Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hot Sales In China For Wi-Fi Key-Cracking Kits

Posted by timothy on from the unsecured-is-so-much-nicer dept.

alphadogg writes "Dodgy salesmen in China are making money from long-known weaknesses in a Wi-Fi encryption standard, by selling network key-cracking kits for the average user. Wi-Fi USB adapters bundled with a Linux operating system, key-breaking software, and a detailed instruction book are being sold online and at China's bustling electronics bazaars. The kits, pitched as a way for users to surf the Web for free, have drawn enough buyers and attention that one Chinese auction site, Taobao.com, had to ban their sale last year. With one of the 'network-scrounging cards,' or 'ceng wang ka' in Chinese, a user with little technical knowledge can easily steal passwords to get online via Wi-Fi networks owned by other people. The kits are also cheap. A merchant in a Beijing bazaar sold one for 165 yuan ($24), a price that included setup help from a man at the other end of the sprawling, multistory building."

14 of 207 comments (clear)

  1. fp by Anonymous Coward · · Score: 4, Funny

    First post using my neighbor's wifi!

  2. WEP not secure, use WPA with random key by Anonymous Coward · · Score: 5, Informative

    Free Wifi cracking kit: Download here and use with brain 1.0 and any USB wireless dongle.

  3. Re:Are these available in the states? by blair1q · · Score: 4, Funny

    How are you going to steal my bytes when I don't pub my SSID?

  4. Re:Are these available in the states? by Annymouse+Cowherd · · Score: 5, Insightful

    By sniffing traffic to determine the existence of your network?

  5. Video in action by DNS-and-BIND · · Score: 5, Informative

    Video of cengwang ka in action here. Someone whose mandarin is better than mine will have to provide a translation. "Mee-ma" means password. Heck, I might get one just to use it in airports and other places where jerks charge for internet. Evidently they are illegal as taobao.com (the Chinese ebay) doesn't list them while a simple google search turns up dozens of vendors. I'll have to check on these next time I go to the computer market.

    Another notable aspect of this story is that it's actually accurate. China is a blank slate to most Westerners and I have seen journalists fabricate the most outrageous lies simply because it "fits the narrative" (narrative=preconceived ideas). No surprise the guy who wrote this was in Beijing, it's like the world ends for journalists outside the fifth ring road.

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    1. Re:Video in action by Zarel · · Score: 4, Informative

      You Slashdotters haven't been very nice when talking about my country recently. :( But I'll forgive you. Here's a translation:

      woman: "[incoherent] Wi-Fi key cracking kits are an extremely important threat to the safety of the Internet"

      woman: "Here, we simply follow these instructions, and then use the CD drive [sic] to access the password cracking software, and five seconds later, it indeed shows us five Wi-Fi access points. Clicking one, the computer starts to automatically crack the password, and after a while, it displays a string of numbers."

      man: "[incoherent] Looking at this, does this say that it's done yet?"

      other man: "Yeah, it says it's successful; it's connected to the Internet now."

      man: "So you can go and browse the web now?"

      other man: "Yep, you can, using its [the key cracker's] connection."

      other man: "Here, you can see four wireless signals, and the connections are pretty nice, at a speed of [incoherent]."

      woman: "Continuing our explanation, these key cracking kits are a type of external Wi-Fi card, but their ability to search for access points is stronger. What's scarier is that it comes with black-hat hacking software, that can let you hack into others' router administration panels. If this kind of tool falls into the wrong hands, it could have serious consequences, such as disruption of service."

      other man: "This software is very powerful. This one can crack passwords, and see here, I'm copying this guy's files - copying them to my own computer."

      woman: "[some organization I didn't catch the name of] says that Internet hacking incidents are steadily increasing. In actuality, securing a computer is not difficult, and modern OSes have mechanisms to limit how many people can connect, and who has permission to connect."

      other man: "Here, they've disabled DHCP and I'm connected, but I can't browse the Web since I don't have an IP address."

      woman: "To clarify, Wi-Fi cracking happens overseas as well. Several countries have already enacted laws preventing it; [incoherent] and Singapore, for instance, have made Wi-Fi cracking crimes. England has not only made it illegal, but are actively hunting infringers. However, China still hasn't passed laws regarding it."

      caller: "There are two sides to every issue. One one hand, it's password cracking, which is clearly wrong. But on the other hand, it's accessing the Internet for free, which should really be controlled by the owner of the access point and definitely [interrupted]"

      --
      Want a high quality FOSS RTS game? Try Warzone 2100!
  6. Re:backtrack? aircrack-ng? by SomeJoel · · Score: 4, Informative
    Yeah, hey, look at TFS FFS you SOB:

    a user with little technical knowledge can easily steal passwords

    Note the lack of an article between "with" and "little".

    --
    <Complete your profile by adding a signature!>
  7. Re:Are these available in the states? by Locke2005 · · Score: 4, Funny

    ...making it easier to browse their pr0n collection. My neighbors are all devout Christians, meaning I'm not interested in their pr0n collections -- that shit is WAY too kinky for me!

