Resorts World Las Vegas, a hotel that is hosting attendees of the DEF CON hacking conference this week, will perform daily inspections of rooms including those displaying a privacy sign, according to a letter from the hotel given to guests. An information security professional posted a photo of the letter online. Members of the cybersecurity community have reacted with a mix of anger and disappointment on social media.
“Welcome, and thank you for choosing Resorts World Las Vegas. We are pleased that you have joined us, as you have chosen to stay with us for relaxation, fun and excitement!” the message, written on hotel letterhead, reads.
“As you may or may not know, a well-known hacking convention will be held in Las Vegas during your stay,” it adds. DEF CON runs from August 8 to 11, with many attendees already in the city for the separate Black Hat cybersecurity conference or other events. “We remain committed to our guests’ safety and understand the utmost importance of cybersecurity, as well.”
The letter then describes what staff at Resorts World Las Vegas will be doing: “In an effort to increase the safety of our guests, we will be conducting scheduled, brief visual and non-intrusive room inspections daily beginning Monday, August 5. Rooms with a privacy sign will be included as part of the inspection process.”
But… it’s cybersecurity. What is a “brief visual and non-intrusive room inspection” even looking for? Anonymous masks? Green terminals with scrolling text? People shouting “enhance” and/or “I’m in”?
Possibly they’re looking for people assembling their sniper rifles, or trying to ensure that no hotel room gets gutted to become some group’s command HQ with 50 amps of electronics with no shielding sprouting from the wall sockets and clean (de)soldering stations set up alongside an electron microscope?
I know what’s gone on in those hotel rooms in past years, and a lot of it is stuff I wouldn’t want to have to deal with as a hotelier.
Captain Crunch whistles.
I’ve heard you can bankrupt financial institutions with one of those.
For those who missed the joke: Payphone hackers (often called phreakers) discovered that a toy whistle from Captain Crunch cereal boxes could easily be modified to play the specific tone that payphones listened for to indicate that a coin had been inserted. Basically, the phone company didn’t know when a coin has been put in, without some sort of signal from the pay phone. And typically, the only lines run to the phone were the actual phone line. So the pay phone would play a specific 2600Hz tone, indicating that a coin was inserted.
Using this toy whistle, you could essentially use payphones for free, and it was entirely untraceable until the company emptied the phone and counted the coins in the collection bin. In an era when cellphones were only for millionaires and were the size of literal bricks the world was almost entirely dependent on pay phones unless you were at home. So this was a major discovery for phreaks, who quickly began experimenting to see what other tones may be used to send signals.
Naturally, the phone companies panicked, and quickly had the cereal company pull the toys from future boxes.
I like to say enhance before opening the full file from a thumbnail in feh when showing my wife pictures. She hates it and I will not stop
How can an inspection be non-intrusive if it consists of physically entering a guest’s room? As an aside, I was hoping I could attend this year but my company said there wasn’t enough budget 🙄. Whenever I attend Defcon or Blackhat, I stay in hotels not directly within the vicinity of the con because of all the shenanigans.
Non-Intrusive in that they enter the room, which is their property and they have the right to enter, but they aren’t going through your stuff.
They do, and you agree to whatever rights are outlined in the rental agreement when you check in and sign the forms.
When you give someone the key to property you own for an exchange of money, you indeed lose that explicit right.
So, no. You are incorrect. It is their property, but they gave up the right to enter with less than 24 hrs notice when they sold the keys.
This is by definition, intrusive.
I have to point out that they have, indeed, given more than 24 hours notice with the letter they posted. DEF CON hasn’t started yet and they informed the con organizers to inform the attendees with the rooms.
So this is reasonable.
Is it right? Probably not; and they’re probably going to upset a lot of folks. Let’s hope they use discretion and only inspect rooms where they believe something unusual is going on.
As a parent, I have the right to enter my kids’ rooms anytime I want. If I don’t do it respectfully, it will definitely be intrusive.
The hotel does have their rights. When they abuse those rights, it becomes intrusive. Rights don’t really have anything to do with feeling that someone is being intrusive.
Las Vegas always has their SWAT team on standby during Defcon, in case they need to shoot the internet.
How long until the CEO of this hotel gets an email to his personal email address containing a .zip of all of their customer’s PII?
How long until the manager of this hotel gets exposed for putting cameras in the hotel room bathrooms?
Hotel clerk: Sir, is that dangerous equipment you’re setting up?
Hacker: It’s just a WiFi coconut, a rubber duck, a flipper zero, and a few IMSI catchers.
Clerk: Okay then. So, carry on I guess?
