AT&T Won't Block Black Hat Eavesdropping Demo

← Back to Stories (view on slashdot.org)

AT&T Won't Block Black Hat Eavesdropping Demo

Posted by samzenpus on Wednesday July 28, 2010 @02:37PM from the enough-rope-to-hang-yourself dept.

snydeq writes "AT&T says it won't interfere with a highly anticipated talk on intercepting cell phone calls at the Black Hat conference this week. Hacker Chris Paget last week said that he plans to demonstrate on Saturday how to set up what's essentially a fake cell tower that allows him listen in on nearby mobile calls. But Tuesday, he wrote on his blog that he had 'heard that AT&T may be considering suing me to stop my talk.' AT&T, however, has insisted it has no plans to interfere with the talk."

126 comments

Min score:

Reason:

Sort:

AT&T Doesn't Care by OverlordQ · 2010-07-28 14:43 · Score: 4, Insightful

But what about the types of people that actually enforce the wiretapping and interception laws?

--
Your hair look like poop, Bob! - Wanker.
1. Re:AT&T Doesn't Care by GSV+Eat+Me+Reality · 2010-07-28 15:09 · Score: 0
  
  AT&T is probably going to strike back later on - with lobbying campaigns to put more vague provisions in new laws that make it illegal to do anything like what he is going to talk about.
  I'd imagine their lobbyists and lawyers will use terms like "potential disruptions to communications networks" and "danger to national security" and other buzzwords. Meanwhile as with nearly all such laws regarding technology the real effects will be to stifle experimentation and innovation by anyone without a license to do so, and the paperwork will grow to even more immense proportions.
  People will hack systems anyway, it'll just become even more dangerous to one's continuing free existence to even do innocent hacking.
  I'm going to abuse an old movie quote. "The more they tighten their grip, the more control over their systems will slip thru their fingers."
  I don't see that there is any amount of lawyers, lobbyists, laws, enforcement (that's a laugh) or anything else that will stop people from hacking new technology. Can't say that I have any idea what's going to happen in the future, but I suspect that William Gibson might have been on track with that a couple of decades ago.
  Paranoid, me? WTF do I know, I'm just another General Systems Vehicle, putting out little fires all around the sphere of humanity wherever I can and trying to do so in a manner that helps the whole.
2. Re:AT&T Doesn't Care by Nikker · 2010-07-28 15:31 · Score: 3, Insightful
  
  As long as he only uses an informed and willing volunteer over a private connection would this demonstration really come under wiretapping laws? If they are going to send it through speakers infront of a crowd it would be more like an elaborate microphone than anything else.
  
  --
  A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
3. Re:AT&T Doesn't Care by Anonymous Coward · 2010-07-28 16:20 · Score: 0
  
  Who said AT&T would SUE?
  They'll wait for you to blow your wad on the Fed's doorstop.
  THEN they'll sue.
4. Re:AT&T Doesn't Care by GameboyRMH · 2010-07-29 02:36 · Score: 1
  
  I'd imagine their lobbyists and lawyers will use terms like "potential disruptions to communications networks" and "danger to national security" and other buzzwords.
  Forget those, those are yesterday's news. Now it's CYBERATTACKS and CYBERTERRORISM which can cause a CYBER PEARL HARBOR or CYBER 9/11! Get with the times man!
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
Hmm by MoeDumb · 2010-07-28 14:43 · Score: 1

Did he hear it over an AT&T line?

--
Mod Me Up. You'll make a grown man cry.
1. Re:Hmm by Anonymous Coward · 2010-07-29 01:02 · Score: 0
  
  It ain't no fortunate phone.
Rumour? by amirulbahr · 2010-07-28 14:43 · Score: 3, Informative

So he blogged that he heard that AT&T might sue him to stop the talk, AT&T deny the rumour, it makes headlines.
1. Re:Rumour? by Anonymous Coward · 2010-07-28 14:46 · Score: 0
  
  Well, slashdot headings at the very least.
2. Re:Rumour? by Anonymous Coward · 2010-07-28 15:13 · Score: 1, Insightful
  
  I'm amazed that this article isn't from kdawson.
3. Re:Rumour? by bsDaemon · 2010-07-28 15:15 · Score: 3, Insightful
  
  Yeah. It's called "New Media." It's like news, but without the journalism degrees or standards of professionalism.
4. Re:Rumour? by chapstercni · 2010-07-28 15:44 · Score: 3, Insightful
  
  Yeah.. cause we can see how professional all those journalists are that have the degrees. They are impartial, and fact check everything.
5. Re:Rumour? by bsDaemon · 2010-07-28 15:58 · Score: 2, Insightful
  
  There are still plenty that do, although it's true that gone are the days of Cronkite. It's sad, really, but 24-hour news cycles mean they can't put as much time and effort into making sure that they cover relevant information accurately. That's not an excuse, more of an indictment. Do people even watch the evening news anymore?
6. Re:Rumour? by nmb3000 · 2010-07-28 17:44 · Score: 1
  
  So he blogged that he heard that AT&T might sue him to stop the talk, AT&T deny the rumour, it makes headlines.
  To be honest, the first think I thought when I read his blog entry was "scapegoat". Maybe he realized his hack doesn't work quite right, or is flawed in some other way and wants an easy way out of giving the presentation? Claiming worry about a big lawsuit sounds pretty good for that.
  I'm betting at this point that AT&T came forward because they:
  1) Want to make sure he can't use them as an excuse, and
  2) They really want to know (probably more than most people) if the hack really works.
  I can easily see some top-level AT&T execs (and other providers probably) asking their technical people if such a hack is possible. After getting a bunch of "no, sir, it's impossible!" all around, they're likely eager to see if their tech people really know their stuff or were just blowing sunshine up their butts.
  Providers themselves are probably the last group that would stop such a presentation. The FBI on the other hand, they might be first in line.
  
  --
  "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
  /)
7. Re:Rumour? by inKubus · 2010-07-28 17:45 · Score: 2, Funny
  
  Why does news only have to last 24 hours? Any story worth telling probably has at least a few years worth of action in it. Slow is better. Trust me.
  
  --
  Cool! Amazing Toys.
8. Re:Rumour? by Phroggy · 2010-07-28 17:49 · Score: 1
  
  So where did he get the idea AT&T might sue? Did they tell him they might sue? Did someone else with inside knowledge of AT&T's plans tell him they might sue? Did some random person think to themselves, "hey, AT&T could sue!" and told him it was a possibility? Did he make it up himself and lie about it?
  Also, did AT&T decide not to sue because they looked at the situation, considered their best course of action, and determined that suing wasn't the right thing to do? Or did they decide to sue, but then changed their minds when word got out because they knew it would make them look bad?
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
9. Re:Rumour? by Anonymous Coward · 2010-07-28 17:53 · Score: 0
  
  Inception perhaps?
10. Re:Rumour? by GrumblyStuff · 2010-07-28 18:36 · Score: 2, Interesting
  
  I try but they always tack on some celebrity or sports shit and then I turn off the TV.
11. Re:Rumour? by houghi · 2010-07-28 20:06 · Score: 3, Insightful
  
  It's like news, but without the journalism degrees or standards of professionalism.
  So it's like news?
  
