[Tfug] OT? Theft of service

[Bexley Hall]

On 1/24/2014 9:43 PM, Bender wrote:

>> A friend-of-a-friend has effectively isolated herself out of
>> "fear" that she is being "hacked" by her neighbors. Before
>> getting out the tinfoil and making *hats*, I want to reassure
>> myself that this sort of thing really is impractical, nowadays
>> (to the extent she claims its being done).
>
> Some more generalities might help...
> Age of friend?

I'm guessing early-mid 70's?  "Never ask a woman her age..."  :>

> What sort of hacks?

When explaining them, she quickly gets flustered -- conflating
issues from one technology with another, etc.  She has given up
her land line, Dish (?) TV and internet access -- at various
times.  Is fearful of her cell phone (to the point where I
imagine she leaves it *off* unless she is *actively* making
a call).

> Is any WiFi involved?

I know she has had WiFi peripherals so that could have been an
attack surface.  But, it's hard to get specifics (i.e., the sorts
of things you would put in a police report or a civil lawsuit).
And, if I "suggest" a possible attack scenario, I don't think
she is knowledgeable enough to know if I am accurately describing
*her* situation -- so, if she agrees with my assessment, I don't
necessarily know if I'm correct or if she is just jumping at
*any* possible explanation that would lend credence to her claim.

>> So, I'm inviting the pedants to nit-pick my assertions, below:
>>
>> E.g., a land line can be "stolen" (shared) iff the adversary has
>> physical access to the wiring. In an apartment house, dorm, etc.
>> this is relatively easy as there is typically a "phone panel"
>> *somewhere* that is "lightly protected". Or, individual
>> cable distributions *to* the rooms that aren't armored.
>>
>> However, in a residential neighborhood (single family, detached
>> homes), this is a bit harder. You either access the main panel
>> (usually under lock and key) that feeds the subdivision, *or*
>> the small "taps" throughout the neighborhood (which usually
>> require a special wrench to open).
>
> POTS is under attack from scrap metal thieves. It doesn't take long to
> find a telco pededstal that has heavy plastic wrap to protect it from
> the elements.

Hmmm... I've not seen that.  OTOH, I don't get out much... :>

> Those main panel covers are wrenched off to sell for scrap. (in addition
> to the copper) The latest time my POTS went out, that's what the Century
> Link contractor told me when I asked about the box out back in the alley.

I can imagine the copper being a target.  A friend had the copper
pipe for his ACbrrr (roofmount compressor) stolen one night.

I was planning on making some copper lamp sconces for the outdoor
lights but (getting that nice, natural green patina over time)
but thought otherwise...  too much effort to risk drawing attention
to it (while it is still "shiney copper")

Stealing wire would result in a *loss* of service.  It's my
understanding that she is claiming folks were "using her line"
(hence getting rid of the service altogether)

>> [This assumes utilities are below grade. Overhead would be even
>> more problematic!]
>>
> ...
>> Ages ago, CATV access was governed by access to the medium. So,
>> a "tap" off the feed -- or, any subscriber's "drop" -- was as
>> good as having your own account! I.e., the cable company had
>> to physically "sniff" the neighborhood to know of theft (there
>> were some "active" countermeasures explored to "toast" unprotected
>> hookups).
>>
>> With *digital* cable (is all cable "digital", now?), I assume the
>> media gives you *nothing* -- you need to access the output of the
>> cable box in order to have access to *content*. I.e., you would
>> need to have a tap *inside* the victim's home (and be limited to
>> watching whatever *they* were watching at the time).
>
> There is still analog cable access in Cox areas. With a digital STB or a
> cable card in a TV you can still access digital channels that are in the
> clear, I believe.

But, there would be no need to tie into *her* cable drop.  A sniffer
would find their feed just as easily as if they had gone to the cable
drop directly.  I.e., they don't benefit from her having the service...

>> For cable internet, I assume the same sorts of issues as DSL would
>> apply: access to the media (though this could be upstream from the
>> cable box) *and* a valid account name/password.
>
> For cable internet you tell the provider a hard ware address off of the
> modem. They find it in their system and provision it. There have been
> boilerplate access credentials and what not, but someone other than me
> would know better.

Again, there would be no advantage to using *her* cable drop.  And,
no "theft" (wrt her service) -- she'd still be able to access the
network, be unaffected by any "data metering", etc.

>> Satellite TV (Dish) would be the same as CATV (?)
>
> direc and dish use smart cards with encryption that make hacking the
> service impractical.
>
> 5 + years ago, Dish service was being compromised with generic DVB boxes
> from Korea. Someone would determine the latest keys and distribute them.
> That started a race of updating the latest keys after they changed. Then
> keys changed more and more often. Eventually the authorities caught up
> with people distributing the keys and the encryption was improved.

Again, there's no advantage to "tapping" into her dish (unless you
don't want a dish on YOUR rooftop).

I.e., I can't see in any of these scenarios how a thief *benefits*
from her having any of these services.  (That doesn't mean she isn;t
being targeted for *harassment*)

>> Finally, is it *practical* nowadays to steal cell phone service?
>> E.g., it was my understanding, years ago, that you could "sniff"
>> the required authentication information from phones "left on"
>> (my ex-BinL had many "unauthorized charges" on a phone some decades
>> ago). But, I would assume that this is no longer practical (at
>> least I don't hear the horror stories of it happening).
>>
>> Bottom line: for her to be a victim of *all* of these sorts
>> of "attacks" (hacks), she'd have to have some really *capable*
>> neighbors (adversaries) *and* they'd have to be *really*
>> "motivated" (i.e., as if she had poisoned their cat, etc.)
>>
>> I don't want to dismiss her worries only to discover these things are
>> *possible* -- or "likely". OTOH, it is painful to see someone going
>> through life in fear of availing themselves of common services that
>> others take for granted...
>
> Most likely, wireless is possible to be hacked. Social engineering or
> ill intentioned associations are next.
>
> When dealing with tech one doesn't undertand, where the media
> sensationalizes things, it's no wonder people get irrational. Then, if
> you have a living situation that naturally results in isolation....

I think this is exactly the situation.  No idea what her "nominal"
personality would have been like as I've only met her "in this
condition".  She could simply be more susceptible to "FUD" -- even
if self-inflicted.

> I know a septuagenarian who heard media reports of exploits and went
> open loop every time some story popped up. She did no banking or
> anything I think is the slightest bit risky other than some web browsing
> and email conversation with family topics. Windows updates and annual
> antivirus maintenance was an ordeal for her. Nevertheless, she had no
> tolerance for taking "the risk" so she cancelled AOL and computes off
> the 'net.

Well, *we* don't take unnecessary risks.  E.g., why buy "on-line"
if I can buy "in-person"?  My "work machines" are all isolated
from the 'net, etc.  I can live with sneakerneting the few items
that have to get on-to/off-of them.

But, we don't *deny* ourselves email/web access, etc.

> Then there's an octagenerian who has no fear. She insists on opening any
> and all emails. She has a son who rescues her from the latest Windows
> malware when she gets it.

"Ignorance is bliss"  :>

(sigh)  Unfortuantely, if there really are/were *real* attacks,
I would be better able to address them.  I'm poorly equipped when
it comes to assuaging irrational fears...

Thanks!
--don