Telecommunications

CreepyDOL system can destroy your privacy for about US$500

View 3 Images
CreepyDOL is a new personal tracking system that allows a user to track, locate, and break into an individual's smartphone (Image: Shutterstock)
A CreepyDOL system of 10 F-BOMBS can destroy your privacy for about US$500
A pose no longer required for collecting information (Photo: Shutterstock)
CreepyDOL is a new personal tracking system that allows a user to track, locate, and break into an individual's smartphone (Image: Shutterstock)
View gallery - 3 images

Brendan O'Connor is an unabashed hacker who has worked for DARPA and taught at the US military's cybersecurity school. CreepyDOL (Creepy Distributed Object Locator), his new personal tracking system, allows a user to track, locate, and break into an individual's smartphone. "For a few hundred dollars," he says, "I can track your every movement, activity, and interaction, until I find whatever it takes to blackmail you."

Privacy is becoming ever more difficult to insure in today's connected world. It is not clear whether it is governments or businesses that are more interested in your innermost secrets, but both have a pretty good handle on most of us. CreepyDOL and similar systems now threaten to make the ability to ferret out a person's private affairs available to anyone with the inclination and a few hundred dollars to spare.

CreepyDOL is a network of sensors that communicates with a data-processing server. The sensor network runs on boxes about the size of a small external hard drive, with each node containing a Raspberry Pi Model A, two Wi-Fi adapters, and a USB hub. Previously developed by O'Connor, these are called F-BOMBs (Falling/Ballistically-launched Object that Makes Backdoors) and are sufficiently rugged to be thrown, or even dropped from a UAV. Each F-BOMB costs just over US$50, giving a network of 10 a price of around $500.

A CreepyDOL system of 10 F-BOMBS can destroy your privacy for about US$500

The F-BOMBS run software that allows the nodes to communicate with each other, as well as look for Wi-Fi traffic within its detection range. The nodes look for various forms of data, including Dropbox and iMessage data, that can provide information about the user of the smartphone. Some data only reveals that a particular protocol is being used by a particular user, while others may leak a great deal of personal information, including names, pictures, and email addresses. To stay within the law, O'Connor tested CreepyDOL with software settings that made the sensor nodes blind to any but his own smartphones.

All the acquired information is reported back to the data processor, which analyzes, organizes, and stores the personal data. The system includes the ability to display people moving around the area covered by the sensor network in real time.

The impact of CreepyDOL is that it eliminates the idea of "blending into a crowd." If you're carrying a wireless device, CreepyDOL will see you, track your movements, and report home, even if you aren't using it.

O'Connor appears (mostly) to be wearing a white hat in this project. “At some level I’m doing this because it’s interesting, but I’m also doing it to prove that this level of knowledge and detail isn’t only the province of intelligence agencies anymore. If you think that only the government, with millions and billions to blow on watching someone can create this problem for privacy, then we’re not going to solve it.”

On the other hand, his security consultancy Malice Aforethought is selling F-BOMBS to the public. Will CreepyDOL emerge from the hacker underground? Time will tell.

Source: Malice Aforethought

View gallery - 3 images
  • Facebook
  • Twitter
  • Flipboard
  • LinkedIn
9 comments
Daishi
Interestingly the app he has available on the app stores is for the Amateur radio license exam. It is a simple app to write though and the android version has 3 1 start reviews and 1 2 star review.
It makes me question how likely it is that CreepyDOL successfully executes its list of features but it's still kind of cool to see some crossover from HAM.
piperTom
It's a tangent, but I wondered about the name: "Falling/Ballistically-launched Object that Makes Backdoors". The word "ballistic" refers to a manner of flight (basically unpowered), regardless of method of launch. So "balistically launched" makes no sense, not to mention providing an unwanted "L" - F-BOMB not F-BLOMB.
ooglek
The amount of work that went into such a device that can do the things claimed in this article is complex and potentially scary in the wrong hands or simply targeted at oneself.
Diachi, are you trying to discount that the F-BOMB creator is somehow not real because they wrote what you believe to be a simple Android app? You are taking a single point of data and extrapolating? Have you played with the CreepyDOL?
This is really cool. While it might just be lots of glue put together with existing OS software that runs on the Pi, this has the potential to be an extremely valuable tool and very scary as a target. Low cost, borderline disposable wireless eavesdropping. Tie in some cloud resources to quickly crack WEP and WPA2 keys (since the Pi is going to be dreadfully slow at it) from captured packet streams, passively or actively generated, and you can p0wn a neighborhood.
Need to start using encrypted SSH/VPN tunnels and HTTPS Everywhere more often.
christopher
LOL @poperTom: If you're going to diss someone in public, this is probably the one bloke you REALLY do not want to piss off :-)
KevinR
And Joe McCarthy was worried about the Russians spying on us, seems to be ok if the spying is done within our own society. Have we really progressed as a society or is the almighty power of the dollar and 'intelligence' more important? Blu-tooth was just the beginning in the desire of corporate empires to keep tabs on private individuals. We have lost for-ever our ability maintain an element of privacy.
nutcase
FYI piperTom "ballistic" means anything to do with projectiles not a "mode of flight". If a solid object is projected it is ballistically launched ie "launched like a projectile". This is the most interesting development in communications monitoring I have seen for a long time. Amateur radio communications differs from commercial in that privacy is forbidden. Brendan is helping you all to understand that in fact commercial radio communication is no more private than amateur radio.
Phyzzi
So, this essentially reverses the WiFi location process Google has been using for several (2? 5? 20?) years now and incorporates some basic data packet hacking. Not surprising, really. Of course, this can only work in a certain area, unless you want to follow someone with a bunch of coordinated UAV's at WiFi range... which seems like it might ring a little suspicious. Still, it could provide an interesting alternative/addition to a security camera, if you think that the people likely to cause a problem are also likely to be carrying a WiFi device while they are on your property. Hmm - Looks like I had best turn WiFi off before getting out my marauder's map.
Slowburn
If you want your privacy generate a lot of nonsense information. somebody needs to make a phone case that generates false GPS location signals for the phone inside. If you don't take incoming calls you can keep your phone in a . Old metal lunch boxes work well. If you want to mess with the people fallowing you clone the phone put the clones in Faraday cages that open and close on a prearranged Schedule and place on things that move like leaving them on a bus.
Gary Richardson
Here is a new set of features to incorporate into WiFi Hotspot business models:
Privacy Cafe for WiFi -Meta-material Faraday cage glass films and wallpaper effective at select WiFi frequency ranges but allows other RF signals to pass through such as cellular signals
-Consensual Node and WiFi tracking capability via RF and visual camera confirmation with amplitude adjustment available to focus and narrow RF footprint within the location.
-For phones without directional antenna transmission and reception/tracking capability, auxiliary antennas are available with an easy to download app for setup
-WiFi transparent meta-material film wraps internal objects to minimize reflection leaks
-Node location and verification is provided and synchronized at the front desk via a secure hard-wire ASIC circuit
-Cloned decoys and all-inclusive Faraday zones with secured cellular micro beacons available at extra cost