  --
  Don't fight for your country, if your country does not fight for you.
12. Re:Rumour? by mattack2 · 2010-07-29 10:25 · Score: 1
  
  Yes, I watch the evening news every day (though lately I sometimes get the podcast instead and listen to the audio only).
Glad AT&T is not being evil (this time) by onionman · 2010-07-28 14:43 · Score: 2, Insightful

Good to hear that AT&T is actually doing the "right thing" and hopefully learning from the research instead of attempting to suppress it.
1. Re:Glad AT&T is not being evil (this time) by DJRumpy · 2010-07-28 14:48 · Score: 2, Informative
  
  The right thing is to give these companies time to respond and to close potential security vulnerabilities before the information goes public. In this case, that obviously is not going to happen (by that I mean addressing vulnerabilities). I hate that they have to release this information in such a public way and wish they wouldn't, but I see the need for it all the same.
2. Re:Glad AT&T is not being evil (this time) by bogaboga · 2010-07-28 14:49 · Score: 1
  
  Good to hear that AT&T is actually doing the "right thing" and hopefully learning from the research instead of attempting to suppress it.
  For AT&T, 'learning from research' would be admitting inferiority in a way. It's better for them to stay away officially then send geeks of their own to 'learn from the research', even though their own geeks failed to see iPhone problems before millions did.
3. Re:Glad AT&T is not being evil (this time) by MessedRocker · 2010-07-28 14:51 · Score: 2, Insightful
  
  Sometimes the greatest incentive to change your ways is to have your foibles on public display.
4. Re:Glad AT&T is not being evil (this time) by ScrewMaster · 2010-07-28 14:51 · Score: 3, Informative
  
  Good to hear that AT&T is actually doing the "right thing" and hopefully learning from the research instead of attempting to suppress it.
  Time was when "research" and "AT&T" were damn near synonymous. But yeah, it's good that they're keeping the sharks in check.
  
  --
  The higher the technology, the sharper that two-edged sword.
5. Re:Glad AT&T is not being evil (this time) by blackraven14250 · 2010-07-28 14:57 · Score: 1
  
  I remember reading on another story about this demonstration that this vulnerability is one that's been known for a decent amount of time so far. If so, this is the needed course of action, since the companies won't change until word gets out that the system is unsafe.
6. Re:Glad AT&T is not being evil (this time) by Michael+Kristopeit · 2010-07-28 14:57 · Score: 1
  
  would it be evil for AT&T to give the FBI the location of the talk and express concern about the electronic transmitter being demoed, which broadcasts a signal to phones before they allow calls to be intercepted?
  what about every single person in the audience and surrounding city that might not really care how cell phone security works as long as people aren't advertising how to listen to their calls. he might have an angry mob on his hands.
7. Re:Glad AT&T is not being evil (this time) by GNUALMAFUERTE · 2010-07-28 15:03 · Score: 1
  
  If you could cover any significant urban area with a small and low powered antennae sitting on a table inside a theater, mobile calls would be a lot cheaper than they are. This is research, and it's being done inside the lab. Also, stopping research is fucking stupid. If I got my conference interrupted by the FBI, I would go ahead and sell the technology to spammers. That would be far worse. Do not attempt to stop research, ever. It is the wrong thing to do, both in ethical and practical considerations.
  
  --
  WTF am I doing replying to an AC at 5 A.M on a Friday night?
8. Re:Glad AT&T is not being evil (this time) by Michael+Kristopeit · 2010-07-28 15:09 · Score: 1
  
  why would your new research mesh network node ever need to trick users of a competitors network and intercept their traffic? why not just demonstrate a call strictly over your own network relays? is it because the latency of such a network makes voice calls horribly awkward? the advertised device and method of interception has no applicable use for research other than unwarranted interception. the advertised demo is neither ethical or practical.
9. Re:Glad AT&T is not being evil (this time) by zonker · 2010-07-28 15:36 · Score: 0
  
  One of my uncles was a researcher at AT&T's Bell Labs and later BellCore. Most of the researchers in BellCore were let go and replaced with pencil pushers and lawyers. Today it is known as Telcordia and they no longer do R&D in the old facility. He now works at a bay area startup designing next generation solar panels. He often talks about missing doing raw science.
  
  --
  Large print giveth, and the small print taketh away
10. Re:Glad AT&T is not being evil (this time) by zonker · 2010-07-28 15:41 · Score: 0
  
  You think the FBI isn't already there? They've played a game called Spot the Fed for years. It's damn near a tradition. They are there to learn what's going on in the hacker community. It's beneficial to them too.
  
  --
  Large print giveth, and the small print taketh away
11. Re:Glad AT&T is not being evil (this time) by pspahn · 2010-07-28 16:12 · Score: 1
  
  I was under the impression that if you went to Las Vegas, and something happened that you didn't want people to know about (maybe embarrassment, blackmail, or you don't want your grandchildren to know)... I thought it was supposed to stay there. Have I been lied to?
  Maybe I should visit Atlantic City instead.
  
  --
  Someone flopped a steamer in the gene pool.
12. Re:Glad AT&T is not being evil (this time) by Miamicanes · 2010-07-28 16:21 · Score: 1
  
  I think it's not so much a matter of not knowing about this as a potential vulnerability, as it is a case of the hardware necessary to pull it off suddenly becoming cheap and affordable to just about anyone with the slightest interest in doing it.
  Perfect illustration of "exploit" that becomes possible due mainly to falling prices:
  My best friend owns two Blu-Ray players. One is Region "A". He bought it for $99 the day after Thanksgiving last year. The other is Region "B". He paid around $160 for it, including shipping, from the guy in Hungary or Romania who was selling them on eBay. Both are perfectly happy to feed 1080p24 video via hdcp-protected hdmi to his TV. If he cared, I'm sure he could buy a Chinese Region "C" Blu-Ray player for another hundred bucks or so, plus maybe another $50 for a HDMI switcher. Region coding only works as long as players are too expensive to just go out and buy one from every region you care about.
13. Re:Glad AT&T is not being evil (this time) by Score+Whore · 2010-07-28 16:49 · Score: 1
  
  Time was when AT&T wasn't just a name purchased by Cingular.
14. Re:Glad AT&T is not being evil (this time) by klingens · 2010-07-28 16:59 · Score: 4, Informative
  
