Slashdot Mirror
DARPA Funding a $50 Drone-Droppable Spy Computer
Sparrowvsrevolution writes "At the Shmoocon security conference, researcher Brendan O'Connor plans to present the F-BOMB, or Falling or Ballistically-launched Object that Makes Backdoors. Built from just the disassembled hardware in a commercially-available PogoPlug mini-computer, a few tiny antennae, eight gigabytes of flash memory and some 3D-printed plastic casing, the F-BOMB serves as 3.5"-by-4"-by-1" spy computer. With a contract from DARPA, O'Connor has designed the cheap gadgets to be spy nodes, ready to be dropped from a drone, plugged inconspicuously into a wall socket, (one model impersonates a carbon monoxide detector) thrown over a barrier, or otherwise put into irretrievable positions to quietly collect data and send it back to the owner over any available Wi-Fi network. O'Connor built his prototypes with gear that added up to just $46 each, so sacrificing one for a single use is affordable."
But what happened to using cockroaches as the spies of the future?
To offset political mods, replace Flamebait with Insightful.
I drop F-bombs all the time, at a considerably cheaper cost.
And the masses cried out, "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0!"
They respond unfavorably to being impacted by a presidential shoe.
Which has more power: the hammer, or the anvil?
If you really want to break the enemy send them a Nintendo Wii.
They're calling it the F-BOMB? Fuck that.
"over any available Wi-Fi network."
In cities this may not be a problem (though who runs an unencrypted Wifi AP in the city?!!?!?) but in rural areas I suspect WIFI may be hard to come by. It needs a better backup.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
on TV will the FCC fine me?
Do you have ESP?
So does the spy listening to the audio signal coming in from the cockroach.
Once said, the next World War will be conducted with Nuclear weapons, the one following will be conducted with sticks and stones.
Looks like things are playing out a bit different.
The next World War to be conducted over networks by millions of tiny spybots?
A feeling of having made the same mistake before: Deja Foobar
"over any available Wi-Fi network."
In cities this may not be a problem (though who runs an unencrypted Wifi AP in the city?!!?!?) but in rural areas I suspect WIFI may be hard to come by. It needs a better backup.
So avoid AT&T territory...
A feeling of having made the same mistake before: Deja Foobar
I hope we never meet. People who build stuff for the military are not welcome here. No, it's not cool that "one of us" gets DARPA funding. Security researcher? Arms dealer!
They might be great against an adversary that knows they're being actively surveilled or to gather data in real time, but there's nothing covert about this. You're not going to see them dropping these on targets of interest that they want to remain unaware that they're being watched.
#fuckbeta #iamslashdot #dicemustdie
Is it normal for a warzone to have functioning WiFi?
Sure, just like it's normal to take things that drop out of the sky and plug them into the wall.
Faster! Faster! Faster would be better!
Is it normal for a warzone to have functioning WiFi?
At the rate Iran is going, with creating its own walled-off internet you may find it, but it can't communicate out.
As for North Korea .. pfft. There's probably only one cell phone in the country and it's in the hands of Dear Chubby and absolutely no Star Bucks.
A feeling of having made the same mistake before: Deja Foobar
Pretty easy on my brother's farm- there are loads of places where we have NO cell signals at all.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
They have limited access cyber cafes that run a government monitored and filtered internet via a North Korean Linux distribution. Linux being used as a tool of oppression really pisses me off.
To offset political mods, replace Flamebait with Insightful.
The article doesn't say, but I suspect the computer is Raspberry Pi. Throw in a cellphone-based modem, camera, and microphone and you've got yourself a spy.
I recently started a similar project based on the $23 TPLink TL-WR703N travel router. Without any need for soldering or other "hardware hacking" you can build a battery-operated network drop box running OpenWrt linux.
http://www.minipwner.com/
There is a serial interface on the circuit board for the WR703N but you have to crack the box and do some soldering to connect to it. I've been toying with the idea to do just that to interface it with an arduino/parallax processor or sensors or whatever. I'm also playing with connecting a USB sound card and adding a microphone to record audio in the local range of the box.
