Slashdot Mirror
The DARPA-Funded Power Strip That Will Hack Your Network
An anonymous reader writes "The Power Pwn may look like a power strip, but it's actually a DARPA-funded hacking tool for launching remotely-activated Wi-Fi, Bluetooth, and Ethernet attacks. If you see one around the office, make a point to ask if it's supposed to be there. Pwnie Express, which developed the $1,295 tool, says it's 'a fully-integrated enterprise-class penetration testing platform.' That's great, but the company also notes its 'ingenious form-factor' (again, look at the above picture) and 'highly-integrated/modular hardware design,' which to me makes it look like the perfect gizmo for nefarious purposes."
Omg Pwnies!
it's actually a DARPA-funded hacking tool for launching remotely-activated Wi-Fi, Bluetooth, and Ethernet attacks.
Might be somewhat impressive, but it can't get first post!
...for the appearance of this device.
Part of a penetration test should be, and I don't think I need to remind those who are active in the cybersecurity industry of this(!), creating hacking devices that look as if they're part of the furniture - like they're supposed to be there.
Discuss.
Operation Guillotine is in effect.
cue the homebrew powerstrip hackers... oh wait.
Operation Guillotine is in effect.
Hopefully this strip is not made in China
I'm crossing my fingers
Muchas Gracias, Señor Edward Snowden !
It's probably the oxygen free cabling. Who knew Monster were in the defence business?
I predict these will start showing up in corporate parking lots. "Ooh! Look, someone dropped a power strip! I've been telling my boss I need more outlets in my cubicle since he won't let me charge my phone by plugging it into the computer anymore... this will do nicely! And is that a USB stick on the ground? Oh, almost got me there. I know better than to plug that in."
Oh, really? Guess you've never seen a surge-suppressing power strip with sockets for phone and Ethernet to protect those lines as well?
Looks to me almost exactly like the one I used when I still lived in the States.
Il n'y a pas de Planet B.
Grab an RF meter and go to town.
Right.
And just how many network admins do you know who actually keep one of those around?
I'd ask ours where he keeps his (assuming he even has one), but he's on vacation until mid-August, and his stand-in works in a different building in another part of town.
I think even you can see where I'm going with this... :)
Il n'y a pas de Planet B.
and how much will the insurance cost to cover your 200$ shit homebrew shoebox power strip when it burns a multi-million dollar factory down.
development cost pennies, to prove you can produce the product in quantity with consistent results is what cost you genius
it looks similar to the ones we have at my work, IE: not bought in a 4 pack for 9.99 at k-mart, which do dick shit nothing against surges
I use UPS bricks that come with suppressor circuits for ethernet/RJ11 and USB (they also supply power for USB). Very handy pieces of kit, and the batteries are fairly easily replaced as well. So no, the plethora of different connectors is nothing new for me (I used to sell the things as well).
Operation Guillotine is in effect.
its 2012, wifi and bluetooth? What admin wouldnt want to have one around, they cost less than guessing where the dead zones are
prior art: dumpster diving.
Hacking isn't all about dictionary files and bruteforce attacks, autodiallers and Ally Sheedy. :)
Operation Guillotine is in effect.
A mere $40 for a GSM audio bug disguised as a power strip: http://dx.com/p/quadband-world-gsm-spy-bug-audio-transmitter-disguised-as-working-ac-power-bar-22097
It has been around for a while, so this pwn thing just sort of builds on it.
They also have one disguised as a working USB mouse: http://dx.com/wireless-triband-gsm-spy-phone-surveillance-device-as-working-usb-mouse-850-900-1800mhz-39164
and various more of the same. This shit is evil.
The opposition (who ever they may be) has figured out that we were using this device. Word has gotten out. We no longer need it. You may now do with it as you wish...
Minus the development of capital costs of mass production facilities and the engineering to make the internals readily production-capable.
There are actual issues involved in a production product which homebrew doesn't solve, but you'd never know that to read Slashdot.
for wifi, I have a t-shirt. If I come across an unexpected signal (indicated by my chest lighting up) out comes the netbook and sixty seconds later if it's a WEP node I'm in. Sooner if it's an open node.
for Bluetooth I have a nifty little custom app on my netbook that beeps every so often and logs any and all Bluetooth activity that comes into range. Oh, to have something like that on an Android phone...
