The DARPA-Funded Power Strip That Will Hack Your Network

An anonymous reader writes "The Power Pwn may look like a power strip, but it's actually a DARPA-funded hacking tool for launching remotely-activated Wi-Fi, Bluetooth, and Ethernet attacks. If you see one around the office, make a point to ask if it's supposed to be there. Pwnie Express, which developed the $1,295 tool, says it's 'a fully-integrated enterprise-class penetration testing platform.' That's great, but the company also notes its 'ingenious form-factor' (again, look at the above picture) and 'highly-integrated/modular hardware design,' which to me makes it look like the perfect gizmo for nefarious purposes."

Made in China ?

[Taco+Cowboy]

Hopefully this strip is not made in China
 
I'm crossing my fingers
 

Re:Made in China ?

[Ashtead]

Hopefully this strip is not made in China I'm crossing my fingers

According to the link from cryptome than an AC has provided further down here, the hardware is indeed mostly made in China. What makes this US made to the satisfaction of the government is that the software that makes this thing what it is, is made in the US, replacing all the original code.

This document goes on at length about how that can be. As an EE, not a lawyer, I found the information that the "brain" is a SheevaPlug to be more interesting.

Translation

[bashibazouk]

The opposition (who ever they may be) has figured out that we were using this device. Word has gotten out. We no longer need it. You may now do with it as you wish...

Is it filled with helium?

[evilviper]

I don't know how attentive the average person is, but if I picked-up a power strip and it weighed twice as much as others, I'd be very suspiscious that something was off with it (maybe something fell in?)

It would strike me as much more effective to use a device that already has a lot more heft to it, so the weight difference wouldn't be noticed.

I know the Soviets discovered several CIA bugs because things like their copiers were just a few ounces heavier than a stock model.

And for the home amateur on a budget ...

[PolygamousRanchKid+]

Get one of these: http://www.asus.com/Networks/Wireless_Routers/WL330N3G/. Hack OpenWrt to fit you needs, and flash the router with that. It's small and discrete enough to go unnoticed when set up and left somewhere, like behind a curtain, plugged into a forgotten Ethernet port in a wall somewhere. Power it with one of these: http://www.philips.co.in/c/cell-phone-accessories/universal-dlm2262_97/prd/.

Licenses?

[AliasMarlowe]

TFA says "Preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & more". Which leads us to a question, since they're distributing it: are they in compliance with relevant licenses (e.g. GPL) if they have they modified any of the FOSS packages ?

Re:There is a perfectly logical explanation

[Tastecicles]

When I have been around data installations, everything got marked and recorded - component boards, memory sticks, hard drives, cabinets, power strips, UPS bricks, cables, even down to any piece of plastic that could potentially house a small bug (such as three pin plugs, notwithstanding the fact that I insisted on using plugs that were moulded to the cable at both ends). During the regular hardware audits, every device, cable and connector was checked against the catalogue. Anything that didn't match up was ripped out immediately and replaced with a known quantity.

If I didn't install it, it didn't belong.