Resorts World Las Vegas, a hotel that is hosting attendees of the DEF CON hacking conference this week, will perform daily inspections of rooms including those displaying a privacy sign, according to a letter from the hotel given to guests. An information security professional posted a photo of the letter online. Members of the cybersecurity community have reacted with a mix of anger and disappointment on social media.

“Welcome, and thank you for choosing Resorts World Las Vegas. We are pleased that you have joined us, as you have chosen to stay with us for relaxation, fun and excitement!” the message, written on hotel letterhead, reads.

“As you may or may not know, a well-known hacking convention will be held in Las Vegas during your stay,” it adds. DEF CON runs from August 8 to 11, with many attendees already in the city for the separate Black Hat cybersecurity conference or other events. “We remain committed to our guests’ safety and understand the utmost importance of cybersecurity, as well.”

The letter then describes what staff at Resorts World Las Vegas will be doing: “In an effort to increase the safety of our guests, we will be conducting scheduled, brief visual and non-intrusive room inspections daily beginning Monday, August 5. Rooms with a privacy sign will be included as part of the inspection process.”

  • Vent@lemm.ee
    link
    fedilink
    arrow-up
    165
    ·
    4 months ago

    But… it’s cybersecurity. What is a “brief visual and non-intrusive room inspection” even looking for? Anonymous masks? Green terminals with scrolling text? People shouting “enhance” and/or “I’m in”?

    • Em Adespoton@lemmy.ca
      link
      fedilink
      arrow-up
      69
      arrow-down
      2
      ·
      4 months ago

      Possibly they’re looking for people assembling their sniper rifles, or trying to ensure that no hotel room gets gutted to become some group’s command HQ with 50 amps of electronics with no shielding sprouting from the wall sockets and clean (de)soldering stations set up alongside an electron microscope?

      I know what’s gone on in those hotel rooms in past years, and a lot of it is stuff I wouldn’t want to have to deal with as a hotelier.

    • xmunk@sh.itjust.works
      link
      fedilink
      arrow-up
      26
      ·
      4 months ago

      Captain Crunch whistles.

      I’ve heard you can bankrupt financial institutions with one of those.

      • PM_Your_Nudes_Please@lemmy.world
        link
        fedilink
        arrow-up
        13
        ·
        4 months ago

        For those who missed the joke: Payphone hackers (often called phreakers) discovered that a toy whistle from Captain Crunch cereal boxes could easily be modified to play the specific tone that payphones listened for to indicate that a coin had been inserted. Basically, the phone company didn’t know when a coin has been put in, without some sort of signal from the pay phone. And typically, the only lines run to the phone were the actual phone line. So the pay phone would play a specific 2600Hz tone, indicating that a coin was inserted.

        Using this toy whistle, you could essentially use payphones for free, and it was entirely untraceable until the company emptied the phone and counted the coins in the collection bin. In an era when cellphones were only for millionaires and were the size of literal bricks the world was almost entirely dependent on pay phones unless you were at home. So this was a major discovery for phreaks, who quickly began experimenting to see what other tones may be used to send signals.

        Naturally, the phone companies panicked, and quickly had the cereal company pull the toys from future boxes.

    • finestnothing@lemmy.world
      link
      fedilink
      arrow-up
      17
      ·
      4 months ago

      I like to say enhance before opening the full file from a thumbnail in feh when showing my wife pictures. She hates it and I will not stop

  • edric@lemm.ee
    link
    fedilink
    English
    arrow-up
    60
    ·
    edit-2
    4 months ago

    How can an inspection be non-intrusive if it consists of physically entering a guest’s room? As an aside, I was hoping I could attend this year but my company said there wasn’t enough budget 🙄. Whenever I attend Defcon or Blackhat, I stay in hotels not directly within the vicinity of the con because of all the shenanigans.

    • Fuzzy_Red_Panda@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      ·
      4 months ago

      How can an inspection be non-intrusive if it consists of physically entering a guest’s room?

      “Because we said it was!” - Hotel Management

    • jordanlund@lemmy.world
      link
      fedilink
      arrow-up
      15
      arrow-down
      34
      ·
      4 months ago

      Non-Intrusive in that they enter the room, which is their property and they have the right to enter, but they aren’t going through your stuff.