A good one-size-fits-all tool I've been using for years is a wideband RF meter. This gadget uses custom 802.1x receivers to scan from 1.5GHz, through the entire 2.4GHz ISM band up to around 6GHz for wifi, Bluetooth, domestic microwave leakage, satellite transmission cones, RADAR, pretty much anything that uses this range of frequencies. It can be attenuated for most situations with a simple turning of two dials.
Operation Guillotine is in effect.
Dude, I just picked one of these up at Wal Mart.
And yet while every single time someone does something interesting there's a snivelling asshole like you there to poo-pooh how "easy it would be to just...", we never, ever hear of your much cheaper yet equally effective copies of the thing in question for some reason which I just can't figure out.
Instead of being bitter and resentful towards those who actually create new things, why don't you go and invent some yourself?
Oh wait, that's like... real work and effort and thinking and shit. Back to the TeeVee it is!
Seems like this could be great for ad-hoc wifi. Hide enough tiny routers in power strips (or even light fixtures, etc) and you can spread your signal without anyone noticing.
There's no -1 for "I don't get it."
Only in the USA, because large parts of the world use other outlets and voltages....
Yep. The development effort to retool for 240v and Australian power sockets would be prohibitive. I guess we don't need to worry about them over here.
Or solitaire? Or Angry Birds at least???
Not to mention, the thousands of dollars in FCC testing that none of the homebrew people do before they start selling products.
and how much will the insurance cost to cover your 200$ shit homebrew shoebox power strip when it burns a multi-million dollar factory down.
A recent quote from an EE company that I just happen to have on my desk right now puts cost of compliance with CE & similar electrical safety rules for a short-run product (a device my client is considering installing at a few hundred of their clients' sites) at about $70 per piece. I'm convinced that this "power strip" is being manufactured in much larger quantities than that, so costs should be reduced: so again, where is the money going? It doesn't do anything innovative, plus it's had government funding for its development, so it should have had lower development costs than if one of us were to make it.
I don't know how attentive the average person is, but if I picked-up a power strip and it weighed twice as much as others, I'd be very suspiscious that something was off with it (maybe something fell in?)
It would strike me as much more effective to use a device that already has a lot more heft to it, so the weight difference wouldn't be noticed.
I know the Soviets discovered several CIA bugs because things like their copiers were just a few ounces heavier than a stock model.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
I can find wifi dead zones by wandering around with my phone. Why would I need an expensive, dedicated piece of equipment to perform the same job as one I already own?
failures go up when you make more, so tighter testing is required and thus cost more and use much more time
please come back when you have actually produced something in more than limited quantities, most limited quantities in the real world mean prototype samples
it really doesn't matter, everything that plugs into this box uses switching power supplies which have a wide range of voltages
never mind the fact that commercial AC transmission standards was developed in the USA in serious scale, thus making every one else "wrong". on a side rant I never figured out why so many people outside the states stick to a 50Hz cycle rate, its just nonsense ... is there a metric second I was unaware of?
I work for the government, and if I were ever to contract to the government to make something I would charge an arm and a leg for it because they burn a lot of time in pointless changes, process and administration. Plus they haven't got a clue and pay whatever you charge.
Subtle... unless it looks like a part of a power strip? A bit larger than average, fine. USB ports — getting common. USB modem sticking out of it — somewhat suspicious...
You can probably get that version too on custom order.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
It should be a dismissable offence it bring this thing any where near where you work.
All you need is to ship with UPS a sealed carton of ten or twenty of these devices, each in its own professionally printed box, to the maintenance department of the target company. Lowly workers, just a notch above janitors, will not be asking their bosses about such a simple item, and power strips are always needed. You can do this even if you never set foot into the country where the target company resides.
Pro tip - one second / 60 = nothing. There's no unit that is a 60th of a second. If it was one hertz, and the euros were using 0.833Hz, you might have a point.
That's all besides the point anyway. NA started on DC, and when we first went to AC, it was 25Hz.
Not that any of that is related to the connector, in any way.
You poor bastards using 50/60Hz. I'm so much holier than you with my 25Hz. I AM THE ORIGINATOR OF ELECTRICS
Sent from my PDP-11
sadly, ignorance and political bias seems to be the exception to that rule at times. All throughout history, people have been trying to pound some sense into both categories and generally failed.
Its probably got the weight down to something reasonably comparable too. After reading through to specs, they seem to have a lot of hardware features with some power behind it too. If a power strip/ surge protector weighs as much as a battery backup, someone is going to ask some questions.
