Slashdot Mirror
Feds Hack Wireless Network in 3 Minutes
xs3 writes At a recent ISSA (Information Systems Security Association) meeting in Los Angeles, a team of FBI agents demonstrated current WEP-cracking techniques and broke a 128 bit WEP key in about three minutes. Special Agent Geoff Bickers ran the Powerpoint presentation and explained the attack, while the other agents (who did not want to be named or photographed) did the dirty work of sniffing wireless traffic and breaking the WEP keys. This article will be a general overview of the procedures used by the FBI team.."
They didn't do a full brute force on the key (which takes around a gig of captured packets and a few cpu-hours to do). What they did was exploit the fact that many wireless AP's allow you to select a pass-phrase and generate a set of keys from that. They then ran a dictionary attack against the pass-phrases and checked the resulting keys. Not a bad job, but they could do much better. Here's how:
/dev/urandom and using that as a passkey is almost certain to thwart this attack, although it can still be brute forced with enough captured data and cpu time.
First, the first 24 bits of the key are transmitted in clear text. This allows you to narrow the field of keys by 2^24. Not too useful on its own - but...
Secondly, pre-compute the keys of all words in a dictionary attack. Select only the resulting keys whose first 24 bits match your target. You now have ((dictionary size*4) / 2^24) keys to check through. (dictionary size is multiplied by 4 since most AP's allow you to select one of four keys for any given pass-phrase.)
Now, this will handle most novices who setup their router with a weak passkey. For defense against this attack, simply don't use a password/phrase. MD5ing a certain length of
Of course, if you really care about people sniffing your traffic, you should be using ipsec anyway.
Karma: SELECT `karma` FROM `users` WHERE `userid`=138474;
Note to self: change WEP key to something other than "DEADBEEFDEADBEEFDEADBEEFDE".
WEP was almost a weak afterthought for wireless technology. This is just a demonstration of why WEP users should switch to WPA.
Do we really thing the FBI is so ignorant that they aren't aware of WEP and WPA cracking utilities?
Was the password public?
I bet it was public:public
Silly FBI
Damn those feds are good.
It takes me longer than 3 minutes just to type the WEP key from my router into my client!
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
I've been doing this for years. Now the feds have their hands on this technology. Run for cover!
But who's suprised that the *feds* can brute force a WLAN? From my own (albiet limited) understanding, it's not to hard to packect sniff and crack on your own... The feds have moer CPU power than *most* average joes anyhow, so I'm just suprised that they decided to go public with this...
I live in the middle of nowhere. I think I may notice two men sitting with a laptop in an ominous black car with government plates, as the only place they could be close enough is my driveway.
Still, it may be time to look at running an IPSEC tunnel over the wireless network.
When I first read the closing line of the article, I chuckled.
Then I felt dismayed.
It really is a shame when the prevailing "geek" attitude towards agencies like the FBI is mistrust and fear, not confidence and respect.
Obliteracy: Words with explosions
As long as people continue to use dictionary based passwords, it doesn't really matter how good the encryption is.
None of the agents could be reached for comment, as they were all busy arresting eachother citing the Patriot Act and the DMCA.
-Peter
Mirror???
So what this is telling us is the Feds are really just script kiddies?
People just need to realize that nothing is infalliable, maybe when this is mentioned on Fox News or CNN the general public will learn that they shouldn't trust their network for sensitive data. I know I don't.
On top of WEP encryption, you should also try to filter access to your wireless network using MAC addresses. I do not think a hacker would be able to easily get around that....
Assembled, for your pleasure:
-------
Title: The Feds can own your WLAN too
Introduction
Millions of wireless access points are spread across the US and the world. About 70% percent of these access points are unprotected--wide open to access by anyone who happens to drive by. The other 30% are protected by WEP (Wired Equivalent Privacy) and a small handful are protected by the new WPA (Wi-Fi Protected Access) standard.
At a recent ISSA (Information Systems Security Association) meeting in Los Angeles, a team of FBI agents demonstrated current WEP-cracking techniques and broke a 128 bit WEP key in about three minutes. Special Agent Geoff Bickers ran the Powerpoint presentation and explained the attack, while the other agents (who did not want to be named or photographed) did the dirty work of sniffing wireless traffic and breaking the WEP keys.
This article will be a general overview of the procedures used by the FBI team. A future article will give step-by-step instructions on how to replicate the attack.
WEP Cracking - The Next Generation
WEP is an encryption scheme, based on the RC-4 cipher, that is available on all 802.11a, b and g wireless products. WEP uses a set of bits called a key to scramble information in the data frames as it leaves the access point or client adapter and the scrambled message is then decrypted by the receiver.
Both sides must have the same WEP key, which is usually a total of 64 or 128 bits long. A semi-random 24 bit number called an Initialization Vector (IV), is part of the key, so a 64 bit WEP key actually contains only 40 bits of "strong" encryption while a 128 bit key has 104. The IV is placed in encrypted frame's header, and is transmitted in plain text.
Traditionally, cracking WEP keys has been a slow and boring process. An attacker would have to capture hundreds of thousands or millions of packets--a process that could take hours or even days, depending on the volume of traffic passing over the wireless network. After enough packets were captured, a WEP cracking program such as Aircrack would be used to find the WEP key.
Fast-forward to last summer, when the first of the latest generation of WEP cracking tools appeared. This current generation uses a combination of statistical techniques focused on unique IVs captured and brute-force dictionary attacks to break 128 bit WEP keys in minutes instead of hours. As Special Agent Bickers noted, "It doesn't matter if you use 128 bit WEP keys, you are vulnerable!"
On with the Show
Before we get into the steps that the FBI used to break WEP, it should be noted there are numerous ways of hacking into a wireless network. The FBI team used publicly available tools and emphasized that they are demonstrating an attack that many other people are capable of performing. On the other hand, breaking the WEP key may not necessarily give an attacker complete access to a wireless network. There could also be other protection mechanisms such as VPNs or proxy servers to deal with.
