Silk Road forums
Discussion => Security => Topic started by: tbart on August 06, 2013, 04:32 am
-
http://www.dailymail.co.uk/sciencetech/article-2384844/Hacker-creates-tiny-spy-computers-named-CreepyDOL-track-persons-movements-entire-cities.html
Hacker creates tiny spy computers that can track a person's movements over an entire city - and all for just £37
Student Brendan O'Connor said device was 'terrifyingly easy to make'
Named the 'CreepyDOL', the device can keep tabs on anyone on the street
It uses the unique identifier code on tablets and mobiles to get information about a person's location from public Wi-Fi connections
Works even if someone is not connected to a network by using Wi-Fi 'pings'
By Ellie Zolfagharifard
PUBLISHED: 11:27 EST, 5 August 2013 | UPDATED: 11:46 EST, 5 August 2013
Ever wondered who can find out where you are and discover what you’re doing by looking at your mobile data?
The answer, according to security researcher, Brendan O’Connor, is just about anyone.
That is, anyone, who has access to a Raspberry Pi Model A computer, a few over-the-counter sensors and a plastic box.
With $57 (£37) Mr O’Connor managed to create a device, named ‘creepyDOL’, which can track the movement of everyone on the street.
Hackers
With £37 Mr O'Connor managed to create a device, that he has named creepyDOL which can track the movement of everyone on the street. The sensors in the device look at all the wireless traffic emitted by every nearby wireless device, including smartphones and tablets
The sensors in the device looked at all the wireless traffic emitted by every nearby wireless device, including smartphones and tablets.
He then connected each of the boxes to a command and control system, and constructed a data visualisation system to monitor what the sensors picked up.
Actually it’s not hard,’ said Mr O’Connor in a New York Times interview. ‘It’s terrifyingly easy.’
‘It could be used for anything depending on how creepy you want to be,’ he said.
Mr O’Connor found that he could pick up the websites he browsed when he connected to a public Wi-Fi.
Woman Peeking Through Window
Mr O'Connor found that he could was able to pick up the Web sites he browsed when he connected to a public Wi-Fi. He got the unique identifier connected to his mobile and managed to get huge amounts of unencrypted information about where he had been
He got the unique identifier connected to his mobile and managed to get huge amounts of unencrypted information about where he had been.
When he wasn’t connect to a Wi-Fi network, his sensors were still able to track his location through Wi-Fi ‘pings.’
A ping test is used to determine whether your device can communicate with another system over the network.
The CreepDOL boxes are small enough to be hidden under a table, or scattered around city streets without being noticed.
By placing the sensor boxes near the places a person visits, you can spy on just about anyone.
‘It eliminates the idea of “blending into a crowd”’, said Mr O’Conner.
Young man using smart phone
The CreepDOL boxes are small enough to be hidden under a table, or scattered around city streets without being noticed. By placing the sensor boxes near the places a person visits, you could spy on just about anyone
MALWARE ALLOWS OTHERS TO TURN ON THE MIC ON YOUR MOBILE
The FBI is hacking people's mobile devices so that they can turn the mic on and listen in on conversations.
This is according to court documents and interviews with people involved, uncovered by the Wall Street Journal.
The records show that only members of organised crime, terrorist cells, and child pornographers have sofar been subject to this sort of surveillance.
The FBI is also reportedly only using these techniques when 'they have no other choice.'
‘If you have a wireless device (phone, iPad, etc.), even if you’re not connected to a network, CreepyDOL will see you, track your movements, and report home.’
He added that no one can guard against the invasion of privacy, adding that applications leak more information than they should.
For instance, a VPN connects to tunnelling software after connecting to a Wi-Fi hub, meaning that at least for a few seconds, their web traffic is known to anyone wants to find out.
Alongside this, every Wi-Fi network that your mobile has ever connected to in the past is also stored in the device and can be shared.
‘These are fundamental design flaws in the way pretty much everything works,’ he said.
Mr O’Connor is founder of a consulting firm called Malice Afterthought. He is also a law student at the University of Wisconsin at Madison.
He told the New York Times that he only used the device to spy on himself due to a law called the Computer Fraud and Abuse Act.
One of his fellow students, Andrew Auernheimer, was sentenced to 41 months in prison for exploiting a security hole in the computer system of AT&T, which made e-mail addresses accessible for over 100,000 iPad owners.
‘I haven’t done a full deployment of this because the United States government has made a practice of prosecuting security researchers,’ he said in the interview. ‘Everyone is terrified.’
-
Once again Wi-Fi is the most dangerous thing you can have activated.
