don't know if that was an extremely clever comment or a monumental fuck up. :) I'll give you the benefit of the doubt this time, but next time remember to end your sentence with a smiley face and/or use an appropriate icon. ;)

  34. Warm Braw Silver badge

    Re: "Et tu Bruté"

    Be insured

    Toujours de bons conseils

  35. sw guy

    Re: "Et tu Bruté"

    Yes, this was a attempt to write Latin, though a failed one:

    No accent (no diacritic at all) in Latin.

  36. iron Silver badge

    Re: "Et tu Bruté"

    I'm surprised your stunningly ignorant comment doesn't have more down votes.

  37. Anonymous Coward
    Anonymous Coward

    Re: "Et tu Bruté"

    "You guys need to try harder at french"

    Try Latin.

    It's all Greek to me

  38. Unep Eurobats
    Coat

    Re: "Et tu Bruté"

    Shakespeare got it wrong. It's actually a corruption of 'Et tu, brew tea', meaning that Caesar wanted his trusty lieutenant Brutus to bring him a nice cuppa, sharpish. However the only thing sharp in the vicinity is Brutus's dagger, which he proceeds to bury in the imperial ribcage, thereby allowing Caesar to utter his actual last words which, as any fule kno, are 'Infamy, infamy, they've all got it in for me!'

  39. Robert Carnegie Silver badge

    Infamy! Infamy!

    Or of course "en famille"...

    They've all got it - oh, no they haven't.

  40. dwieske

    Re: "Et tu Bruté"

    Hilarious example of someone exposing their stupidity while trying to be smart :)

  41. imanidiot Silver badge

    Re: "Et tu Bruté"

    Strictly speaking the words "Et tu, Brute" come from Shakespears Julius Ceasar. Some have also said the words to be "Kai su, teknon" meaning either the same: You too, my son? or alternatively the slightly more colorfull: Screw you, young man!

  42. Anonymous Coward
    Anonymous Coward

    Re: "Et tu Bruté"

    'It's actually a corruption of 'Et tu, brew tea''

    The full story (as any fule kno) is:

    Caesar adsum iam forte

    Brutus aderat

    Caesar sic in omnibus

    Brutus sic inat

  43. Doctor Syntax Silver badge

    Re: "Et tu Bruté"

    Kids!

    What do they teach in schools these days?

  44. PK

    Re: "Et tu Bruté"

    I've now got this image of Ceasar's last words being "Brutus that's sick innit"

  45. Mycho Silver badge

    Re: "Et tu Bruté"

    Wait.

    All these posts complaining about people's linguistic errors...

    Oh, well plaid!

  46. gc23
    FAIL

    Re: "Et tu Bruté"

    It's "ensured", not "insured".

    If you're going to make comments like that, make sure you're not making a fool of yourself while doing so.

  47. Fruit and Nutcase Silver badge
    Thumb Up

    Re: "Et tu Bruté"

    @imanidiot/@AC

    Strictly speaking the words "Et tu, Brute" come from Shakespears Julius Ceasar...

    That's more or less what Natalie Haynes eluded to in "Wordaholics" Series 2, Episode 2 on Radio 4 Extra, yesterday! And whilst The Bard used Latin, "Kai su, teknon" is Greek - as AC rightly stated It's all Greek to me

  48. Fruit and Nutcase Silver badge

    Re: Infamy! Infamy!

    Rank stupidity!

  49. Michael Wojcik Silver badge

    Re: "Et tu Bruté"

    It's "ensured", not "insured".

    Are you sure? I think OP was going for "assured".

  50. Doctor Syntax Silver badge

    Re: "Et tu Bruté"

    "If you're going to make comments like that, make sure you're not making a fool of yourself while doing so."

    Given the gist of the comment a little confusion between near homonyms doesn't add much to the folly.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018