Wireless Signals going to War!
I have heard a lot of news about how easy it is to break into someone's wireless network but never thought about it twice. My new temporary flatmate thought it would be funny to switch off the wireless modem because I wouldn't tell him the password to my computer so I thought it would be interesting to check if the news are correct. Even though it would be wrong to break into other people's Wifi signals and I would never do such a thing! (honest :P), it would be interesting to switch my own router to WEP and see how easy it would be to breaking into WEP encryption which is used by a lot of people (44% in Seattle). The following are quite interesting:
KisMac3.
KisMac is the most capable program available. While it does not handle bonjour networks, its wireless capabilities far exceed those of both MacStumbler and iStumbler. Beyond the basic scanning, signal strength testing, and so on, KisMAC can use GPS systems much like MacStumbler. Furthermore, it is capable of loading maps internally, where you can plot hotspots visually.
Beyond this, KisMAC has one capability that puts it far and above the other programs: the ability to crack WEP keys. If you have a Airport card (not airport extreme, sadly), you can recover network packets and then crack the key using a variety of built-in methods. Those using ibooks and powerbooks don’t need to despair though: KisMAC can use USB prism2 based cards, which are the best for this purpose anyway. Using these methods, it is possible to gain access to networks for which you do not know the password. I don’t advise this though, breaking into networks without authorization is illegal. Still, if you forget your WEP password for your router (as I have done), then this ability is VERY handy.
So this software creates a map of all the wireless network in the proximity and display it on a map, after which you can obtain the WEP code. On top of that I also stumbled upon a lot of "stumbers".
I know WEP encryption is poor but this is ridiculous. Other interesting facts were revealed during some "wardriving" (when driving to find free wireless network) exercise carried out by 100 undergraduate student in Seattle. It was found that "44% were secured with WEP encryption, 52% were open, and 3% were pay-for-access. They noticed trends in the frequency and security of the networks depending on location. Many of the open networks were clearly intended to be used by the general public, with network names like "Open to share, no porn please" or "Free access, be nice." The information was collected into high-resolution maps, which were published online."
And then I came across some stuff that could dissect the wireless going between wireless interfaces. Wow! I wonder that they could do!
All that thanks to my weird new flatmate turning off the wireless signal. Its nice to learn something new, who knows it might all come in handy one day. Like a condom, its better to have it and not needing it than to need it and not having it.
KisMac3.
KisMac is the most capable program available. While it does not handle bonjour networks, its wireless capabilities far exceed those of both MacStumbler and iStumbler. Beyond the basic scanning, signal strength testing, and so on, KisMAC can use GPS systems much like MacStumbler. Furthermore, it is capable of loading maps internally, where you can plot hotspots visually.
Beyond this, KisMAC has one capability that puts it far and above the other programs: the ability to crack WEP keys. If you have a Airport card (not airport extreme, sadly), you can recover network packets and then crack the key using a variety of built-in methods. Those using ibooks and powerbooks don’t need to despair though: KisMAC can use USB prism2 based cards, which are the best for this purpose anyway. Using these methods, it is possible to gain access to networks for which you do not know the password. I don’t advise this though, breaking into networks without authorization is illegal. Still, if you forget your WEP password for your router (as I have done), then this ability is VERY handy.
So this software creates a map of all the wireless network in the proximity and display it on a map, after which you can obtain the WEP code. On top of that I also stumbled upon a lot of "stumbers".
I know WEP encryption is poor but this is ridiculous. Other interesting facts were revealed during some "wardriving" (when driving to find free wireless network) exercise carried out by 100 undergraduate student in Seattle. It was found that "44% were secured with WEP encryption, 52% were open, and 3% were pay-for-access. They noticed trends in the frequency and security of the networks depending on location. Many of the open networks were clearly intended to be used by the general public, with network names like "Open to share, no porn please" or "Free access, be nice." The information was collected into high-resolution maps, which were published online."
And then I came across some stuff that could dissect the wireless going between wireless interfaces. Wow! I wonder that they could do!
All that thanks to my weird new flatmate turning off the wireless signal. Its nice to learn something new, who knows it might all come in handy one day. Like a condom, its better to have it and not needing it than to need it and not having it.
Turned out that my Apple Airport Extreme Extreme with Broadcom chipset is not supported by KisMac so need to investigate other options; Found this very interesting conversation from a guy needing to buy a Prism2 USB which is required by KisMac to work. The guy refused to divulge what purpose he had but he was busted by another reader:
Question: "I need a Prism2 USB adapted to work with a specific program that doesn't support the AirPort card."
