“There are a ton of devices jumping into that space and communicating there,” he says. “It’s not feasible to say ‘we’ll chase down everyone who has this device communicating on this frequency.’ It’s a needle in a haystack.”
That's a really good point. So you would definitely stop using the device as soon as you know it's compromised.
I like the idea of using an accelerometer and a light sensor to trigger a warning which immediately turns off both radios. But that's really easy to avoid.
If they trace the IP to a Starbucks, then it's very easy to find the location of the wifi client. If it's under a table or in a wall, then don't touch it. Just take over the AP and start watching all the traffic. Then scan for RF, correlate network activity with RF bursts, triangulate.
And now I'm thinking about how you might be able to defeat triangulation... Maybe a cluster of radios, some public key crypto... decentralized frequency modulation? I wonder if you could do some tricky stuff with frequency modulation if you know precise distances between the transmitters and receiver, and account for variable weather conditions, etc.
Somehow build a cloud of radio waves that evenly covers an area within a given radius, and the receiver knows how to decode data which was sent by the real transmitter.
And each transmitter is continuously sending random data, so it's impossible to determine if one of the transmitters is a decoy, or the real one.
No, I don't think this would work. I'm sure it would be easy to triangulate each individual transmitter, and then just capture all positions at once.
I love thinking about this stuff, though. What other ideas are there? Maybe if you owned the Starbucks itself, then you could do some tricky stuff with NAT to try and confuse the agents.
EDIT: Another idea: What if you use a quadcopter as a relay between different radio frequencies, and make it fly around in random patterns... You could have a buffer of packets that empties at random intervals, so you couldn't link the radio bursts together.
I just got my Flutter board [1] a few weeks ago, might be a fun experiment.
Every part of this feels like a terrible idea, and, if anything, stands more of a chance of plausibly associating someone to the very activity which they are trying to (literally) distance themselves from.
"It wasn't me, I was miles away" - "Yes, and we know that you possess a long-range aerial, and have bought these parts online, and we have CCTV recordings of someone who looks roughly like you, entering this building and placing your equipment therein. Guilty."
Yeah, this is pretty much the Streisand Effect for spooks. I'd imagine the efforts they'll put into cracking the encryption and triangulating the end user after someone reports the appearance of a mystery box in their cafe/library make the user's communications several orders of magnitude more likely to be listened in on and their identity several orders of magnitude more likely to be exposed than someone who just encrypts their communications and doesn't use the internet at home.
...all of which is meant to be plugged in at some inconspicuous public place—Caudill suggests a dark corner of a public library
Um, okay. Sure. And public libraries should expect to see these unattended devices strewn all over the place without calling the cops and/or throwing them out?
You'd also have to acquire one without there being a record, because unless these became really popular where you lived, you might be the only person around who bought one and that alone might be enough to get a search warrant, which is what having an IP match would've done anyways.
And this is assuming you weren't browser fingerprinted.
I think the better use is the ability to just use my home internet up to a mile away from home, like at the nearby park or at a neighbor's house.
If you find unattended equipment on your property, you certainly can do whatever you please with that unattended equipment. Anyone who is using this device would be happy if the most severe consequence of their actions were losing this device.
In general terms, that's certainly not the case in the UK; finding someone else's belongings in your house does not give you the right to do what you like with them.
IANAL... There is some difference between "I found this coat that says 'property of Sally Smith' on the label (Sally Smith was a guest at my dinner party over the weekend), well, off to the secondhand clothing store!" and "there is a pile of computer-type equipment in one of our closets, and we're going to sell or toss some of the stuff we aren't using". I don't think the latter case is a crime in any jurisdiction. Keep in mind that a device like this will have no identifying marks, because that would defeat the whole purpose.
I don't think the latter case is a crime in any jurisdiction.
Unless you've got reasonable belief that it has been abandoned, or you have made reasonable effort to reunite it with its owner, that's very much a crime in many jurisdictions.