Get one of these: http://www.asus.com/Networks/Wireless_Routers/WL330N3G/. Hack OpenWrt to fit you needs, and flash the router with that. It's small and discrete enough to go unnoticed when set up and left somewhere, like behind a curtain, plugged into a forgotten Ethernet port in a wall somewhere. Power it with one of these: http://www.philips.co.in/c/cell-phone-accessories/universal-dlm2262_97/prd/.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Think about what you just said. Some cosmetic damage might make the hacked powerstrip more acceptable. Slap a shiny, new bit of equipment into an office, and it might raise a little curiosity.
Now, take a somewhat abused looking home-brew unit, and put it someplace in the same office. No curiosity, at all. Where I work, there is no shiny, pretty, new, or nice. Everything is beaten to hell and back!!
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
I know, hackers always get insurance before they embark on their activities. My local insurance agents all offer "Hacking Insurance". It even comes bundled with my homeowner's insurance, at State Farm!!
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
It says 120 or 240 volt. I guess the selection is made during checkout.
+1 insightful, please.
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
If a power strip/ surge protector weighs as much as a battery backup, someone is going to ask some questions.
I'd be surprised if they weren't making UPS versions of products like this also. If anything that is more likely something you'd connect to your network without questioning, for monitoring. The chance people would connect the RJ45 ports (I'm guessing these are supposed to protect against power surges) is a lot less in a corporate environment.
The first thing I thought when I saw this was how annoyed I'd be if I spend over $1000 and no-one plugged anything into any of the data ports. I'm guessing it could try to hack in wirelessly, but then they could have a put this into any device that had a constant power connection - shredder, radio, coffee maker - anything that gets left plugged in.
PDF- http://cryptome.org/2012/07/cbp072312.pdf
TFA says "Preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & more". Which leads us to a question, since they're distributing it: are they in compliance with relevant licenses (e.g. GPL) if they have they modified any of the FOSS packages ?
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
If, like me, you found it unlikely that DARPA would fund something like this and let you talk about it (or at least, suspected this might be a case of hacker braggadocio), check this out:
http://www.cft.usma.edu/currentProjects.htm
the problem with a wastebasket is that it's not generally supposed to have cables going to/from it. That means you will have to run off batteries (running off batteries long term is a MAJOR PITA) and you will be limited to wireless hacks.
OTOH power strips are expected to have power and ones with communication surge protection while relatively unusual are not unheard of. This means that you can have power and network going to the "hacking device disguised as a power strip" without it looking too suspicious.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
So maybe you don't have anything hackers are interested in.
You are welcome on my lawn.
I commend you for having the courage to admit that in this crowd.
You are welcome on my lawn.
It's listed under the "Homepwners Policies".
You are welcome on my lawn.
Showing up in corporate parking lots?
You should be considering how and where you are going to convincingly deliver 1,000 of these devices to the top 50 banks as if they were part of the normal office supply delivery.
I recommend branch offices rather than corporate HQ. Stuff like power strips are always in short supply, and at branch offices they'd happily accept (and without any questions) an accidental delivery of 3 from the office supply company via FedEx. And at branch offices I've done work in, there's always a little more do-it-yourself IT spirit, and I can see people happily plugging the Ethernet "surge suppressor" inline with their PC.
My question is -- how many are there like this out there already? Does anyone have the pockets deep enough to send out 10,000 like this to a focused group of targets? It starts to make even a successful activation rate of 0.05% look interesting.
Only in the US government.
now we need to go OSS in diesel cars
Let's say I do see one of these things in the office and I take your advice that I should call somebody to find out if that thing is supposed to be there. This raises the important question of whom I should call. If it's not supposed to be there, that means that somebody, possibly one of my co-workers planted it. PROBABLY one of my co-workers planted it. Now my trust in all my coworkers is in question.
Not that it's not already in question. Maybe I should call Homeland Security. And maybe Homeland Security planted it without the knowledge of my management...
The best part of this is the company is located in Barre VT (and its not pronounced Bar!)
You do realize that the US, EU, Japan, Brazil and several other countries also have different pin configurations too right?
It is probably just a matter of country specific housing covers that hold the outlets..
I have an uncle who runs a small company building electronic devices. He says that certification costs about $200 to get the guy to come out, but once he's there he's happy to do as many devices as you've got ready (within reason, probably).
I commend you for having the courage to admit that in this crowd.
Especially with the nic "Dodgy".
Faster! Faster! Faster would be better!
Looks to me almost exactly like the one I used when I still lived in the States.
And you still think those things were just surge suppressors, eh?
Faster! Faster! Faster would be better!