Answer: "The only programs that it would matter to would be WiFi sniffers..."
And amazingly, I think I have a Belkin F5D7050 lying around the house somewhere. This is getting very interesting!
Also learned how to do the same thing for other platforms, how it works and ways to beef up the security in a wifi connection. Interestingly, it compares transmitted data package to work out a common denominator to produce the required key code. During the Second World War, the code for Nazi's Enigma Machine was broke in similar fashion by the Operation Ultra with Alan Turing (from Manchester no less, his statue can be found in Sackville Garden next to Canal Street), the grandfather of the very first conceptual computer (Colossus) and modern day computers which revolutionise our daily lifes. Similar words within a Nazi transmission, like weather reports which starts with the same prefixes, were used as baselines to derive decryption techniques at Bletchley Park, the home of intellectual elite selected to aid the British Intelligence's decryption effort. One of the quickest decryption was down to a German operator sending the same message twice while forgetting to change the key code. The breaking of the code was ultimate the reason for the Allied's success at Operation Overlord after the Nazi were fed falsified information in regards to the point of entry for the invasion. The operation was so successful that Hitler was still convinced that the real attack is to happen elsewhere and gave stand off orders to the nearby Panzer Reserve. Another genius in the Operation Market is that it's point of attack is that Normandy was chosen because that is where the weakest troops were deployed:
Question: "I need a Prism2 USB adapted to work with a specific program that doesn't support the AirPort card."
Answer: "The only programs that it would matter to would be WiFi sniffers..."
And amazingly, I think I have a Belkin F5D7050 lying around the house somewhere. This is getting very interesting!
Also learned how to do the same thing for other platforms, how it works and ways to beef up the security in a wifi connection. Interestingly, it compares transmitted data package to work out a common denominator to produce the required key code. During the Second World War, the code for Nazi's Enigma Machine was broke in similar fashion by the Operation Ultra with Alan Turing (from Manchester no less, his statue can be found in Sackville Garden next to Canal Street), the grandfather of the very first conceptual computer (Colossus) and modern day computers which revolutionise our daily lifes. Similar words within a Nazi transmission, like weather reports which starts with the same prefixes, were used as baselines to derive decryption techniques at Bletchley Park, the home of intellectual elite selected to aid the British Intelligence's decryption effort. One of the quickest decryption was down to a German operator sending the same message twice while forgetting to change the key code. The breaking of the code was ultimate the reason for the Allied's success at Operation Overlord after the Nazi were fed falsified information in regards to the point of entry for the invasion. The operation was so successful that Hitler was still convinced that the real attack is to happen elsewhere and gave stand off orders to the nearby Panzer Reserve. Another genius in the Operation Market is that it's point of attack is that Normandy was chosen because that is where the weakest troops were deployed:
- 716th Infantry Division (Static) consisted mainly of those 'unfit for active duty' and released prisoners.
- 352nd Infantry Division, a well-trained unit containing combat veterans.
- 91st Air Landing Division (Luftlande – air transported), a regular infantry division, trained, and equipped to be transported by air.
- 709th Infantry Division (Static). Like the 716th, this division comprised a number of "Ost" units who were provided with German leadership to manage them.
Two Infantry Division which were considered "unfit for active duty". If Hitler were to have given the green to the release of the Panzer-Lehr Division comprising SS Troops, Hitler Youth, and their Tiger tanks, they would have kicked the shit out of the landing party, closed off the invasion and delay an Allied victory for many years.
Operation Fortitude and Overlord were gorgeous! Shame about the over-ambitious Market Garden that followed! :D
I guess at the end of the day its all the same, if WEP can be fooled using the same techique to bring down Hitler then its not really worth having to protect your Wifi. Its all about WPA2 these days! :D
Operation Fortitude and Overlord were gorgeous! Shame about the over-ambitious Market Garden that followed! :D
I guess at the end of the day its all the same, if WEP can be fooled using the same techique to bring down Hitler then its not really worth having to protect your Wifi. Its all about WPA2 these days! :D
Labels: Operation Fortitude, Operation Market Garden, Operation Overlord, Operation Ultra, signal dissect, stumbler, war driving, wep, wifi
posted by Twisted @ 18:52:00
0 Comments