  There already was a public talk about this GSM vulnerability last december. Back then, the group cracking the protocol didn't have the hard/software to demultiplex the connections a GSM basestation has to handle in realtime. That problem is now solved and so the hack is fully functional. The rainbowtables needed to crack the protocol were publicly created for almost all of 2009. The GSM industry had PLENTY of time to react and get their shit together, instead they stonewalled, ignored and threatened the hacking group as Mr. Piaget described back in his December 2009 talk.
  The DECT industry group for cordless phones who use a similar encryption method but weaker as GSM had their protocol examined bofore that in 2008 or so by the same people. When the hackers approached the DECT people they were basically welcomed and both, DECT group and hackers, worked together on fixing the protocol, spec and especially implementations.
  Ironically the DECT industry group and the GSM association is made of largely of the same companies...
15. Re:Glad AT&T is not being evil (this time) by evilviper · 2010-07-28 17:32 · Score: 2, Informative
  
  Time was when "research" and "AT&T" were damn near synonymous.
  There was a time when Nuclear Power Plants and "Westinghouse" were nearly synonymous, yet now they're making cheap toasters that don't work.
  The "AT&T" of today only happens to use the same name as the "AT&T" of years ago. Other than that, they died out entirely, much like Polaroid. What's now calling itself AT&T is, in fact, SBC, and has all the baggage associated with that shiftless company.
  
  --
  Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
16. Re:Glad AT&T is not being evil (this time) by Anonymous Coward · 2010-07-28 22:46 · Score: 0
  
  >>There was a time when Nuclear Power Plants and "Westinghouse" were nearly synonymous, yet now they're making cheap toasters that don't work.
  Not exactly. There are still products sold under the brand Westinghouse, but it merely the name, different company. Westinghouse proper is now owned by Northrop Grumman.
17. Re:Glad AT&T is not being evil (this time) by Anonymous Coward · 2010-07-29 00:27 · Score: 0
  
  maybe at&t's reasoning is: "he hasn't committed a crime... yet."
  a c&d or threat of a lawsuit might stop him for a short time, but may not permanently stop him from his work..
  on the other hand, a video of him explicitly wiretapping private conversations is much more likely to get him sent to jail.
18. Re:Glad AT&T is not being evil (this time) by bill_mcgonigle · 2010-07-29 03:19 · Score: 1
  
  When the hackers approached the DECT people they were basically welcomed and both, DECT group and hackers, worked together on fixing the protocol, spec and especially implementations.
  This is great - is there a DECT2 now? My current phones are 900MHz spread-spectrum, but they don't seem to be widely available any longer.
  Ironically the DECT industry group and the GSM association is made of largely of the same companies...
  So perhaps the first hackers' group had a superior approach? I don't recally ever reading about it - perhaps that was part of the success?
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
19. Re:Glad AT&T is not being evil (this time) by Nethemas+the+Great · 2010-07-29 05:07 · Score: 1
  
  I'll be impressed when I DON'T see the feds come busting in as a result of an "anonymous" tip...
  
  --
  Two of my imaginary friends reproduced once ... with negative results.
20. Re:Glad AT&T is not being evil (this time) by Ungrounded+Lightning · 2010-07-29 07:30 · Score: 1
  
  Ironically the DECT industry group and the GSM association is made of largely of the same companies...
  So perhaps the first hackers' group had a superior approach? I don't recally ever reading about it - perhaps that was part of the success?
  I suspect the cellphone case has more government regulation of the protocols that would have to be tweaked.
  
  --
  Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
21. Re:Glad AT&T is not being evil (this time) by Anonymous Coward · 2010-07-29 10:25 · Score: 0
  
  Good to hear that AT&T is actually doing the "right thing" and hopefully learning from the research instead of attempting to suppress it.
  Research? He's setting up a rogue cell phone tower and intercepting calls. That's not rocket sciences. The parts required are freely available. I don't know what grounds AT&T would use to sue. I'd think this is a matter for the federal government, since the violations are all criminal law.
This fella is quite talented... by bogaboga · 2010-07-28 14:44 · Score: 0, Flamebait

...not to mention that he definitely has a lot of time on his hands.
Words and Deeds are often different by meerling · 2010-07-28 14:51 · Score: 1, Insightful

Just because one person at AT&T said they won't do anything about it, there is absolutely no guarantee that someone else doesn't have different plans.
There are many examples of a corporate spokesman saying one thing, while the company immediately did the opposite.

just imagine:

Well dressed spokesman speaking to TV reporter: "Absolutely not! There is no credibility to the rumor that there is any terrorist activities or police actions taking place at this facility! The rumors are absolutely false! I can only guess that maybe someone who doesn't know any better got a little excited when someone in shipping started playing with some bubblewrap. Everything is just fine, no trouble what so ever."

In the background, a group of fully outfitted swat or paramilitary in black body armor and assault rifles run out of the nearby building and take cover behind a shipping crate, an explosion is heard and gray smoke pours out of the doorway the team just came from...
1. Re:Words and Deeds are often different by bsDaemon · 2010-07-28 15:21 · Score: 1
  
  Or when Kennedy came out saying that no Americans would be involved in any invasion of Cuba right about the time of Bay of Pigs fiasco with the CIA...
2. Re:Words and Deeds are often different by nacturation · 2010-07-28 15:57 · Score: 2, Insightful
  
  Just because one person at AT&T said they won't do anything about it, there is absolutely no guarantee that someone else doesn't have different plans.
  The way I read it was: "Oh no, we won't interfere with the talk at all. But just wait until you see what we do after the talk!"
  
  --
  Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
I see AT&T's position by Montezumaa · 2010-07-28 15:01 · Score: 1

While I detest AT&T on multiple levels, this shows that AT&T is thinking clearly(at least at the very moment at time). AT&T was probably advised, from a legal standpoint, that they(AT&T) had no legal basis to use to stop this demonstration. It is the same reason why we can learn how to build a multitude of bombs, learn how to make various drugs, and learn a plethora of various knowledge on the internet and out in the "real world". The First Amendment to the United States' Constitution cannot and will not be put on hold to make any group happy. Aside from threats of violence, "free speech" cannot be withheld from the citizenry.
Even though people, today, tend to believe to contrary, the U.S. Constitution is still very much alive(in that is still protects us the same way it has since its inception). While AT&T might have won a temporary injunction to stop this(if they properly sopped for a judge), it would have been quickly squashed on appeal and the information would have been disseminated rather quickly. The fact is that AT&T does not want negative press.
Of course, that could change. I mean, in the interest of being consistent, AT&T might just try to kill this at the last minute.
1. Re:I see AT&T's position by fuzzyfuzzyfungus · 2010-07-28 15:06 · Score: 3, Insightful
  
  On the other hand, if they don't kill it, the presenter may well have just committed a number of crimes in front of a live audience, and probably a fair few cameras)...
  
  If they don't, he'll just have some nastygrams to hang on his wall, and a story of being oppressed by the man, without any lingering consequences.
  
