“There are a ton of devices jumping into that space and communicating there,” he says. “It’s not feasible to say ‘we’ll chase down everyone who has this device communicating on this frequency.’ It’s a needle in a haystack.”
That's a really good point. So you would definitely stop using the device as soon as you know it's compromised.
I like the idea of using an accelerometer and a light sensor to trigger a warning which immediately turns off both radios. But that's really easy to avoid.
If they trace the IP to a Starbucks, then it's very easy to find the location of the wifi client. If it's under a table or in a wall, then don't touch it. Just take over the AP and start watching all the traffic. Then scan for RF, correlate network activity with RF bursts, triangulate.
And now I'm thinking about how you might be able to defeat triangulation... Maybe a cluster of radios, some public key crypto... decentralized frequency modulation? I wonder if you could do some tricky stuff with frequency modulation if you know precise distances between the transmitters and receiver, and account for variable weather conditions, etc.
Somehow build a cloud of radio waves that evenly covers an area within a given radius, and the receiver knows how to decode data which was sent by the real transmitter.
And each transmitter is continuously sending random data, so it's impossible to determine if one of the transmitters is a decoy, or the real one.
No, I don't think this would work. I'm sure it would be easy to triangulate each individual transmitter, and then just capture all positions at once.
I love thinking about this stuff, though. What other ideas are there? Maybe if you owned the Starbucks itself, then you could do some tricky stuff with NAT to try and confuse the agents.
EDIT: Another idea: What if you use a quadcopter as a relay between different radio frequencies, and make it fly around in random patterns... You could have a buffer of packets that empties at random intervals, so you couldn't link the radio bursts together.
I just got my Flutter board [1] a few weeks ago, might be a fun experiment.
Every part of this feels like a terrible idea, and, if anything, stands more of a chance of plausibly associating someone to the very activity which they are trying to (literally) distance themselves from.
"It wasn't me, I was miles away" - "Yes, and we know that you possess a long-range aerial, and have bought these parts online, and we have CCTV recordings of someone who looks roughly like you, entering this building and placing your equipment therein. Guilty."
Yeah, this is pretty much the Streisand Effect for spooks. I'd imagine the efforts they'll put into cracking the encryption and triangulating the end user after someone reports the appearance of a mystery box in their cafe/library make the user's communications several orders of magnitude more likely to be listened in on and their identity several orders of magnitude more likely to be exposed than someone who just encrypts their communications and doesn't use the internet at home.
...all of which is meant to be plugged in at some inconspicuous public place—Caudill suggests a dark corner of a public library
Um, okay. Sure. And public libraries should expect to see these unattended devices strewn all over the place without calling the cops and/or throwing them out?
You'd also have to acquire one without there being a record, because unless these became really popular where you lived, you might be the only person around who bought one and that alone might be enough to get a search warrant, which is what having an IP match would've done anyways.
And this is assuming you weren't browser fingerprinted.
I think the better use is the ability to just use my home internet up to a mile away from home, like at the nearby park or at a neighbor's house.
If you find unattended equipment on your property, you certainly can do whatever you please with that unattended equipment. Anyone who is using this device would be happy if the most severe consequence of their actions were losing this device.
Why do you even need his box? Just point the antennae at the Starbucks or library, change your MAC first.
OT: with the proliferation of xfinitywifi, I have joined at my home when the internet was down on one channel but the xfinitywifi worked. Now I notice when I am out and about, I auto join any wifi named xfinitywifi.
Is it now that simple? With most having joined Xfinitywifi at some time, I can just buy a cheap router, give the SSID xfinitywifi, and people will auto join and I can middle them all day long?
If you have to have a 'base station', it kind of defeats the purpose, wouldn't it?
Especially because this re-broadcasts the link on another wireless band.
It's trivial to look for a Point-to-Point link with an $8 Software Defined Radio and/or follow the direction that the antennas were aimed once you find the base station.
Why isn't the idea 'flipped' the other way: get a ultra-high gain 2.4GHz or 5GHz antenna on a Wifi card and point it at the Starbucks from a mile away. Then you're 'connected' to the Starbucks while physically being located outside of the area. You're not broadcasting anything, so it's much harder to triangulate.
