Behind the Scenes at Black Hat: How 20,000 Hackers Kept their Network Running Smoothly
At Black Hat, a conference known for its intense networking demands, an intricate network system seamlessly functions, providing a reliable connection despite the high volume of traffic generated by over 20,000 attendees. The network setup commences a week prior to the event, with two Lumen 10Gbps circuits and 145 Arista Networks Wi-Fi access points, accompanied by hardware, software, and services from various partners such as Cisco Security, Corelight, and Palo Alto Networks.
Neil Wyler, co-lead of Black Hat’s network operations center (NOC) and Vice President of Defensive Services at security firm Coalfire, described the two weeks leading up to the conference as his most stressful of the year but also his favorite due to the challenges it presents.
During Thursday’s presentation about the NOC, impressive statistics were shared, suggesting that this year’s network performed exceptionally well. The presentation reported 100% internet availability, an average Wi-Fi throughput of approximately 800Mbps (with a peak of around 4.2Gbps), 28.4TB of wireless data transferred as of the presentation’s preparation, and 462TB of total network traffic.
Interestingly, a significant portion of this network traffic consists of software updates, indicating that many security professionals update their systems upon arriving at the conference. The NOC is managed by a team of professionals stationed in a small room off a side aisle, where monitors display data from monitoring systems and potential security issues, while a larger projection screen showcases a visualization of network interactions reminiscent of classic Atari games like Missile Command and Asteroids.
Throughout the conference, the NOC team tolerates sketchy user behaviors that would typically be discouraged at other events, usually involving attendees testing techniques taught in sessions. The NOC crew employs AI to help identify anomalies on the network and quickly spot instances of malware or suspicious activities.
AI is also contributing to poor security practices by enabling quick vibe coding, which has led to an increase in apps with insecure elements. The NOC team highlights cases such as a Korean search engine that offers a voice-search option without encryption as examples of sloppy coding. They have also noticed a growing trend of people self-hosting data in cleartext from their laptops or phones.
Despite these issues, Black Hat attendees are making significant improvements in encrypting their internet traffic. This year, 91.18% of the traffic flowing across Black Hat’s network was encrypted, with 8.82% remaining unencrypted. Although this figure is below Google’s 94% encryption rate for Windows Chrome users, it represents a substantial improvement compared to previous years – last year, only 73.8% of network traffic was encrypted.
In conclusion, Black Hat serves as an opportunity for attendees and professionals to test their security measures, learn from mistakes, and improve their practices. As Wyler advised during the NOC presentation, users should regularly analyze their networks using open-source tools like Wireshark to identify potential leaks and ensure they are providing secure connections for their users.