Yeah, that'd be ample reason to invade them. Gotta be a bigtime market there for cheap throwaway cell phones, overpriced coffee and all the rest of the 'benefits' of 'civilisation'. They find any oil under Pyongyang yet?
Understanding the scope of the problem is the first step on the path to true panic.
Is it normal for a warzone to have functioning WiFi?
Sure, just like it's normal to take things that drop out of the sky and plug them into the wall.
Well, if they're USB 3.0, sure.
-- Tigger warning: This post may contain tiggers! --
Can you build a Beowulf cluster if a B52 carpet bombs you with these?
Flood the market of the target country with modified cheap cell phones that include this capability hidden inside. Presto, involuntary Spy Nation! Maybe so US cell carriers have some experience that they could share here with the technology.
The higher ups in such countries will want to have contraband high-end smart phones. Stuff 'em with all kinds of spy goodies, including a remotely activated battery bomb. When some particularly nasty critter answers the phone, relieve him of the weight on his shoulders.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
What exactly are you imagining a "warzone" is in this day and age?
Sure, just like it's normal to take things that drop out of the sky and plug them into the wall.
Yup, that's normal.
According to a test run by Homeland Security:
Computer disks and USB sticks were dropped in parking lots of government buildings and private contractors, and 60% of the people who picked them up plugged the devices into office computers. And if the drive or CD had an official logo on it, 90% were installed.
Borrowed from Bruce Schneier ( http://www.schneier.com/blog/archives/2011/06/yet_another_peo.html )
I'm a dreamer, the world is my playpen. But hey, I'm a serious person, I can't dream all the time.
If you drop it from a drone? Some retard is going to say oh, look a free carbon monoxide detector. I need to plug this into my mud hut next to my poppy field, how convenient! If you have to have them plugged in, why not just send them with the troops?
If we can make tracking devices that we use on whales, sharks, bears, etc, that are self powered, unobtrusive to the animal, and auto-upload to satellite or base station, we have to rely on some twerp plugging in the device -and- for free WiFi to be available for a military device? Pshaw.
And people complain about dropping DARPA funding. With idiotic projects like this we damn sure should.
Silence is a state of mime.
And if the drive or CD had an official logo on it, 90% were installed
What, like Vestron Video or Vivid Entertainment?
-- You are in a maze of little, twisty passages, all different... --
Why not just drop $1.00 thumb drives loaded with spying software? 95% of the folks that find them will simply plug them into their computers (home or work) and "you're in".
>Seriously, though (and I didn't rtfa), wouldn't one want to ruggedize the board itself and not go with an off-the-shelf plug computer?
Go ahead and read the article, we will wait.......
The article talks about a number of different things, wall-wart style from the plug computer that an insider can park in a broom closet, to the innocuous looking useful device (gas leak detector, smoke alarm) that you hope to dupe some local into picking up and plugging in.
The story also talked about AA battery powered devices which would just be tossed into the shrubbery or air dropped. Realistically these would never have enough battery power to last long enough to crack even basic wifi encryption, let alone transfer any meaningful amount of data. Probably intended to last just long enough for dumping a worm or virus onto the local wifi.
Sig Battery depleted. Reverting to safe mode.
It seems the real use of these would be domestic spying where wifi is more likely available. Even more likely is eventually equipping them with 3g or 4g. This would be usable in the US where for a fee they could get a wireless company or two to cooperate.
If I were ever impaneled on a jury and this sort of thing were submitted as evidence by the prosecution and the defendant were "majority", nullification.
I am WHITE
I eat PORK
I own PROPERTY
How DARE you treat those like me and those as one would the enemy for the sake of buying crude petroleum and selling Treasuries!
Also Borrowed from the same source:
The problem is that the OS trusts random USB sticks. The problem is that the OS will automatically run a program that can install malware from a USB stick. The problem is that it isn't safe to plug a USB stick into a computer.
To which the proper response is:
The problem is the operating system you've chosen Mr. Schneier.
Sig Battery depleted. Reverting to safe mode.
What exactly are you imagining a "warzone" is in this day and age?
Cleveland?
Faster! Faster! Faster would be better!
"Is it normal for a warzone to have functioning WiFi?"