Why would I need an expensive, dedicated piece of equipment to perform the same job as one I already own?
What a very silly question.
Are you sure you're posting on the correct web site?
Faster! Faster! Faster would be better!
And how is this thing new, or useful? I guess answering that would be too much "real work and effort and thinking and shit" -- ?
Maybe I better take a closer look at those "smart" power strips the utility company sent me "for free". On second thought, nahhhhh.....I don't care that much. After all, I run some LAN subnets over NETGEAR® Powerline equipment; anybody who wants to nib can do it at their convenience right over the grid.
Now that's thoughtful of me; they wouldn't even have to burn the gas getting that van with the WiFi capture/decode equipment in it out here.
Orwell: "In a Time of Universal Deceit, telling the Truth is a Revolutionary Act"
then you have an RF meter, did I say expensive, dedicated piece of equipment dumbshit?
You seem to have forgotten one essential part. Software. You can't just throw hardware together and have it magically know what you want it to do. It probably took man-years to write the software in this thing. If you *really* think you can do it for $200, I would suggest that you do it. This is not an iPhone. The market for this type of thing is not in the millions of units. It's in the thousands, which is another reason why they mark it up so much. Do you really think it costs them $1300 to make this thing? I suspect it's closer to $300 and then $1000 in profit to pay for the development costs.
Pro tip: not only is it completely reasonable to declare your own units, but there is a unit that is 1/60 s: the jiffy.
Pro tip for GP: If two standards differ, neither is wrong, they're just mutually incompatible.
er Guys you know there's this useful thing called secrecy - maybe Maybe William could get the Security Service and SIS to give the CIA a few helpful hints.
never mind the state of the shielding, what about the overall quality of the bricks?
Some years ago, I came across an increasingly familiar problem with eMachines systems. These things are assembled in California using Chinese components, including Bestec power supplies assembled in Taiwan. The problem with these power supplies was the capacitors. Seems that a rather large batch of them were assembled with GP bronze caps, resulting in thousands of units supplied to eMachines which had the potential to cause data loss, destruction and fire. I actually had an eMachines in for a simple software problem, that when I plugged it in - in front of the client - the power brick literally exploded inside the case (secondary effects of this included a scared witless client and a temporarily blinded tech - me). In short order of finding the pattern of the fault, I had to issue a warning and had one of my major clients put it up on his website.
Lesson here is: if you're a builder, stay the hell away from cheap power supplies, especially stay away from power supplies built with low profile caps. They are NOT designed for the kind of loads a computer PSU is put through and they are totally incapable of handling surges and spikes (which they just transmit to the secondaries). I try and stick to bricks I know, like the Corsair Builder Series or the Antec Truepower. If you're a COTS user and reading this, whip out the screwdriver and check the label on the PSU. If it says "Bestec" or "HiPro", it might be an idea to switch it out for a quality brick before you learn the hard way.
Operation Guillotine is in effect.
the 25/50/60/120/133/400Hz* standards were just technical compromises based on application, nothing more.
*25Hz: Niagra Project
50Hz: most of the civilised world based on generator, transformer and transmission line size limitations (pretty much)
60Hz: system developed by Lamme to suit most any HV situation
120Hz: (failed) development system (combustion engines just couldn't rotate fast enough to run this frequency)
133Hz: ditto
and then we have DC, system developed by Edison/GE. Problem with DC is that it's freakin' deadly at high voltage and/or current (110V/400A anyone?) (would cause severe muscular spasm to the point of cellular membrane failure and massive cautery), and causes wires to heat to the point of melting, hence no good whatsoever for distance transmission. Great for welding, though. Homes on Edison DC system would have had to have their own generator.
A thought: the rest rate of the human heart is around 60Hz. A harmonic electric shock at this frequency has the potential to interrupt the normal chemoelectric rhythm, causing arrest. At 50Hz the risk is lower (but not by much).
Operation Guillotine is in effect.
http://unex.com.tw/wifi-surge-protection
every day http://en.wikipedia.org/wiki/Special:Random
Look at the receptacle style.
US outlet. this is built for domestic use... in country-- not foreign service.
every day http://en.wikipedia.org/wiki/Special:Random
Funny, I was just thinking that. Most offices I've worked in and visited are terminally hard-up for power strips. If a box of 20 of them showed up they'd get used, no questions asked...although a bunch of them might make it into people's homes.
For industrial espionage, this would be priceless. Nobody checks to see if visitors are bringing power strips. Contractors bring their own all the time. Stick it in a conference room, or better yet an executive conference room, and you're golden. Does it come with a microphone?
