Defensive Computing

Lots of travelers have their checked luggage abused, but it takes a hacker to find out what really goes on behind closed doors. The first such hacker, who goes by the name "Algormor," is on the case.

In a presentation at the just-concluded hacker conference The Last HOPE, Algormor explained his method and motivation, and offered a glimpse behind the curtain.

No doubt, many can relate to his motivation, which started with one too many "Notice of Baggage Inspection" tags from the Transportation Security Administration. The last straw was when a zipper on his luggage was broken.

Algormor speaking at The Last HOPE conference

Bagcam derived from a perfect storm of circumstances:

• Algormor travels a lot, referring to himself as an "elite" flier. Among other reasons to frequently travel, he and his girlfriend live a few thousand miles apart.
• He's a techie, having been employed in IT for 15 years.
• He holds a private pilot certificate.
• His luggage has frequently been inspected and (in his estimation) abused.
• The illogical nature of airport security provided even further motivation.

On the last point, Algormor made it very clear that he is not an expert on aviation security. Still, he referred to it as "security by facade" and compared U.S. security to Europe's which he considers less invasive yet more productive.

This being a hacker conference, Algormor went into the details of how he hacked together a video camera and his luggage. The camera he used, costing about $500, is one solid piece (no moving parts) not much bigger than a hand. The camera supports motion detection to extend the battery life, which maxes out at about 10 hours. Video was recorded at 128x128 and 15 frames per second.

Extracting the video from the camera and converting it to a standard format was a major pain. But I was surprised at how small the hole he cut in the side of his luggage needed to be.

What has he recorded so far? By his own words, nothing damning. The videos he showed were at once fascinating and boring. For the most part, they offered a bag's-eye view of life on a conveyor belt. But there were some shots of TSA employees at work, and there was the expected shot of bags being mercilessly thrown into the cargo hold of a plane. Never pack anything fragile.

Surprisingly, the bagcam itself has yet to raise suspicion. You might think the video recorder would look suspicious to the scanning machines, but it has not yet been detected. What will happen when the TSA opens a bag and finds an active camera inside? An interesting question--and one for which Algormor doesn't have an answer.

Algormor can be reached via e-mail at algormor at gmail. He expects to post the presentation to Algormor.org soon. Could this be the beginning of something big?

Eighty percent of the audience at The Last HOPE also said they found a TSA notice in their luggage. When a bag is mutilated, Algormor said the airline blames the TSA, and the TSA blames the airline.

Frustrated and violated travelers are potential bagcam creators. Maybe someday the spread of bagcams will work like a deterrent. Stranger things have happened.

There are, however, legal issues. Algormor recorded only video, not audio. He strongly advised getting legal advice before constructing your own bagcam, as the rules for surreptitious audio-video recording vary from state to state.

Video of presentations at The Last HOPE conference will be available in the future. Exactly how, when, and where, I don't know, but watch the conference Web site and Hackerdvds.com.

See a summary of all my Defensive Computing postings.

The Last HOPE conference, now being held in New York City, is as much for people interested in hacking the real world as it is for computer techies.

One such real world presentation on Friday was called "Undoing Complexity--From Paper Clips to Ball Point Pens." Despite the title, it was about hacking high-security electronic locks from Medeco. (The paper clip in the title is a reference to using one as a way of bypassing one type of security in Medeco locks.) The presentation was very well attended, SRO in a large room.

The presenters, Matt Fiddler and Marc Tobias, didn't seem to hold a grudge. They said nice things about Medeco and its locks, which they claimed are used to protect the White House and England's royal family, among many other high value targets, such as server farms. But after 18 months of research, they claim to be able to hack into almost any Medeco high-security lock with ease. They also claimed to have had a good relationship with Medeco, until recently. Still, they must be Medeco's worst nightmare.

Much of the technical hacking details went over my head, but one thing came through loud and clear: don't trust the claims of vendors when it comes to the security of their locks. It was fascinating to hear how Medeco initially made a strong claim about its locks ability to resist one particular type of attack, then how it had to re-word that claim when that was proven untrue, and eventually, how it had to re-word the claim yet again to the point where it sounds good but has no real meaning at all.

Tobias was a guest, on the 2600 radio show Off The Hook on WBAI back on May 21. That show, is available for download here. He also spoke on "Lockpicking: Exploits for Mechanical Locks" at the prior HOPE conference. Audio of that talk is also available.

See a summary of all my Defensive Computing postings.