As a related example, I frequently have to tell people that if the previous occupier of an office or abode left something behind, it still belongs to them. There are various effects of bailment and storage and when you can sell it (and even then the original owner can have a claim on proceeds etc) and what have you, but you can't just take possession of a closet full of computer-type equipment.
...you can't just take possession of a closet full of computer-type equipment.
That isn't what we're talking about. TFA describes a device that must be hidden on someone else's site (e.g. in a closet belonging to the site owner full of the site owner's own equipment) in order to be used effectively. Thread originator complained from the perspective of the site owner, not that of the super-secret device hider. We're discussing a device that no one will claim to own, ever, by design. In addition to not ANALing, you apparently don't familiarize yourself with the discussion or TFA before injecting pointless pedantry.
It's exactly what we're talking about. I quote, from YOU:
there is a pile of computer-type equipment in one of our closets, and we're going to sell or toss some of the stuff we aren't using
That's what we're talking about, because YOU brought it up. YOU suggested a difference between stealing your friends clothing, and off-loading some computer equipment you found in a closet. If YOU don't want to talk about it, YOU shouldn't bring it up. If YOU want to stop talking about it, YOU shouldn't pretend that it was someone else who brought it up.
For what it's worth, even if you DO find some kind of obvious nefarious equipment such as the one in the article, you STILL can't do anything you like with it. Taking someone else's property with the intent to permanently deprive them of it is theft in many, many jurisdictions, even if it is something nefarious and they are up to no good.
Take your passive-aggressive whining, put it away and grow up.
Sorry, it could be theft or its lesser known cousin, conversion, at least in common law jurisdictions. Identifying marks are not required to convict you.
https://en.m.wikipedia.org/wiki/Conversion_(law)
Aside from the long extension cord supplying it with power? Or do you plug it in next to the library's wifi router? That would kind of make it stand out, no?
Why do you even need his box? Just point the antennae at the Starbucks or library, change your MAC first.
OT: with the proliferation of xfinitywifi, I have joined at my home when the internet was down on one channel but the xfinitywifi worked. Now I notice when I am out and about, I auto join any wifi named xfinitywifi.
Is it now that simple? With most having joined Xfinitywifi at some time, I can just buy a cheap router, give the SSID xfinitywifi, and people will auto join and I can middle them all day long?
The WiFi Pineapple[1] is a device that will even listen to devices looking for public networks like this and rebroadcast those SSIDs; a feature called PineAP.[2]
Absolutely amazed that Starbucks and the rest are not using some kind of auth. I've noticed a few Starbucks now that have an SSID of google-Starbucks or something similar.
Anyone know if google at least does a better job. Some form of AUTH?
On OS X I can push ALL data through a VPN. Trouble is, it's based on a hostname. I put in anything from /* ( wild cards galore ), http://*, plus the SSL version and any other combination.
I, as well as many others, assuming Apple doesn't delete the thread from their support forums, have been trying to resolve this without running a separate dedicate VPN app that may or may not support auto-scanning type connections that tend to drop off and re-enable For now, 8+ years has never gotten VPN on demand triggered by a call to a hotname as the trigger. Calls from browser, shell, even higher level tools like dig, telnet, etc, do not instant AUTH a VPN connection. It has to be done manually.
If I could feel safe, a setting of, "any packet start of packet egress will stall the connection until VPN is up so zero Dara goes over a non VPN line. A VPZn should get around Sprint's idiocy in throttling video to 600k meaning once you add in audio, 320 is probably the best resolution you will be getting. With a VPN they should not be able to detect the traffic. I'm thinking VPN with all love pointed to a log server remotely stored and that nukes logs pretty quick or send logs to /dev/null but that may make debugging hard.
Edit: tons of spelling, grammar, and additions for clarity—mobile is really a terrible platform for typing ore than what you push to trigger. :)
If you have to have a 'base station', it kind of defeats the purpose, wouldn't it?