Build it into something above a waste can like a shredder. While you're at it, make a shredder that is also a scanner. Getting it to work when fed multiple sheets at once would be the and-one-more-thing feature.
Simple answer? Plug a printer (preferably one of those copier monstrosities) into one of the data ports. Noone would bat an eyelid at sticking a $3000 printer on a "surge protector" so you'd probably get away with it.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Your second part about not having a clue is incorrect. I also work in Government, and I can say that the reason is that there is a mentality of "it's only money" which basically means they don't bat an eyelid at spending millions of dollars on pointless consultation and analysis, only to run out of money to implement recommendations.
And that's not all- to the procurement people, it's not just "only money" it's someone else's money. Plus they get brownie points for pushing down costs so vendors intentionally inflate their costs to cover it.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
It's really not hard to find them with Cisco gear managed by Cisco Wireless Control System. WCS will automatically triangulate them so you can physically locate them and you can even block/disable rogue APs (talk to legal before blocking/disabling Wifi APs, re:FCC & unlicensed spectrum). I've used it this last week to track down 3 rogue APs which were permanently installed by employees for personal employee use (turns out they BYOI from a WISP and then share with those who want to chip in and only use with their personal devices, not work devices). Additionally, WCS will alert if any of those "rogue" APs' MAC addresses ever show up on the Corporate network and will also track all authorized work clients to make sure they don't connect to rogue APs. It will also track and make sure non-authorized APs never use a "legitimate" SSID (disallowing any impersonation of our real APs).
I've yet to play with it, but WCS' replacement, NCS, does this as well: Rogue AP Details.
I'm not an EE or anything, but Path 65 is HVDC and appears to work just fine over long distances (842mi) with a line rating of 3100MW.
"$1,295 tool...the perfect gizmo for nefarious purposes." Major editing there, but my point stands: too expensive to toss around.
This is a hacked account, for which the owner can not be held responsible.
lemme do the math...
the Pacific Intertie uses two conductors, each of which is just over 5cm diameter (including the core). The measured dissipation is around 260W/m*. Over the length of the line, 1362km, this equals a net loss through heating the wire of 354MW. The total voltage drop is 114kV. From a source output of 3.1GW, this is a 77% efficiency.
*considering this is about equivalent to solar flux (~0.15W/cm^2), that's a fairly significant loss as far as I can see.
I don't have the figures for the AC line that runs basically parallel to Path 65. I can only assume since most of the rest of the world uses AC almost exclusively for overground transmission that it's more efficient, and that Path 65 is only there to facilitate cross transmission across two unsynchronised grids.
Operation Guillotine is in effect.
You do realise the Chinese mains socket is compatible with the Australian mains plug? The only difference is that the Australian pins are slightly thinker, so may make it a little hard to push into the socket, (oh and they are upside down).
Never knew that. You got that my post was sarcastic though, right?
UPS's smooth power and provide some surge protection. However, the only real value in any surge protector is the extra outlets, and the insurance that will replace your equipment after a surge destroys it. Most good brands list their policy on the side of the box.
Cheap storage VM.
1000 feet for Bluetooth, but only in one direction, like the President's office.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
What makes this US made to the satisfaction of the government is that the software that makes this thing what it is, is made in the US, replacing all the original code.
That's the long-winded way of saying "We are dumb and don't think China is smart enough to put a backdoor."
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
$1295 = 1295 * 8 bits = 10,360 bits.
Octal is left as an exercise to the reader.
Historical note: In US, a bit is 1/8 of a dollar, or 12 1/2 cents.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
You know, the one that plants terrorism plans on your executive's computers and then faxes an "anonymous" letter to the FBI.
I lost the address of the 3rd-party vendor, but I think it was something-something road, cave # something, something-stan.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Cool, sounds like something every Hackerspace should offer a few times a year.
Do they charge extra for weekend visits?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Do-it-yourself insurance is available, but costly.
You can get perpetual $1M liability coverage for an up-front fee of a mere million dollars.
Seriously, this exists. It's called "being self-insured" and it's what you are if you don't buy insurance from someone else.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Anyone know the reason they went with DC for the entire distance, rather than use AC for the line and a short DC section or other equipment to connect otherwise-incompatible power grids?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
then you have an RF meter, did I say expensive, dedicated piece of equipment dumbshit?
Except it won't work for this application. It can only do it for networks that have an access point broadcasting their SSID.