This is an interesting idea. By using the 900 MHz band you'll get much greater range than if you were using the 2.4 or 5 GHz bands.
The RF won't look like a cordless phone, though. Those use a really small channel width and amount of bandwidth while this device likely uses a 5 or 10 MHz channel width.
Of course, if someone finds one of these in a public place, law enforcement is likely going to get called ("Look at those antennas! It might be a remotely controlled bomb!").
A better idea, in my opinion, would be to pick up a 2.4 GHz Ubiquiti (e.g., a NanoStation M2), a Yagi antenna, and sit somewhere with a good view of the horizon and find a random open access point to connect to (spoof it's MAC first, though).
Wouldn't you be vulnerable to radio triangulation? Especially if you are blasting on 900mhz, above FCC power regulations (I'm not sure it is, but a 2 mile range with that small broadcasting antenna?)
I actually like the fact that you can be miles away from your high speed Internet connection and still use your laptop, bypassing mobile data charges. Could a mesh network of these devices be implemented?
I spoke online to a child porn collector who claimed to use a similar system to obtain cp. He'd buy used laptops for close to nothing and place them to leech off public WiFi. They had anti-tamper systems, although he wouldn't reveal the details. (He ditched them aggressively at the slightest sign of trouble). The difference was that he connected to the laptop via the same WiFi the laptop leeches off, thus giving less additional protection than the radio hop.
Huff Duff! They even have people driving around the UK pretending to do this to detect your illicit TV (of course they don't actually do direction finding, but perfect cover for wifi and hf triangulation spooks).
The only real solution is a well hidden hard line to a distant station. Ideally buried in the telco cabling with a tamper sensitive thermite charge attached.
If you're worried about malware leaking IP, use whonix (on a fresh installation if you're worried about the host getting infected also). Malware would need to both get on Whonix and run, and a VM escape to leak anything.
[+] [-] madengr|10 years ago|reply
That's a load of BS. Guy is very naive.
http://literature.cdn.keysight.com/litweb/pdf/5989-9207EN.pd...
You just need three of these to TDOA a single burst.
http://www.keysight.com/en/pd-1414739-pn-N6841A/rf-sensor?ni...
[+] [-] nathan_f77|10 years ago|reply
I like the idea of using an accelerometer and a light sensor to trigger a warning which immediately turns off both radios. But that's really easy to avoid.
If they trace the IP to a Starbucks, then it's very easy to find the location of the wifi client. If it's under a table or in a wall, then don't touch it. Just take over the AP and start watching all the traffic. Then scan for RF, correlate network activity with RF bursts, triangulate.
And now I'm thinking about how you might be able to defeat triangulation... Maybe a cluster of radios, some public key crypto... decentralized frequency modulation? I wonder if you could do some tricky stuff with frequency modulation if you know precise distances between the transmitters and receiver, and account for variable weather conditions, etc.
Somehow build a cloud of radio waves that evenly covers an area within a given radius, and the receiver knows how to decode data which was sent by the real transmitter.
And each transmitter is continuously sending random data, so it's impossible to determine if one of the transmitters is a decoy, or the real one.
No, I don't think this would work. I'm sure it would be easy to triangulate each individual transmitter, and then just capture all positions at once.
I love thinking about this stuff, though. What other ideas are there? Maybe if you owned the Starbucks itself, then you could do some tricky stuff with NAT to try and confuse the agents.
EDIT: Another idea: What if you use a quadcopter as a relay between different radio frequencies, and make it fly around in random patterns... You could have a buffer of packets that empties at random intervals, so you couldn't link the radio bursts together.
I just got my Flutter board [1] a few weeks ago, might be a fun experiment.
[1] https://www.kickstarter.com/projects/flutterwireless/flutter...
[+] [-] pavel_lishin|10 years ago|reply
But this would still require authorities on the ground, and aware that you're using a setup such as this.
This isn't a silver bullet, it's just another layer of protection.
[+] [-] jamesbrownuhh|10 years ago|reply
"It wasn't me, I was miles away" - "Yes, and we know that you possess a long-range aerial, and have bought these parts online, and we have CCTV recordings of someone who looks roughly like you, entering this building and placing your equipment therein. Guilty."