  They might just be ignoring it entirely, figuring that the Streisand effect is not with them on this one; but the path of maximum vindictiveness actually requires them to let him go ahead...
2. Re:I see AT&T's position by LurkerXXX · 2010-07-28 17:12 · Score: 1
  
  the presenter may well have just committed a number of crimes in front of a live audience, and probably a fair few cameras.
  A live audience filled with feds...
Ya forget AT&T, ask the FBI by Sycraft-fu · 2010-07-28 15:02 · Score: 4, Insightful

I'm still not very convinced this is legal, and you want to be sure. While they might well say "It isn't like he caused any harm, just let it slide," they also might now. The law is the law and all that. Plus maybe some company pressures them in to it. Some provider who gets mad says "Hey, you need to charge this guy, he broke wiretapping laws!"
When you are doing something all on your own equipment in a controlled environment, then sure you are good to go. So having a lab with what you need and trying it on your own stuff, that is legal. However intercepting random people in the area of your tower? Don't think that is legal, doesn't matter if you are doing it as a demonstration or not.
1. Re:Ya forget AT&T, ask the FBI by msauve · 2010-07-28 15:13 · Score: 5, Insightful
  
  "I'm still not very convinced this is legal...So having a lab with what you need and trying it on your own stuff, that is legal."
  
  It's definitely NOT legal. If nothing else, he'll be transmitting without a license on frequencies he's not authorized to use. When you use a cell phone normally, it's transmitting under the carrier's license authorization. If he sets up his own "cell site," there's not a license to be found anywhere. It doesn't matter how much power is used, or how far the signal can travel, if it's an intentional radiator, it's illegal.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
2. Re:Ya forget AT&T, ask the FBI by causality · 2010-07-28 15:41 · Score: 4, Interesting
  
  "I'm still not very convinced this is legal...So having a lab with what you need and trying it on your own stuff, that is legal." It's definitely NOT legal. If nothing else, he'll be transmitting without a license on frequencies he's not authorized to use. When you use a cell phone normally, it's transmitting under the carrier's license authorization. If he sets up his own "cell site," there's not a license to be found anywhere. It doesn't matter how much power is used, or how far the signal can travel, if it's an intentional radiator, it's illegal.
  I had the impression that you could, without a license, transmit on frequencies that require a license so long as it's extremely low power, to the point that beyond X number of feet (300?) no meaningful reception of your transmission is possible.
  
  Before CD players in cars were common, you could get standalone CD players that broadcast the audio in the FM band. The car's radio/tape-player could be set to FM and turned to that frequency to pick up the audio from the CD. This was acceptable because the transmitter is in the same vehicle as the FM radio, so tiny power levels were sufficient.
  
  I admit that I am not a lawyer and don't know much about FCC regulations. I get the impression they're not an agency with a sense of humor, and one you wouldn't want to have to deal with. Still, would cell frequencies be given some special treatment that is not given to FM radio frequencies?
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
3. Re:Ya forget AT&T, ask the FBI by sumdumass · 2010-07-28 16:08 · Score: 1
  
  They even had microphones that would transmit to a certain radio station. However, those devices were licensed and certified for a particular consumer use. It wasn't that you didn't need a license, it's that the device used a specific channel set aside for something like that.
4. Re:Ya forget AT&T, ask the FBI by Vellmont · 2010-07-28 16:23 · Score: 4, Insightful
  
  "Hey, you need to charge this guy, he broke wiretapping laws!"
  
  That might be just a bit difficult to convince a jury, given that his "wiretapping" is going to be limited to a small area that likely includes just the conference room full of people their for expressly this purpose, for not particularly long. If anyone doesn't want to be "wiretapped" perhaps they can restrain themselves and not make any phone calls during that short period in that room.
  Why is it that some people are always so convinced "the law" is something like the laws of physics that's set in stone and not interpreted for a specific purpose?
  I'm guessing he'll be breaking FCC regulations. If someone wants to make some big complaint about the few minutes he'll be running his demo, well I'd help contribute to whatever pathetic fine they might try to assess. In reality this would never happen since the FCC has better things to do.
  
  --
  AccountKiller
5. Re:Ya forget AT&T, ask the FBI by EETech1 · 2010-07-28 17:33 · Score: 2, Interesting
  
  We have 3 pico (femto maybe) cells at my work that take cdma calls and data and route them into Verizon somehow (LAN?). We also have 4 Spotwave systems set up in other locations to re-transmit CDMA and GSM voice and data outside the building, so I'm quite sure it is legal to have the equipment, and transmit on Cell phone frequencies, because it is something that can be arranged by our help desk, and our telecom guy installs them and maintains them, as they are purchased, or leased by our company. Now being able to set it up wherever you want to, and start intercepting calls meant to be covered by another site, might be a different story! /sidenote: I used to have a spotwave system camping with me and set it up in places where there was poor coverage, and it was amazing how people would naturally collect in front of my rig over a weekend, as they all used to get their voicemails and texts as they walked by, and wow here is the only place in the campground my cell phone works! I used to unplug it if they collected to much and blabbered too loud. it was great fun to see them all lose their signals at once. Hello??? Hello??? Cheers!
6. Re:Ya forget AT&T, ask the FBI by Anonymous Coward · 2010-07-28 17:41 · Score: 1, Insightful
  
  If he sets up his own "cell site," there's not a license to be found anywhere
  Funny, the "cell site" I run and maintain broadcasts on said frequencies and is perfectly legal.
  http://www.repeaterstore.com/products/repeaterkits/
  I never had to contact the FCC nor AT&T for any such license either. In fact it was AT&Ts own team sent out whom recommended the hardware and configuration.
  The team was one sales droid and two techs, so I will give that these are not experts on law.
  But what they are experts on are acting as a representative of AT&T, and recommending this as standard operating procedure for small to large campuses, or in my case one large manufacturing plant that is RF shielded in the external walls, would give me pretty decent legal protection if your claim was actually true.
  I'm sure if I wanted to jack its transmitter output up a couple orders of magnitude to match the other cell towers out there, they might have a problem with it. But there is no need for that, neither in my case nor the black hat demonstration.
7. Re:Ya forget AT&T, ask the FBI by GrumblyStuff · 2010-07-28 18:31 · Score: 1
  
  So... what are you, AT&T, or the FBI going to do to prevent or track/trace or even find out about such exploits being used?
  Rhetorically "you", of course. Literally, though, how would anyone find out?
8. Re:Ya forget AT&T, ask the FBI by GrumblyStuff · 2010-07-28 18:35 · Score: 2, Informative
  
  From what I've heard of jury duty and from people I know who have had jury duty, they strongly emphasis only whether or not the law was broken and will screen for anyone thinking. Guess if they can't get a plea bargin, they go for the next easiest thing.
9. Re:Ya forget AT&T, ask the FBI by riT-k0MA · 2010-07-28 20:38 · Score: 1
  
  You still have something similar:
  A USB MP3-Player which plugs into your cigarette lighter and transmits on FM frequencies.
10. Re:Ya forget AT&T, ask the FBI by StripedCow · 2010-07-28 20:58 · Score: 1
  
  If you'd run the whole experiment inside a Faraday cage, then it would be legal I suppose. But then, in order to get the point of this experiment proven, AT&T must cooperate (i.e., put one or more of their towers inside the cage).
  
