This box beams cafes' Wi-Fi over 4kms so you can surf in obscurity Rhino Security founder Benjamin Caudill has created a tool to help privacy pundits (and criminals) connect to wireless networks from a distance of four kilometres, in a bid to foil eavesdropping authorities. The Proxyham Raspberry Pi hardware box is a complement to toolkits such as Tor that mask the source of web traffic. …
Well that's going to be really, really easy to track down and prosecute.
900MHz is allocated licensed spectrum (some mobile phones too). Not only will the NSA be able to find you pretty easily, but the FCC will also throw you in a Federal hole for unlicensed spectrum usage.
Not only the FCC watch either. Cell phone companies watch the spectrum like hawks because they don't want noise interfering with their business. They'd locate you and dob you in within minutes.
Once the FCC have softened you up with some line that unlicensed transmission puts lives at risk and they can have you for attempted murder, you'll be willing to talk to anyone.
If you're going to rebroadcast then use unlicensed spectrum. 2.4GHz is a great place to hide out because it is the wild west of the RF spectrum. Noise does not stand out.
A 2.4GHz signal strong enough to have a decent range would most certainly stand out. In RF terms it would like trying to hide a lighthouse in the dark.
This sort of product is the ultimate naive wet dream of totally paranoid idiots. Using one practically guarantees that you're the sort of person who is up to no good (beyond violation of a whole bunch of spectrum laws), yet makes it very easy for law enforcement agencies to find you. They'd be laughing their heads off as they bashed your door down!
The band 902-928MHz is ISM unlicensed in ITU region 2 (Americas) making this perfectly legal for your average paranoid gun toting republican. Which is not to say any interested agency (or dedicated and skilled individal) could not correlate and locate the source of the transmissions in either 900MHz or 2.4GHz if they desired to do so....
>Well that's going to be really, really easy to track down and prosecute
I think you've missed the point somewhat. The perp will be up to 4Kms away from the source and with the audio feature will know if the device has been found so can leg it even further away. Also with the possible sefl-destruct capability they won't be too bothered about the source being found. The only thing they'll be able to prosecute is a useless pile of electronics.
So what triggers that?
Someone picking up a nearby book?
Somebody picking up the fake book?
Librarian tidying the shelves and checking for out of place books?
You would need a book nobody reads on a shelf nobody visits.
Apart of course for yourself when you come to change the batteries.
I hope "self destruct" doesn't mean it bursts into flames and burns down the library. The cassettes in the original Mission Impossible used to emit smoke, but no flames*. In real life it might be difficult to guarantee one without the other.
* I guess it wouldn't look too cool if the MI operative had to stamp out flames when his message "destructed" itself. AFAIK this was the original use of the odd phrase "self destruct", and responsible for the odd back-formed verb "to destruct". Why not "destroy"?
I was thinking of the TV series, but my memory of TV 50 years ago isn't clear enough to recall exactly what the device was. I was going to admit that it couldn't have been a cassette, but it turns out the Compact Cassette was launched in 1965, and Mission Impossible was on TV from 1966.
I frankly don't see how any such device will last long. The moment a hotspot owner notices a traffic spike, they'll suspect a piggybacker, and it's not really expensive to employ a radio sniffer to triangulate and pinpoint the culprit. Plus, as someone noted, unless one can umbilical it, how long will the thing last on batteries?
"The moment a hotspot owner notices a traffic spike, they'll suspect a piggybacker, and it's not really expensive to employ a radio sniffer to triangulate and pinpoint the culprit."
@AC
You don't know much about library staff do you?
Seriously: quite sensibly my local public libraries throttle the un-authenticated wifi to around 80Kbytes/sec. You can get full speed (something like 1 to 2 Mbyte/sec but possibly that is just the top speed of my wifi card in this old Thinkpad) by authenticating and buying an access code for a certain period of time. Sounds fine to me - make a bit of money to offset the costs &c. The ones who just want to hop on to do email, update their status, or run an rdp session (latency is fine) can use the slower speed.
Don't think about the librarians. Think about the IT people working behind the counter at the access point. Since their network access is either delegated by the government or leased and therefore metered, they will have an obligation, one way or the other, to manage the traffic to keep on the lookout for abuses. Now, if the traffic capped at some absurd sub-Mbit/sec rate, then you're right; anyone trying to abuse such a low rate would be no more than a nuisance and would only raise awareness if library-goers start complaining of dropped connections. But if a subscriber starts hammering the connection for long periods, that should be enough to trip watchdogs and at least post a notice to take a closer look. Point is, such a device isn't going to be of much use. ANYWHERE there's an open Wi-Fi spot, people are going to notice it, especially since many devices are on the lookout for open spots so as to divert from low mobile data allowances. Eventually, one of two things happen: either it gets hammered on a low bandwidth allowance and becomes clogged or it draws enough attention that someone's going to investigate.
