On March 1, the agents obtained a court order allowing them to use a "pen register/trap and trace" device that could reveal only "addressing information" and not content. In other words, if it worked, agents could see what IP addresses Hammond was visiting, but they would see nothing else.
The FBI describes its device as a "wireless router monitoring device” that captures addressing and signaling information and transmits it wirelessly through the air to FBI agents watching the home. It was installed the same day and was soon showing agents what Hammond was up to online.
I'm curious about this device; it would have to be able to fully decrypt 802.11 frames just to be able to see the layer 3 IP information, so in theory it is able to see all of the traffic but the agents aren't allowed to look at (or use) anything beyond the IPs because that would be considered wiretapping. I have to imagine the guy arrested was technically competent enough to use WPA2 with a fairly strong non-dictionary-word key, yet this device was able to crack that key in a short enough amount of time for this sting operation.
It wasn't clear to me that it was a device that was wireless. They said it was installed.. they called it a wireless router monitoring device, which suggests wireless, but it seems more plausible that they would have installed something physical to listen in on the cable connection (or something else north of the router)... the 'wireless' bit being the transmission of data back to them?
I'm perturbed by the number of hackers getting taken down who blather on about their personal lives, use a VPN with no encryption and think it's safe, and still manage to break into these rather large systems. Either they're skilled but reckless and cavalier, they're idiots and security everywhere is a joke, or both.
Not sure which of those scenarios is more disturbing. Either way, I suspect that, in the wake of these latest arrests, we'll see both better opsec from Anon, as well as an increased focus on security from those who are likely to be targets. In the meantime, I'll get 15 messages on my facebook wall saying, "see who's visited your profile!"
This is nothing surprising. If you listen to the (public) disclosures of wiretaps on e.g., Mob bosses, etc., it's full of mundane chatter about what they had for lunch, who they met, their bowling scores, etc. The reality is that after some time of being secretive and not getting caught, it's human nature to just act normally and let your guard down. If you think about it, the criminal only has to make one mistake out of thousands of individual actions to be caught and prosecuted.
Criminals are just ordinary people, not supervillains!
You just have to read about Gary McKinnon "hacking". The guy himself said that he is no wizard or anything similar but that a lot of the US government computers he got in had a blank password for the administrator...
Yes, from the sound of it the "wireless" part was simply how the device reported back to its owners.
Probably a good call, really. It requires physical presence, but done right it could be nigh undetectable, whereas reporting over the target's uplink could alert a very sharp target, and possibly even reveal who its masters are (based on destination).
While sup_g may indeed have been a "credible threat," he was in the end no match for the overwhelming federal resources of the FBI agents hunting him down. Over the last month, federal agents staked out his home in Chicago constantly, dug up old police surveillance records, tapped his Internet connection, used directional wireless finders to locate and identify his wireless router, and relied on Sabu back in his New York City apartment to let them know when sup_g went on or offline.
...anything beyond the IPs because that would be considered wiretapping.
But that is exactly what it appears they had the authority to do no?
They wouldn't need to decrypt any packets at all, they could simply look at ARP requests. ARP packets are typically left alone and sent un-encrypted,. otherwise it would be far too difficult to find that router and the client when connecting or re-negotiating encryption keys. Even then, it was indicated that he was using tor, so even if they did decrypt the 802.11 packets, only the header would be in clear-text.
Doing this does not count as wiretapping, as it was ruled to be akin to a dump of phone records, rather than listening on the conversation itself. Yes, they are splitting hairs, but that is how justice has to work.
To add more detail, the reason is would not show the IP of the Tor servers is because you only send ARP requests for IPs on your same subnet. If the IP is not on your subnet there is no reason to send an ARP because you already know you cannot talk to it directly.
The FBI describes its device as a "wireless router monitoring device” that captures addressing and signaling information and transmits it wirelessly through the air to FBI agents watching the home. It was installed the same day and was soon showing agents what Hammond was up to online.
I'm curious about this device; it would have to be able to fully decrypt 802.11 frames just to be able to see the layer 3 IP information, so in theory it is able to see all of the traffic but the agents aren't allowed to look at (or use) anything beyond the IPs because that would be considered wiretapping. I have to imagine the guy arrested was technically competent enough to use WPA2 with a fairly strong non-dictionary-word key, yet this device was able to crack that key in a short enough amount of time for this sting operation.