A Tweet About Hacking During Defcon Gets a Google Engineer in Trouble

Matt Linton, a senior software engineer at Google, says he was asked to leave Caesars Palace hotel in Las Vegas Thursday night after a tweet about hacking was reported to the Las Vegas Metropolitan Police Department. The police have confirmed that Linton is not considered a threat, but until Friday afternoon the engineer said he was not let back into Caesars, which is hosting Defcon, the annual conference that attracts thousands of security researchers, academics, lawyers, and hackers.1 The incident highlights the high level of security precautions being taken in the city less than a year after a mass shooting at the nearby Mandalay Bay Hotel, when a gunman killed 58 people and injured hundreds of others.

Linton sent the tweet on Wednesday night in response to another user’s thread about the Defcon Wi-Fi network, which is notorious for being insecure due to the number of hackers who attend the conference. The original tweet argued that the network might be more secure than people think, since so many users are on it simultaneously. In other words, there are so many possible victims that it’s easy to hide in a crowd. Linton responded that it might be more fruitful, theoretically, to “attack” the wealthy attendees of BlackHat, a more commercial cybersecurity conference that takes place right before Defcon. Linton was a speaker at BlackHat this year.

The short conversation was about the many ways a person’s device might be compromised during the biggest week of the year for hackers. But at the time, Linton was replying to a protected account, meaning people could not view the original tweet if they didn’t already follow that user on Twitter. (The user made their tweets public on Friday.) For most people, Linton’s tweet—which began “If I had the time, budget, and motive to launch really good attacks in Vegas, I would…”—would appear without any other context.

“We saw the comment on social media, it was brought to our attention by the private sector. We have a lot of concerns when someone uses the word attack,” says Jim Seebock, a captain at the Las Vegas Metropolitan Police Department.

Linton says the police got his contact information from Caesars, and then reached him on his cellphone.

“LVPD interviewed me and I believe I had cleared it up with them satisfactorily when they liked and retweeted my second clarification tweet about how ‘attack’ means ‘hack a cell phone’ when you’re at Defcon,” Linton said in a Twitter direct message. (As of Friday afternoon, the police department’s official twitter account did not appear to have liked or retweeted Linton’s messages.)

Seebock confirmed that Linton has since been cleared as a threat, and the engineer is facing no charges. But when Linton returned to his hotel room around midnight Thursday, he discovered that he could not use his keycard to access it. He says he was then asked to leave the hotel, and that he was still charged half the price he paid for his room Thursday night. Caesars did not immediately respond to a request for comment.

“I’m not upset that people were threat-modeling after Mandalay and obviously I realize I chose the wrong verbs in my tweet and that’s on me,” Linton says. “I’m just sad and disappointed that the wind-up machine, which gets set in motion when a ‘threat’ is detected, has no mechanism for unwinding it with new information and clarification being available to show that there was no threat intended at all.”

Several other Defcon attendees publicly asked Caesars to allow Linton to return to the conference. Linton confirmed in a Twitter direct message that Caesars let him back into the building at around 3:30 PM local time. The engineer, who says he has been a volunteer EMT for decades, worries that the incident might impact his record with law enforcement in a way he might not be able to track or understand.

Other Defcon goers are reporting increased security measures at the conference this year. Kim Zetter, a freelance cybersecurity journalist who previously worked for WIRED, tweeted that her hotel room was searched by security guards after she declined maid service.

This also isn’t the first time that Defcon attendees have had run-ins with law enforcement. Last year, authorities arrested Marcus Hutchins, a hacker credited with stopping the notorious WannaCry ransomware attack, as he tried to board a flight home to the United Kingdom. The Department of Justice subsequently unsealed an indictment against Hutchins, alleging he created banking malware. The hacker, who is still in the US, is now trying to have those charges, as well as additional ones piled on, dropped by a US federal district court in Wisconsin.

Unlike Hutchins, Linton has not been charged with any crime. The incident this week appears instead to illustrate how hacker lingo can be easily misinterpreted, especially if you’re trying to protect a city in the wake of a tragedy.

1 Updated 8/10/18, 7:44 PM EDT: Shortly after this article was published, Linton was allowed back into Caesars. We have updated the story accordingly.


More Great WIRED Stories