        • jordanlund@lemmy.world
          link
          fedilink
          arrow-up
          11
          arrow-down
          22
          ·
          4 months ago

          They do, and you agree to whatever rights are outlined in the rental agreement when you check in and sign the forms.

            • shalafi@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              8
              ·
              4 months ago

              So you can’t sign away your right to not have your room searched on the owner’s property?

              You’re getting upvotes and the other guy down. Based on feelings.

              Legal chapter and verse please.

              • meco03211@lemmy.world
                link
                fedilink
                arrow-up
                20
                arrow-down
                2
                ·
                4 months ago

                There are still rights you 100% cannot sign away regardless of what property you are on.

                • jordanlund@lemmy.world
                  link
                  fedilink
                  arrow-up
                  7
                  arrow-down
                  18
                  ·
                  4 months ago

                  There are also rights people think they have on private property that they absolutely do not have. ;)

      • foggy@lemmy.world
        link
        fedilink
        arrow-up
        26
        arrow-down
        3
        ·
        4 months ago

        When you give someone the key to property you own for an exchange of money, you indeed lose that explicit right.

        So, no. You are incorrect. It is their property, but they gave up the right to enter with less than 24 hrs notice when they sold the keys.

        This is by definition, intrusive.

        • Melody Fwygon@lemmy.one
          link
          fedilink
          English
          arrow-up
          18
          ·
          4 months ago

          I have to point out that they have, indeed, given more than 24 hours notice with the letter they posted. DEF CON hasn’t started yet and they informed the con organizers to inform the attendees with the rooms.

          So this is reasonable.

          Is it right? Probably not; and they’re probably going to upset a lot of folks. Let’s hope they use discretion and only inspect rooms where they believe something unusual is going on.

          • Nindelofocho@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            4 months ago

            On that technicality though couldnt anyone just put that notice in the initial contract on any place and then come in anytime? I feel like that wouldnt fly

          • foggy@lemmy.world
            link
            fedilink
            arrow-up
            15
            arrow-down
            5
            ·
            edit-2
            4 months ago

            Spot the person who has a fundamental misundertanding of property rights.

            Get fucked, my guy. I was polite, but youre returning fightin words.

            Google the term “reasonable person” and quickly learn that any such agreement has no legal standing. It’s an agreement. It is not contractual. It is not enforcable.

            • meco03211@lemmy.world
              link
              fedilink
              arrow-up
              12
              ·
              4 months ago

              Not the person you’re responding to… but consider your proposal that an unreasonable person Google the definition of a reasonable person. I imagine they won’t come to the correct conclusion.

          • hoshikarakitaridia@lemmy.world
            link
            fedilink
            arrow-up
            11
            arrow-down
            2
            ·
            edit-2
            4 months ago

            Let’s break those contract down: contracts are enforceable. Unless, they interfere with other rights you have and those take priority. How? Well there’s things like conscionability and consideration.

            Consideration means, both parties have to get something in return. It can literally be a corn of rice, but it has to be something.

            Conscionability means there’s things too egregious to be enforceable through contract law.

            For example I can’t sign a contract that I want to be killed by someone else. It gets very complicated, but in it’s most basic form, it is unconscionable to just chalk a death up to freedom, just because you found a contract of the victim stating they want to be killed. The investigation takes priority and a prosecution’s case could be brought in spite of any contract. This render such a contract void.

            So what does this fall under? Well there’s a lot of rights that people that rent a property have and that they can enforce against them against the landlords. Some of those rights pierce the veil of the contract and therefore are enforceable in spite of the contract.

            Now I am not sure about the rights in this particular situation but there is a solid chance this creates a legal claim against the hotel company.

            My point is, both of you are right, but you are getting down voted right now because you are ignoring the the fact that contract law, although very broad, is not absolute, and especially in this case it might be unenforceable.

            Obligatory IANAL.

            • foggy@lemmy.world
              link
              fedilink
              arrow-up
              10
              ·
              edit-2
              4 months ago

              The biggest point of issue, if I were a lawyer, is whether or not these terms were agreed upon (or ‘not’) before or after the point of sale.