Not only are all stores tracking you with it but feds turn it on to geolocate you. There's also software out to use your wifi to track your movements around a room. They can also grab your wifi MAC address and then compare it to google's site survey of every AP in N. America/Europe and find your history of movements.
When I read the design document for the NSA "goldfish" secure phone, killing wifi was their #1 thing to do as it's the most manipulated attack space now.
Here's another good wifi locating story:
http://www.technologyreview.com/news/517786/chinese-hacking-team-caught-taking-over-decoy-water-plant/
-
Once again Wi-Fi is the most dangerous thing you can have activated.
Not only are all stores tracking you with it but feds turn it on to geolocate you. There's also software out to use your wifi to track your movements around a room. They can also grab your wifi MAC address and then compare it to google's site survey of every AP in N. America/Europe and find your history of movements.
When I read the design document for the NSA "goldfish" secure phone, killing wifi was their #1 thing to do as it's the most manipulated attack space now.
Here's another good wifi locating story:
http://www.technologyreview.com/news/517786/chinese-hacking-team-caught-taking-over-decoy-water-plant/
fuck so what do we do to not get monitored on while using wifi
-
If someone has their cellphone with them and needs to say something, how can you disable the mic?
Tinfoil? etc
-
The dealers where I live collect phones in a sound proof cooler and leave it outside where they are talking. If it's just a quick private convo of no major LE threatening importance (you aren't conspiring to import cocaine) turn on airplane mode, and wrap the phone up in something and talk quietly. Edward Snowden took his battery out and put it in the fridge which is pretty sound dampening. A stainless steel martini shaker is a good faraday cage and sound muffler too.
Even with the battery out, SoC (system on chip) and new super caps can still hold power. There's also malware that makes it seem like your phone is turned off but it's not. FinFisher/Finspy does this. Look up their videos on youtube that wikileaks posted.
To not get monitored via wi-fi, if you have laptop with a physical switch that turns on and off the wifi chip/card (most laptops do) boot with it off always, then change your mac address using macchanger program.
In most version of linux it's just
sudo ifconfig (look for wifi.. it's usually wlan0 and hardwired ethernet eth0)
sudo apt-get install macchanger
sudo ifconfig wlan0 down
sudo macchanger -a wlan0
sudo ifconfig wlan0 up
You should see success message
Current MAC: 4c:22:d0:b8:78:ae (unknown)
Faked MAC: 00:0f:66:4e:16:88 (Cisco-linksys)
Switches: -a is for random mac of the same vendor, -r for truly random mac of whatever kind (router, ipod, ethernet)
Now activate wifi. Fake MAC good to go. When not using wifi turn it off with the switch.
-
comsec you're like a fountain of fucking knowledge. thank you for all your posts. very informative
-
Here's some more paranoia for you, watch these promo videos (you can watch through Tor)
http://www.youtube.com/watch?v=qc8i7C659FU&list=PL0628506AC2CB8A76
Or just google "Fintrusion Kit". It's a MITM wireless attack, yet another reason to not use wifi. This is the same shady company that sold it's spyware to dictators in the middle east to crackdown on dissidents. Now our cops use it.
Liberte Linux changes your mac automatically when you boot. You can set up tails to do this too (I think, I don't use it). If Tails USB let's you edit /etc/network/interfaces then add this to it:
pre-up macchanger -a wlan0
Now everytime you reboot, it's randomized before even being brought up/online.
-
as an fyi, speaking of faraday cages, carbon fiber cloth is great - it will conduct electricity btw (we used to offer a CF briefcase, one day got a call from an IBM computer tech that had bought one - his fell inside a mainframe computer and shorted out a bunch of crap - he was pissed
but back to point, it's more flexible than those stainless steel cloth wallets Sharper Image offers, and can be used to wrap a phone with
-
The worst part is you dont need to even have wifi on. So basically if you have a device with you, You are fucked. Back to the oldest mobiles i think.
-
HFF, I swear the amount of people doing life sentences or heavy sentences, because of mobile phones/WiFi. The Police/Security services, now do what they call cell mapping, If your phones turned on it becomes a tracker, each and every time you move, a different mast picks up your signal, and you're tracked by satellite. The only way is turning the thing off when you're upto your devilment. People have been placed at the scene of crime through this, and that's exactly how the Feds will try and geo-locate our WiFi. It's a battle we aren't winning, but for every fed programmer/cracker there's a programmer/cracker on our side too.
-
Carrier pigeons FTW!
"tracked by satellite..." I don't think so. Lots of reasons. Especially when RF and trigonometry are good enough to triangulate where your device is.