A few days ago, [Ben Caudill] of Rhino Security was scheduled to give a talk at DEFCON. His project, ProxyHam, is designed for those seeking complete anonymity online. Because IP addresses can be tied to physical locations, any online activities can be tracked by oppressive regimes and three letter government agencies. Sometimes, this means doors are breached, and “seditious” journalists and activists are taken into custody.
With the ProxyHam, the link between IP addresses and physical locations is severed. ProxyHam uses a 900MHz radio link to bridge a WiFi network over miles. By hiding a ProxyHam base station in a space with public WiFi, anyone can have complete anonymity online; if the government comes to take you down, they’ll first have to stop at the local library, Starbucks, or wherever else has free WiFi.
[Ben Caudill] will not be giving a talk at DEFCON. It wasn’t the choice of DEFCON organizers to cancel the talk, and it wasn’t his employers – [Ben] founded and is principal consultant at Rhino Security. The talk has been killed, and no one knows why. Speculation ranges from National Security Letters to government gag orders to a far more pedestrian explanations like, “it doesn’t work as well as intended.” Nevertheless, the details of why the ProxyHam talk was cancelled will never be known. That doesn’t mean this knowledge is lost – you can build a ProxyHam with equipment purchased from Amazon, Newegg, or any one of a number of online retailers.
How To Build A ProxyHam
In the Wired article trumpeting the ProxyHam to the world, [Ben Caudill] is shown with a laptop wired to a small box with a rather large yagi antenna. This antenna is pointed well above the horizon, indicating the device is not being used, but that’s completely besides the point. The ProxyHam box contains something with an RJ45 connector on one end, and two RF connectors on the other. A quick perusal of Newegg lands on this, a radio base station designed to bridge networks via 900MHz radio. You’ll need to buy two of those to replicate the ProxyHam.
The Wired article describes the ProxyHam further: “…a Raspberry Pi computer connected to a Wi-Fi card and a small 900 megaherz antenna…” Newegg also stocks Raspberry Pis, antennas, and WiFi adapters. You might want to pick up a few SD cards too.
To set up the ‘throwaway’ part of the ProxyHam, you’ll need to first connect to the desired WiFi network, then bridge the WiFi and wired connections. Bridging networks with the Raspberry Pi is left as an exercise for the reader with sufficient Google-fu. Of course the 900MHz base station must also be configured, but according to the user guides on the Ubiquiti product page it’s not much harder than configuring a WiFi router. Set the radio to ‘bridge’ mode.
From there, it’s a simple matter of connecting a large yagi antenna to the ‘mobile’ part of the ProxyHam. Here’s how you build one. Configure the base station, and plug an Ethernet cable into a laptop. Congratulations, you’ve just replicated a talk at DEFCON by buying stuff from Newegg.
That’s how you build a ProxyHam. That’s also how to violate the FCC Part 97 prohibition against encryption – you can not use SSH or HTTPS over amateur radio. It’s also how you can be charged with the Computer Fraud & Abuse Act; connecting to a library’s WiFi from miles away is most certainly, “exceeding authorized access.”
Do not attempt this build. It’s illegal, it’s dumb, and the 900MHz band is flooded anyway. Also, if your plan for anonymity online revolves around stealing WiFi from Starbucks, why not just steal Starbucks WiFi from the McDonald’s across the street?
Let’s Speculate Why The ProxyHam Talk Was Cancelled
It’s July. In a few weeks, the BlackHat security conference will commence in Las Vegas. A week after that, DEFCON will begin. This is the prime time for ‘security experts’ to sell themselves, tip off some tech reporters, exploit the Arab Spring, and make a name for themselves. It happens every single year.
The idea the ProxyHam was cancelled because of a National Security Letter is beyond absurd. This build uses off the shelf components in the manner they were designed. It is a violation of the Computer Fraud & Abuse Act, and using encryption over radio violates FCC regulations. That’s illegal, it will get you a few federal charges, but so will blowing up a mailbox with some firecrackers.
If you believe the FBI and other malevolent government forces are incompetent enough to take action against [Ben Caudill] and the ProxyHam, you need not worry about government surveillance. What you’re seeing is just the annual network security circus and it’s nothing but a show.
The ProxyHam is this year’s BlackHat and DEFCON pre-game. A marginally interesting security exploit is served up to the tech media and devoured. This becomes a bullet point on the researcher’s CV, and if the cards land right, they’re able to charge more per hour. There is an incentive for researchers to have the most newsworthy talk at DEFCON, which means some speakers aren’t playing the security game, they’re playing the PR game.
In all likelihood, [Ben Caudill] only figured out a way to guarantee he has the most talked-about researcher at DEFCON. All you need to do is cancel the talk and allow tech journos to speculate about National Security Letters and objections to the publication of ProxyHam from the highest echelons of government.
If you think about it, it’s actually somewhat impressive. [Ben Caudill] used some routers and a Raspberry Pi to hack the media. If that doesn’t deserve respect, nothing does.
196 thoughts on “How To Build A ProxyHam Despite A Cancelled DEFCON Talk”
Using encryption the way you describe does not violate FCC Part 97. The protocols you describe are for authentication, not obfuscation. That they obscure the message in the process of authenticating is allowed. SSH and HTTPS are being used to prevent man-in-the-middle attacks by authenticating the transmissions both directions, so they are legal.
In any event, you are LOOKING AT THE WRONG PART OF THE CODE. The Rocket M900 you link is Part 15 accepted, so it is regulated by that section of the FCC code. RTFM — the type acceptance information is at the end.
You are 10000% per incorrect sir.
SSH and HTTPS is not just for authentication, they stay on and continue to encrypt, let’s not even start with the fact that it’s also against FCC regulations to operate in the amateur radio band without a license or the fact that it’s illegal to use amateur radio spectrum for a commercial purpose which yes, this does include in-website advertising.
While some of the 900mhz band is within ISM there are regulations on power output, antennas, etc.
If you don’t know what you are talking about it’s best not to say anything.
I’ll take the published QSO article over your drive-by opinion.
Are you sure you don’t mean QST?
The footer of the article says “CQ” magazine.
Except that a Part 15 device, by definition, is NOT an amateur radio device, and the 33-cm (900 MHz) band is a shared-access spectrum in which amateur radio has a SECONDARY allocation. Using an existing Part 15 device does NOT violate Part 97. If so, EVERY 2.4 GHz WIRELESS ROUTER EVER MADE is in violation of the FCC regulations. (P.S. — 2.4GHz has a similar shared-access spectrum with only a part of it being allocated to amateur radio on a secondary basis.
And there are LOTS of 900MHz Part 15 devices out there.
Agreed there are power output regulations for Part 15, but this can easily be done without violating those rules. There are plenty of antennas that can be used without violating Part 15. Part 97 simply doesn’t apply here, and to my knowledge there’s only been 1 Part 97-accepted device for use on 33cm (Alinco DJ-G29T) and I *guarantee* you that no one is using that as a basis for a repeater for amateur radio use.
See also: HSMM-MESH networking for amateur radio. Completely acceptable within Part 97 guidelines, even though Part 15 devices have to be used.
902-928MHz is in the ISM band and you can buy 802.11 compliant radios for that band. You can have a transmitter less than 1 watt and a no more the 4watts ERP.
What you can’t do is take two modular designed radio units and use them in the same device unless they have been certified to work together. He could pay to have the two units certified to work together but this would be very expensive. Having two radio units exponentially increases the number of combinations that need to be tested for a cert.
Surely two radios connected by an Ethernet cable aren’t considered “one device”.
They call it co-located. And the best official definition on co-located I could find was antennas less than 15cm apart.
“If you don’t know what you are talking about it’s best not to say anything.”
Speak for yourself.
SSH and HTTPS are **web** based security, they have NOTHING to do with wireless security
You are perfectly with in your rights to use anything from the 802,11i security standard anywhere in the US.
EVERY security protocol for an ISM wireless devices uses some form of encryption key.
“The WPA protocol implements much of the IEEE 802.11i standard. Specifically, the Temporal Key Integrity Protocol (TKIP) was adopted for WPA. WEP used a 40-bit or 104-bit encryption key that must be manually entered on wireless access points and devices and does not change. TKIP employs a per-packet key, meaning that it dynamically generates a new 128-bit key for each packet and thus prevents the types of attacks that compromised WEP.”