I'm not one of the ones downvoting you, but you seem to have quite a different view on wi-fi access than most of us have experience.
I assume it's different over there in the USA...
From a UK perspective:
Paraphrasing:
-- "Open wifi spots being noticed and becoming hammered"
Open-wifi without restrictions are everywhere. Even the local hospital where you can happily access if from the large unmonitored car parks.
- "IT staff will notice"
Maybe in big libraries. Most of the places with free wifi don't have anyone looking after it.
- "Limits / Mobile costs"
No limits or caps, even on most non-residential services.
Mobile internet? £15 for unlimited 30 days, no contract required.
Add the hassle to the cost of petrol here, and it's just not worth exploiting
"And why on earth would there be a traffic spike?"
Murphy's Law. Soon as some lowlife spots an open relay, they'll hammer it, guaran-damn-teed.
"The use case is anyonmous/darknet browsing activity not torrenting or warez unless a total moron uses it."
I rest my case.
"Plus - how many librarians both to check their usage logs EVER?"
You assume a library is staffed only by librarians. Like I said, if anyplace has a network, there's usually at least one IT guy set up to manage it (and, if all else fails, to take the fall if something goes wrong). Especially in a place like a library which in most places is government-run and therefore will be watched over. If not, it's probably on a business plan where all traffic is metered. Either way, there will be a case for traffic abuse being noted (either the watchdogs will come calling or they'll have to pay the bill).
In the UK librarians (as opposed to volunteers) are increasingly rare in libraries, there will be IT staff in the central office who will nominally be looking after the IT infrastructure, I wouldn't be at all surprised if the Wifi was subcontracted out to a third party to operate, probably with some form of unlimitted/Gigabytes plan. A single person connecting from a long way away is not going to add any traffic spikes above what a single additional person connecting locally will do. The contractor won't care even if they did as they aren't spending their own money to monitor it. The wifi will no more be watched over than the taps are watched over by an onsite plumber...
"I wouldn't be at all surprised if the Wifi was subcontracted out to a third party to operate, probably with some form of unlimitted/Gigabytes plan."
And I would be amazed an ISP would be offering unlimited traffic to a non-residential customer. Most firms I know meter, and some meter even to residential customers. After all, they have to pay their upstream providers, and metering is the norm there, if at the least to negotiate peering agreements between other providers on that level.
Now if these were light enough to be carried by a quadcopter, you could fly it down onto the roof of your local café, use the wifi for a bit, then fly it back home once you're done checking your email...... And if you switched to 2.4Ghz as previously mentioned, your questionable radio activity could easily be explained by the copter's video signal...........
Deploying bridge now.
I had this idea back along, equip a small RC car with an IP camera in FPV mode, have it connect via open wireless points and control it through redundant links (433MHz, WiFi, GSM ), have it drive round the urban roads at night mostly hidden under parked cars. Not sure what the legit reasons for personal use would be but it could be an urbex challenge to go from one end of town to the other mostly on the public roads undetected.
Move slowly enough in the areas covered by CCTV to not trigger motion detection, or have a tuna dispenser and move surrounded by arguing cats.
Obviously the Police will have them soon enough, that small animal you thought you saw the night your car was GPS tagged...
The RC camera is really low, the distant vision even from the middle of a normal car is suprisingly good. Half the reason cats hide under cars is because they can see people coming from a distance (feet/legs) but the person won't see them, if you are trying to travel seeing but unseen, it should work and people "know" there is nothing interesting or dangerous moving under cars so they mentally filter that area out. If you did see something fleeting it would be easy to rationalise it as an animal.
Before anyone draws darker conclusions from this knowledge I bought an end-of-line RC car and stuck a Mobius actioncam (B Lens) on it for the first tests, I ended up (between crashes) driving under a parked car a couple of times and was both suprised it didn't seem to affect it and the video was not what I was expecting at all.
The main thing I wanted to try was the WiFi hotspot (internet) video and control link to test various RC radio systems at failure distance without crashing a plane or quad, the hiding it under cars thing was to try and avoid some oik nicking it mid test.
Straight gear driven high speed motor with a cheap gearbox on the baseplate and flexible body as a sound cavity? you are probably right.
Try belt drive, low speed, large battery on base no flexible shell.
