Hackers see "sheeple" sheared by Google wireless data grab

Jul 30, 2012 by Glenn Chapman

Long before Google online mapping service cars snatched data from private wireless hotspots there was the Wall of Sheep.

The Wall, created by Aires Security, has long been a mainstay of the infamous Def Con gathering of hackers that ended Sunday in Las Vegas.

Designed as a "security awareness tool" and refined over the years, the Wall captures data sent wirelessly by smartphones, laptops or other gadgets and then finds information unguarded by encryption or tough passwords.

Wall builders have long branded folks careless about what they send wirelessly as "sheeple" vulnerable to wolves who can eavesdrop on transmissions as easily as one can overhear a chat in a .

Those behind the Wall see what Google did by sucking up unprotected wireless data with Street View vehicles as perhaps unethical but perfectly legal.

"If you overhear a conversation in a public place, a Starbucks for example, you are not doing anything illegal," Aires chief Brian Markus said as of "sheeple" was projected on a wall behind him.

"For wireless, if you are monitoring it passively and you don't have to break into anything that should be legal."

The Wall team's T-shirts this year were emblazoned with "Encrypt or you will regret it in the end."

The subject of whether the Wall, and by extension what Google did with Street View, was criminal was the focus of a Def Con session where hackers backed the idea that unprotected data was fair game.

"Tech people think sniffing is fine; people who understand privacy think it's terrible," University of Pennsylvania distributed labs director Matt Blaze said during the session, referring to capturing wireless data.

"If you understand both, your head explodes."

Attorney Kevin Bankston of the Center for Democracy and Technology played devil's advocate in the discussion, itemizing points of US law that work against Google's in the Street View controversy.

"Whatever you think of this issue it is dead clear that the law is a mess," Bankston said.

Bankston said a key point was that while overhearing conversations isn't crimes, capturing wireless communications is unless the communication "is readily available to the general public."

Markus considered wireless transmissions to be just that, since gear to "sniff" the airwaves is easily available.

"With the Wall of Sheep, we are kind of implying that people who can't figure out how to set up their routers deserve about the same level of protection as sheep," Blaze said.

"Don't punish people for not being able to figure out how to turn on the crypto."

Markus was quick to agree that the technically un-savvy don't deserve to have their privacy trampled.

"We are concerned about the everyday user, which is why we are trying to get the message out there," he said of the purpose behind the Wall.

"Legislation is not going to stop the problem," he continued. "The answer is to push companies to fix it."

WiFi gear that doesn't encrypt data by default is a dying breed, according to Blaze.

Bankston was worried that US justice officials would take advantage of the mood in Washington to expand how much data they could grab from people.

"How about a little sniffer on every cop's belt, or in every cruiser?" he asked rhetorically.

"The Department of Justice hasn't said how they read the law right now, which is notable and worrisome."

The Federal Communications Commission (FCC) in April dropped its Street View investigation, saying it could not accuse Google of breaking US law but fining the company $25,000 for what it saw as slow cooperation.

The FCC began the investigation in late 2010 after Google announced that Street View cars taking photographs of cities in more than 30 countries had inadvertently gathered data sent over unsecured Wi-Fi systems.

Information sucked up by passing Street View cars included passwords, emails, and other data that was being transmitted wirelessly over unprotected routers, according to the FCC.

Google has since stopped the collection of Wi-Fi data, used to provide location-based services such as driving directions in Google Maps and other products, by Street View cars.

, which was launched in 2006, lets users view panoramic street scenes on Maps and take a virtual "walk" through cities such as New York, Paris or Hong Kong.

Explore further: Turkey hosts Internet forum, despite online crackdown

add to favorites email to friend print save as pdf

Related Stories

Google blasts FCC handling of 'Street View' probe

Apr 26, 2012

Google on Thursday blamed the Federal Communications Commission for dragging out an investigation into Google's "Street View" online mapping service gathering data from private wireless hotspots.

Israel gives green light to Google Street View

Aug 22, 2011

Israel's ministry of justice said on Monday that it has given the go-ahead for Google Street View to start photographing streets in Israel to put on its 3D-mapping website.

Recommended for you

Startups offer banking for smartphone users

Aug 30, 2014

The latest banks are small enough to fit in the palm of your hand. Startups, such as Moven and Simple, offer banking that's designed specifically for smartphones, enabling users to track their spending on the go. Some things ...

Ecuador heralds digital currency plans (Update)

Aug 29, 2014

Ecuador is planning to create what it calls the world's first digital currency issued by a central bank, which some analysts believe could be a first step toward abandoning the country's existing currency, ...

'SwaziLeaks' looks to shake up jet-setting monarchy

Aug 29, 2014

As WikiLeaks founder Julian Assange prepares to end a two-year forced stay at Ecuador's London embassy, he may take comfort in knowing he inspired resistance to secrecy in places as far away as Swaziland.

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

Blakut
5 / 5 (1) Jul 30, 2012
Herp derp, i don't know how to lock my door, so i need someone to do something about it, it can't be expected of me to put a key in the lock and turn it every time i leave the house.
saintneko
not rated yet Jul 30, 2012
@Blakut - it's more akin to "I didn't know doors could shut, i thought they all just came with holes I used to pull them open and closed"

Remember when you first learned how to lock you door, back when doors and locks were new and no one really understood them? Of course no, no one in living memory does.

This issue will be gone in a decade. The new issue will be "Well, if they were using weak encryption they should have known better"
Wayfinder
not rated yet Jul 31, 2012
Google constantly breaches privacy. Netflix was just fined $9 million for harvesting user data without permission. Legal precedence indicates wi-fi hackers are breaking the law. They are accessing private information which they have not been given permission to access.

The hackers above use the same argument as rapists, "If she didn't want to be raped she shouldn't have been walking down the street at night." "If he didn't want to be robbed, he shouldn't have forgotten to lock his door." It's a twisted and self-absorbed logic that denies the basic rights of others... or accountability for actions in abusing those rights. It is an argument of "we CAN do this, so we have the RIGHT to do this". That is the thought process of criminals.

Might point out that generally sheep are protected and wolves are shot as predatory.

We see the very same thing done by business and government every day. This apple is rotten from the skin to the core. There will be a price to pay.
Wayfinder
not rated yet Jul 31, 2012
Follow-up:

Realistically speaking the hackers are right: those who fail to secure are equivalent to those who fail to lock the doors on their houses. There's a difference between what's "right" and what will happen. Those who fail to secure their wifi will most likely have that wifi breached by someone. There are unethical people aplenty. It's just how life works.