  --
  If Pandora's box is destined to be opened, *I* want to be the one to open it.
11. Re:Ya forget AT&T, ask the FBI by msauve · 2010-07-28 22:00 · Score: 3, Informative
  
  I had the impression that you could, without a license, transmit on frequencies that require a license so long as it's extremely low power, to the point that beyond X number of feet (300?) no meaningful reception of your transmission is possible.
  Nope, not as a general rule. What you're thinking of are the small FM radio band transmitters (such as used for iPod to car radio), which the FCC allows under a specific rule (47 CFR 15.239) which limits their output. No such rule is available for someone wanting to operate their own cell site. It's illegal, regardless of how low the power or how short the range. Another poster mentioned a Faraday cage; still illegal (even though you'd be unlikely to get caught).
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
12. Re:Ya forget AT&T, ask the FBI by msauve · 2010-07-28 22:21 · Score: 2, Insightful
  
  Funny, the "cell site" I run and maintain broadcasts on said frequencies and is perfectly legal.
  The manufacturers/sellers claim that, but funny, they never cite the regulations which would support such a claim.
  
  This is a grey area - if they are legal, it's for the same reason you don't need a license to operate a cell phone, because it's communicating with a system licensed for that frequency band (the cell carrier). Wilson, probably the manufacturer with the best reputation in this market, says "Wilson cell phone boosters fully comply with FCC regulations for cellular devices and are FCC type accepted." Note that they're very careful not to claim that operation without a license is legal. FCC type acceptance only means that a device meets the technical specifications required for use with a particular service (spectral purity, max power output, etc.), it doesn't mean the device can then be used by anyone without a license. You can buy many transmitting devices without a license, but actually operating one is illegal without a license (e.g. ham radios, GPRS, "business band" FM, etc.).
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
13. Re:Ya forget AT&T, ask the FBI by Anonymous Coward · 2010-07-28 22:27 · Score: 0
  
  Literally, though, how would anyone find out?
  Uh, read slashdot? Attend a demonstration at a publicized conference?
14. Re:Ya forget AT&T, ask the FBI by Anonymous Coward · 2010-07-28 22:44 · Score: 0
  
  You're thinking of FCC Part 15 rules and they do not apply to cell phone frequencies.
  In fact without a permit it is illegal to even own a receiver or transmitter capable of using cell phone frequencies. Only law enforcement and such get permits. That is just the facts, this demo will be in violation for sure and presumably he is already in possession of illegal radio equipment.
15. Re:Ya forget AT&T, ask the FBI by msauve · 2010-07-28 22:51 · Score: 1
  
  I should add...
  "because it's communicating with a system licensed for that frequency band (the cell carrier)..." with that licensee's authorization. When you use a cell phone, it is operating under the authority of the carrier's license. If you go to Verizon and buy one of the pico cells they carry, you're operating it on frequencies they have a license for, and with their authorization. If you buy and use a repeater from Joe's Repeater Shack, and your carrier has no knowledge of it, it is very likely illegal - they can't authorize its use if they don't even know you have it.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
16. Re:Ya forget AT&T, ask the FBI by hesaigo999ca · 2010-07-29 00:29 · Score: 1
  
  It is a well known issue that none of the cell phone SPs are ever held accountable and yet always get to charge the big bucks for all those services. Just for the sake of showing how weak the system is, if I were that guy, I would go through with it even if there were cops there to take me in after the presentation for breaking a law...I am sure many
  people would help fund him for his his lawyer....we could all donate 1$ each...as well, this helps to promote more people to do this sort of thing, hence they will have NO choice but to up their infrastructure to be more secure in the end...
  Just like someone from google giving an example in the wild of a zero day hack for M$, 1 week after telling them about it, so that the bug does not go on forever without being fixed, this is a forced attempt to make them fix their broken systems. I hope he goes through with it....
17. Re:Ya forget AT&T, ask the FBI by sp332 · 2010-07-29 00:34 · Score: 1
  
  Nope, the demo will definitely comply with FCC regs about operating in the GSM band. http://www.tombom.co.uk/blog/?p=195
18. Re:Ya forget AT&T, ask the FBI by GrumblyStuff · 2010-07-29 01:23 · Score: 1
  
  Well, ok, yeah, I'll give you that one. But uh... you know, every/anywhere else in the world without it being announced?
19. Re:Ya forget AT&T, ask the FBI by Anonymous Coward · 2010-07-29 01:26 · Score: 0
  
  Before CD players in cars were common, you could get standalone CD players that broadcast the audio in the FM band. The car's radio/tape-player could be set to FM and turned to that frequency to pick up the audio from the CD. This was acceptable because the transmitter is in the same vehicle as the FM radio, so tiny power levels were sufficient.
  
  If I'm not mistaken, those devices operate outside of the FCC's FM-regulated frequency range (88-108MHz). The devices you're referring to broadcast at 87.5 to 87.9 and 108.1 to (something).
20. Re:Ya forget AT&T, ask the FBI by msauve · 2010-07-29 01:29 · Score: 1
  
  LOL. Not possible. He's obviously ignorant of the applicable regulations, since he is implying that low power somehow makes it legal.
  
  This isn't hard. He doesn't have a license from the FCC for the cellular band (he can't, because ATT does). Unlicensed intentional radiators are covered (mostly) by 47 CFR 15(c). There is no provision for unlicensed operation in the cellular bands.
  
  Cellular service is covered by 47 CFR 22, which clearly states:
  
  Sec. 22.3 Authorization required.
  
  Stations in the Public Mobile Services must be used and operated only in accordance with the rules in this part and with a valid authorization granted by the FCC under the provisions of this part ... (b) Authority for subscribers to operate mobile or fixed stations in the Public Mobile Services ... is included in the authorization held by the licensee providing service to them.
  
  Additionally, he will likely be in violation of 47 CFR 15.9:
  
  Sec. 15.9 Prohibition against eavesdropping.
  
