DHCP server ? Meh!
Why go to all that trouble when as any fule kno, by far the easiest way to sniff traffic on a wired ethernet switch is to have at it with a shed load of wonky arp packets ? *
Hell, if you can spoof the gateway's MAC to FF:FF:FF:FF:FF:FF (or often times, just set the I/G bit high) you don't even have to forward the packets. You can only see the outbound traffic, but that's enough for capturing passwords in the clear)
Bit noisy mind.
Shit, maybe they just couldn't figure out the massively outdated dependencies to get dsniff to compile, journos eh ?
What a terrible shock it must have been to the BlackHat attendees and organisers to discover that not everyone plays by the rules or accepts the boundaries laid down for them by others.
OTOH bouncing them was the right thing to do, the last thing the BH organisers need is people committing actual crimes. It's the perfect excuse for the event to be shut down by the numerous law enforcement personnel lurking around the place.
* Yes yes, there's ways to spot and mitigate this, but you have to reckon that any network configures thusly would also have noticed a fraudulent DHCP server.