For the demonstration, Special Agent Bickers brought in a NETGEAR wireless access point and assigned it a SSID of NETGEARWEP. He encrypted the access point with a 128 bit key--made by just keying in random letters and numbers.
Note that normally, you have to find wireless networks before you can crack them. The two wireless scanning tools of choice are Netstumbler for Windows or Kismet for Linux. Since the other WEP cracking tools are mainly Linux-based, most people find it easier to stick with Kismet, so they don't have to switch between Windows and Linux.
Another FBI agent started Kismet and immediately found the NETGEARWEP access point. Just for fun, a third agent used his laptop and ran FakeAP, a program that confuses scanning programs by putting up fake access points.
Attack!
After a target WLAN is found, the next step is to start capturing packets and convert th
I didn't even have to hang around in the dark waiting for her to load up her secret PGP cracking software!
I am surprised that wireless A/P dont block a MAC address after X number of attempts
This is a good development, considering how heavily law enforcement authorities worldwide have been criticised regarding their dealing with cyber crime, reflected in low conviction rates and a general obscurity about such agencies, not to mention in ever sensationalizing press reports.
Perhaps this'll lead to a surge in cyber operations, and probably new employment oppurtunities within the FBI and other such organizations?
WEP is like gun laws in the US. They only keep the honest people from having guns. What a great society we live in.
Only 'flamers' flame!
Does slashdot hate my posts?
So now when the feds are parked out in front of your house waiting for you to leave your apartment, they can leech off your neighbours wifi...
If you're going to cut-and-paste for karma, please CITE YOUR REFERENCES!
w w.tomsnetworking.com/Sections-print-article111.php +%22definite+improvement+over+WEP+in+providing+wir eless+security%22&hl=en&client=firefox-a
The page you snipped this from is cached here:
http://66.102.7.104/search?q=cache:ChC8gBE_LsEJ:w
Government hypocrisy at its best.
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
This doesn't show that WEP is insecure... simply that the key-generation schemes favored by many manufacturers are insecure. Netscape 2.2 was vulnerable to the same type of weakness by using 22 bits of information to build it's 40 bit session key for SSL.
BTW, assuming a similar key generation scheme, this technique could break AES or 3DES, the encryption algorithm is irrelevant here. Why is it that vendors of security products can't figure out security?
Just need an actual "pasword". My 63 character WAP password does me quite nicely, and I don't have to change it once in my lifetime since it would take near a googlplex years to crack with brute force anyways. If there's a problem in the firmware, well that's another story.
7 t6o0r9y5y6o1u
For those interested, my WAP passphrase is t2h4e1r0e4a1r0e5XXXXXXXXXXi7d1e6s1t1o9e0v5e9r1y5s
(Those 10 X's are just for my protection, can't give it all away now or I might have to think about changing it!)
And yes, I DO have that memorized.
Dollar Highway Financial News
i read to fast, at first i read "fed wireless network hacked in 3 minutes" ...
"old news" i thought..
Here, all this time I thought that those G-Men were just clean cut, straw hat wearing good guys. My world is shattered.
Oh well, back to Vice City.
So what can do with this info? watch what you browse on the web???
In order for them to get anything out of my network they would have to hack my ssh keys & password since all my internal traffic is ssh protected.
On top of WEP encryption, you should also try to filter access to your wireless network using MAC addresses. I do not think a hacker would be able to easily get around that...
;) MAC filtering will only stop the very casual person from gaining access to your network.
OK, just in case you seriously don't know, MAC addresses are not encrypted, so it is dead simple to sniff traffic to find valid MAC addresses and then change the MAC address of the hacking box to the valid MAC address (usually during a time when that machine is not actually connected). I've heard that this is a good way to gain access at pay to play locations like Starbucks
Also keep in mind that MAC filtering only prevents someone from joining the network, you can still sniff at will at the packets.
Glad I didn't go through the effort of locking mine down. Who has the last laugh now, Mr. "You gotta lock that thing down"?
Adventure City Tours
1) Install a OpenBSD after plugging in a wireless card that can be used in hostap mode.
2) Install OpenVPN (that has a nice Windows client), and generate server and client certificates. There are howto and scripts for this.
3) Configure the built-in OpenBSD packet filter to only accept connections to/from OpenVPN ports on the wireless NIC.
4) Show war drivers the finger.
What if my passphrase is based on one or more foerign languages?
Change MAC address of my nic
Try again. (probably wait until the other guy shuts off his Laptop, though.)
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
So, just about any law you can break with a computer is now fair game. When you go to court just refer to the three minutes it could have taken some nefarious hacker to use your network without your knowledge. Since the likelihood of such an attack is low then I recommend everyone use a dictionary entry to generate keys. It will keep your neighbours off your network and you'll leave yourself with a perfect reasonable doubt defence when sued or prosecuted.
All your EVERYTHING are belong to us.
#4 is the main reason I haven't moved to WPA. It just takes too much time to go through and figure out how to get each machine onto it - especially since WPA is a new feature on the WinXP boxes and I have had enough of a headache with XP's wireless system (SP2 and my wifi card didn't really get a long).
57636C3U5O5V5Z445K5U5J6A2X5S5V3Z5V5T3L6J
6B643P5L5L323M5P5U66685E6668683P5L622P5H
5Z3Z665V5M6D445M5W5M5P1A3M3W543U605E5Y61
3R5Q623S395U3W646B665I66623R5I5W5O0W5Z67
5W3U5W5X426J5R5M5W3S213M6B5S60673L6E6B3R
605N5Y2S3M5T655P65626A6G5O5L3Q5P315F5X63
65493L42593R5N5R5R395W5T3Z655W5R5X613R5Q
623S2X5X625N41673L696A5O3P5X5Q0W5Y5W5W3U
665X5V6A5N5I605O183M5Z65616A5R42615X5K60
69345Y5X66603V5X5Z5Z5R5V5R61395J674B3U67
5L5V6G3R5Q623S375M636C5Y5R3L5W613R635N62
3D3M5W5S645R3L6E6B3R5K605L2R5P4A3Z3U4T5Y
6E444W3P5V5L3D3M5Q5W3U5Q5S676C5V5M625P30
633W6E64625R61445L5M5L5L395X5T3Z4Z3V5V5Z
5X5V5T673S2Z5S636E3U615S6E645S5V5P3S2P5G
636C663V5G6C6L5Z615X5R365F645Z6B493L4259
5P3P675Z393M5R5S603V5J6363645Z5N3S385M5X
6A3U625Y6E4G3R5X5U5P2P5X5T3Z655S5R5Y445W
5M3Q5L323M5T645N5W5P425X633P5V5L365P634V
5Y5W5R6F6K455K5J3S2P5S5S3Z5R6B5T665X5S5V
3Q64333M615W3U5V5S6H44685W633S2S5N5S3Z5V
673Z4244575P5N622T3M61605T5V5X425X5V605X
3S2Q5J3W6A61605I42675S5V5M3S335K3W695R6A
5E6C604543443S3B5J6063463V5Q5V6L5L5M3Q5Y
335Y4A
Good luck.