I’ve implemented wifi solutions at mine sites on devices that use radios on the 900 MHZ ISM bands. Guess what, no one from any authority came and put a stop to us. It’s not hard to put a radio on an antenna and make sure the EIRP is with in regulation as long as you can do some basic math. .
Encryption doesn’t and won’t exist. Ever. So, all you have to do is “not” call it encryption. Then its not.
No one can verify differently. No one.
The radio transmission is under 1 watt so it doesn’t violate any FCC regulations.
You are conflating confusion over the legal code with the distinction between authentication (spoofing) and encryption (snooping) (“obfuscation” isn’t a useful term in this context, since it isn’t sufficiently specific, hence the legal confusion). Yes, you can use authentication w/o encrypting data on WiFi. But not SSH or SSL. You can’t just authenticate w/o establishing a secure connection resistant to man in the middle attacks, both from the perspective of spoofing authentication AND snooping data.
Authentication isn’t simply to identify you at the start of the session. It also includes CONTINUING authentication, all the way to closing the connection. SSL and HTTPS encrypt as an incidental part of securing the connection and authenticating it. The FCC has consistently ruled that this sort of incidental encryption is allowed, as long as encryption wasn’t the primary goal.
Never looked into it before. Makes sense, and if true, need to tell the security irreverent hams I know to get rid of telnet. I never, ever would run anything open like that. While we’re at it though- throw MOSH on top, because I can’t think of a better fit for it’s cool new capabilities.
Encryption is most certainly a (if not the) primary goal of SSH, SSL, and (obviously, by extension, HTTPS). Authentication is an integral part of ensuring your connection isn’t being snooped on by a third party. It isn’t even a semantic distinction. You’re working around a shortsighted law by claiming something that simply isn’t true.
It’s not my fault that the law is badly written.
Yes but it’s not the primary goal of a website, or browsing the web. Which is the activity he’d be doing. It’s also not him demanding the encryption, it’s not his fault if the website forces it.
Stuff like this, I think is interpreted more in a legal than an engineering way. If people are gonna get pedantic, it’s legal pedantic that matters, since ultimately this ends up in courtrooms.
That, and I’d guess the people in charge on the technical side would understand the difference.
Given that it’s entirely possible to authenticate messages *without* actually encrypting them (e.x. https://stackoverflow.com/questions/1930108/unencrypted-ssl-protocol) I think you’d have a hard time arguing SSL and SSH messages with encryption enabled are not “encoded for the purpose of obscuring their meaning”.
Of course, in practice it would be easy to just pretend you’re sending signatures but replace them with encrypted data, or other forms of stenography.
Interesting idea though, brings to mind the possibility of ordinary web session data steganographically encrypted within a constant bi-directional stream of cat pictures and ostensibly funny videos, there’d be a heck of an overhead though and perhaps some measure of latency depending on how it was implemented and how inconspicuous you wanted it to look to a potential observer, but it could be done.
…now there’s a novel use for Facebook :)
Encryption/obfuscation on ham bands is illegal.
Encryption on ISM bands is legal (like the encrypted wifi signal I’m using on the 2.4 GHz ISM band to post this message).
The 915 MHz band is an ISM band so…
I attended a talk given by a ham. He was promoting the Puget Sound radio network hamWAN:
He talked for a minute about not being allowed to use SSL. The hams were trying to figure out how to deploy IPSEC for authentication.
“Also, if your plan for anonymity online revolves around stealing WiFi from Starbucks, why not just steal Starbucks WiFi from the McDonald’s across the street?”
Because even the most brain-dead surveillance team will figure out that the guy who shows up at the McDonalds and pulls out a laptop every time their target connects to the SSD is the guy they are looking for. Fed stakeout teams are smarter than some Hack-a-Day authors.
Because they will never think to look for where this device is planted and then start looking for 900mhz sources…
It’s a lot harder to figure out where on the directional beam you might be than to find a public space within range of the original signal. On top of that, they are likely to tamper with it or even destroy it as soon as they find it, giving you an opportunity to burn them. They can tell generally what direction you are in from the direction of the antenna, but that only gets them within 2-4 degrees of you, which gives them a LOT of space to cover if you are a mile or two away.
Add in to that the greater amount of concealment you can give your base antenna (it can be completely concealed from all directions but the aperture the beam enters in, and even that can be covered with something radio transparent like a thin plastic) and they have a REAL hard time finding you. Unless they are going to spend a lot of time with a very conspicuous cherry picker driving around getting a new direction finding bearing, you will be concealed (and that the cherry picker keeps showing up in your LOS with that webcam you put up there — you DID put a webcam up there, right?) you get plenty of warning to shut down and even remove the base station before they can find you.
Wow, so much fail.
Any ham who has ever participated in a fox hunt knows that you are incorrect about most of your basic assumptions.
Have you ever tried to hunt a directional beam that 20-30 feet in the air? That’s a completely different animal than pointing a yagi at a xmitter with a whip antenna. And that’s even without getting into techniques that I’m not publishing here to keep the beam from getting to eye level.
If you had seven of these magic boxes connected at different spots in a city, would you be able to relay the signal around to mask your location? Sort of like the seven proxies theory?
and you can bet the NSA,CIA, and FBI all have better gear than the average HAM. Plus they could also use aircraft. And would have little trouble picking up the side lobes as well as the main lobe.
Right, because there is no way to shield the antenna so that the only radio aperture is pointing towards your fixed receiver, right?
I mean, you always have to make it easy for them.
@everlastigphelps: It’s definitely more difficult, but certainly not impossible. Definitely more difficult than pointing a directional antenna at a stationary vertical and vectoring to it.
@sevenproxytheory: Theoretically you could create a mesh network out of a number of these ‘magic boxes’ which could be used to mask your location further.
Quote @digitania :
“Theoretically you could create a mesh network out of a number of these ‘magic boxes’ which could be used to mask your location further”
You sir win the internet today!
I wonder how a government that has invested so much into spying on their citizens would feel about publicly run encrypted mesh network?
@SevenProxyTheory At that point, I think that TLA security agencies would start looking at bills of sale for gear. I hope you bought it all in cash.
The “Starbucks” throw-away station doesn’t even necessarily need to have a yagi antenna to be functional. It would give you a huge boost in range to point two yagis directly at each other, but even if only one station has a yagi there is a significant boost in range over two omnidirectional dipole antennas (the type you see on basically every USB wifi card).
… beside radio signal being traceable the device itself is also – there is only so much of these devices on the market, so the likely hood of finding someone who bought pair of these is much bigger than if you are searching for some random wifi user.
Gotcha. They will show up directly to the billing address. Buy components mixed with other items, from different retailers and set up the billing address to another city.
I don’t know much about radio waves but it doesn’t take a ham license to know that distance for these purposes is a good thing.
One could expect that a hidden device will remain stationary unless discovered.. I don’t think it would take much to build an accelerometer in the box with a mini computer to send you a message if it’s moved. Now you have a few miles and advanced notice.
Or a PIR sensor attached to microcontroller that sends out a tweet to a canary account.
Actually it should not be hard at all. You already know where the AP is that is getting the connection just search 360 degrees from the ap and you have a vector to the transmitter. Depending on how good your DF gear is and the NSA has the best you could even get the slop. Once you get the vector take an offset DF reading and you have a good idea of the range. Once you have that location just DF the 900 mhz and you have them. Or just pick up the proxy, trace the part numbers and bust the guy that built it.
I have to love the James Bond fantasies that seem to drive things like this. We over complex and very easy to get around.
They don’t even have to search for your “wireless” signal.. All they have to do is contact UBNT.COM and say.. “Yes.. We have found a TERRORIST using one of your devices, the Serial number is.. XXXXXXXXXXX please provide any information you have on this device.. ” Ubnt will be like.. ZOMFG.. yes.. That device was sent to Streakwave Wireless for distribution.. Thank you Sir for your cooperation in this matter of National Security… Then they contact Streakwave Wireless.. Yes.. We have a terrorist using a device that was purchased from you.. The serial number is.. XXXXXXXX We need any and all information you have about this device… and it goes on and on from there.. Weather they sold it directly to the “terrorist” or the sold it to someone else who sold it on Amazon or Ebay.. You may be able to break the IP Address chain.. But you do not break the device history and credit card histories..
breaking payment can be easily done. sign up for Entropay, and they allow you to use prepaid credit cards with **any** billing address attached to them. although they require id to sign up, so you’d have to screw someone over in order to even sign up anonymously, which again is a huge felon, so how many laws would you be breaking just to be 100% anonymous?
