Slashdot Mirror
Hot Sales In China For Wi-Fi Key-Cracking Kits
alphadogg writes "Dodgy salesmen in China are making money from long-known weaknesses in a Wi-Fi encryption standard, by selling network key-cracking kits for the average user. Wi-Fi USB adapters bundled with a Linux operating system, key-breaking software, and a detailed instruction book are being sold online and at China's bustling electronics bazaars. The kits, pitched as a way for users to surf the Web for free, have drawn enough buyers and attention that one Chinese auction site, Taobao.com, had to ban their sale last year. With one of the 'network-scrounging cards,' or 'ceng wang ka' in Chinese, a user with little technical knowledge can easily steal passwords to get online via Wi-Fi networks owned by other people. The kits are also cheap. A merchant in a Beijing bazaar sold one for 165 yuan ($24), a price that included setup help from a man at the other end of the sprawling, multistory building."
First post using my neighbor's wifi!
My neighbors have all started encrypting their wireless routers :-(.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Free Wifi cracking kit: Download here and use with brain 1.0 and any USB wireless dongle.
My SSH tunnels, let me show you them.
You can already get stuff to do this for free. Is this stuff that's getting sold made for the less technical crowd or something?
Seriously. Usb Wifi Dongle + Rainbow Tables DVD + Backtrack = Win?!
"I'm going to f***ing bury that guy, I have done it before, and I will do it again. I'm going to f***ing kill Google"
Sure, I can use AirCrack or a number of techniques or utilities, the same way I can freeze dry my own vomit and make it look like vomit from Spencers, but it's just not the same, Where can I get one of these for the novelty of it. I can't go to Spencers....
Of all the things I've lost; I miss my mind the most. - Mark Twain
Video of cengwang ka in action here. Someone whose mandarin is better than mine will have to provide a translation. "Mee-ma" means password. Heck, I might get one just to use it in airports and other places where jerks charge for internet. Evidently they are illegal as taobao.com (the Chinese ebay) doesn't list them while a simple google search turns up dozens of vendors. I'll have to check on these next time I go to the computer market.
Another notable aspect of this story is that it's actually accurate. China is a blank slate to most Westerners and I have seen journalists fabricate the most outrageous lies simply because it "fits the narrative" (narrative=preconceived ideas). No surprise the guy who wrote this was in Beijing, it's like the world ends for journalists outside the fifth ring road.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Perhaps I'm a bit behind the times, but I'm just as worried about the RFID 'Blink' chip embedded in my new credit card.
so lets get this straight, the same chineese who wont pay for windowz, pay for a free linux distro to crack wifi? Genius...cant blame them who wants to pay for windows
Why is china or the people of, so interested in causing problems on the internet?
IS this just a way of rebelling that is safe for them from their government (the party they would really like to rebel against.)
Out of curiousity I put backtrack in to ebay and what do you know, theres half a dozen backtrack 4 dvds for sale as Hacking Operating System.
But no rerturns accepted!
Those who can, do. Those who cannot, sue.
You don't NEED packet injection, you just need it if you want to break into the network anytime soon. Sitting and listening to normal traffic will eventually get you enough packets to attempt to break it.
For WPA you don't even need packet injection, just deauth a client that is connected, collect their reconnection packets, and then run a dictionary/brute force attack against the handshake.
Remember folks, slashdot doesn't have a -1 "disagree" moderation!
I left it Open so you would waste your time paying that additional $5 for the software. How does it feel naooo, biatch? Bitches don't know they don't need to pay extra to use my WAP. Besides encryption, I'll be shifting my WAP to some obfuscated authentication algorithms that standard off-the-shelf software drivers on closed-source Operating Systems will not be able to intercept; it derives from a change in the Opensource driver, it might be 50% slower but at-least everyone can see my Open WAP but wonder why the hell they can connect and no packets move around.
No firewall rulls.
...Kuang Grade Mark Eleven
You don't say!
As much as you stand to benefit by stealing another person's connection, have you ever considered what would happen if they found out, and started spying on your traffic?
Starbucks, Harbuckle of Breath.
The main piece of the kits, an adapter with a six-inch antenna that plugs into a USB port, comes with a CD-ROM to install its driver and a separate live CD-ROM that boots up an operating system called BackTrack. In BackTrack, the user can run applications that try to obtain keys for two protocols used to secure Wi-Fi networks, WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). After a successful attack by the applications, called Spoonwep and Spoonwpa, a user can restart Windows and use the revealed key to access its Wi-Fi network.
Ya. sure anyone can do it.
---- Booth was a patriot ----
and they have to crack it brute force. Sure people might still use WEP but they deserve to get hacked.. it's little more than a picket fence.
Such things could have an interesting effect in France if that law gets approved, specially if punishes you if someone downloads something illegal using your connection, even if the access wasnt enabled but cracked into.
165 yuan is not cheap at all.
My wireless router filters devices by mac address.. if I understand it correctly, there's no way for it to be cracked into so long as the filters in my router are enabled. It recognizes my netbook, a skype phone, and an ipod that I own. All other devices will "see" the network but will not be able to access it.. if I understand the way it works correctly anyway. :)
Anyway, I live out in the sticks. If some bonehead wants to sit out in a snowbank and use my internet connection, more power to 'em.
-Troll, Flamebait, and Offtopic are NOT equivalent to disagreement.
sweet jesus, is there anything about china that doesn't suck?! :(
As wifi use becomes more & more ubiquitous, it would seem beneficial to change from a model where everyone sets up their own walled-off private networks to a model where all wifi packet distribution is shared in a mesh (with automatic routing protocols and such). Something like parasite.net from Cory Doctorow's story, or this: http://www.open-mesh.com/
Instead of having so many AP's & devices "shouting" and competing for access to airspace/time in an apartment building, devices would function more like cellular phones and just "talk quietly" to the nearest AP. APs could also coordinate with each other automatically to find decent channel assignments. In short, a system of cooperation beats everyone doing their own thing.