Meh.
email.
...that the feds were clueless when it comes to technology :)
Those who know, do not speak. Those who speak, do not know. ~Lao Tzu
Nah, they have the manufacturers build in a backdoor! Didn't you watch 24 last night? All they needed was the manufacturer ID and they got root access!
..they could do it in under 2.
Maybe 10% of the population are aware of WEP's weaknesses, but would the other 90% understand what/where/how to conifugre WPA on an AP or gateway? I'm not quite sure that Joe home user should be so worried about his WEP key. Most home users don't have any security policy or strategy (ie. millions of exploited Windows machines sitting directly on the internet), and most businesses have a poor network security policy. As a consultant for a large networking manufacturer, I am amazed at the lengths corporations will go to in securing their wireless network, meanwhile you can walk into unsecured parts of the building and just plug in (no 802.1x), or they have a substandard VPN or internet gateway solution. Maybe it would make more sense for our government to do seminars on security practices for computing(including wireless networking) versus demonstrating a 4 year+ old IV weakness vulnerability?
I was throwing you the 48, but you made me switch to the 132.
DECAFC0FFEEBADBADBADBADBAD
Backdoor? More like "Unchanged default settings". Works just fine IRL.
How dare they! The feds have no right to break into someone's wireless network, no matter how simple the password! I want to see the FBI taken down for this! <continues ranting about "the feds">...
I'm sure we'll hear many comments along those lines from Slashdotters who are no doubt using a wireless connection that they've broken into...
This is why I always get a little nervous seeing wireless routers stuck to the ceilings of some offices. Given the average security of most offices with wired networks, the outlook for un-wired networks isn't good, IMO.
Pulling cable is a PITA, but it is a layer of physical security that shouldn't be dismissed too soon.
-- Microsoft is the most expensive commodity operating system and office suite vendor in the marketplace.
I hope they arrested themselves on DMCA charges.
It reads: "I like Adam Sandler movies. O'Doyle rules!"
Am I right?
[insert lame joke here]
It says "Get stuffed". oh no, sorry - That what I say.
This deserves a lot more credit than it's getting.
Does Langley know about this?
Runnin' On Empty
Diane, it 10:37 PM. We just finished cracking the WEP keys for Benjamin Horne's office at the Great Northern Hotel and concluded that he looks at a lot of porn. I would have to comment that I would like more pie, I'm going to be up looking at few more things. Goodnight, Diane.
FBI r l33t!
58696M405X365K4262655X3E5O686840652U3N6J
6G6D442R5G68495T5Z38605V6D646L0W5I6C625V
670W5Z626A6B442R5U5Y664E440W4S426E5T602T
3N636L406H343N676Q6B61305L426266600W606D
664065383N6H695X6A0W4S426O5T6A383N6E6G40
6F2T5T5Y495X6A2R5X6J6H6C612S3N5Z6E5T6530
5Y4G4940590W5L63686D6E2T3N6D6A665Z2T3N63
6L4065375T5Q5X5O4B383N696F5X44335L426L60
610W5Y6E6266602P5X5Y4L4067325U6H6F406132
5I6C6Q686G2X5U68496C612R5N686A696H2T5Y4E
496C642P5Z426A6C44375N696M64600W5H5Z496E
61366442695T6E2S3N6E6G405Z365G5X6C4E440W
4L6F6L40590W5S5V6Q405Y2T3N5X6G656C305K6E
66646L0W626C6G66630W5H5Z645T6H375K425E40
6E2T5G666D6H442Z5T696O406A335Z626A66630W
5G5W6G6D6G0W5I6C6Q686G335M6C6268643D4142
4955620W64696M405Z2P5T42676163395X5Z496C
642X5Y426G6D6G183N6A6D5X5X375K426K5X6A2S
3N6766405X323N5Z6E5T65303N5V6L40692P5X65
6G4W682X5T6F6P4E5Z2P3N5V6F5W442T636A6D5T
65323N6E6G40692T3N626G6F443D5U6F495W652S
3N636L4E440W5362666A610W5S6368606G0W5G66
6K67442Q5K426K67692T3N656A66600W5U60496A
613B5G6C654E4I1A3N6H666468183N67626H5Y2T
3N686G6C4I
Meh.
6) Tinfoil. And LOTS of it.
People keep bringing up the problems with WEP. It's obvious it doesn't work very well at all, however most of your really secure traffic, credit card numbers etc, are going to be sent over SSL anyway.
People can park a car outside your house, break WEP and sniff your non-SSL traffic, but people at an ISP can do that anyway. Although using wireless does make it easier for them, the most they're gonna be able to do is read your email (if you don't use secure pop or secure imap) or logon your IM.
Although these things can be annoying, as long as you keep your private traffic restricted to SSL (https, pops, imaps, etc) you should be fine.
-Sumdog
is one of the 600,426,974,379,824,381,952 ways to spell \/14grA
dictionary-attack that, G-man!
Sorry about replying to myself, but here's a better link for explaining how this attack works.
'SBEMAIL!' is better than a goat!!
So, since nobody has mentioned it, I'll actually break my normal ./ silence and point this out.