The motors themselves are not overly loud, the tyres on ground OK, the noise mainly comes from plastic gears on gears and the high pitched PWM motor control.
You could have a large flat motor horizontally mounted, belt driving soft tyres with everything just slowly spinning. I think it is possible. I'd play more but where I live the neighbours would implode as none of this fits into the categories of TV, Fags or Footy.
I don't really understand the powerful radio stuff. If you can hide a router in somewhere with an open network connection why not just set it up as a Tor exit node and connect to it from home using Tor? It could then be much smaller, be built using a plug-computer (which plugs into a power point) and have an official-looking label saying "Do not unplug. Official use only".
It could even have a wired ethernet port in case there was a convenient nearby port.
Of course, professional IT staff would find it quickly, but small businesses, cafes, libraries, medium-sized hotels, etc would typically have no IT staff of their own or the ones they have are so busy they aren't going to worry about it.
"Of course, professional IT staff would find it quickly, but small businesses, cafes, libraries, medium-sized hotels, etc would typically have no IT staff of their own or the ones they have are so busy they aren't going to worry about it."
Unless the firm involved has metered Internet, in which case they'll probably notice it quickly in their bills. Even if YOU don't hammer it, someone else will probably find it and hammer it.
As for using TOR, recall there's a lot of research into sniffing TOR right now. An exit node sitting in plain site like that would probably be noticed by LEOs, MITM'd, and logged to track users back to their entry points and so on.
Both issues apply much more strongly to the proposed box. At least with Tor you get a lot of other people helping to work on the security (improving it, and testing it).
And the metered internet problem is not a significant problem here in the UK, I think. My TalkTalk Business connection is cheap and unmetered. More serious is the slow-down seen by the legitimate users -- but they will just blame their ISP.
Tor is definitely a much better option than an over-complicated, unique design, large (and hot) box.
I work for an internet radio station, and the number of times one of my planning twonks arranges for me to go out and broadcast in a field it would be nice to have wifif from the pub half a mile away (with their permission of course) to use rather than dodgy two way sat or even worse 4G
This is a replay of the best organized London pirates of the eighties/nineties who used a 10GHz WBFM module atop a tower block as main feed to the 95MHz antenna. If ofcom ever hit the roof, looking to trace the audio feed line, they just ended up with half a LOS microwave link, but no pirates.
These 10GHz WBFM are still on sale via eBay for around £3, but aren't much good for data.
A) 900mhz is ISM in the US, *not* allocated. Our cellular band is at 800mhz, thankyouverymuch.
B) This seems useless for the intended purpose. If you're not doing anything too naughty, nobody is going to look for you anyway. If you ARE doing something naughty, it's like "what's this weird box? Well, lets see who bought one in this area... 1 person huh?" and it'd also probably be covered in greasy fingerprints.
C) I like the concept anyway, though, of a 900mhz much longer range wifi type device. I'd love to run a few of these between households, avoiding the cripplingly slow 1mbps upstream of the local ISPs (when I'm just moving data from one house to another) as well as no worries about data caps (although at 1mbps upstream I'm unlikely to put a dent in the cap.)
In the UK public libraries are linked to the local council network. Any traffic spikes will simply be lost in the overall flow.
The problem with this idea is power - a cable disappearing into a shelf will be quickly spotted, while regular visits to replace batteries defeat the whole purpose
Microwave normally requires a pretty clear line of sight, owing to how the waves themselves can have an effect on most things it passes through, including paper. Now, if you can find a socket concealed behind a shelf, you can conceal the transmitter. But as said, concealing the transmissions will be another story.
Many of these 'Defcon' kiddies are just gaining recognition for publicizing kit that many hackers have been using for a long time.
$200usd F*** thieves..... how about $30 USD, using a modified GSM 'Pet tracker' & WIFI dongle.
or $40usd for a modified TV box.
Been using such kit for a long time when I have to investigate Dodgy Sysadmins
GCHQ, and NSA, you know, the organisations which employ people (who also have children and loved ones,) both exist to find out what is being said to whom, by whom.
So as soon as you start playing clever buggers, you stand out like a sore thumb, and they have billion dollar budgets.
It's just a complete waste of time. They'll still find out what you're saying, but they'll spend more of your tax doing it.
We have no privacy, but so what? There are many, many people who've been under total observation by both these organisations, because they're... well strange, for over a decade, and they're still free to give their strange opinions, crack jokes about killing politicians, slag off their council or the BBC, or their wife, school etc. None of these people are political prisoners.
Trying to hide communications from the mainstream just costs the taxpayer's money.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