No. One thing you all should know by now is that theres always a way. After all, that’s what this site is about (minus the criminal activity).
Lets say a thief steals your credit card information. He uses it to buy something he wants and provides your actual address for the billing address and gives them the address of his local Wal-Mart for the delivery. He can track that package online, and find out when it arrives at the local applicable facility. Then he can call the facility, provide your information to verify that he is you, and request that the package be re-routed to a vacant house in the neighborhood. He then goes to the vacant house with his shears, trash bags, rake etc.. and spruces up the yard a bit while waiting for the delivery. Neighbors think he’s been hired by someone, the delivery driver thinks he lives there, so he gets the package and leaves.
I worked at a place that provided “jobs” for non-violent kids from juvenile hall from time to time. You ask them why they were in “juvie” and you get a story like this and then at the end of the story they say, “but I got lazy” or “but I got greedy” and it all came crashing down. I don’t know if they still do it like this but I do know that not only is nothing impossible, but most things aren’t even that difficult when PEOPLE are involved. Down with people.
… but that’s exactly what the article is about. A box that gets you on McDonald’s network WITHOUT showing up in front of said surveillance team. Your comment shows you couldn’t even follow the article. Would you like to revisit your ‘smarter than’ rankings and figure out where your behind belongs?
I suppose you missed the part where I was quote them and then answering their question, right? Since you know exactly where you fall on the rankings.
Why is the hackaday comments section always such a harsh and inhospitable environment? I don’t think that the original poster or the above commenters came here to try and shit on anyone, so why do you feel the need to get crappy????
Maybe if people would relax a little we could have a more constructive discourse.
I guess you didn’t get that the entire article was built around shitting on the HamProxy project.
Bitter wanna-bes hate actual doers.
I also think many are simply blowhards who are used to impressing their less-adept friends by these stormy, grumpy pronouncements – often statements that are dense with misinformation, bad attitude, and prejudice.
Gah! I accidentally clicked the “Report Comment” link on ……..hh………’s post while scrolling through the comment section. Now I feel like a jerk.
Hopefully the moderator will see this post along with his and realize that no report was intended.
(At which point this post should be removed, as it serves no purpose)
Not just that, each users PC is easily identifiable via information it shares with websites and access points.
Basically you NEED a burner PC in order to do these things- you absolutely cannot just use the same laptop you normally use.
From cookies to MAC addresses – your machine is your fingerprint.
MAC addresses haven’t been ROM locked in ages, and live linux ISO booted up in a VM will both leave no memory *and* return the same data as anyone else using the same image.
I think there are lots of variables you are not accounting for. Have you seen the list of identifiers used by spam companies?
Well, since absolute security cannot actually be achieved, I wonder what exactly “enough” security in this case would be.
What exactly are you looking to prevent? What are you willing to give up to prevent it?
If a free live-boot linux distro + $10 usb wifi card (if you are REALLY concerned with keeping your MAC anonymous AND you don’t want to use one that may potentially lead to someone else) is not enough anonymity, then I really wonder what activities you are involved in.
OR, if you do live in a country where you have a legitimate reason to be concerned about your online dealings, then why would you ever risk posting (or even browsing to) a site known for spreading technology and ideas, some of which can be used subversively?
There comes a point where the effort/cost of securing something overshadows the risk.
There may not be such a thing as absolute security, but over-securing something is certainly a real thing.
Yup, I have. Have you tried booting a single linux image in a fixed VM (one where all the settings are in your control) that doesn’t access all the host USB/etc devices on multiple different machines and checking it against panopticlick? With minimal work, Tails could have a VMware or VBox (or anything else) that looked the same from any computer that ran it. But I bet panopticlick would say it’s “unique” . . .
The only problem I’ve run into with panopticlick is that I’ve tested it from the same machine (before and after reformat, browser reinstalled afterward with all the plugins ) and it believes that the device is still unique. With a different MAC address (changed on purpose to test panopticlick) the device should register as “we’ve seen this machine before” at best. In addition, they claim to have a database of only 5 million devices. I’ve run every device I own through it (RasPis, phones, 3 computers, I think my PS3 and now I need to run my new smart TV [no mic or camera, just apps]) and I’m an average security geek. If every other geek has done that, that’s barely a database of 1 million people . . . they really need to expand a bit, or someone needs a logging version of panopticlick that keeps track of who has visited it since it went public so we can get a true test of “How different is my machine from every other machine out there”.
Never use your normal machine even with VM’s its just a bad idea..
It only takes one mistake and you get popped
There are ways for software to tell whether it’s running in a VM. They involve statistical analysis on the time it takes for certain system calls to do their thing. There’s malware out in the wild that use this to only deploy when running on actual hardware, but it could also be used to trigger code that tries known (or not yet known) exploits to jump to the host system. Y’know, the sort of zero-day exploits used by Stuxnet and its kin.
Friendly reminder that the NSA has been passing info obtained from their usual shenanigans off to law enforcement for some time now.
Most modern OSes allow you to reprogram the mac address it is really easy to do in Linux.
But if you are esp paranoid you can make use of a cheap USB network device and turn off the on board networking hardware in the bios.
Jeeebus, the amount of fail from almost all commenters is awesome. Have you even been reading HaD on what can be done with various hardware, let alone things like Risks Digest, Bruce Schneier’s page, the Snowden wikileaks stuff, or any of the many many books about spycraft & agencies written by those who worked for them?
This box (and many of the things suggested above) is mostly just going to give you a warm feeling while you sit there at your laptop telling yourself you’re Zero Cool when you’re not even Joey.
Love the Hackers reference! :)
I love Schnier’s blog – I myself have never made a burner laptop, or phonme for that matter, but its clear: tracking involves EVERYTHING about your system – the native resolution, ammount of ram, software versions, etc.
Yeah a VM is a lot safer than just using your cookie laden normal OS, but its just one small step to take for ‘anonymity’.
The people insisting you can just install a VM are not aware of the state of security art.
Could you be less specific, please?
If you think that setting your Tor Browser Bundle window size to 1280×1024-40px on your computer with one of four or five popular screen resolutions will protect you from being convicted for buying drugs or surfing child porn, please die in a fire.
Exception is if you’re weird enough to buy a 1920×1200 monitor. That might be enough to get you convicted of something.
902-926MHz is an ISM band in some countries (US for example). It is perfectly legal to operate a narrowband 802.11 system, like the one from Ubiquiti, on this frequency range. Many industrial SCADA networks operate here. It is illegal in EU, since this range is used for GSM there.
The very large yagi shown in the picture may be a problem though if transmission power is high.
I thought the idea was that the radiated power rules applied to the power density radiated in any direction, and that simply using a high gain antenna on a system that was intended to be radiated more diffusely can cause you to exceed the allowed radiated power?
In other words, if you had a 1 watt wifi router (which is obviously allowed by FCC) and then you put on a super magic beam antenna that could boost the radiated power density to 10000 w/cm2 inside a tiny beam, would that not now violate the radiated power rules?
Sure, directional antennas can cause a system to exceed EIRP limits. Thats why I added my second part:
The very large yagi shown in the picture may be a problem though if transmission power is high.
An high gain antenna can be beneficial even if you have to reduce transmit power to meet regulatory constraints. First of all, it will offer its gain also when receiving. Your receiver will thus get a better signal. Even in the situation in this article it will help, the base station has an omni and the client has the yagi. Typical internet usage is mostly downstream traffic, and the improved SNR from base TX to client RX will allow to modem to use a higher downlink rate. Lower SNR in the uplink path will be compensated with a lower transmit rate.
Another advantage is that interference from third-party sources not from the same direction as the wanted signal is rejected.