The attacks they're using were developed by KoreK and released last summer. Then Christophe Devine re-implemented the attacks in Aircrack.
The FBI had nothing to do with development of this, they're just advertising that they're script kiddies. On top of that, the methods they used to for packet generation so they had something to capture were freaking LAME. Anybody with any form of wireless IDS would see this a mile away (oh yeah, they couldn't even write their own deauth tool...they had to be skript kiddies again and use void11...).
I wasn't AT the talk, any maybe the Tom's Networking guy didn't properly convey the message, but I feel that credit should go to the folks who deserve it, not script kiddies who got some face time at a conference.
-d
Isn't it against the law in the US to circumvent encryption?
Doesn't the gubment recommend 128 bit encryption specifically BECAUSE it can be brute-forced in a heartbeat?
:P
I remember reading something about that somewhere when MacOS 9 came out with Finder-Level encryption (128-bit, naturally)... and something OS X still doesn't have.
In the middle of the PowerPoint presentation, Special Agent Geoff Bickers' Windows machine got H4x0rD!!
GET FREE APPLE STUFF!
Most vendors don't update firmware. They simply sell a new version with the new feature. Maybe the high end ala cisco cards offer firmware updates, but for the average $75 crap from Worstbuy if its isnt' in the box, don't expect a firmware update for it.
btw, next time site your source.
You're making it entirely too complicated, and too open to security holes. The answer is:
1. Don't use wireless.
I don't respond to AC's.
It seems time to go wardriving with the FBI. In the last interview I did with them, the agent said he's be interested in going out for a wardrive. It's prolly time to schedule that, and pick up a few more soundbites.
Zhrodague.net - I do projects and stuff too.
Don't trust your data to a crypto spec not crafted by actual cryptographers! I myself have all data that travels across open air, or wires I don't control (actually, even wires I do control where privacy is that important) encrypted with AES-256, with the keys rotating hourly (and exchanged with perfect forward secrecy). Let us not forget that you should turn on random packet padding as well. To ensure that traffic analysis doesn't give away enough information to invade your privacy.
There goes my next two weeks!
My goal is to keep the teenage wannabe hackers in my neighborhood from downloading pr0n over my wifi connection, not to block the FBI, CIA, NSA, or any other government TLA.
Seriously, when each packet is encrypted with a different key, it seems like this would become a lot more difficult.
A lot of APs and hubs are coming with it now.
Would you notice an ominous black satellite with an american flag slapped on the side snooping your AP from space? Or a different flag for that matter?
Then I felt dismayed.
It really is a shame when the prevailing "geek" attitude towards agencies like the FBI is mistrust and fear, not confidence and respect.
I find it refreshing.
The founders of our government were quite aware that the greatest threat to freedom was the very government intended to secure and maintain it. That governments are run by people, that people are fallible, and that the power of government tempts them to sieze still more power- to simplify their jobs, to enhance thier own lives, or just for the fun of it.
They knew that some people and some institutions would be corrupted, did their best to put roadblocks in the way of corruption to slow the process down, and to warn their successors (us) to be on watch, so we could catch the inevatable slippages and correct them.
An attitude of healthy suspicion combined with grudging respect and occasional heartfelt praise is precicely right, when it comes to agencies such as the FBI. Healthy suspicion because agents - singly, in groups, or institutionally - have gotten out-of-hand repeatedly. Grudging respect (which must be earned but is honest when it is), because the government and its agencies houseclean from time to time, the agency mostly stays on track, and many of its agents are honest, hard-working, and often heroic, doing their best to identify, protect us from, and bring to justice some truly evil people. Occasional heartfelt praise - when they earn it (which they often do), spending their sweat, smarts, and blood to make the rest of us safer.
The reason I find "the 'geek' attitude" refreshing is that it show that a new generation - no, a large social group that crosses several generations - have "gotten it". Like most powerful tools, law-enforcement and investigative agencies can do significant when used properly, and even greater harm when misused or broken. Eternal vigilance is needed to keep them in good repair and on the right job. Now we have yet another generation that understands the need for this vigilance and is standing guard.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Hey, it worked!!! This post is the proof.
;)
You think since the FBI did this study, they'd prevent geeks like me from breakin ginto THEIR network doing the exact same thing they bosted about.
Sugapablo
How about 1024-bit keys?
Currently we're experimenting with using an open WLAN with logged http/https access (for guests), and then OpenVPN for all the internal users. Same network, but the VPN users have good data encryption (better than if we used WEP) and thus are allowed to access many more services.
The other is the PowerPoint guru :-P
WTF am I doing replying to an AC at 5 A.M on a Friday night?
There's no possible way the Federal Government would ever consider doing something as base, immoral, illegal, and invasive as go around wardriving just to see what they can see. I mean, come on, these people hold a SACRED DUTY and they take AN OATH and everything. No *way* would they ever do anything bad.
"What? I wrote it just like you-"
*BLAMBLAMBLAMBLAM*
*thud*
http://xkcd.com/386/
People can park a car outside your house, break WEP and sniff your non-SSL traffic, but people at an ISP can do that anyway. Although using wireless does make it easier for them, the most they're gonna be able to do is read your email (if you don't use secure pop or secure imap) or logon your IM.
That's not the worst they can do.
The worst they can do is use your wireless to attack people, send spam, and publish stuff that'll get the RIAA and MPAA including your IP in a John-Doe lawsuit.
So what this is telling us is the Feds are really just script kiddies?
No.
What this tells us is that the Feds are showing people just how TRIVIAL and FAST it is for script kiddies and crooks to break into WLANs. And give you pointers on keeping the petty crooks out (and drastically cut crime and reduce the load on the FBI).
Surely you didn't expect them to give you a demo of how THEY do it and how to keep THEM out, did you? B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
or, alternatively,
1) Secure the individual computers on the network.
I read that as Adam Sessler. Ug!
128 bits. Roll one 8-sided die 51 times (discarding the least-significant bit of the last roll).
.50c. I'm fairly certain you could find cheaper prices. I estimate the total cost of this hardware randomizer at $20 if done on the cheap.
