A Cheap Spying Tool With a High Creepy Factor By SOMINI SENGUPTA
"Brendan OConnor is a security researcher. How easy would it be, he recently wondered, to monitor the movement of everyone on the street not by a government intelligence agency, but by a private citizen with a few hundred dollars to spare?
Mr. OConnor, 27, bought some plastic boxes and stuffed them with a $25, credit-card size Raspberry Pi Model A computer and a few over-the-counter sensors, including Wi-Fi adapters. He connected each of those boxes to a command and control system, and he built a data visualization system to monitor what the sensors picked up: all the wireless traffic emitted by every nearby wireless device, including smartphones.
Each box cost $57. He produced 10 of them, and then he turned them on to spy on himself. He could pick up the Web sites he browsed when he connected to a public Wi-Fi say at a cafe and he scooped up the unique identifier connected to his phone and iPad. Gobs of information traveled over the Internet in the clear, meaning they were entirely unencrypted and simple to scoop up.
Even when he didnt connect to a Wi-Fi network, his sensors could track his location through Wi-Fi pings. His iPhone pinged the iMessage server to check for new messages. When he logged on to an unsecured Wi-Fi, it revealed what operating system he was using on what kind of device, and whether he was using Dropbox or went on a dating site or browsed for shoes on an e-commerce site. One site might leak his e-mail address, another his photo.
Actually its not hard, he concluded. Its terrifyingly easy.
Also creepy which is why he called his contraption creepyDOL.
It could be used for anything depending on how creepy you want to be, he said."
http://bits.blogs.nytimes.com/2013/08/02/a-cheap-spying-tool-with-a-high-creepy-factor/?hp&_r=0&pagewanted=print
Good read on the ease of snooping. Must agree, pretty creepy.
thesquanderer
(11,982 posts)adirondacker
(2,921 posts)You could spy on your ex-lover, by placing the sensor boxes near the places the person frequents, or your teenage child, or the residents of a particular neighborhood. You could keep tabs on people who gather at a certain house of worship or take part in a protest demonstration in a town square. Their phones and tablets, Mr. OConnor argued, would surely leak some information about them and certainly if they then connected to an unsecured Wi-Fi. The boxes are small enough to be tucked under a cafe table or dropped from a hobby drone. They can be scattered around a city and go unnoticed.
Mr. OConnor says he did none of that and for a reason. In addition to being a security researcher and founder of a consulting firm called Malice Afterthought, he is also a law student at the University of Wisconsin at Madison. He says he stuck to snooping on himself and did not, deliberately, seek to scoop up anyone elses data because of a federal law called the Computer Fraud and Abuse Act.
Some of his fellow security researchers have been prosecuted under that law. One of them, Andrew Auernheimer, whose hacker alias is Weev, was sentenced to 41 months in prison for exploiting a security hole in the computer system of AT&T, which made e-mail addresses accessible for over 100,000 iPad owners; Mr. Aurnheimer is appealing the case.
I havent done a full deployment of this because the United States government has made a practice of prosecuting security researchers, he contends. Everyone is terrified.
He is presenting his findings at two security conferences in Las Vegas this week, including at a session for young people. It is a window into how cheap and easy it is to erect a surveillance apparatus.
It eliminates the idea of blending into a crowd, is how he put it. If you have a wireless device (phone, iPad, etc.), even if youre not connected to a network, CreepyDOL will see you, track your movements, and report home.