ProxyGambit Replaces Defunct ProxyHam

msm1267 writes: Hardware hacker Samy Kamkar has picked up where anonymity device ProxyHam left off. After a DEF CON talk on ProxyHam was mysteriously called off, Kamkar went to work on developing ProxyGambit, a similar device that allows a user to access the Internet without revealing their physical location.

A description on Kamkar's site says ProxyGambit fractures traffic from the Internet through long distance radio links or reverse-tunneled GSM bridges that connect and exit the Internet through wireless networks far from the user's physical location. ProxyHam did not put as much distance between the user and device as ProxyGambit, and routed its signal over Wi-Fi and radio connections. Kamkar said his approach makes it several times more difficult to determine where the original traffic is coming from.

Better than that

ProxyCheeseOnToast

but most of all

samy is my hero.

7 proxies!

and enough latency to kill your buzz.

Re:7 proxies!

[Panoptes]

Better latent than never.

Anonymous cell phone

[bluefoxlucid]

I developed a system to allow non-trackable cellular phones, in which you could receive a phone call without revealing your location (once answered, you revealed your location); nobody will go for it, though. It only requires like a few bytes of broadcast packet exchange (goes up to a theoretical maximum of 48KB if every single phone in the world is ringing all at once on a global scope), and has a 0.00002% chance of ringing your phone when you're not actually receiving a call. I mitigated this with geographical limits, although they don't help for a non-answer (if you don't answer, it tries a regional, then a global ring, meaning your initial chance of a false ring is like 0.000000000000000000000000013% for any phone call made).

Trivial shit.

Re:Anonymous cell phone

da fuq?

Re:Anonymous cell phone

He's proposed the idea of broadcasting the MEID/ESN of every phone that is ringing in every mobile phone "cell" in the world/via Satlink(over GPS as an example).

Rather than cell phones actively negotiating their position so that rings go to the correct location, the location discovery/authentication handshake occurs when the intended recipient responds to the beacon.

Has he integrated the total $$$ in waste for the next 10-20 years at the current market rate for mobile data? I imagine this would waste millions-billions of dollars in unnecessary use of the wireless spectrum for a "anonymity" feature that is desired by less than 1% of all users.

There are much cheaper ways to provide anonymity to those 1% of users.

Re:Anonymous cell phone

Did you ever write up any of this? If so, can you provide a link to it?

Re:Anonymous cell phone

[Cow+Jones]

He's proposed the idea of broadcasting the MEID/ESN of every phone that is ringing in every mobile phone "cell" in the world/via Satlink

Personally, I would object to everybody being able to tell if/when my phone is ringing, and possibly even deduce whether I accepted the call from the duration of the "ringing" state. If that's really how this system is supposed to work, I'm not surprised the OP couldn't find any takers.

INB4...

INB4 this poor bastard also gets the kibosh put on him by the TLAs.

Posting AC for obvious reasons

Re: INB4...

Radio. The TLA interested isn't one of the scary ones, it's the boring old FCC. They regulate how you consume EM spectrum. The scary TLA's don't care about this because they already have your dick pics from the cloud.

Re: INB4...

[OverlordQ]

No reason they should, this is using either 2.4Ghz Wifi or a GSM connection, neither of which have the encryption restrictions the HAM bands use.

Re: INB4...

[Obfuscant]

No reason they should, this is using either 2.4Ghz Wifi or a GSM connection, neither of which have the encryption restrictions the HAM bands use.

ProxyHam didn't have an encryption restriction, either, because it wasn't operating under amateur radio service rules. ISM 900MHz.

Not so mysterious.

No surprise that such a device would attract the wrong kind of attention. So much so that owning such a device would be pointless and counter productive.

Starting a company to do it would turn your company into a honey pot for the Feds without the Feds paying the bills. Probably not what they signed up for.

Re: Not so mysterious.

Unbelievable. As if I do NOT have right to a private conversation.

Yet when those asshats get a FOIA, they basically ignore it.

Take your 'honey pot' BS and stick your head in it moron.

The appeal is in the doing,

[bbsguru]

Samy has done a great job of documenting / illustrating this project, making it appealing even for those of us who don't particularly care about the benefits of anonymity.

I kinda want to do this, just for kicks.

Yes, my OTHER computer is anonymous, and will never visit any site I've been to.

Re:The appeal is in the doing,

[ThatsNotPudding]

Yes, my OTHER computer is anonymous

Would make a great bumper sticker.