To speed up the process, get one of those
clear boxes they use to make sure people take the right number of pills per day. Get one with more than 22 boxes. (4 times a day for a week = 28, fairly common)
Put dice in boxes. Put a sheet of something solid on the door side. Shake. Invert. voila, random byte strings. w/ 28 boxes you have 84 random bits. Repeat twice for your 152 bit key, dropping the last 16 bits.
chessex.com has a variety of dice - you can can order single d8s for
Someone will probably complain about the non-cryptographic quality randomness of this process. But you only need cryptographic quality randomness when you're going to use it very repeatedly and someone can attack the similarity between them. Since the nonrandomness isn't known to anyone outside and you probably aren't generating a massive number of keys you're fairly safe. To increase security, buy dice from multiple manufacturers and occasionally switch around the lots.
(every 4 d8 values converts to 3 hex values. If you're converting by hand, you could alternately use a pair of dice for a hex value, generating only 56 bits per shake but only needing a table of 16 values to convert by hand to hex. You could also use 4 sided dice for this equally well, since you're only using 4 bits per pair.)
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
I'm the author of the article.
1. Where in the article does it say the FBI developed the attacks? Did you RTFA?
2. For the IDS comment, I did state that it is NOT a stealthy attack. Not stealthy = IDS will pick it up.
3. You weren't at the talk, and it shows. They did give credit (a LOT of credit) to KoreK and Devine, but I didn't put it in the article. So you can blame me for it.
*Homer looks outside and sees a van*
Flowers
By
Irene
If the "$5 lamp timer" idea to shut down the router during off-hours doesn't work for you (eg. you need wired connections to stay up), a script to enable/disable the wl_net_mode setting on the http://192.168.1.xxx/Wireless_Basic.asp page of a Linksys WRT54GS would seem pretty doable. Put an enable/disable entry into a cron schedule and you've closed the window for hackers somewhat.
Cooking a script up like this (with POST and HTTP Basic Authentication for login) wouldn't be very hard, but does anyone know of Linksys scripts that might already be usable?
Dude, the guy said that the FBI was using known tools that anybody can find. They don't have to give credit to anybody.
Note that even if WEP is trivial to crack it serves a purpose: The same purpose as a lock on a screen door or window.
It doesn't keep out a burglar.
It DOES make it clear that your INTENT was to keep him out, and that if he breaks in his INTENT was to break in.
This is a very important legal point if/when you, or law enforcement, bring action against him.
Similarly, the computing community has generally interpreted permission settings (on files and the like) as an expression of intent, generally honoring them even if they have the ability to bypass them.
This transfers directly to wireless access points: Some people deliberately leave their APs open, to let others use them as a community resource. Generally this is done by leaving them at the default settings. While there may be confusion about it if an AP is in this state, there is NO confusion about the intent if WEP is enabled.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Just wondering how hard it is to spoof MAC addresses...
The point of the demonstration was to point out how easy it was to crack WEP from readily available tools.
It really is a shame when only the "geek" have a prevailing attitude towards agencies like the FBI as mistrust and fear, not confidence and respect.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
Typical of a blowhard nerd who thinks he knows everything, and goes for a complex solution, trying to show how much he knows instead of going for the most efficient solution.
The real answer is:
1) Segregate your wireless network, install VPN, and have all your users VPN into the safe network.
There is *nothing* else you need to do besides this. You can use wireless with no encryption, it doesn't matter because you're using a higher level protocol to do the protection for you.
I was surprised to find that the FBI Computer Scientist mentioned in the article presenting this was... a Smith.
Hmmm...
That's why I buy crappy wireless products. Sure I have to park my laptop within 17 inches of my base, but nobody's sniffen my network without them sitting on my lap!
On my Netgear wireless router, I have the ability to enable MAC address filtering. If the wireless connection isn't coming from my MAC address, then the attacker can't use my router. Right? I live in an apartment complex and I had just set up my router. Within a week, I noticed someone sharing my router for some goatse action. I enabled my MAC filtering but not WEP and I haven't seen Mr goatse again. Could he come back though somehow? Also, if I don't enable WEP, an attacker could monitor my web usage without necessarily using my internet connection? Thanks for any answers.
WEP was almost a weak afterthought for wireless technology. This is just a demonstration of why WEP users should switch to WPA.
Except that WPA is a gun-jumping SUBSET of the DRAFT of the forthcoming 802.11i standard, and isn't guaranteed to be compatible with it (rather like "pre-G" and "pre-N" products).
So; yeah, it's better than WEP; but is it a good idea to focus on something which might need upgrading in the near future anyway? (You MIGHT be able to upgrade firmware. You MIGHT not....)
If I considered someone's business security important enough that WEP wasn't acceptable (and it really isn't for all but the smallest businesses), then I'd advise waiting a little longer for genuine 802.11i-compatible products to arrive. Wireless *isn't* that essential yet...
Just a thought; would it be possible to implement 802.11i "in software" for existing equipment?
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
When I decode it, I got:
"Go Puck yourself!"
I'm not sure what Puck means, but I'll see what I can do.
This sig has been removed pending an investigation.
You left off a vital step in showing the finger. Apache has to be installed and the default web page needs to be set to the appropriate image.
You're missing the point. I sincerely doubt the FBI did this to showcase their superior hacking skills...the point was to show how easy it would be for *anyone* to gain access to a wifi network. I doubt the FBI is interested in taking credit for the methods...otherwise they might have at least allowed their photos to be taken. Yeesh.
Note to self: Change President Scroob's WEP key to something other than 1234567891011121314151617181920.
To Alcohol! The cause of, and solution to, all of life's problems.
I think that was supposed to say:
> Special Agent Geoff Bickers (not his real name)
Hehe, why bother cracking the WEP key when most Wireless Networks are unprotected, for about a month i've been connected to the internet through the Wireless network belonging to a nearby shop.
But since i've now got my own connection i now bridge those connections to boost my download speeds. hehe.. not my fault they keep there network unprotected, they've even left the default password on the router configuration panel, so i turned on Extended signal strength to get better signals.