If there were ever a place for Defensive Computing, it's at a hacker conference.

So while attending the Last HOPE conference, a number of my previous postings came to mind.

First, there was the list of available Wi-Fi networks (see below) at the conference which, at times, showed four computer-to-computer networks (using the Windows XP terminology). These networks, also known as ad-hoc networks, are not governed by a router. While they may be set up on purpose, they are more likely to be accidental creations on the part of nontechnical computer users, or a purposeful trap set by someone with ill intentions. I wrote about this back in May. (See "A warning about 'free' public Wi-Fi.")

Everyone knows not to send anything sensitive, such as a password, over a wireless network. At a hacker convention, even a wired Ethernet connection to the outside world should be treated with caution. Not to pick on hackers, at any convention or at any hotel, a wired Ethernet connection deserves the same caution as a public wireless network. Back in January, I wrote that "wired connections to the Internet in a hotel are not, by their very nature, more secure than wireless connections." (See Ethernet connections in a hotel room are not secure.)

What to do? Rent a personal VPN.

The classic use for a VPN is an employee of a company using it to make a secure, encrypted connection to the office. But someone without a corporation, can rent a VPN that offers a secure connection to the VPN provider. Once data gets to the VPN company, it is dumped, unencrypted, on the Internet with everything else. The point is to encrypt everything coming into and out of your computer to protect it from any local bad guys.

The downside is speed. The speed test at Speakeasy.net showed that while I was connected to my VPN, the speed dropped by over half compared to using the Internet in an unprotected way.

The laptop I had with me was running the Online Armor firewall instead of ZoneAlarm, and as I noted a few days ago, I really missed not being able to see a log of intrusion attempts on my machine. At home, behind a router on my personal LAN, this isn't very interesting. But at a hacker conference, using a shared Wi-Fi network, it would have been fascinating to see who, if anyone, was knocking on my virtual door.

Something easily overlooked when connecting to public networks is file and printer sharing. While it's not the be all and end all, you're safer with it turned off. Windows XP users can find this with Control Panel -> Network Connections -> Properties of the network connection (you may want to do this for both wired and wireless networks) -> General tab -> checkbox for "File and Printer Sharing for Microsoft Networks."

Another easily forgotten protection involves turning off the wireless radio when you are not using it. This goes beyond the obvious issue of disconnecting from a public Wi-Fi network when you don't need it. There was a case where, due to a bug in some driver software, a computer could be hacked even when it was not logically connected to any network. All that was needed was for the Wi-Fi radio to be physically turned on. Plus, turning off the radio saves battery power.

Some laptops have a physical switch that turns off the radio. ThinkPads use Function-F5. As a last resort, Windows XP users can disable the Wi-Fi network. In my experience, that also turned off the radio.

Update July 19: Added topics on file and printer sharing and turning off the radio--thus proving, they are easily forgotten.

See a summary of all my Defensive Computing postings.

(Credit: 2600)

The seventh Hackers on Planet Earth conference, organized by 2600, starts Friday in New York. If you can't be at The Last HOPE, you can listen online.

Radio Statler (the hotel hosting the conference used to be called The Statler) will be broadcasting from radio.hope.net. The station will be live from 10 a.m. ET Friday until the close of the conference at 8 p.m. on Sunday.

There isn't a published schedule, most likely because there isn't an unpublished one, either. Plans are to stream the keynote presentations and other popular seminars, interview some of the speakers, carry reports from roving reporters, and talk to some of the attendees.

Hackers with their own podcasts are also invited to contribute. With a project manager named "LexIcon" a chief engineer who goes by "nikgod," it should be interesting. I'll be there, and maybe they'll even have a few minutes to talk to me.

For more, see 2600 HOPE conference bringing hacking to New York City and the Wikipedia entry for the HOPE conferences. Audio is still available from the prior HOPE conference.

Update July 18, 2008: There are two radio stations at The Last Hope. W2H (according to Bernie S., those are real, albeit temporary, call letters) is a ham radio station.

See a summary of all my Defensive Computing postings.

The list of talks is now firm for the upcoming hacker conference, known as The Last HOPE. Organized by 2600, who you may know from their weekly radio show, Off The Hook, on WBAI-FM or their quarterly magazine, the conference will be held July 18th through the 20th at the Hotel Pennsylvania in midtown Manhattan.