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  8. Re:Are these available in the states? by Tiger4 · · Score: 4, Funny

    See that's where I fool 'em. I don't encrypt my traffic. They'll search all day and never find the key!

    --
    Behold, this dreamer cometh. Come now, and let us slay him... and we shall see what will become of his dreams.
  9. That's for WEP ... by Agarax · · Score: 4, Informative

    You don't NEED packet injection, you just need it if you want to break into the network anytime soon. Sitting and listening to normal traffic will eventually get you enough packets to attempt to break it.

    For WPA you don't even need packet injection, just deauth a client that is connected, collect their reconnection packets, and then run a dictionary/brute force attack against the handshake.

    --
    Remember folks, slashdot doesn't have a -1 "disagree" moderation!
  10. Re:I have a question. by timeOday · · Score: 4, Informative

    The summary says what the motive is: to make $24 selling the kits.

  11. Re:Are these available in the states? by mlts · · Score: 4, Interesting

    On a side subject, it would be nice for a wireless AP to have the ability to use multiple (like up to 255+) WPA2-PSK keys, one individual key per machine. Yes, this encroaches on WPA-Enterprise, but this would provide the ability to lock out a compromised machine off the network just by zapping its key, as opposed to having to rekey every single box on the wireless segment.

  12. Re:Are these available in the states? by socceroos · · Score: 5, Funny

    Commentator 1: And in the blue corner we have seasoned slashdotter and daisy-cutter h4rr4r. His opponent today is the unheard-of Rijnzael...
    Commentator 2: Yeah, Bob - rumour has it that this Rijnzael dude is a cryptographer wannabe...
    Commentator 1: Indeed! Round one is about to begin...
    DING!
    Commentator 1: We're off! Both contestants start jostling.
    KABAM!!!
    Commentator 1: Wow! h4rr4r has just run to the side of the ring and flattened a member of the crowd who started shouting out about something to do with hidden SSIDs. That was unexpected!!
    THUD!!
    Commentator 1: Ouch! And with h4rr4r's back turned, Rijnzael has snuck in from behind and layed a stiff elbow into the back of h4rr4r's head! He's reeling off something about the legitimacy of hidden SSIDs.
    Commentator 2: It's all happening here, Bob. h4rr4r looks stunned... Rijnzael has bounced back to the middle of the ring - he almost looks surprised that he was able to land that blow. h4rr4r is turning around to face him...
    BIFF!!! BOP!!!
    Commentator 1: Thats gotta hurt! h4rr4r lays a couple of punches on Rijnzael!
    Commentator 2: h4rr4r really likes that iwlist+luser combo doesn't he! Rijnzael stumbles backward. He's composing himself now...
    DING DING DING!!
    Commentator 1: Oooooh! And with that the round ends! Rijnzael looks upset, he was getting all fired up for his next attack! Look at the anger in that bloke's eyes will ya!
    Commentator 2: Agreed. Rijnzael is itching to get back out there! h4rr4r is looking around the crowd... Ok, we're about to start round 2.
    DING!
    Commentator 1: And we're back into it. Rijnzael is bouncing like a kangaroo, he's pumped! Oh! He's moving in...
    BAP!! PUNT!! THUD!!
    Commentator 1: WOOOOOWW! What a combo! Rijnzael has hit h4rr4r squarely on the nose here! h4rr4r stumbles backwards and hits the ropes, arms splayed!
    POW!!! KABIFF!!!
    Commentator 2: Oh wow! "Fundamental Misunderstanding", "Belligerence", "Verifiable Incorrectness" - Rijnzael is throwing everything and the kitchen sink at h4rr4r!
    KABLOOIE!
    Commentator 1: An explosive hit! Rijnzael just landed a "slow adoption of Linux" blow on h4rr4r!
    Commentator 2: My goodness, Bob! You don't do that to a seasoned slashdotter! h4rr4r has gritted his teeth now, boy he looks in pain! What a grimace!
    *CROWD ROARING*
    Commentator 2: Here we go! h4rr4r's senior, geekoid, has just jumped into the ring!! Talk about uneven now!
    Commentator 1: Whats going on?! Looks like he got annoyed at the Linux reference! This is starting to look like a WWE match now!
    BOP! POW! BAP! BIFF!!
    **CARRIER LOST

    I'd better get back to RL and start working.
    'twas fun boys.

  13. Re:Are these available in the states? by Maarx · · Score: 5, Informative

    Aircrack is, curiously, one of the few tools that cannot be ported to windows, and which actually manages to attract people to run linux, just for this app. It's a "killer app", as they call it, which carries it's platform. Makes me think, sometimes, more open source software should be circulated without any windows ports or binaries at all, to keep people on open source platforms... of course, it goes against the whole idea of open...

    While I cannot debate it's status as a "killer app", the reason it works is not that the code for Aircrack cannot be ported, but instead because Windows does not possess the underlying DLL's to support it. In fact, the fork project, Aircrack-ng, has a port for Windows, with a giant alt-text disclaimer on the download link that says it doesn't work without DLL's that they do not provide (i.e., they do not believe exist). The result is the same, but it's inaccurate to speak of it as an inability to translate the program "source".