I know this was a bit offtopic but i guess that most people here have one or more Wireless networks in thiere neighborhood that is unprotected, at least if you live in a city!
Yeah i know my spelling stinks..
Bits of News Giving you the latest bits.
Dude, this isn't Nature. It's /., remember?
apt-get install apg
That way you don't have to trust an external third party for your random password. Keep it all on your local machine.
What puzzles me is why isn't software or protocols that use encrypted passwords programmed so that a password can only be sent once every second (or so).
I started wondering this while cracking some zip files with good old brute force attack and it is amazing how fast you can find rather long a password on a desktop pc (10 mil. passwords/second).
Now, I'm not very interested into the whole encryption thing but I bet you could easily make a zip file only accepting passwords once every second.
With a dual Xeon I'm guessing I could probably do more than 50 mil. passwords per second. If those would only be accepted by the file once every second, brute force or dictionary attack would render useless. Even the most simple passwords would need days if not weeks to crack.
I'm not familiar with wireless protocols but couldn't it be possible to make a protocol that wouldn't accept passwords more than 1/sec from the same IP/MAC address? Hell you could even make the machine send it's "signature" based on the hardware components, OS,... to make sure that particular machine doesn't get more than 1 pass/sec.
Enlighten me please.
Pay for mac changing software for windows? Are you for real?
http://ntsecurity.nu/toolbox/etherchange/
Every geek knows that "hack" means a creative demonstration of skill, not to make an unauthorized break-in of someone else's system.
Therefore, the appropriate verb in this case is GNU/crack.
Thank you.
Don't let the everyday joe's know that their wireless connections are open to the world, or else I won't have any way to surf the Interweb on my laptop when I take my kids to the park.
(+1 Funny) only if I laugh out loud.
Who will guard those selfsame gaurdians - if you don't grok Latin ...
...
Seriously, is this good news?
Especially since they don't need anything more than a rumor about you, spread by a neighbor or ex-girlfriend/wife, to do a warrentless search, and institute wiretapping
-- Tigger warning: This post may contain tiggers! --
From TFA:
Note that this is not a particularly stealthy attack, as the laptop user will notice a series of "Wireless Network unavailable" notifications in the taskbar of their desktop screen.
Oh my gosh! I see this all the time! Someone must be trying to penetrate my wireless LAN!
Wanted: witty unique signature. Must be willing to relocate.
Here at work (an R&D facility for a major electronics company) we have opened up our WLAN for anyone to use and dropped WEP completely. Instead we use VPN's. This enables the following:
1. Any customer/vendor can get easy net access
2. Anyone in our local area can get free Internet access and feel good about our company. The range isn't that far, but for geeks in a pinch, it's there for them.
We don't advertise this feature but it is definitely done for these reasons.
I strongly recommend other companies to just dump WEP or any other authentication system and open up their access points.
With my help they could have done it in 1min.
A locksmith was able to pick a locked front door in a residential neiborhood in just under 3 minutes.
However, the FBI has superior entry method that involves breaking the door down in just under 8 seconds.
Others are mentioning COINTELPRO, or Hoover's reign of terror, or Waco, and on and on. No need for me to cover that territory, which any well-informed citizen knows. There's always Wikipedia if you need to bone up on the cheap.
No, I wish to call attention to your language. Therein lies your problem: your language shortcuts thought. Do you realize you write less like a citizen than a subject?
Agencies like the FBI, you write.
Government agencies, law enforcement agencies, you mean. Please stop and think about that.
"Agencies like the FBI"--which would include, of course, the CIA, the NSA, the DEA, the BATF, for starters--are nothing more than arms of power. It is that power to which we must turn, thoughtfully, and ask our questions. We cannot say de facto that an enforcement agency is worthy of "confidence and respect," as you would have it, unless we first examine whose laws and whose agenda these agencies are enforcing.
To take but one high-profile example: the war on drugs. This irrational prohibition has stocked our prisons with the poor, but failed demonstrably by creating more crime in illegal drugs; yet it is blindly enforced by those before whom you would have us genuflect. What choice have they, after all? Yet, fortunately, we have a choice: we can think, they cannot. We can withhold automatic "confidence and respect," as we should, since a brutal and destructive prohibition depends on patsies and collaborators.
The founders of our nation viewed overweening power with deep suspicion, and they anticipated the glamor of irrational obedience--the impulses of mob-like majorities, of good little yes-men. Examine their writings, and behold their constitutional framework: it is in sum a work of almost beautiful paranoia, conceived by men who looked on history as realists. They designed the nation to survive not terrorists or criminals but the surrender of thought by its own inhabitants.
Comment removed based on user account deletion
You can build a good RNG from a cheap Geiger counter and a smoke detector (radioactive source). I did this with an old laptop computer. It wasn't fast, but it produced more than enough random bits for keys and one-time pads.
Mea navis aericumbens anguillis abundat
Just don't broadcast your SSID! This will prevent war-drivers/feds from detecting your network, thus making them move onto a much more worthy target :p
/me fixes his tinfoil hat
The feds can probably crack 128bit encryption with their eyes shut.
I fail to see why this is noteworth except to those that don't understand how easy it is to crack WEP. In fact 3 minutes is barely worth writing home about. Hell, we've done the same in class for crying out loud--you only need to capture about 7-10MB of data to have all the IVs required to perform the cracking, and that's equivalent of what, an MP3 or two?
Cracking the key is what usually takes the most time and now that can be accomplished in as little as 15 seconds these days with recently available tools.
Add it all together, plus the time it takes to input the key into the wireless config, and you've got access in about 3 minutes or so.
"On a scale from 1 to 10, people are stupid"
Not that anyone can stop them, but if police break the law in acquiring evidence, that evidence and any evidence gathered as a result is inadmissible in a US court. The "fruit of the poisoned vine" doctrine. You can bet this will come up at trial.
...Real Men don't need passwords, they just crack their own systems...