Soon, impatient one, soon....
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
You know Mr. Schneier doesn't actually get to choose the OS for every machine in the world (much as he might like to), right? As long as some people (most of whom are neither the famous security analyst Bruce Schneier, nor any other Mr. Schneier) do in fact choose Windows for real installations, that makes Windows's trust of random USB sticks a real problem. What sort of security analyst do you suppose sticks their head in the sand?
Moreover, whatever OS you'd favor (I'd guess Linux, though with a 5-digit UID you've probably actually heard of other free *N*Xen) is likely vulnerable as well. No, not to the simple autorun approach, since it doesn't trust filesystems -- but it probably does trust USB sticks plugged in. Say the USB stick contains a hub, a mass storage device, and an HID* -- can you tell me your favored OS, in a typical desktop config, will not accept keystrokes and pointer commands from the HID?
* I'm sure it's obvious, but the HID could either inject a stored keystroke sequence (e.g. to download an exploit from the internet), or receive remote commands via RF -- combine with a TEMPEST rig to maximize shits and giggles.
Okay, first, can we stop naming things so they'll come out with acronyms that mean funny things? As founder of the Society That Ostensibly Pushes Termination of Hilarious Atrocities Today, or S.T.O.P. T.H.A.T., I can tell you we work diligently to bring this kind of nonsense to a halt. Why can't the government come up with better names like in the old days, with Carnivore and Echelon, Blackhawk, and the Thud?
Second... how is that made from parts from a mini-computer? A Mini-computer is the size of a fridge. Have we forgotten that, and so now the microcomputer is just the computer, and now the "mini-computer" is the new, even smaller than a microcomputer? So I guess soon, they'll have computers you can fit into the gemstone setting on a ring, and they'll call THOSE microcomputers. This is particularly a shame because I was looking forward to nanocomputers, picocomputers, and femptocomputers. But I guess we're just going to keep reusing computer, mini-computer, and microcomputer.
Sad.
Who's to say it would not be capable of cracking WEP, etc. to get access to encrypted APs? It seems that the encryption on many APs is (reasonably) crackable these days.
Lorem ipsum dolor sit amet, consectetuer adipiscing elit.
Unfortunately for you, part of the definition of Free software is that the license can't discriminate against persons or groups, and the license can't discriminate against fields of endeavor.
Of course, with the "integrity of the author's source code" clause, Linus et. al could force Best Korea to use a name other than "Linux" (or whatever app/chunk-o-code/etc you care to think about) in order to protect the reputation of the name "Linux".
Don't blame me, I voted for Kodos
because of SSID and passwords.
Don't be apathetic. Procrastinate!
> Built from just the disassembled hardware in a ... mini-computer, ... the F-BOMB serves as 3.5"-by-4"-by-1" spy computer.
>
I don't think the summary author knows what it means.
Cut that out, or I will ship you to Norilsk in a box.
I'm glad they used the most modern technology to make something more fugly and less rugged than a $5 Bud box.
I think the goal is to drop "interesting" things. A single CO detector isn't interesting, but maybe a case of them is. Someone sees a single thing sitting there, it looks suspicious. But you see a shipping case full of things? "Whoops, it fell off a truck."
Not if the thing only turns on briefly, and the data is gone by the time they find it.
Maybe they build a mesh network! That's why they drop 1000.
Why just not install the "F-bomb" into each operation system at the factory? Why spread them from airplanes? Nowadays almost each computer has got a mike and a camera.
And activate it only when necessary by a special encrypted signal from the central office. What could possibly go wrong?
As above, this idea was first put onto paper with the set of books How to Steal a continent and was called a creeper box.
I wanted to do the same with a rasperberrypi when they first come out, as it again is dirt cheap and has all the requirements (save a compatable wifi). It has no moving parts, draws a very small amount of power.
The only issue I'd have is could a battery package be made small enough to provide several weeks of uptime without making it huge ?
http://www.writeitfor.us - Writing IT for the IT generation.
To which the proper response is:
The problem is the operating system you've chosen Mr. Schneier.
Umm... Windows has a policy kit. Have you heard of it?
Now, if you'll excuse me, I have backups to corrupt.