  Except for the operations of law enforcement officers conducted under lawful authority, no person shall use, either directly or indirectly, a device operated pursuant to the provisions of this part for the purpose of overhearing or recording the private conversations of others unless such use is authorized by all of the parties engaging in the conversation.
  ...and 47 CFR 15.5(b):
  
  Operation of an intentional...radiator is subject to the conditions that no harmful interference is caused...
  (he will be interfering with the operation of the ATT network)
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
21. Re:Ya forget AT&T, ask the FBI by Albatrosses · 2010-07-29 01:31 · Score: 1
  
  Nope - I had an LG Fusic (a featurephone with a built-in FM transmitter) way back in the day. It would transmit on any frequency from 88 to 108.
22. Re:Ya forget AT&T, ask the FBI by GameboyRMH · 2010-07-29 02:25 · Score: 1
  
  N900s also have FM transmitting capability. From what I've heard you'll be lucky to get 10ft. of range from it.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
23. Re:Ya forget AT&T, ask the FBI by GameboyRMH · 2010-07-29 02:30 · Score: 1
  
  That might be just a bit difficult to convince a jury, given that his "wiretapping" is going to be limited to a small area that likely includes just the conference room full of people their for expressly this purpose, for not particularly long.
  
  You expect a jury (or judge) to understand a technical issue? It will basically boil down to "ZOMG HAX, put him in jail!!!1one!"
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
24. Re:Ya forget AT&T, ask the FBI by Ackmo · 2010-07-29 02:42 · Score: 0
  
  The FBI says, "Hey good lookin'! We'll be back to pick you up later!"
25. Re:Ya forget AT&T, ask the FBI by MikeBabcock · 2010-07-29 03:03 · Score: 1
  
  True in some jurisdictions and not in others. For example, those FM transmitters for iPods et al are illegal in some places.
  
  --
  - Michael T. Babcock (Yes, I blog)
26. Re:Ya forget AT&T, ask the FBI by KDR_11k · 2010-07-29 03:25 · Score: 1
  
  It's black hat hacking, it's not about legality. What he's showing is a security weakness that needs to be fixed.
  
  --
  Justice is the sheep getting arrested while an impartial judge declares the vote void.
27. Re:Ya forget AT&T, ask the FBI by causality · 2010-07-29 04:32 · Score: 1
  
  I had the impression that you could, without a license, transmit on frequencies that require a license so long as it's extremely low power, to the point that beyond X number of feet (300?) no meaningful reception of your transmission is possible.
  Nope, not as a general rule. What you're thinking of are the small FM radio band transmitters (such as used for iPod to car radio), which the FCC allows under a specific rule (47 CFR 15.239) which limits their output. No such rule is available for someone wanting to operate their own cell site. It's illegal, regardless of how low the power or how short the range. Another poster mentioned a Faraday cage; still illegal (even though you'd be unlikely to get caught).
  Thank you for correcting my misperception about this. It sounds like the people running this demo would be wise to tread carefully to make sure they don't run afoul of the regulations. No one in their right mind wants a massive federal bureaucracy coming down on them. This may in fact be why AT&T isn't worried about taking their own action.
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
28. Re:Ya forget AT&T, ask the FBI by mhajicek · 2010-07-29 05:03 · Score: 1
  
  I've got one, it's incredibly weak.
29. Re:Ya forget AT&T, ask the FBI by ewanm89 · 2010-07-29 06:45 · Score: 1
  
  Urm, well, the feds/AT&T/Verizon could drive round looking for unknown base stations. I mean, they must know what base station should be where.
30. Re:Ya forget AT&T, ask the FBI by ewanm89 · 2010-07-29 06:59 · Score: 1
  
  Technically, it's white hat in that he is informing them of the security flaws. The fact he is also informing everyone in the underground/black market at the same time is irrelevant.
31. Re:Ya forget AT&T, ask the FBI by MobyDisk · 2010-07-29 07:02 · Score: 1
  
  Then how are microcells legal?
32. Re:Ya forget AT&T, ask the FBI by msauve · 2010-07-29 08:07 · Score: 2, Informative
  
  The ones which are sold by carriers to consumers are authorized under the carrier's license, the same way the cell phones themselves are. 47 CFR 22.3:
  
  Authority for subscribers to operate mobile or fixed stations in the Public Mobile Services ... is included in the authorization held by the licensee providing service to them.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
33. Re:Ya forget AT&T, ask the FBI by Vellmont · 2010-07-29 12:23 · Score: 1
  
  You expect a jury (or judge) to understand a technical issue? It will basically boil down to "ZOMG HAX, put him in jail!!!1one!
  
  No, but I expect a jury or judge to understand that when you go to talk where the guy says he's going to listen in on a phone call for the next couple minutes that someone in the room makes, you just don't make a call unless you want everyone in the room to hear it. Why is this such a hard concept for some people to grasp?
  
  --
  AccountKiller
34. Re:Ya forget AT&T, ask the FBI by Anonymous Coward · 2010-07-30 11:01 · Score: 0
  
  An amateur radio license will allow you to transmit on the 900MHz band and a few GSM channels use those frequencies. If you search the FCC's ULS, you can see that he does have a license. I don't think you could legally transmit GSM because of encryption however.
Maybe it will help the network by Anonymous Coward · 2010-07-28 15:08 · Score: 2, Insightful

Too many problems with the iPhones - personal towers might be a good idea
1. Re:Maybe it will help the network by maxwell+demon · 2010-07-28 19:36 · Score: 1
  
  Too many problems with the iPhones - personal towers might be a good idea
  Maybe that's why AT&T doesn't want to block the presentation. They hope to learn something about building cell towers.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
That's a wrong headline by BudAaron · 2010-07-28 15:08 · Score: 1

Headlines like that truly annoy me. The implication is that AT&T is going to allow eavesdropping when in fact they are just not going to stop a talk! I don't like AT&T but that doesn't mean I like to see them or anyone else incorrectly maligned!
1. Re:That's a wrong headline by Michael+Kristopeit · 2010-07-28 15:17 · Score: 1
  
  the false implication is that the demo WILL happen. a demo has been scheduled... claims have been made, but there is certainly no certainty that the demo will actually happen and fulfill all the claims.
Defcon != Blackhat by baeyogin · 2010-07-28 15:30 · Score: 2, Informative

Different conference. My understanding is that the EFF is involved, and signs are being posted around the perimeter. Either way, I won't be using a GSM enabled phone. Should be interesting.
1. Re:Defcon != Blackhat by phantomfive · 2010-07-28 16:22 · Score: 1
  
  lol really? Is Defcon seriously marketing themselves as 'not blackhat' now? Man, they've really gone downhill. I don't want to go anymore. Time was that was their main selling point: convention of hackers, or which were definitely blackhats back in the day.
  
  --
  Qxe4
2. Re:Defcon != Blackhat by Anonymous Coward · 2010-07-28 16:45 · Score: 2, Informative
  
  No, what baeyogin was saying is that the "Black Hat" conference takes place before DEFCON. They're both in Vegas, and Black Hat is the 28th-29th, while DEFCON comes afterwards.
  
  There's nothing 'non-' or 'un-blackhat' about DEFCON.
Re:We are living in very interesting times. by countertrolling · 2010-07-28 15:37 · Score: 2, Insightful

...critical systems are now running in a decentralized manner...
Not so. Your entire internet is still in the hands of a small group that can cut your connection at any time with a simple flip of a switch or drop of an anchor.