-- my sig got
"See mr Judge, it really wasnt me sharing all those files. See how easy it its to break into our home network. I wasnt warned about this when i bought it, perhaps the store should be sued, but not me"
---- Booth was a patriot ----
Slashdot... news by nimrods dumb enough to bitch-slap themselves.
But is that true? I'm ignorant too, but I think it depends on the index n of 802.11n.
My uneducated guess is, WEP leaves the mac address exposed(actually, that much I know for sure), and 802.11i (WPA2)does not expose the MAC address. For 802.11g, (WPA), i would like to know. It's supposed to be much more secure than WEP, in any case.
http://www.cdi.org/blair/permissive-action-links.c fm
Dyslexics have more fnu.
I always ask people to turn their WEP keys off anyways.. nothing like creating scarcity out of the plenty of wi-fi networks out there.
Look, your computer ought to be secure at the TCP/IP level. If you're depending on WEP link security, you're probably hosed anyways. And you'll almost surely be hacked by the teeming swarms of infected computers on the net long before you get trouble from a neighbor, a drive-by script kiddie, or now the FBI. Unless you're a paranoid freak and you're sure they're really out to get you. The roving script-kiddies that is.
Worried about bandwidth? If you and your neighbors cooperated instead of hording bandwidth from each other, you'd have more to go around. Heck, you could multi-home your laptop and get multiplexed bandwidth. That's more, not less.
Now turn off those keys and rename your home wi-fi network "public"!
The FBI knows about the beastiality porn on your machine, and will be showing it to your mother next week.
a single pf rule:
Who cares if you can crack a WEP using a non-passive attack? Well, I shouldn't say that...it's good when you wanna hack Joe Schmo around the corner (no offense Mr. Schmo), but any smart admin will have devices in place to catch floods of unusual packets slamming their WiFi device. I hope. So this isn't really all that cool.
me to install wireless in our house. WPA with a max length random password, sid broadcast turned off and MAC authorization enabled. It took awhile to get everything working cuz it (WPA) was newish and her version of XP had to be updated to support it etc. If friends come over and ask if they can use the wireless lan it takes like 10 minutes for them to type all the random shit in and for me to add their mac address to the router :) She says I'm paranoid. She's right.
So what this is telling us is the Feds are really just script kiddies?
No, the feds are one of the only types of hackers that aren't script kiddies. Taxpayer money is funnelled to teach them out to both program and hack. That's why your tax return this year was a bit less than last year's.
Debugging? Klingons do not debug. Bugs are good for building character in the user.
For all you know, the gun-totting lunatics might apologize for the mess they've made afterwards.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Perhaps this is yet another reason why we have CAT5 cables? Also, I might be tempted to use the NSA-patched Linux kernel sometime, if the FBI is going around snooping without warrants.....
How many of you guys have FBI agents in the coverage of your wireless router/access point anyway?
And I thought you slashdot readers were all brainy and such. Oh well. I guess nobody will ever claim the cash prize.
Meh.
... they were Agent Smith, Agent Jones and Agent Brown.
Run!
Shouldn't they be upholding the law instead of breaking it?Waste of manpower and taxpayer money if you ask me.
My thoughts exactly. On top of having easy access to truly random numbers, you're getting them with a freakin' LAVA LAMP. That is so awesome, and I'm sure the chicks dig it.
3 minutes is probably quicker than the "rubber hose" approach.
Although the rubber hose approach gets you a secondhand laptop as well as the WEP key.
Sure you can trust the government and of course the FBI! Ask any Native American!
FBI = Federal Bureau of Intimidation
Well spoken, agent Smith
> It really is a shame when the prevailing "geek"
> attitude towards agencies like the FBI is mistrust
> and fear, not confidence and respect.
It's not just the FBI, but any source of power. There was a time in US history where the country chose the president, rather than some clown deciding to run.
We must all be careful of those who see to rule or control others.
Ok, this has me curious. Last time I experimented with breaking WEP, I broke a 128-bit key using aircrack in a few minutes. The catch was, it took a couple hundred meg of captured traffic (I initiated a ping flood to generate the data). So that meant taking hours to gather the data, not minutes. Anyone happen to know what changed since aircrack 2.1 (the most recent release)? Or was I just doing something wrong back then? Perhaps ping floods aren't a good way to generate the necessary data?
Flip a penny 128 times. Does the same thing, and nobody will think you're a D&D player.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
I doubt the FBI knows about that one.
"National Security is the chief cause of national insecurity." - Celine's First Law
LOL!!!
Actually, they only needed the last 6 digits--and they have people on staff who know them by heart.
My wife totally hates watching that show with me. She likes, it (and I do for the most part) but when that happened last night, I about spit my chicken wings and Dr. Pepper all over the floor I was laughing so hard. She looked at me like "WTF?" and I was like---"uh....nevermind."
It's worth noting from a historical perspective that COINTELPRO was the questionable result of the wildly successful program run by the FBI to finally break the back of the Klu Klux Klan in the South. From what I saw, it was a pretty brutal operation...recruited massive numbers of informants, had constant "friendly reminders" that remaining members were being watched, etc.
I can't believe that each week the use of technology on the show 24 gets worse and worse. People complain about CSI, but the stuff they do on 24 makes CSI look like a documentary.
Forget the whales - save the babies.
That might actually be a fantastic idea, it would be fantastic to use the MAC to seed the WEP keys. Right now each AP only has to handle one set of keys for the whole group of users, but this change would mean you'd need one set of keys for each user connected. You might end up having an AP that would bear more load as each client connected, but the load might not end up being so much worse since it's already having to encrypt all data anyways. The difference would be using the right keys for the right clients, and that might have very negligible overhead if implemented properly. Even if it were a heavy load this is still very reasonable in a business environment considering the security gain.
... and a cheap webcam! ;-)
/. article.
Actually some guys in SGI (back in the days when IndyCam was a fancy novelty and apparently they were thinking what it can be used for) did just that. Of course the resulting images should be sampled at long enough intervals and MD5-hashed...
Google for lavarand or even check out
this
Paul B.
Leave it open, on the outside of your firewall. Once you get an addres, vpn in with IPSEC, or just ssh -CX and run your browser off your server.