You’re wrong about the CFAA too. Accessing a network from miles away is not necessarily exceeding authorized access, and there’s nothing suggesting that this couldn’t or wouldn’t be done without the library’s permission. Even if it was, still not necessarily a CFAA violation.
have you thought of moving defcon to another location or even setting up a flash mob say for example everyone meet at one of your homes or something
“Sometimes, this means doors are breeched, and seditious journalists and activists are taken into custody.”
Please fix this sentence.. The journalists and activists are generally being proven to NOT be seditious – they simply threaten the status quo in some way.
The status quo is not above criticism and investigation.
No journalists got their doors kicked in for supporting ‘regime change in iraq’ – on the contrary the peaceniks and anti-war types got their doors kicked in. This is not sedition, to oppose war.
Sedition is lying under oath (or otherwise) in order to goad an entire country unwillingly into war.
That said, cool project.
Tell that to Barrett Brown.
Tell that to half the people in Guantanamo. Or the people illegally kidnapped from other countries. Being in the right only gets you so far when the government and it’s minions are evil.
B Brown is a perfect example of someone who had their door kicked in for threatening the status quo. Poor bastard.
Sedition: conduct or speech inciting people to rebel against the authority of a state or monarch.
Even in the USA, at the moment, there are people in power who feel that saying “take down the damn confederate battle flag, you only put it up during the civil rights movement to scare black people” is inciting a rebellion. There are cops (technically the an arm of the executive branch of the county/town/city/state government) who feel that saying “We need to get cops to stop killing people just because they went on a power trip” is an rebel cause, after all look what happened in <insert_city_here>.
The problem is not who gets to define sedition, it’s who gets to define rebellion.
I really like the idea of a burner laptop – something that’s a full laptop, but with the motherboard removed and a space and connectors to install a RasPi. Then when you need to burn you just pull out the raspi, toss it in the trash and install a new one.
It’d be fun to attempt to compromise the casing; perhaps by getting something in the firmware for the wireless device, or webcam. I know nothing about this beyond having seen a few persistent firmware attacks on hard drives and cameras, but it’d be interesting to see how many security holes are left when you remove “the computer” from a commercial computer.
There is already subtle methods off tracking ancillary hardware such as NIC chipset, firmware revisions, battery capacity, etc.
Use a beagle bone instead, HW eth vs USB eth :-P
I’ve got two old laptops (one a dumpter salvage that never worked, the other an old model that needs retiring) so I might have to attempt that. The biggest trick that I could see would be (other than interfacing with the keyboard/video cables) convincing Panopticlick and other more devious sites that I was a full dumb Windows user instead of an embedded system chip. Some tinkering with Chromium source could get it to report itself as something else in headers and requests, but it would take more work to convince CSS and other methods. Plus, on a laptop with a built in card reader, that could be linked to the RasPi to provide a outwardly convincing boot method.
Okay, I’m game to try, who wants to start a hackaday.io and collaborate?
Well for starters this is anonymous, RDF is fairly easy to do and you can still be tracked down on a 900mhz link.
Just for starters…..
Encryption over (a good chunk of) 900MHz is not illegal, certainly not under FCC Part 97, and that’s because 902-928 MHz are FCC ‘Unlicensed’ ISM bands. https://en.wikipedia.org/wiki/ISM_band These are covered by FCC Parts 18 (bands) and 15 (devices in said bands).
This is not amateur radio as you have described it in the article.
If encryption was illegal under Part 97 for ISM frequencies, we literally could not have TKIP or AES on our WPAs.
(( Full disclosure: I work for a company which builds devices which operate in ISM bands and employ encryption to protect data in transit across said channels. They are not illegal by any means. ))
Jeremiah (and others), your comment is only half correct and the reason why there’s so much confusion. The 33cm (902-928 MHz), 13cm (2402-2500 MHz), and 5cm (5.9 GHZ region, same as 802.11a) are indeed ISM bands and a digital radio can indeed operate there under Part 15 restrictions (and the equivalent in other countries in Region-2). The problem is that, with the yagi shown in the photo, the link is very clearly NOT operating under Part 15 limits any longer and therefore must be licensed as Part 97, which in turn means you can’t encrypt.
Also, I think Nye Liu has it backwards as I don’t see how to do authentication without message encryption using 802.11 protocols, but I know IPSEC can do it. OTOH, I thought SSL/TLS did it, but can’t find much evidence for it.
Finally, burner PC’s and the like: have you forgotten how the NSA and friends are putting their code in BIOSes, RF basebands of you phones, even into SSD and hard drive controllers? All place YOU can’t get to easily. A burner PC may not do you any good if things go full Orwellian 1984-ish.
The yagi antenna making it out of compliance…. Is that just because you assume it’s being operated at full radio xmit power and therefore over EIRP limits, or is there something else about a directional antenna such as that?
If this were illegal, most of the power companies around the US using 900Mhz to collect usage cata from smart meters would be out of compliance. They’re everywhere.
Except that there are Part 15-accepted antennas for 33cm and 13cm which are commonly used. Doesn’t magically make those fall under Part 97. Sorry.
The antennas are not part 15 accepted. The device and antenna combination for some devices are. The directivity (gain) of antenna you are allowed to use is limited by the output power of your amplifier. Furthermore, if he is using modular approved radios (which he is) and is going to sell them in a product, he is only allowed to use the antennas the module was type approved with.
well considering you are probably not going to be playing video games or using flash based websites go with older easier to inspect hardware, not EFI based bios, such as P3-M / early core2 / generic netbooks?
use generic off the shelf USB storage to take with you.
and a USB wifi/eth adapter for access to the ‘net.
easier to drop the laptop, keep your data, and separate the device with the MAC from the rest.
So why does the presence of the Yagi clearly mean the link is NOT operating under Part-15? Is it due to EIRP and/or some sort of directivity limitation? Or maybe a restriction on connector type, e.g. not reverse-polarized? Transmit power can be padded, so it isn’t EIRP. Connectors are easy to replace. So it must be directivity?
As for a burner machine, maybe just connect “through” something disposable using SSH (but not through a tunnel, and not using a browser). A Raspberry-Pi would do. When you are done, toss the R.Pi into a wood-chipper.
A ham is correct if you use a high gain antenna that kicks your effective radiated power out of part 15 levels you do have to follow part 97 rules. Also you would have to transmit your ham ID periodically.
Also it is against part 15 rules to use two modular approved radios in the same device without them being certified to work together. You can pay to have this done but cost is far more than getting a single radio module approved.
(Full disclosure: I have worked for a company that produces radio communication equipment and 802.11 access points)
But if you need to go to this effort to hid what you are doing do you care about the FCC?
Well if your some idiot that plans on giving a speech on thumbing your nose at the government and selling these things then you better care what the FCC thinks.
A nice FPGA implementation of baseband and the like would be good. As an alternative to using 7400 logic. There’s open-source BIOSes available. The SSD and HDD controllers are harder, but still open to user modifying. And a naughty HDD can only do so much if the computer itself is keeping an eye on it, and specifically on it’s own transmitting hardware.
In practice I doubt many people do this, but it’s something to put open-source hardware hackers onto. An NSA-free computer would be popular with lots of people, just on goddamn principle. Have the design flexible enough that you can dump any hardware supplier if you suspect them, and use somebody else’s alternative. Also lots of digital signatures in things to keep out tampering. It’s a puzzle but there’s some clever people in the world, and many of them have a stripe of rebellion in them.
Have you looked at what some of the hardware hacks are capable of? For an in-depth view of one from a good guy, look for Sprite_tm’s hard drive controller hack. Disassembled the firmware, allowed root access (if I recall correctly) after a certain hidden knock-knock code, hid the entire behavior from the user and even had the eeprom report back the correct firmware if it was polled and asked “hey, what are you doing?” Not a very easy thing to notice, forget about doing anything about it.
As for it being a one-off, it was. Equation Group software has shown that someone out there *cough*NSA*cough* seems to have managed the same thing for entire groups of systems.
I know, I read the article. And Sprite’s genius spreads into all sorts of niches, I like his classic game console stuff. Thanks anyway though!
Oh, and wasn’t it on the shopping list of the l33t stuff Edward Snowden let the world know about?
