[Tfug] OT? Theft of service pupyve6a

Bexley Hall bexley401 at yahoo.com
Fri Jan 31 22:13:29 MST 2014 

Hi Yan,

On 1/31/2014 10:21 AM, Yan wrote:
> There was a presentation at Defcon a few years back about some cable modem
> hacking, leveraging lots of security flaws in DOCSIS 2.0 protocol and
> implementations. I don't remember how much control the guy was able to
> exert (it was at least traffic sniffing, but maybe injection as well). If
> you're interested, the talks (the one I saw and its apparent follow-up) are
> up on youtube:
>
> http://www.youtube.com/watch?v=BBtdZDah6iE
> http://www.youtube.com/watch?v=L-5B_vs0i3E

Thanks, I'll have a look.  But the thief still needs access to the
cable.  So, he'd have to have purchased "basic cable" (else a routine
"sniff" of the neighborhood would expose him as a thief) and is now
trying to pirate *her* Internet service without paying for it.  Seems
unlikely...  (you can afford cable but not the extra few dollars for
inet?)

> For cell phones (at least, GSM phones from ATT and T-mobile), the wireless
> research lab here is constantly screwing up our cell phone service with
> their fake base stations during experiments, so that's more than feasible.
> Cell phone connections can be trivially MITMed, and any encryption on the
> phone calls themselves is broken. CDMA (Sprint and Verizon) probably has
> analogous attacks. The wireless lab has lots of fancy multi-thousand-dollar
> equipment, but I believe these things can be built for a few hundred
> nowadays. Some media attention is here:
>
> http://www.engadget.com/2010/07/31/hacker-intercepts-phone-calls-with-homebuilt-1-500-imsi-catcher/
> http://en.wikipedia.org/wiki/IMSI-catcher

Again, possible but you want to run the risk of getting prosecuted for
*eavesdropping*?  (if you *originate* calls using the service, then
its easier to come up with proof of theft -- another party is now
involved, willingly or otherwise)

> I would imagine DSL and phoneline would be considerably harder to MITM,
> although there is evidence (http://www.scoop.co.nz/stories/SC0911/S00040.htm)
> that it's possible (or, was possible in 2009) if you're dedicated enough.
> The pricetag listed there for the tech is $1000.

This is more risk than the cable attack:  you need a hard line from
her circuit to *your* "residence".  Hard to explain that away!  OTOH,
if you've already got cable legitimately coming into the house, its
harder for them to "see" that it is *you* using that inet circuit.

> And, of course, wifi is a lost cause. If you pour some money into GPUs, you
> can brute-force an arbitrary 8-character WPA password pretty fast (I
> remember a figure of 8 minutes being thrown around, but can't currently
> find the supporting literature). And that's not even taking into account
> the various protocol vulnerabilities in WPS, WEP (which is, amazingly
> enough, still used), and some WPA implementations.

Agreed.  But you can switch a radio off and close that attack vector.
See suspicious traffic?  Turn off radio; does traffic go away?  Much
easier than a POTS/CATV/etc. hack where you can't really gate the
source.

> I'm not sure about the rest. I was born too late to be a phreaker, so not
> too sure about the POTS stuff. And breaking into her DirectTV line just
> seems weird.

Phreaking was a different sort of "theft of service".  Aside from
synthesizing calling cards (which, conceivably, belong to *someone*),
most of the "boxes" stole from TPC, not from another "subscriber".
(granted, you wouldn't want to use a box on your *own* line so it
is conceivable that you could "cause some trouble" for whomever
"owned" the line you chose to use.  But, back then, TPC's detection
wasn't very robust/aggressive)

> While much of it is technically possible, some of it is pricey. I don't
> know if people would put together thousands of dollars of sophisticated
> hacking hardware and then decide to save some pocket change by harassing
> the poor lady down the street. I think the likely answer is that she is not
> the target of a clandestine hacking operation.

Occam's Razor.  It just doesn't make sense (playing the odds,
acknowledging that reality can sometimes be different!) that she
would be a victim of *all* of these attacks -- she'd either have
to have something terrifically valuable *or* have pissed the hell
out of someone to cause that sort of "investment" (and risk
exposure!) on their part.

I'm going to assume she's just "overly sensitive" to the possibility
of hacking and try to propose solutions "confident" that they
"can't be hacked" (i.e., if she THINKS they can be hacked -- even
requiring infinite resources -- she'll keep seeing fantoms where
PROBABLY none exist).

Thx,
--don

More information about the tfug mailing list