[+] [-] notahacker|10 years ago|reply
[+] [-] joezydeco|10 years ago|reply
Um, okay. Sure. And public libraries should expect to see these unattended devices strewn all over the place without calling the cops and/or throwing them out?
[+] [-] Lawtonfogle|10 years ago|reply
And this is assuming you weren't browser fingerprinted.
I think the better use is the ability to just use my home internet up to a mile away from home, like at the nearby park or at a neighbor's house.
[+] [-] jessaustin|10 years ago|reply
[+] [-] falcolas|10 years ago|reply
[+] [-] fweespeech|10 years ago|reply
[+] [-] biturd|10 years ago|reply
OT: with the proliferation of xfinitywifi, I have joined at my home when the internet was down on one channel but the xfinitywifi worked. Now I notice when I am out and about, I auto join any wifi named xfinitywifi.
Is it now that simple? With most having joined Xfinitywifi at some time, I can just buy a cheap router, give the SSID xfinitywifi, and people will auto join and I can middle them all day long?
[+] [-] timboslice|10 years ago|reply
[+] [-] tomswartz07|10 years ago|reply
If you have to have a 'base station', it kind of defeats the purpose, wouldn't it? Especially because this re-broadcasts the link on another wireless band.
It's trivial to look for a Point-to-Point link with an $8 Software Defined Radio and/or follow the direction that the antennas were aimed once you find the base station.
Why isn't the idea 'flipped' the other way: get a ultra-high gain 2.4GHz or 5GHz antenna on a Wifi card and point it at the Starbucks from a mile away. Then you're 'connected' to the Starbucks while physically being located outside of the area. You're not broadcasting anything, so it's much harder to triangulate.
[+] [-] pavel_lishin|10 years ago|reply
[+] [-] fineman|10 years ago|reply
Your "totally silent" idea would only work if you were just trying to listen to unencrypted communications of the Starbucks WiFi.
[+] [-] mirimir|10 years ago|reply
There's no interaction without transmitting.
[+] [-] jlgaddis|10 years ago|reply
The RF won't look like a cordless phone, though. Those use a really small channel width and amount of bandwidth while this device likely uses a 5 or 10 MHz channel width.
Of course, if someone finds one of these in a public place, law enforcement is likely going to get called ("Look at those antennas! It might be a remotely controlled bomb!").
A better idea, in my opinion, would be to pick up a 2.4 GHz Ubiquiti (e.g., a NanoStation M2), a Yagi antenna, and sit somewhere with a good view of the horizon and find a random open access point to connect to (spoof it's MAC first, though).
[+] [-] windexh8er|10 years ago|reply
Rocket M (https://www.ubnt.com/airmax/rocketm/) - supports: 900MHz, 2.4GHz, 3GHz, 3.65GHz, and 5GHz (a few variations).
The new, cheap ($400) AirFiber unit can do 200Km with 500Mb throughput. 30 miles is easily attainable depending on your goals and setup.
AirFiber: https://www.ubnt.com/airfiber/airfiber5x/
[+] [-] rhino369|10 years ago|reply
[+] [-] tantalor|10 years ago|reply
[+] [-] chris_wot|10 years ago|reply
[+] [-] SmokyBourbon|10 years ago|reply
[deleted]
[+] [-] praptak|10 years ago|reply
[+] [-] angry_octet|10 years ago|reply
The only real solution is a well hidden hard line to a distant station. Ideally buried in the telco cabling with a tamper sensitive thermite charge attached.
[+] [-] pavel_lishin|10 years ago|reply
[+] [-] white-flame|10 years ago|reply
- "Any sufficiently ambitious anonymity system contains an ad hoc, informally-specified, bug-ridden, slow implementation of half of Tor."
Why build hardware when a mature software equivalent of throwing your IP address across the world randomly already exists?
[+] [-] ikeboy|10 years ago|reply
[+] [-] Errorcod3|10 years ago|reply
Make you look like you are at an location that you please?
[+] [-] feld|10 years ago|reply
[+] [-] joe5150|10 years ago|reply
[+] [-] Everhusk|10 years ago|reply
[+] [-] jeffreyg|10 years ago|reply