Might have been on the NSA shopping list, I didn’t browse that too deeply. But the Equation Group software (which is thought to be NSA) has drivers built in for every known and some unknown HDs, SSDs, Mobos, and more. When all your firmware is compromised, software level security is pointless.
To hell with the FCC. They think they can just sel proclaim authority over the Internet, so I no longer recognize their authority over anything, including the air waves.
And I don’t recognize any attempts by any part of government to control communications or encryption in any way shape or form.
Not to be a jerk, but… Your recognition… is irrelevant. It sure as heck won’t, in any way, lessen severity of punishment if you are prosecuted for using a cell phone jammer or something else deemed harmful by current regs.
There were only 432 court cases last year where the FCC came down on someone for unauthorized radio operation.
There were more than 32,000 car accident deaths in the US in 2014.
You have a far better chance of dying in a car accident than ever having the FCC show up at your door.
Do your worst. Build your own transmitters and encrypt everything.
You sir, are an idiot.
Congratulations on falling for the base rate fallacy.
there are so many things wrong with that comparison, I don’t know where to start.
It’s fun to waste the time of stupid people isn’t it Dave?
It sure is Mark.
This article contains some serious flaws.
The 900 MHz ISM band is license-free. The Ubiquiti gear is standard wireless ISP stuff – not amateur radio gear. There is nothing illegal here. (There is also nothing at all innovative – the gear is being used for the exact purpose it was designed for. This is nothing more than a gorilla WISP.)
Came here to say exactly this. Found exactly what I came to say.
Thanks for saying it so I didn’t have to.
Thanks for confirming that you wanted to say what he said.
using two part 15 modular approved radios in the same device that aren’t certified to work with each other is a violation of FCC rules.
The problem is that Ubiquiti Networks Rocket M airMax Base stations are certified to work with conventional 802.11b/g/n wireless networks.
900Mhz backbone wireless link -> Switch or other equipment -> Wireless equipment
If what you crazy people are arguing is true, then thousands of Wireless Internet Service Providers across the country are in violation of the law.
Which brings me to…..y’all are rucking fetarded.
“y’all are rucking fetarded”
Well, it is Hackaday, so that’s not too surprising. This place has been a shithole since at least 2006.
Aha, so anti-government, how pathetic. The problem isn’t governments or surveillance states, the problem is the people that YOU vote in,if there’s a problem at all. You live in a democracy, fucking act like it.
Actually… we live in a republic
YES. Thank you. And what people forget is that a supposed selling point of a representative republic is that you can have the people representing you briefed on facts that may be boring to some, classified for others, and horrifying for a few. In THEORY, those people CAN decide what is best for their constituents that would otherwise be too afraid, bored, or frightened of. Sure, we think they do a crappy job, but it’s their job.
The problem is, they don’t seem to have anyone in the power-making positions who seem to even understand what technology is. That allows the “geeks who brief them” to spoon-feed whatever scare dujour they want under such tight classifications that we won’t know about it for decades.
Sure, I believe that my representative will do what they think it right. But when they can be told what is right more often by large corporations and by non-elected individuals without having to disclose what they are told so the rest of us geeks-at-large can combat misinformation . . . well, I don’t trust those non-elected geeks with power or the large corps to represent the facts without a good bit of bias.
Yeah, so who do we vote for to get rid of government surveillance then? To get it actually done, within my lifetime, when it would make any sort of difference.
Actually we live in a plutocracy controlling an oligarchy disguised as a republic thought to be a democracy by most of its unaware subjects
What Fennec said. Except the problem right now *is* the government. Congress & SCOTUS, and even POTUS. Oh, and mostly lately, corporations.
Seriously? A kid could build this from junk. Talk about hype. The government didn’t shut this down. Either the guy who was doing it realized it was a stupid waste of everyone’s time, or he decided to gain ‘cred’ by making it look like the government shut him down, or both. The government doesn’t care about him. Encryption isn’t the reason, the reason is that he’s just an idiot. This is not new stuff. I literally (yes literally) constructed the same damn thing 14 years ago. It was a waste of time then and it is a waste of time now.
any details on the build?
…literally. 14 years ago and it had a Pi and 802.11n… Awesome supply chain, care to hook us up?
Why is there so much activty to help criminals do their job? Most of the anonimous traffic on the internet is narcotics and child porn related. We should help the law enforcers to dismantle these systems and not create new ones.
You are wrong. Most of the “anonymous” activity on the internet is people paying their bills online and swapping cute cat pictures.
In fact, your own comment here is “anonimous”.
Sorry, should have been more specific: with anonymous (sorry English is not my primary language) I really mean trying to hide who you are and from where exactly you enter the net.
TOR is one of the examples of techniques used, one big stupidity of the US government to make it public, used in a proper way by specific groups of people, misused by a much bigger group to transfer problematic data and to sell illegal material.
There is a difference between encription, authentication and anonymousity: in an encripeted packet the real sender and destination and available for every exchange point, which is indeed a normal technique for transactions and VPN’s
It is always claimed that the systems are there to protect the innocent users from the big bad government.
But for me it is justified that the FBI locks up hackers who try to break through the firewall of next door ATM, even if not succesful. They are committing a crime and try to steal someone elses belongings, material or immaterial.
I, personally, hide who I am on the internet for the same reason I lock my doors and night and don’t leave the blinds and curtains up when I’m not dressed: privacy. What I legally do (nothing illegal like the narcotics or child abuse) is my business, not your’s or anyone else’s. However, any unencrypted data could be looked at by anyone in my neighborhood (I use a wireless router) or along my cable route (cable internet wasn’t encrypted in it’s TDM slot the last time I investigated, which was a long time ago). It is literally none of your business what I post to facebook (unless you are my friend or in the group I post to, since the ones I’m part of are locked down pretty tight) or what is in my email. Even a situational breach of that encryption would be unacceptable.
Why? Well, perhaps I am on scheduled narcotics by prescription (in the USA, some very powerful drugs can be prescribed) and I need to email a doctor or just chat with my friends while very stoned to keep my mind at ease. Or perhaps I was a victim of child abuse and want to talk to others about that. Both of those could trigger some keyword or context based system that says “hey, break this encryption and see what’s going on” and if taken out of context could seem very incriminating. Considering that, while recovering from surgery, I have texted or facebook messaged a friend to say “hey, bro/sis, I’m sooo stoned on oxy, want to come over and watch a movie and keep me from passing out?” which, without the invasion of privacy to know that I had surgery, was prescribed the pain medicine, and was taking the dose as prescribed, would seem . . . illegal.
So let me ask you this question that stuck in my head from a very old CSI episode: “When you go to the bathroom, even if there is no one else in the house, do you shut the door?” That sums up the expectation of privacy, of which you have none over unencrypted wireless and HTTP.
Quote: “in an encripeted packet the real sender and destination and available for every exchange point, which is indeed a normal technique for transactions and VPN’s”
You are correct that encryption does NOT hide the source and destination addresses of an IP packet. However, in a VPN either the source or destination IP (depending on direction) is substituted with the VPN’s external gateways IP so that the VPN user’s IP is never disclosed.
Quote: “But for me it is justified that the FBI locks up hackers who try to break through the firewall”
– even the dumbest of hackers is not going to use TOR or any other commonly used encryption methods that the governments want to make illegal.
The bottom line here is that what the government wants to make illegal is NOT the tools hackers or criminals use to hide their activity, what’s being targeted by these politicians is technology used by common law abiding citizens to keep others (including governments) out of their private business.
In essence the governments want to make it a crime for common people to hide anything. This will have **absolutely no effect** on those that we currently call criminal by their actions. It will only expand the group that will be called criminal (by definition) making it harder to identify those who we **now** call criminal.
I like to think I am INNOCENT until PROVEN GUILTY. I dunno, I think there are some papers somewhere that talk about this and some stuff about rights or something…
Giving the government unfettered access into MY LIFE kind of goes against the whole idea of The United States of America… In such that I don’t really fancy the idea of big brother watching my every move waiting for me to fall victim to its laws. Sort of getting into entrapment territory there. I also don’t fancy my hard earned money going to taxes to pay to keep tabs on everyone either, again waiting for something to happen that may never. The ends just don’t justify the means and it isn’t sustainable.
