How I Was 0wn3d at my own Event

“You are free to burn down the Treasure Hunt network, but under these conditions:

  1. You wait until the end of the event, so that everybody has a chance to finish. I’ll give you the green light when the time is right;
  2. You have to tell me how you did it;
  3. DoS’ing is lame. We run everything on Raspberry Pis, so you should be embarrassed for even thinking about it.”

Each year, this is what I tell our participants before they start the Treasure Hunt, and I’m always met with wide eyes and a few devious smiles. My feeling is that if you’re tempted to take down a network, take down one where you have permission to do so. If you’ve come up with something interesting, we can all learn from that and become better defenders. Just don’t be a jerk about it and ruin it for everyone else. That’s why I wait until the end of the day to give the go-ahead.

Within about 15 minutes of the start of this year’s Treasure Hunt, I started getting complaints that the main WiFi network was no longer visible. Sure enough, my machine couldn’t see the network, so I hard-wired directly to it. Immediately, I got to the login screen – good sign – and… my credentials didn’t work. It didn’t take long to figure out that someone had changed the credentials and locked me out. That meant that I couldn’t get the access point back online and a big part of the Treasure Hunt was inaccessible.

This was a complete violation of rule #1; I was not impressed.

Here’s the rub: I was using “admin/1nterrupt” as my credentials. Yeah. I really did that. And yeah, I know better, and my lame reason was because I was in a hurry. The weekend before, I managed to brick the OpenWRT I had while running an upgrade. The team was coming over the next morning to stress test the network, and I was desperate to get everything in working order. With an hour to spare, I picked up a new Linksys and slapped it on the network without changing the default credentials.

It took about 15 minutes before the father of a team member showed me the Linksys interface on his iPad, incredulously asking me, “You left it admin/[blank]?!” With a million other issues to solve, I quickly changed the password to “1nterrupt” with every intention of changing it before the event, which of course, I never did.

The team that had gotten into the access point during the Treasure Hunt owned up to what they did, vehemently assuring me that it was pretty easy to guess the password and that they were just poking around the router. They never meant to take down the network; they didn’t even know how they had done it. All I could do was laugh.

It turned out to be the perfect lesson that I hadn’t planned on. We all get busy, and maintaining best practices is tedious and time-consuming. As soon as we stop being vigilant, we give the bad guys that one opportunity they need to turn our good day bad. All the technical skills in the world don’t matter if we don’t apply them consistently and continuously – all the time.

And in case you’re wondering, yes, I’m overhauling the credentials for the whole network.

About Marc Blackmer

Marc is the founder of 1NTERRUPT and has been in the IT and cybersecurity fields since 1998. He is a product marketing manager for industry solutions in Cisco Systems' Security Business Group, focusing on cybersecurity for industrial control systems (ICS) and the Internet of Things (IoT). He also blogs on IoT security on behalf of Cisco at