-nick
RandomAndInteresting.comdefending the world from stupidity since 1979
So when are the feds releasing their tool as open-source?
Anybody have experience with building and integrating a hardware random number generator?
/dev/random which graduually collects entropy from the timing of keystrokes, network traffic, etc. Not the best source of ranbdomness, but it totally beats rolling your hands across the keyboard just to try to type something "random.".
Pentium-3 and later contain hardware RNG's based on the thermal noise from a resistor. The price is that the cpu also contains a serial number, and Intel tracks these through the distribution channel via point-of-sale reporting so that the actual end-user of the cpu is known.
It's also possible to sample the FM hiss from a radio using your soundblaster. It'd be pink noise, so you'd have to process it a bit to extract the entropy.
Or on *nix, you can install and use something like
Somweone with access to a high-speed RNG should set up shop selling one-time pads. Basically CD-ROM's filled with nothing but high-quality randomness. (Business idea!!!)
Actually this sounds like a good topic for an "Ask Slashdot." Someone (not me) should suggest this: "How do you obtain your entropy?"
I respect your right to say what you have, and I am sure that you like and are loyal to your friends, but I must point out the when they're at work and you are on the receiving end of their violence and unlawful activities then you would think different. Now I'm not talking about robbing banks I am talking about peacefully standing up for the rights of your people. I am talking about trying to hold them to the laws that they promised to up hold.
You see I DON'T live in DC. I am a Native American that has been involved with protecting the rights of our tribes and our people. The rights that every human being should have. The ones they are suppose to protect. In the early 70's I have been thrown to the ground face down in the mud and a .357 shoved in my ear. Why? Because my skin is darker and my hair is long and I am a reminder that your government took most of this land by force. That I remind this government that they signed their treaties and the grass is still growing and the river is still flowing. I have a friend who's trailer was burned to the ground with his Mother, Wife, and children inside, and they all died. Later he was asked in private by and FBI agent if he had learned to keep his mouth shut. Lets talk about the over 600 dead Native American that died strange deaths after the FBI came to the Rez. Hummm nice people once you get to know them.
Don't say that I don't know these people. I have worked for them and I am a Vietnam Vet. I know the government very well. This is how the war is fought. Yes as individuals they are likeable people, and they go to work and do as their boss tells them, who got their orders from another boss. Now when they come and burn down your house with you in it. It just them doing their job. They are not responsible. You go to their department and the department says they aren't responsible. Well then who is? It is a Monster with a thousands heads.
Spending time (as many have done here) dwelling on how a given institution (say, the FBI) has "earned" our deep suspicion because of now-gone policies and management implies a bad case of not getting it. No dude living in the real world is what has given me my mis-trust and living through real life situations. We ain't talkin' TV.
I'd say that we can pretty much get past saying that the Germans (or Japanese for that matter), as a people, are still earning our deep mistrust. Humm funny I don't feel that way towards Vietnam people. A few years back I met a Vietnamese man my age that was in the same area I was in at the same time. Did I feel threaten or not trust him? NO not at all. We met with total respect for one another. Do I feel threaten and not trust my government? YES. To be totally honest I am afraid to post this. Yet I would rather go down as a man, than to live like a coward so I am posting. After all isn't that what I went to Nam and tried to kill that nice man I met? The freedom to speak out an question my government.
Similarly, the people currently staffing the FBI aren't anymore inherently malicious working for the current administration than they were for the last one (remember their helpful delivery of private profile info into the last administration's offices? Hey I'm in the way back machine I'm talking about the early 70's not the present administration. This has been going on in every administration. The case you are referring to is they just got caught that time. Did getting caught change things? No
Eternal vigilance must indeed be part of the picture - but let's not forget that FBI agents, managers, directors... these people all have families, a personal longing for liberty, and a general sense of decency that gets them through their crappy days dealing with the world's true, hateful, death-dealing creeps. The problem is "Eternal vigilance" has been outlawed. You speak out you are branded a terrorist and sent to Cuba. Sure these people have families and a personal longing for liberty. Do
hasn't it been known for at least two years that WEP is insecure ?
Since the FBI didn't write the tools, why did they bother having a FBI computer scientist at the event ?
Looking at that photo, perhaps canivore was named after the programmers developing the application.
Yeah, my wife's catching on too. I could see her BS detector starting to go off, and she asked me, in a very I-dont-believe-it-tone: "is that possible?" No, pure bullshit I said. Still a fun show, though. They should dose down on the techno-bull otherwise its starting to be like a bad Star Trek episode (see sig).
I can explanate how to administrate your network. You must configurate and segmentate it, so it can computate.
why is this news? For real.
People saw wireless as being cool and convenient and dove right into it without thinking of the consequences. It's just like people getting onto the Internet for the first time. It's so cool and neat to them. But they don't understand what they're getting themselves into. It's not just a convenience. There's serious security considerations that have to be made. Just because wireless makes connections easier and more convenient, doesn't mean that people should just embrace it.
Think again.
.....
......
Actually it is called the FMS attack. Google for it. I found it during one of my school assignments on wireless security.
The problem is with the algorithm, and not the encrytion itself. Google for the FMS white paper (3 guy's initials, those who discovered it). Its simple math, anyone with basic computer math knowledge and some skill in programming can do it.
The book I read explained the exploit in 4 lines
Oh, and the feds are slow in letting the public know
Damn, and I thought lining my hat and my pants was enough!
J.
You're only jealous cos the little penguins are talking to me.
That was great wasn't it? What was it now... hold down the control key and left arrow or something ??
I love it, oh and the laptop which he couldn't stop from deleting files from itself ??? Don't turn it upside down and remove the Battery... no no , keep pressing keys and yelling "I can't stop it".
Right now I'm trying to get this to work, but it is not really easy. However, once it works, how is the legal situation? If I have WEP on, and some neighbour hacks into it, I can sue him. Without WEP, I couldn't. But, what if he hacks in a VPN-enabled system? Can I still sue him? Note that WEP would be disabled in this scenario, because it would not be needed.
This sig does not contain any SCO code.