I’d rather wait until a crime was committed by a criminal, prosecute and then punish said criminal. Because laws don’t really prevent anyone besides criminals from breaking laws anyway. At least the laws that are serious enough to spend all this time and money on worrying about to this level. Everyone jaywalks, but do I want to spend billions on enforcing jaywalking laws? Not really.
We have the death penalty, and we have use it pretty often, so is it working as “crime prevention”? For most of us, I’d like to think we are rational enough to not need that as a barrier for committing murder… But it makes for one hell of a punishment for those that aren’t…
Criminals are criminals, and they are going to commit crimes using whatever means they can. Like cell phones, so should we ban all cell phones because drug dealers use them? Cars, because they can be used as get-away vehicles? Knives and pointy sticks perhaps?
Tor wasn’t invented for criminals, it was invented by the Navy and adopted by normal people and then crime followed, like it has in every facet of life…
Most of the encrypted traffic on the internet is facebook, youtube, google, ebay, banks, online stores and the like.
Don’t like encryption? How long would it be before your bank account was stolen or your credit card details were stolen.
Criminals use different techniques to what ‘normal’ people use because ‘normal’ people aren’t *as* worried by others seeing their activities.
Narcotics and Child Abuse Material (I refuse to minimise this activity in any way by calling it porn) is a very very small amount of internet traffic, though the consequences are severe for those limited number of people (or children) effected. In any case, as mentioned above, the perpetrators of these crimes use different techniques to average people browsing facebook or buying something on ebay.
The bottom line is that the internet is non-discriminatory so any action you take to allow governments access to information in the fight against crime will result in the criminal having the same access to information so the net effect is likely to be an increase in crime.
So I think what this person was going for was that traffic using nonstandard methods of encryption and networking (like TOR network protocol and public-key encryption) generally has a reason. One does not seek these methods unless one wishes to remain anonymous. Why would someone want to remain anonymous in the land of the free (USA)? Probably because they don’t want anyone else knowing what they’re doing (which could be anything, but has the connotations of being socially unacceptable, like explicit child and drug material).
You say that this traffic makes up only a small percent of all traffic: how could you possibly know? Are you monitoring all internet traffic across the US? Do you really think you know what goes on in the most covert channels? You couldn’t possibly, for I tell you that this ham-routing idea is far from new and unique – cartels and trafficking rings have used this shit for years.
It is also incorrect to assume that if X agency can do Y thing, then criminals can also do Y thing. Do you have any idea how much money and time goes into Y thing? Do you really place that much faith in your crypto (which, BTW, you didn’t invent/design/implement, but blindly trust)? If your hybrid public-key scheme is half as strong as you think it is, do you think it impossible that backdoors might implement the stronger in the weaker? The amateurs aren’t half as good as what you give them credit for.
Also, might work for an agency that sends out alleged leters – can confirm that the agency-you-might-think-it-is does not give a single fuck. Probably a combination of the FCC and the author trying to be edgy
Posted by “Anon”.
** drops mic **
I will try to address your questions –
But before I start let me say that encryption does NOT equal anonymous. The very nature of how the internet is designed dictates every single piece of information has a unique identified address to go to.
Q1) “So I think what this person was going for was that traffic using nonstandard methods of encryption and networking (like TOR network protocol and public-key encryption) generally has a reason.”
A1a) You hit the nail on the head with “public key encryption”. Any public key encryption is considered a common or ‘standard’ method of encription and that includes The Onion Router (ToR).
A1b) Birds fly south for a reason. I have ToR and I use it for a reason that has nothing to do with crime.
Q2) “One does not seek these methods unless one wishes to remain anonymous”
A2) I use encryptions now that my government legislated for my ISP to record all my online activities so they they record a useless bunch of ones and zeros. I don’t use the net for crime and I believe that I have a right to my privacy. I will start to believe that privacy is only used for crime when I see all politicians walking around parliament naked! So no – I am not using encryption for anonymity as suggested. I’m here – I’m RÖB
Q3) “You say that this traffic makes up only a small percent of all traffic: how could you possibly know?”
A3) Of course I don’t have an accurate knowledge of exact proportions but common sense dictates that traffic would be low because both the incidence of criminal drug dealing and child sexual abuse comes from (thank god) only a very low proportion of society. If it were the case that the proportion of traffic from these crimes was very high then we would be tripping over drug dealers and paedophiles just trying to get down a building hallway. Common sense – it’s uncommon now.
Q4) “Are you monitoring all internet traffic across the US?”
A4) That question should taken outside and shot with a Gatling gun from 2 meters.
Q5) “It is also incorrect to assume that if X agency can do Y thing, then criminals can also do Y thing”
A5) If (online) crim can only do up to X and law enforcement can do up to Y then to bad crim – you’re caught. It’s an arms race between crim and enforcement and it it weren’t the all the crims would have been caught by now.
Q6) Do you have any idea how much money and time goes into Y thing?”
A6) NO! but looking at the actions of your NSA I would guess about 10,000 bars platinum gold.
Q7) “Do you really place that much faith in your crypto (which, BTW, you didn’t invent/design/implement, but blindly trust)?”
A7) Well this is a trick question because it uses “that much” … how much. I am not a criminal and I encrypt my online activity as a protest against my governments spying activities. I understand enough about encryption to know that it’s a long way from bullet proof but I don’t care because I am not committing any crime. If I were a criminal I would use a much better system such as end to end private key encryption.
Q8) “If your hybrid public-key scheme is half as strong as you think it is, do you think it impossible that backdoors might implement the stronger in the weaker? The amateurs aren’t half as good as what you give them credit for.”
A8) I couldn’t follow this question because I am not sure by what you mean by “**hybrid** public-key scheme” and “might implement the stronger in the weaker”
But to summarise – politicians are feeding the public complete BS about how criminals and child abusers are using encryption (just like you and your ToR etc) to commit crime so you should give up your encryption. The reality is that criminals are using far more advanced techniques that you would never think of because they have been in an arms race with law enforcement for some time. So the only valid reason to the government wanting you to give up encryption is so that can spy on you and all the other LAW ABIDING CITIZENS.
The other thing to remember is that the “amateurs” are the actual professionals — math PhDs and cryptography experts, and the NSA and various alphabet soup agencies tend to be the ACTUAL amateurs, because they have a huge recruiting problem. The sorts of people who are heavy into the math of encryption are also hard corps libertarians, anarchists, and other anti-government power types.
Then, in the subset of math geniuses who aren’t politically oriented, you have to try to lure them in with a GOVERNMENT SALARY that’s a fraction of what they can earn in the private sector, and that’s even before you take into account all the red tape that comes with a government job, AND the stigma of working for the NSA that they will get from all their (former) friends in the field.
So, what do you think the long haired math geek coming out of MIT does? Does he take the crappy pay, stigma, red tape, and insane boss he’ll get at the NSA to do a job he doesn’t believe in, or does he get free gourmet lunches, wheelbarrows full of money, and SJW acclaim for taking a job at google? That’s not a hard question to answer.
So, yes, the amateurs aren’t half as good as you give them credit for — but the actual amateurs are in the government.
Just to point out, irrelevantly enough, but most illegal “drugs” aren’t narcotic at all. Narcotic means “sleep-inducing”. The word is abused by the PTB because it sounds scientific and scary. It makes the choice of illegal drugs seem like they’re not completely arbitrary, and largely a result of racism back in the 1930s.
Cliff Schaffer wrote a really good essay about it. The congressmen in question didn’t know what marijuana was, and the law against it was made quickly, toward the end of a hot summer afternoon in a building with no air conditioning. Accepted wisdom was that marijuana was something that made Mexicans lazy, and the key that unlocked the natural rapist in every black man, encouraging them to rape white women. Or, worse, encouraging white women to WANT sex with black men!
All of this is complete nonsense. But over the years it’s been forgotten about and replaced with an ad-hoc cauldron of lies. Much of which is chuckle-fuel for people watching old anti-drug ads. It’s hilarious until you consider the thousands of people in jail over this comedy-offense.
Anyway yeah. Narcotic. Not accurate.