1- type a command in terminal (airodump-ng [adapter])
2- run spoonwep with the values obtained in step 1
3- wait a couple of minutes
Can't get much easier than that (and for free). Why are people paying money for those kits?
I've got better things to do tonight than die.
And your password is as short and simple as "sugar" (from the article) you deserve to be targeted by Chinese script-kiddie hackers.
Quick translation, since I'm kinda in a hurry (though, c'mon, DNS-and-Bind, you've lived there for 7 years? if I remember from a previous post, and you can't speak fluent mandarin now, plus a few dialects? What have you been doing with your time?)
Anchorwoman: We will now explore the background behind these (Wifi Keys) and the hidden danger they present to internet security.
The journalist installed the Wifi Cracking kit according to the instructions, and then used the Cd-rom to open the password cracking software. After 5 seconds, the computer monitor correctly displayed 5 wireless network signals. Click on any of the networks and the computer will automatically start cracking the password. After 4 minutes, a series of numbers appears on the display.
I'm just going to freeform this bit, I'm translating background chatter, not just the subtitles. Mostly Mr. Hu and the reporter talking, I won't note who is who, but it should be kind of obvious...also, there's stuff that isn't in the subtitles, so it should flow better
Guy1: oh, this is the password (background)
Guy1: AAAAA....
Reporter: His password is 8 A's (this is the subtitle guy number 1)
Guy1: What an idiot!
Reporter: Take a look at it now, did it work?
Mr. Hu (Hu something-ying, the middle character is too low resolution), network expert at a Wuhan Guangtong Computer Technology Development company: It succeeded, we're already online.
Reporter: So we can get online directly?
Mr. Hu: Yes, we're online through his network(thanks to the key)
Here we have 4 signals, this signal isn't bad! 18megabit speeds.
Anchorwoman: The computer expert explains, the Wifi Cracking kit is essentially a just wireless card, but its ability to search out wireless networks is much stronger than normal wireless cards. What's scarier, is that it's combined with a "hacker" software program that can easily hack into other people's host machine (host computer), if this apparatus is used for nefarious purposes, it could result in computer files being accessed, privacy leaks, etc., with serious consequences.
Mr. Hu: This is a serious threat to internet security. It can reveal secrets, and interferes with security. Look, I can directly make copies of his files, copy it directly to my own computer.Anchorwoman: Wuhan network expert Mr. Hu of the XYZ company IT dept. says that reports of successful network intrusion attempts are skyrocketing. He also explains that protecting yourself is not difficult, by setting the number of user accounts or adjusting the router settings.
Mr. Hu: Turn off the DHCP on the router, then even if you access the network, you can't get online,since there's no IP address. The important thing is to do it from the router.
Anchorwoman: The phenomenon of Wifi password cracking is common outside China, regardless of the nation. Singapore considers it to be a crime, and the UK considers it illegal and you can be arrested. In China, however, there are no laws about Wifi password cracking.
Phone caller, from Hubei, works with communications related company: This thing presents two main problems. The first is password cracking. This is a security/safety problem. The other is using other people's Wifi connections for free, this is a problem of stealing access. If you check and can find evidence of.....(is cut off)
I may have cut a few corners, but that's the gist. I don't do much technical translation, but this one was light on the technical terms anyway, so if you have questions or need other stuff translated, let me know.
The five bucks is so you can get the goods at all, can't reach www.aircrack-ng.org, it's terribly slow. Been that way for a while.
Build your own energy sources from scratch. http://otherpower.com/
All my use of aircrack-ng is that only the non-USB hardware is supported, meaning you need either something on a PCI bridge be it either the blackplane or a Cardbus slot. USB support was attempted but not there because of technical issues, the last I checkted if I remember correctly.
The best Linux distribution is BackTrack 3, and the recent DVD versions of it are just bloated pieces of shit that fail easier with the more surface-scratches the disc collects. I can't wait for a Linux distribution that has multiple images of itself on the same disc just so when a scratch is ditected then it will skip/redirect with a non-volatile seek command so it can use another viable amount of image; I was CDROM RAID is what I'm asking for. I don't need all the bloated titty-shitfuck code that makes it bloat to a x?x?x-Niggabyte DVDROM.
That despite wide availability of super cheap sub $ 20 routers capable of WPA, people still use WEP...
Backtrack 3 supports the delightful AWUS036h - a powerful USB WiFi adapter that allows packet crafting.
Meaning even if it seems the Chinese have a disproportionately high interest in net vandalism activity or whatever, statistically per capita they may actually have a disproportionately low interest in net vandalism activity or whatever.
I thought about this - selling a wi-fi cracking kit, beaten at the post again :-(.
From a comment on Slashdot, I think every machine should use a differnt KEY to connect. Then each could be controlled as seperate connections.
Then what we need is every machine utilise quantum cryptography when communicating with their router. This basically uses the Heisenberg uncertainty principle and allows secure connection to be established as any third party (sniffers) would affect the communication and hence would be noticed). THis has been done and it works! Of course you only know that there is a third part listening.
So if anyone was sniffing you could keep changing the key every 10 mins. What we need is a system that can seamlessly change keys without dropping connections because as far as I know, changing the key would require a new connection be established.
You don't necessarily need a USB wifi dongle. Aircrack on BackTrack works just fine with my Broadcom 4318 (aka Dell 1370) miniPCI card