Brendan O'Connor is an unabashed hacker who has worked for DARPA and taught at the US military's cybersecurity school. CreepyDOL (Creepy Distributed Object Locator), his new personal tracking system, allows a user to track, locate, and break into an individual's smartphone. "For a few hundred dollars," he says, "I can track your every movement, activity, and interaction, until I find whatever it takes to blackmail you."
Privacy is becoming ever more difficult to insure in today's connected world. It is not clear whether it is governments or businesses that are more interested in your innermost secrets, but both have a pretty good handle on most of us. CreepyDOL and similar systems now threaten to make the ability to ferret out a person's private affairs available to anyone with the inclination and a few hundred dollars to spare.
CreepyDOL is a network of sensors that communicates with a data-processing server. The sensor network runs on boxes about the size of a small external hard drive, with each node containing a Raspberry Pi Model A, two Wi-Fi adapters, and a USB hub. Previously developed by O'Connor, these are called F-BOMBs (Falling/Ballistically-launched Object that Makes Backdoors) and are sufficiently rugged to be thrown, or even dropped from a UAV. Each F-BOMB costs just over US$50, giving a network of 10 a price of around $500.
The F-BOMBS run software that allows the nodes to communicate with each other, as well as look for Wi-Fi traffic within its detection range. The nodes look for various forms of data, including Dropbox and iMessage data, that can provide information about the user of the smartphone. Some data only reveals that a particular protocol is being used by a particular user, while others may leak a great deal of personal information, including names, pictures, and email addresses. To stay within the law, O'Connor tested CreepyDOL with software settings that made the sensor nodes blind to any but his own smartphones.
All the acquired information is reported back to the data processor, which analyzes, organizes, and stores the personal data. The system includes the ability to display people moving around the area covered by the sensor network in real time.
The impact of CreepyDOL is that it eliminates the idea of "blending into a crowd." If you're carrying a wireless device, CreepyDOL will see you, track your movements, and report home, even if you aren't using it.
O'Connor appears (mostly) to be wearing a white hat in this project. “At some level I’m doing this because it’s interesting, but I’m also doing it to prove that this level of knowledge and detail isn’t only the province of intelligence agencies anymore. If you think that only the government, with millions and billions to blow on watching someone can create this problem for privacy, then we’re not going to solve it.”
On the other hand, his security consultancy Malice Aforethought is selling F-BOMBS to the public. Will CreepyDOL emerge from the hacker underground? Time will tell.
Source: Malice Aforethought
It makes me question how likely it is that CreepyDOL successfully executes its list of features but it's still kind of cool to see some crossover from HAM.
Diachi, are you trying to discount that the F-BOMB creator is somehow not real because they wrote what you believe to be a simple Android app? You are taking a single point of data and extrapolating? Have you played with the CreepyDOL?
This is really cool. While it might just be lots of glue put together with existing OS software that runs on the Pi, this has the potential to be an extremely valuable tool and very scary as a target. Low cost, borderline disposable wireless eavesdropping. Tie in some cloud resources to quickly crack WEP and WPA2 keys (since the Pi is going to be dreadfully slow at it) from captured packet streams, passively or actively generated, and you can p0wn a neighborhood.
Need to start using encrypted SSH/VPN tunnels and HTTPS Everywhere more often.
Privacy Cafe for WiFi -Meta-material Faraday cage glass films and wallpaper effective at select WiFi frequency ranges but allows other RF signals to pass through such as cellular signals
-Consensual Node and WiFi tracking capability via RF and visual camera confirmation with amplitude adjustment available to focus and narrow RF footprint within the location.
-For phones without directional antenna transmission and reception/tracking capability, auxiliary antennas are available with an easy to download app for setup
-WiFi transparent meta-material film wraps internal objects to minimize reflection leaks
-Node location and verification is provided and synchronized at the front desk via a secure hard-wire ASIC circuit
-Cloned decoys and all-inclusive Faraday zones with secured cellular micro beacons available at extra cost