Well… I’m finding the over simplification of this project in this article laughable mainly due to the fact that the proxyham described in this article would cost approximately $1000.00 to make and the version to be introduced at Defcon was going to cost $200.00 to make. Second of all… the snide comments on how certain the author is that there is no way this had anything to do with the NSA is also laughable… Mainly because he attempts to mock those who are making that claim based on very limited evidence but then follows up with his own claim of certainty as to what it was based on very limited evidence and it almost seems like this guy is some kind of HAM troll who thinks his knowledge on RF makes him some type of leet haxor with the inside scoop that no one else can possibly ever fathom… Thanks for the laugh
The more I think about this the more I think that it probably got canceled because it’s useless. It requires plugging a black box into a wall outlet in a public building and leaving it there, which at best isn’t likely to last very long before it gets discovered and at worst will encourage a visit from the local bomb squad.
There is a very real danger in people surreptitiously plugging things in and leaving them in public places. I would encourage Mr. Caudill to come up with a more graceful method than that.
Fwiw, there are lots of places that have unused electrical outlets (with Gfci even!) on the roofs, if you are willing to climb up there to access them.
The sorts of persons who would do this would also be handy with shims for padlocks they put on the roof access ladders, and they would likely be the only ones up there for months.
In fact, THOSE are the charges that would stick to whoever did this. Trespass and theft of electricity.
See, this is my concern. Inexplicable little black boxes start showing up, then comes the Richard Reid moment and suddenly all the outlets in public places have to be locked down. Then I can’t use my laptop or charge my phone anymore.
If you had seven of these magic boxes connected at different spots in a city, would you be able to relay the signal around to mask your location? Sort of like the seven proxies theory?
I think you may have mentioned that.
yup just looking for feedback before testing the theory….
If you don’t want to be found, don’t send easy-to-identify signals from your location. You’re assuming someone looking is on the Internet side when they could be driving around looking for people with a 900MHz hookup and a signal meter. Which do you think is harder to spot, ubiquitous wifi or 900MHz coming out of a car or residential building?
801.11ah wifi is… 900MHz.
“Also, if your plan for anonymity online revolves around stealing WiFi from Starbucks, why not just steal Starbucks WiFi from the McDonald’s across the street?”
Because McDonalds has security cameras, that’s why? ProxyHAM is supposed to be for mobility and avoiding security cameras and not having an IP address attached to your ass.
As for violating FCC regulations while hacking the Pentagon, well….hahahahahahaha…
Actually if you really want security, you plug a pwn box into a company network (it will take them decades to find it), connect it via WiFi to a laser commo unit you hide somewhere within line of sight of your location, then connect to that with your laser commo unit – preferably from a vehicle positioned out of sight of any security cameras.
Laser is line of sight and invisible to anyone not in front of it. Unless they have a SIGINT spy plane overhead looking for it, they aren’t going to find it.
The cost is likely to be greater than simple radio or WiFi, but the range is potentially greater. Issues like fog and rain aren’t that significant with modern units although it might reduce the range somewhat.
Sorry, this might have been asked already – wouldn’t this be useful for like, yourself? Like, I would love to have this in my own house and extend the WiFi in my house for 2 miles. That would be really cool. Were there any measurements of the bandwidth with this device? I imagine that NetFlix was out of the question, but still.
There are lots of 100% legal (I would put this a 99% legal as in there would be an argument but roughly 0% chance of a successful prosecution) reasons and ways to do this. Look at something like the rocket M900 linked in the article plus a canteena.
Both private businesses and amatur radio buffs do this all the time. Google point to point wifi. Ccrane (the am radio guys) do a decent antenna kit.
Could it have been the FCC who told him he was breaking the law? Yes, because if he sold an unapproved device he’s facing fines and jail time. It’s all made very clear in Part 15 of the FCC rules. Was this guy unaware of the rules, or was he just planning on ignoring them?
I think it was some other government acronym tipping off the FCC and encouraging them to come down on him. There are a couple of things I see that won’t fly under FCC part 15 rules and I’m sure the FCC could find more.
“steal Starbucks WiFi from the McDonald’s across the street” I am sorry, what?
Buy real estate with what you save in a year
Something about this entire concept bothers me… If you have a highend yagi antenna and a free public wifi AP, why not just connect to the public wifi from miles away? What’s with all the 2-way 900mhz translation complexity?
I’ve seen a wifi link over 70 miles before (using special antennas and other tricks). Heck, Defcon used to do this as a competition.
I use these nearly everyday when working for a W-isp
Why not just put a little doohickey in there that just spoke wifi, use a few of them around the place and you have your own TOR style network. Something like a Pi, or any of the other pluggable computer + wifi things.
With the doohickeys spread out in a sort of grid, or mesh-like layout. Genius!
another mthod would be to buy one of these (http://www.balticnetworks.com/mikrotik-metal-9hpn.html). Cheaper, smaller job done.
or just use a USB dongle and a directional antenna and amp
I don’t know if you guys have figured this out yet, but this is exactly what Nikola Tesla wanted to do- but not just with communication, but power/electricity as well. Strangely those plans were also stolen away by the Fed’s.
So this guys “Box” is clunky at best.
This design is smaller cheaper and all off the shelf and comes in a nice black box..
http://routerboard.com/RB411AR $89 Routerboard with build in 2.4Ghz
http://routerboard.com/CA411-711 $15 Nifty black case
http://www.amazon.com/Ubiquiti-XR9-MINI-PCI-ADAPTER-900MHz/dp/B00CZBFWVO $119 900Mhz minipci card
http://www.balticnetworks.com/mikrotik-2-4-5ghz-3dbi-omni-swivel-antenna-mmcx-connector.html x2 $11.40 2.4Ghz Antennas
http://www.balticnetworks.com/laird-antenna-omni-7dbi-900mhz-mobile-n-female-integrated.html $17.25 900Mhz antenna
http://www.balticnetworks.com/mikrotik-mmcx-to-n-female-pigtail-14-inch-36-cm.html $5.50 mmcx to N Female bulkhead
I’m surprised that he used a Raspberry pi. Would a GL-iNet or TP-link703 not have done as good a job?
There seems to be a lot of disagreement over the legality of this system. Which is moot, since if you are attracting enough attention to get authorities looking for your pc, the FCC related charges will be the least of your worries. It’s also no good, because you lose your plausible deniability. What is the excuse for all these radios, that you would have to buy anonymously? You are better off moving from Starbucks to McD’s, etc, spending an hour or less at each. By the time someone decides to go get that guy at Starbucks, you’re already at Mcd’s. Never connect from home…..
I built a system for this, for SWIM. Boots laptop with no HDD & no Battery ram loading WS2003 with Vmware workstation installed (powered from car inverter). Remove the boot usb and OS is in RAM. Insert other USB and use Hitachi Microdrive driver which allows partitioning the USB. Part 1 is Bartpe bootable BS, encrypted part 2 has TAILS VM. Hitachi driver is in ram loaded WS2003. Open VM in workstation or player and run Tails/TOR. On “RED ALERT” of some kind uplug power and laptop is off, and all “they” see is innocent Bartpe bootable usb (you left the other USB home, or destroyed/discarded) with seemingly unused space. Use some tiny USB wifi bought for cash. Unless they dunk your laptop in liquid nitrogen to save the contents of RAM…..
IP addresses can be tracked to ISP regional gateways not addresses(despite what “hackers” who know nothing about WAN or computers for that matter have been saying on the internet since the late 90s when the commoner boom happened). The ISP has to give you access to their data to get subscriber addresses from IPs..
I’ll probably be building one of these. Most public wifi have those web pages that set sessions for MAC addresses. Most notable is McDonalds free wifi. If this is a PHY level gateway this shouldn’t be a problem though.
You can buy Internet over 3G / 4G dongles, in the UK many poorer people use them cos it’s cheaper than wired Internet. Buy one in cash, you don’t need to give an address. Sure you can be triangulated if you use it from home, but if you’re up to sneaky stuff just take it around the place with a laptop when you use it.
Even easier, just use a smartphone.
I don’t think this gadget we’re discussing is much use for privacy. Just point a telescope in the same direction as the base station’s antenna and there you are. Even using omni antennas, you could just wait for a packet to leave the base station, then look for a returning one in response. If you know the frequency used, you just need a triangulating receiver set.