Re:The appeal is in the doing,

[Actually,+I+do+RTFA]

If it never visits ant of the sames sites, and that pattern is known, isn't that exploitable information?

On the off chance that it's not fully baked

Or rather, to give everyone strong assurance that it doesn't have critical holes in it,

please encourage everyone with the skills to do so to audit the heck out of this puppy

If many individuals and groups who are already known to be experts in this area come out and say "I/we independently audited this device and its software and we trust it," the more assurance everyone will have that it doesn't have serious flaws, whether unintentional or otherwise.

No clue why ProxyHam went dark

[OverlordQ]

Looking at ProxyGambit it either uses Point to Point directional wifi, or a 2G connection, so it wasn't an FCC 'encryption' issue.

Re:No clue why ProxyHam went dark

NSA national security letter.

It was a BlackHat / DEFCON publicity stunt

[SuperBanana]

Hackaday is pretty much spot on: http://hackaday.com/2015/07/14...

There's always posturing for PR before BlackHat and DEFCON. This was to get the researcher's name on people's radar.

Many a competent unix sysadmin could come up with something similar.

What's hilarious is that despite how easy it would be to make something like this, the "researcher" just bought a yagi antenna and posed for a picture. They didn't even bother to point the yagi antenna towards the ground, for that matter.

Re:It was a BlackHat / DEFCON publicity stunt

[Obfuscant]

They didn't even bother to point the yagi antenna towards the ground, for that matter.

Why would they point it towards the ground? You want to point it towards the distance radio. In the hackaday picture, it was pointed slightly above the horizon, which will put a lot more the radiation towards the distant station than pointing it at the ground would.

The antenna was attached to something that would normally be mounted somewhere, but while it was sitting on the table it was pointed a few degrees up. The radiation pattern of a yagi isn't narrow enough that you'd need to worry about being off by a few degrees, either left/right or up/down. It's not a dish.

Re:It was a BlackHat / DEFCON publicity stunt

[adolf]

Competent UNIX admin? Let me submit that it's just not needed to be competent with UNIX: You just need some basic knowledge of the concept of a subnet, and it might help to know what a broadcast domain is.

Anyone who can configure a venerable WRT54GL with OpenWRT or Tomato or DD-WRT and isn't afraid of a 900MHz ISM-band Ubiquiti (or other) radio can do this.

It's just Ethernet frames that happen to encapsulate IP. No big deal.

I mean, FFS: A couple of years ago I built such a system. A wealthy customer was having a party, and was having circuit issues on the bonded T1s at his house (yep, really) and Really, Really wanted his Sonos system to be reliably online to stream music for his guests.

We sent his wife to the Verizon store, and she came back with an LTE Wifi hotspot. I set up a WRT54GL running Shibby's Tomato-USB as a wireless client put the LTE hotspot in a window where it had reasonable signal. We had another WRT54GL working as a wired client off of this (triple-NAT? so what), which in turn plugged into the Sonos mesh with some Cat5.

DHCP figured out the addressing automagically; all I needed to do was make sure that each WRT54GL was issuing a unique subnet so Linux's routing tables weren't confusing itself.

And....done. It was an ugly hack thrown together late on a Saturday with parts on-hand and it got the party going just fine.

Which is the same as, or perhaps slightly more complicated than, a ProxyHam setup.

Oh, and ProxyHam is easily traceable, too: I haven't actually had my hands on Ubiquiti's 900MHz gear, but their 2.4GHz 802.11N stuff has an excellent and honest spectrum analyzer built-in with the default firmware. I would be shocked and amazed if their 900MHz parts differed in this regard.

A $100 radio, some graph paper, a directional antenna, a working brain and some mobility is all you need to use to triangulate the "isolated" end of a ProxyHam/ProxyGambit connection that is actively being used down to at least the household that the signal emanates from.

Alternatively, any spectrum analyzer that covers whatever band it is that is used to backhaul to the user's location can be used to locate them fairly easily: You can try, but at the end of the day you can never hide while broadcasting with a radio -- especially since we've largely abandoned frequency-hopping spread-spectrum (which was actually rather hard to narrow down using traditional tools).

WTF?

This is what passes for hacking nowadays?

Take a TP-Link TL-MR3020 plug a 3g or a 4g and install openWRT. Now you've got a cellphone connected WiFi client/access point. Leet h@x.

Seriously, this is juvenile.

It desperately needs a diagram

Somehow, I don't immediately grok pictures of components wired together.