Especially because this re-broadcasts the link on another wireless band.
It's trivial to look for a Point-to-Point link with an $8 Software Defined Radio and/or follow the direction that the antennas were aimed once you find the base station.
Why isn't the idea 'flipped' the other way: get a ultra-high gain 2.4GHz or 5GHz antenna on a Wifi card and point it at the Starbucks from a mile away. Then you're 'connected' to the Starbucks while physically being located outside of the area. You're not broadcasting anything, so it's much harder to triangulate.
Of course you can, but it will be quite a while before they get the imagination to look for you at a far distance instead of within a short range like a city block.
This is an interesting idea. By using the 900 MHz band you'll get much greater range than if you were using the 2.4 or 5 GHz bands.
The RF won't look like a cordless phone, though. Those use a really small channel width and amount of bandwidth while this device likely uses a 5 or 10 MHz channel width.
Of course, if someone finds one of these in a public place, law enforcement is likely going to get called ("Look at those antennas! It might be a remotely controlled bomb!").
A better idea, in my opinion, would be to pick up a 2.4 GHz Ubiquiti (e.g., a NanoStation M2), a Yagi antenna, and sit somewhere with a good view of the horizon and find a random open access point to connect to (spoof it's MAC first, though).
Yeah, I see that now. I originally read the article on my phone and didn't pay much attention to the pictures / couldn't tell it was a Rocket. Anyways, I'm familiar with UBNT's products as we use them extensively at $work. My point wasn't so much about what frequency to use but that using something like this means having to get in and set it up somewhere.
Instead, using, e.g., an NSM2, you can connect to any open access point that you can hear (and that can hear you) and wouldn't require getting in some place and connecting a device to their network. That, it seems, would significantly increase your chances of getting caught.
Also, take UBNT's claims about the AirFiber with a grain of salt. Our real-world results with them were less than stellar (although I know of others for whom they work quite well). We bought two links before they were even shipping and ended up taking them down and selling both of them shortly after they were deployed. (Also, are they really $400 now? We paid, if memory serves, about $2,000 each for ours.)
The larger units are $2k, there are new 5GHz units in the Rocket form factor that are $399/unit. Haven't had any experience with the older AirFiber, but the new ones can clear 30 miles at the stated throughput and latency. 100 miles? Haven't tried it - but that would be impressive.
Wouldn't you be vulnerable to radio triangulation? Especially if you are blasting on 900mhz, above FCC power regulations (I'm not sure it is, but a 2 mile range with that small broadcasting antenna?)
I actually like the fact that you can be miles away from your high speed Internet connection and still use your laptop, bypassing mobile data charges. Could a mesh network of these devices be implemented?
I spoke online to a child porn collector who claimed to use a similar system to obtain cp. He'd buy used laptops for close to nothing and place them to leech off public WiFi. They had anti-tamper systems, although he wouldn't reveal the details. (He ditched them aggressively at the slightest sign of trouble). The difference was that he connected to the laptop via the same WiFi the laptop leeches off, thus giving less additional protection than the radio hop.
Huff Duff! They even have people driving around the UK pretending to do this to detect your illicit TV (of course they don't actually do direction finding, but perfect cover for wifi and hf triangulation spooks).
The only real solution is a well hidden hard line to a distant station. Ideally buried in the telco cabling with a tamper sensitive thermite charge attached.
If you're worried about malware leaking IP, use whonix (on a fresh installation if you're worried about the host getting infected also). Malware would need to both get on Whonix and run, and a VM escape to leak anything.
oops I take that back! there is an amateur band, 33cm wavelength, from 902-928mhz. Not sure if this device transmits in the band or not. Would also depend on how much power it uses to transmit.
That's a load of BS. Guy is very naive.
http://literature.cdn.keysight.com/litweb/pdf/5989-9207EN.pd...
You just need three of these to TDOA a single burst.
http://www.keysight.com/en/pd-1414739-pn-N6841A/rf-sensor?ni...