              • hoshikarakitaridia@lemmy.world
                link
                fedilink
                arrow-up
                5
                arrow-down
                1
                ·
                4 months ago

                I mean yeah if it’s not in the original contract that obv makes it way easier, assuming they didn’t suddenly agree to a second contract mentioning explicitly that.

                That is, either terms of the contract can be unenforceable, the whole contract could get voided or the the terms are not in the contract. Any of that means there’s a good chance the hotel is doing illegal things.

                And quiet frankly, if I were the hotel I would not try that stuff, and even if I announced this, I wouldn’t follow through.

                Way to make your lawyers and bank account work overtime.

      • machinin@lemmy.world
        link
        fedilink
        arrow-up
        10
        arrow-down
        2
        ·
        4 months ago

        As a parent, I have the right to enter my kids’ rooms anytime I want. If I don’t do it respectfully, it will definitely be intrusive.

        The hotel does have their rights. When they abuse those rights, it becomes intrusive. Rights don’t really have anything to do with feeling that someone is being intrusive.

  • foggy@lemmy.world
    link
    fedilink
    arrow-up
    43
    ·
    edit-2
    4 months ago

    How long until the CEO of this hotel gets an email to his personal email address containing a .zip of all of their customer’s PII?

  • gedaliyah@lemmy.worldM
    link
    fedilink
    arrow-up
    41
    ·
    4 months ago

    Hotel clerk: Sir, is that dangerous equipment you’re setting up?

    Hacker: It’s just a WiFi coconut, a rubber duck, a flipper zero, and a few IMSI catchers.

    Clerk: Okay then. So, carry on I guess?

  • jordanlund@lemmy.world
    link
    fedilink
    arrow-up
    38
    ·
    4 months ago

    “scheduled” - We’re telling you when we’re coming, hide yo’ shit!

    OTOH - WTF do they think they’re looking for? I don’t expect hotel staff to know a nefarious device from a multi-port USB hub.

  • 4am@lemm.ee
    link
    fedilink
    arrow-up
    35
    ·
    edit-2
    4 months ago

    Would be great to find out that this wasn’t a real notice, someone just social-engineered hotel letterhead from three different hotels and printed up something inflammatory to catch the community’s attention.

  • Nasan@sopuli.xyz
    link
    fedilink
    arrow-up
    30
    ·
    4 months ago

    For anyone else curious which hotels are affected by this measure:

    • Hilton Las Vegas
    • Conrad Las Vegas
    • Crockfords Las Vegas
  • Bahnd Rollard@lemmy.world
    link
    fedilink
    arrow-up
    21
    ·
    4 months ago

    They appear to be starting this before the event, so something has them spooked (could just be the con full of spooks). Also with the volume of technical know-how that is going to be in attendance I think

    1. There is no way someone wont spot funny bususiness if a group or indivudal is trying to pull something.

    2. If a visual inspection is all their doing (unlikely) then this amounts to nothing more that security theatre. If they are being more invasive the attendees will know (its DEF CON for fuck sake).

    3. This may just prompt the attendees to book at another resort next year and hurt the hotel in the long run, seeing as this is very close to the opening of the con I dont see many groups changing their booking in time.

    • aramis87@fedia.io
      link
      fedilink
      arrow-up
      14
      ·
      4 months ago

      If they are being more invasive the attendees will know

      With this announcement, I fully expect every DefCon room to be running their own security cameras.

    • Drusas@kbin.run
      link
      fedilink
      arrow-up
      13
      ·
      4 months ago

      If I learned this after I had booked, I would be expecting a refund as well as compensation for missing the conference if I couldn’t find alternative accommodation.

  • Flying Squid@lemmy.world
    link
    fedilink
    arrow-up
    18
    arrow-down
    3
    ·
    4 months ago

    They did know announcing this ahead of time is just begging to have their system hacked and taken down, right?

      • Flying Squid@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        4 months ago

        I would be very surprised if they didn’t have a hotel intranet for various administrative functions, especially with an attached convention center, and probably one with an external pipe to some central server that the corporation uses.

  • adam_y@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    1
    ·
    4 months ago

    Yeah, OK, time to hack their schedule.

    Look on your list, you’ve already been in here today.

    This is just a tutorial level.