It might be useful for sending Internet over a distance. Which is the hardware’s intended job. I remember some guy from Eastern Europe using a setup sending network over a power LED in the IR range, with a fresnel lens for the sender and I think a telescope for receiving. His gadget just took ethernet and a power supply. Nice and directional and harder to identify, it was mounted in a box that looked like a security camera. Range was a mile or two IIRC.
broadband dongles and cells ping towers, cell phones even when they are turned off, and you don’t even need ISP access to triangulate off towers.
Using high power directional antennas with WIFI dongles does what this device does.
Yep, but as I said as long as you do your spookery somewhere that’s not home, and switch off after, a 3G dongle isn’t so bad. Plus it’s mobile, and can be anywhere. No heavy conspicuous directional antennas. They’re also completely off once you unplug them. So’s a phone if you take the battery out. Buy credit by voucher, in cash again, from a non-local shop.
If you live in a big and populous city, and sit in different cafes etc, you’ll be hard to spot.
It’s not utterly spy-proof, but for using commercial equipment you can buy in a supermarket it isn’t bad. I think it’s preferable to this hack, that uses horribly expensive, specific, and rare equipment, left unsupervised on some rooftop somewhere. You can abandon it if it’s compromised, then shell out another $1000 to buy the next one.
I wonder can an Android phone act as a VPN? Route from one to the next, encrypted in layers like TOR. You might even fake up something like HTTPS to make the packets look ordinary. One of those with a solar charger would be easy to dump in all sorts of places, and cheap enough not to be too awful if you lose one. Use different phone networks to make it harder to trace. I guess it’d be possible with a rooted phone. You could even use Wifi between nearby phones for parts of the connection.
For most 3 & 4G dongles you need a credit/debit card to top up.
Absolutely not true. Go to most corner shops or supermarkets, ask for a topup voucher. Same way you top up a PAYG phone. This is in the UK at least. You enter the voucher’s code on the topup web page, which takes the place of every other web page when your credit runs out.
Oh, also in many countries you can buy disposable Visa cards, pre-paid. So it’s still pretty easy and relatively inexpensive, compared to using high-end professional stuff.
Regarding CC: Cards like greendot you can balance at a store where you buy them and activate with a burner phone or wifi at a public coordinate without SSN or any other unique identifier.
Don’t try to defend design and engineering by big dumb companies especially in America.. Most of it fails even on an abstract economic level. Kind of like how when US banks finally do Chip&Pin they’ve already announced the change they are going to make to make it more vulnerable..
All this talk about FCC rules and regulations is a bit annoying, especially when it comes from what appears to be a bunch of radio control-freaks/police. Far too many authoritarians running loose.
Read what Eric (above me) has to say about the legality.
Back in the mid ’90s I had called the FCC in Washington DC about an issue not relevant to this topic. I was told then that the FCC had been defunded by the Reagan administration and the agency was understaffed, leaving only 150 field agents for the entire nation.
So unless anything has changed in the course of 20-years, I would say that there is little to worry about, radio-wise.
So, have at it!
As long as you’re not interfering with any other broadcasts on the same frequency how will they know that you are doing this? they can’t scan all the airwaves for rogue signals. They will only get involved if there is a complaint from someone about interference.
I worked for a short time with a wireless internet provider. We used Mikrotic modules and mini pci cards. More flexibility in power levels, bands(900, 2.4 and 5 GHz), and they run on a smallish version of Linux.
“900 MHz band is flooded” so this guy has done a nation-wide spectrum analysis concluding the 33 cm band is flooded? The 33 cm band in my area has the lowest RF emissions compared to any other VHF/UHF band.
The trolls and bitching posts are all missing the point. The laws that touch ISM bands vs. Ham Bands vs. Commercial bands and the rules on encryption, etc. cannot possibly cover all these scenarios. The laws are not perfect. What is perfect, is the money all the lawyers can be making when a prosecutor charges you under all the rules they “assume” you have broken. Wether you actually go to jail or pay fines will rest on the court system after you have lost your job, or your girlfriend and tons of cash defending yourself. That is the real issue. You can argue about what is legal and not legal all you want, when the feds show up and arrest you, you have the right to remain silent and pay through the nose and arse to defend yourself.
Yep.. It don’t matter what the laws are.. The real question is.. do YOU have enough money to fight to prove you’ve not broken any laws.. and depending on situation.. You may never even see a court.. you may never even see a lawyer.. Thanks to the NDAA, ANY American can be captured, black bagged, and held without access to legal council, FOREVER… for any reason.. ANY REASON… They decide.. With no requirements to reveal why.. or for how long, or that they have even taken you into custody.. You can literally.. Just go missing and never seen from again. Welcome to Post-9/11 America.. Land of the.. Free?
Why the shit would you think it’s illegal to use a part 15 certified radio on the 900 MHz ISM band?
I am a Ham Radio operator. My understanding is that if you are to use encryption, the information must be publicly available for any operator to have the ability to decrypt it. An example of this is D-star. Also, all the equipment must be part 97 compliant. I don’t see any real value in this setup in the article, except that it would be fun to do. Like you said, it would be just as easy enough to hook up to a wifi across the street without all the equipment.
Hummmmm lets think for a second. What reason would his talk be cancelled AND he cannot disclose why… This is a real brain teaser indeed…
It’s “breached”, not “breeched”.
You’re basically asking the ISP to be a stooge and I think the talk was cancelled because they don’t want to look like they are supporting something illegal..
All they have to do is find the first radio setup at that public location… Oh look. Its a radio from ubnt.com.. ubnt.com only has a few authorized distributors.. Whats the serial number of that device.. ok.. who purchased the device with that serial number… This is not as anon as you think.. You may sever the IP trail.. but your credit card and device histories is still very much intact.
Also.. HAD.. please consider swapping out the comment plugin from wp to disqus.. disqus is a far superior comment system and its beyond simple to implement.
I wouldn’t register for disqus. Any site that needs me to register is probably wanting to spam and make money on me which isn’t happening. I’m tired of scripts running on my computer that basically shut it down and make me reboot. Our house also got hit hard by telemarketers today and I’m tired of it.
disqus don’t spam.
Disqus has plans for $299 a month so the motivation is about money when this is free.
Um.. I don’t know where you pulled that number from.. But disqus is free.. I use the disqus wordpress plugin on several sites.. never have I ever seen anything, in all my years of using disqus, about any fees being required. “Add Disqus to your site… Always Free.. Works everywhere..”
It’s not money, or that disqus does or doesn’t spam. Think about it – we’d be replacing one comment plugin for another, for what? Improved comment threading?
There are a lot more features we would like (tying into the hackaday.io login system, for example), some sort of upvote system, and some other stuff I can’t think of right now. Disqus doesn’t do that, and nothing else does that.
Really, putting disqus on the blog right now would just be a band aid that would allow us to kick the real problems down the road a few more years.
The government would definitely try to scare these people into total submission they’d also put a story out like this trying to scare everybody else away.
Why worry about this you get enough info when ever they hit the web?
Snowden and the courts have already opened the bag on how security is done. Unless the network is kept totally private and then what good is a 2.5 mile network except for hams? For abusers not that likely unless it’s to a car near Starbucks and I’m sure that’s covered just as if someone was there? I think it’s only going to be a hobbyist kind of think yes mostly hams and low power and focused beams links. Yes maybe the carriers are afraid everyone would share accounts with neighbors and friends and leave them out. Google is going to make the nation wifi ready anyway and IPv6 everyone we can all be assigned a address if they want. And spoofing always a issue anyway on any device isn’t it?
I don’t see it much different then a Cisco bridge except for the cost. There are microwave band equipment that are license fee. We see them connecting one building to another all over any large city. In the future the gov might say you have to use your assigned IP address that might make things simpler?
I really appreciate this post. I¡¦ve been looking all over for this! Thank goodness I found it on Bing. You have made my day! Thank you again
I’ve heard really wonderful things about Japan! Ugh yeah here in Taiwan people aren’t that rushed either but Korea was a whoooole different story when it came to riding the subway or bus! Sad story, we actually had a CS lined up for Busan but then our host crapped out on us the last minute 🙁 I would have loved to try CS there but guess it wasn’t in the books for us to do it.
Please be kind and respectful to help make the comments section excellent. (Comment Policy)