--
For justice, we must go to Don Corleone
Close one! by arstchnca · 2010-07-28 15:41 · Score: 1

Somebody at AT&T should be getting a pat on the back. He or she just helped the company dodge a Barbara-Streisand-Effect bullet.

--
-- arstchnca
--
He's worried about the wrong people by Anonymous Coward · 2010-07-28 15:51 · Score: 0

He should be worried about being arrested rather than being sued. It's illegal for civilians to intercept cell phone signals. Why would AT&T step in? They'll just let him commit a crime and the police will take care of the rest. And since he's gone to the trouble of announcing this to the world, law enforcement already knows what is going to happen, and they'll have personnel ready when the moment arrives.
Remeber Adobe? by PinkyGigglebrain · 2010-07-28 16:31 · Score: 4, Insightful

Anyone else remember how Adobe got the FBI to arrest and charged Sklyarov?

It doesn't matter what some mediadroid says. All it would take is one phone call from the right person at AT&T to the right person in the DOJ.

AT&T could deny any and all prior knowledge when the Feds arrest the presenter for breaking some law or another. Hell, AT&T could even call for his release afterward knowing that history would repeat itself.

Considering how big AT&T is again there really isn't anything anyone can do even if they did move openly. Boycott? HA!, how many of us can afford to give up our cell phones, home phones and Internet connections in protest? AT&T knows they have most of us by the tender bits.
1. Re:Remeber Adobe? by Score+Whore · 2010-07-28 16:47 · Score: 0, Troll
  
  Remember when Chris Paget defamed AT&T by making up a false story of impending litigation in a lame attempt to create some press for himself?
  (That's one way it could go.)
  I also heard that Chris Paget only runs Windows Me on his desktop because he thinks everything else is just dumb. That's what I heard anyway.
2. Re:Remeber Adobe? by vlueboy · 2010-07-28 17:18 · Score: 1
  
  Boycott? HA!, how many of us can afford to give up our cell phones, home phones and Internet connections in protest? AT&T knows they have most of us by the tender bits.
  Maybe. But AT&T is NOT cable. Dialup and DSL usually have competitors that we can flee to in case of poor signal or service. It's not like it runs most of the world's internet... it's just an American company, and faces hard competition from Verizon, Sprint, T-Mobile and others. If underdeveloped places provide only AT&T service, then consider yourself weird --the VZ map is the most complete one when it comes to cell service, if their ads have taught us anything all these years.
  Other than that, iPhones/iPads are the only remaining interweb machines completely tied up by AT&T (again, not beyond the United States.) In four(*) years, only true masochists will be left on Apple hardware at AT&T, unless Verizon and others really screw up their soon-to-be-opened iPad cell market.
  (*) I hear the switch will happen in 2011 or 2012. Allow 2 years for current binding iPad internet contracts to expire, and another 2 for those signing up last minute right before those switches.
3. Re:Remeber Adobe? by evilviper · 2010-07-28 17:27 · Score: 1
  
  Considering how big AT&T is again there really isn't anything anyone can do even if they did move openly. Boycott? HA!, how many of us can afford to give up our cell phones, home phones and Internet connections in protest? AT&T knows they have most of us by the tender bits.
  AT&T, Verizon, and Sprint all provide competitive cell phone service. Sure, maybe you'd have to give up the exact model of cell phone you currently use, but that's it.
  "Home phone" is a bit of an anachronism now. Wire a cell phone into your lines at home, and it's your home phone now. FIOS and cable are just VoIP now. You can go with them, or some other 3rd party VoIP service (magic jack, et al.).
  And as for internet, most people that can get high-speed at all, have at least a couple choices of providers these days. Don't like the telco? Try the cable co. Bet they'll provide better service at nearly as low of a price. And lots of people that are happy with their internet service, are switching to wireless anyhow... Sprint's EVDO is below $60/mo. WiFi is free in many cases. Cell phone plans often come with data service as well. etc.
  
  --
  Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
4. Re:Remeber Adobe? by Anonymous Coward · 2010-07-29 06:52 · Score: 0
  
  Considering how big AT&T is again there really isn't anything anyone can do even if they did move openly. Boycott? HA!, how many of us can afford to give up our cell phones, home phones and Internet connections in protest? AT&T knows they have most of us by the tender bits.
  AT&T, Verizon, and Sprint all provide competitive cell phone service. Sure, maybe you'd have to give up the exact model of cell phone you currently use, but that's it.
  "Home phone" is a bit of an anachronism now. Wire a cell phone into your lines at home, and it's your home phone now. FIOS and cable are just VoIP now. You can go with them, or some other 3rd party VoIP service (magic jack, et al.).
  And as for internet, most people that can get high-speed at all, have at least a couple choices of providers these days. Don't like the telco? Try the cable co. Bet they'll provide better service at nearly as low of a price. And lots of people that are happy with their internet service, are switching to wireless anyhow... Sprint's EVDO is below $60/mo. WiFi is free in many cases. Cell phone plans often come with data service as well. etc.
  You must not live in the US, because you just spit a fair amount of bullshit.
15 years ago... by Vellmont · 2010-07-28 16:36 · Score: 1

Listening in on cell phone calls was sometimes as trivial as turning on your TV to the right UHF station. If you wanted to get sophisticated, you bought a scanner to listen on the right frequency.
It's interesting someone found a way to make a base station an do a MITM attack, but this is nothing compared to the massive problem with cloning, interception, and everything else than went on in the analogue era of cell phones for many many years.

--
AccountKiller
Isn't that the point? by Seraphim_72 · 2010-07-28 16:38 · Score: 1

No AT&T, you can't stop him. That is the problem, and the point of his talk.

Sera

--
Slashdot, where armchair scientists get shouted down and armchair theologians get modded up.
Street Creds by cstec · 2010-07-28 16:48 · Score: 1

I wonder how many will actually cut AT&T some slack or give them credit for NOT interfering?
1. Re:Street Creds by Jaden42 · 2010-07-29 00:03 · Score: 1
  
  I wonder how many will actually cut AT&T some slack or give them credit for NOT interfering?
  \insert is this your first time on slashdot joke here\
er by Anonymous Coward · 2010-07-28 16:55 · Score: 0

Claiming that AT&T is threatening to sue him will serve to garner him more attention, which is probably exactly what he wants.
Propaganda by Anonymous Coward · 2010-07-28 17:33 · Score: 0

The guy is making as much ado about his presentation as possible. He forced AT&T to deny that they will be suing him, nice propaganda move - probably no one in AT&T gave a f**k what's his presentation until he started spreading rumors about AT&T.
Re:I hate people by Anonymous Coward · 2010-07-28 17:50 · Score: 0

I mean really, if you are so fucking smart you can write programs that do all of these things, why aren't you doing something more productive with your "skillz"?

Probably because it's not about proving anything. It's fun. Yes, breaking or altering things to make them achieve an unintended result is fun. Creating something is not necessarily fun, in part due to the labor (and money) involved, and because it's an all-or-nothing ordeal; whereas when you modify something, the results tend to be immediately observable. It's just another derivative work.
Re:I hate people by Ozlanthos · 2010-07-28 18:02 · Score: 0, Troll

Yeah sure, seems like a whole lot of fun when I can't use windows online anymore...Your assertion seems dichotomously true, and yet false. I derive great pleasure from making things that no one has had the brain-power to think up before. In that context, it seems like such "derivative works" are the product of laziness on the part of the authors to me.

-Oz
Re:I hate people by Anonymous Coward · 2010-07-28 18:29 · Score: 0

It is laziness. I take pride in my laziness, in order to produce a working product. If I did not, I would be programming 8 hours for every 1 hour that I do now. You seem to think that laziness is a bad thing. Laziness does not equate lower quality.

Your assertion
I didn't make an assertion. I said that duplicating or creating an 'original' product is not ALWAYS fun. In many cases, it IS fun. The "brain-power" that you imagine your creations to require is almost certainly not one of wits; thinking of something is easy - creating it isn't.
nokitel code by Anonymous Coward · 2010-07-28 19:14 · Score: 0

I bet he got it.
but seriously operation takedown aka hackers 2, this was kind of a major plot point.
Re:I hate people by Ozlanthos · 2010-07-28 19:23 · Score: 0, Troll

I've created many products that in the beginning stages were in fact "derivative works". However, I don't see how your line of reasoning relates to assholes writing crap-ware that fux up your windows machine to the point of rendering it inoperable. How is that supposed to be "fun" for anyone? I can imagine a modicum of smug at having ruined someone's ability to get online, but again, if you are smart enough to do that, you can do much more productive things with your time (whether or not you write "ALL" of the code involved...you know, like making Open Office work seamlessly with Microsoft Office...Or making Battlefield 2 work flawlessly on Ubuntu!)

-Oz
How times have changed by houghi · 2010-07-28 20:12 · Score: 1

I think it is strange that we are now more worried about being sued then about the technical knowledge and the fact that if he can do it, everybody else can do it.
And this is a place where everbody says IANAL. This is a place about IT. And yet most people are more concerned about the law then about the technical side of it all.

--
Don't fight for your country, if your country does not fight for you.
1. Re:How times have changed by bill_mcgonigle · 2010-07-29 03:17 · Score: 1
  
  And yet most people are more concerned about the law then about the technical side of it all.
  This is surprising? A kernel panic doesn't get you sent to a rape cage.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
So let's see what calls we can pick up... by pinkushun · 2010-07-28 20:29 · Score: 3, Funny

Senator Stampingston: Gentlemen, it's clear that we're in a universally precarious situation. Dethklok has summoned a troll.
General Krosier: That's impossible, there's no such thing as trolls.
Senator Stampingston: Then how do you explain the dead unicorns?
Um... Okay, moving on to the next call...
1. Re:So let's see what calls we can pick up... by ctchristmas · 2010-07-29 01:55 · Score: 1
  
  The results would probably be much more like chatroulette... dude trying to get laid, dude trying to get laid, phone sex, kid talking to grandma, dude trying to get laid...
strange by StripedCow · 2010-07-28 20:59 · Score: 1

Don't they teach students about man-in-the-middle attacks anymore, these days?

--
If Pandora's box is destined to be opened, *I* want to be the one to open it.
Re:I hate people by Anonymous Coward · 2010-07-28 21:42 · Score: 0

I don't know if you know many hackers in the exploit business (either professional/security or video games) but most of them do not actually use what they create. A proof-of-concept might be created by the former because it was cool at the time. In video games, the hacker usually spends a few days/weeks debugging the hell out of the game, and then tests his exploit for a day, distributes it, and moves on to another project. DRM crackers tend to follow the same ruleset: they identify a new DRM scheme a game uses, download/install that game, develop the exploit, and never play that game again.

Remote machine control (i.e. trojan backdoors) as you mentioned earlier is an interesting field that is both useful and malevolent. A lot of the development in this area is by people who think it's cool to figure out new ways to automate system interaction - not to control thousands of compromised zombie computers. To change subjects, viruses that destroy a computer's foundations don't usually start out with the intent of nuking machines everywhere. No, someone somewhere just thought it would be cool to theorize just how badly things could go under the worst of conditions.

The one common thread here is that all of these people had an interest in one area (video games, security, DRM, remote admin, system operation/stability, cellular tech/radio) and they sought to apply their skills in a way they found fun. Usually this excitement comes from learning more about the target, or the increase in aptitude of their trade (programming/RE/security), or because the process of hacking is a rush to them.

Most of the 'hackers' I mentioned do not themselves use what they make to cause harm. Not because they are always ethical, and not because they are always afraid of repercussions, but because most of the time, employing their tool is even less fun than devising it is. There are exceptions, but they are uncommon. The people you are angry at, the real people who cause harm, are usually not the exploit authors. They cobble available information together in a way we would laugh at - these people are not, as a rule, capable of creating anything new or worthwhile.
Jury nullification by Anonymous Coward · 2010-07-28 23:24 · Score: 0

From what I've heard of jury duty and from people I know who have had jury duty, they strongly emphasis only whether or not the law was broken and will screen for anyone thinking. Guess if they can't get a plea bargin, they go for the next easiest thing.
If you're in the US, you should know your rights as a jury member:
http://en.wikipedia.org/wiki/Jury_nullification
1. Re:Jury nullification by Amouth · 2010-07-29 08:58 · Score: 1
  
  that would require you get on the Jury - and be able to think for your self.. this is a quality that they try to screen out. they want yes/no's not people who ask why?
  
  --
  '...if only "Jumping to a Conclusion" was an event in the Olympics.'
How do you know you're connecting to fake tower by sorak · 2010-07-29 08:07 · Score: 0, Troll

How does an AT&T customer know he is connecting to a fake tower?
He gets a signal.
1. Re:How do you know you're connecting to fake tower by sorak · 2010-07-30 01:05 · Score: 1
  
  To the person who modded me down,
  I understand the difficulty you must have. Life must be very stressful for you, these days. Having to groom the perfect goatee, spend all your time at Starbucks, and shop for black turtlenecks can take it's toll on a person.
  But please understand, what I did is known colloquially as a joke. Please look it up, while you still have a connection to the internet. And if you are doing this from a home computer, please let me advise you to use the scroll bars. Swiping your finger across the monitor just makes you look silly.
In other news at Vegas by recharged95 · 2010-07-29 08:31 · Score: 1

AT&T Won't Block Black Hat Eavesdropping Demo at Black Hat conference.

But I'm sure they'll be blocking the wireless hacking demos at DEFCON.

See ya'll there, gotta love these 2 conferences.