(Credit: 2600)

The 100 scheduled talks cover not only the expected computer hacking, but many other types of hacking too. Among the topics for computer techies are:

• Crippling Crypto: The Debian OpenSSL Debacle
• A fundamental flaw in virtualization
• Malicious User Interface techniques
• Intrusion Detection and Honeypots for the Home User
• Hacking with Microcontrollers
• Hacking the Business Traveler
• Identification Card Security
• Reverse Engineering Proprietary Algorithms
• Hacking the TI MSP430
• IPv6, the Next Generation
• Penetration Testing with Firefox
• Penetration Testing Using LiveCDs
• PGP vs. PKI
• RFID (a talk and a large demo)
• Malware with Adobe's Flash
• VoIP (in)security
• VLAN Layer 2 Attacks
• XSS Vectored Man-in-the-Middle Attacks

The non-computer hacking topics include:

• Biohacking - An Overview (about modifying DNA)
• Brain Hacking
• Consumer Electronics Hacking
• Hacking the Media
• Hacking Sex
• Hacking the Price of Food
• Food Hacking
• Hacking the Post Office

Anyone interested in security in the real world has a lot to choose from, including:

• Escaping High Security Handcuffs
• Design Defects in High Security Locks
• Methods of Copying High Security Keys
• Maintaining a Locksporting Organization
• Safecracking
• Ask a Spy a Question
• Strengths and Weaknesses of Physical Access Control Systems
• Bug Detection (not programming errors, surveillance bugs)

If you are interested in computer hacking but don't have a techie background, try the presentations on "No-Tech Hacking" and "Social Engineering."

Anyone who flies on commercial airlines may be interested in the "Bagcam" presentation by someone who put a small camera in their checked luggage to learn "exactly how TSA or the airlines managed to destroy your luggage". Also covered, "what security measures are actually in place once your checked luggage disappears from view?" Travelers may also be interested in "Warrantless Laptop Searches at U.S. Borders".

Voters would be interested in "Building a Better Ballot Box" and "Hacking Democracy: An In Depth Analysis of the ES&S Voting Systems".

New Yorkers may be interested in "The Art of Do-Foo" talk which aims to use statistics to "quantify successes and failures with the New York City community" and "isolate the key factors that have both positively and negatively influenced the culture in our region". There is also a talk on Privacy vs. Utility in the New York City Taxi System.

Among the featured presenters are Steven Levy author of "Hackers: Heroes of the Computer Revolution" published in 1984. The book was a defining work about the hacker culture. Kevin Mitnick, arguably the most famous hacker of all, will also be a featured speaker, as will Steven Rambam, an expert on privacy, who was arrested by the FBI prior to his talk at the previous HOPE conference.

If getting to New York City is impractical, 2600 is planning a hacker radio station during the conference to "give additional talk and interview time to the conference's speakers, broadcast the keynotes and other popular seminars, and offer attendees who don't speak at the podium a chance to share their ideas."

Information about the speakers is available at thelasthope.org/speakers.php. An interactive schedule is available at thelasthope.org/matrix.

Think of it as the summer semester at hacking school.

See a summary of all my Defensive Computing postings.

If you are interested in computer hacking, then 2600 is for you. They publish a quarterly magazine, have a weekly radio show on WBAI in New York City, and are holding a conference in July, also in New York City.

Their conferences go by the name HOPE, for Hackers On Planet Earth. The upcoming conference is dubbed The Last HOPE because the hotel where the conference is held may be demolished. The first speakers for The Last HOPE conference were just announced. They are:

• Kevin Mitnick, "the world's most dangerous hacker" in the eyes of the government and mass media, imprisoned for over five years, and now a successful computer security consultant.
• Adam Savage, co-host of the TV show Mythbusters
• Steven Rambam, private eye extraordinaire, who can find out anything about anybody and has always been willing to share his knowledge of privacy with the hacker community.
• Steven Levy, author of Hackers: Heroes of the American Revolution and chief technology writer for Newsweek.
• Jello Biafra, former lead singer of The Dead Kennedys and one of America's most interesting social activists.

The FBI prevented Steven Rambam from speaking at the 2006 HOPE conference, arresting him moments before his lecture. The case against him was later found to have no merit.

The Last HOPE will take place July 18-20 at the Hotel Pennsylvania in New York City, just across the street from Penn Station and Madison Square Garden. If you are in town a day early, Ricky Gervais will be performing the Garden. Competing with the first day of the conference, the Dalai Lama will be in town. That's New York City, something for everyone, even in the summer.

Conference organizers expect to have over 100 presentations in four tracks. See also "Hacker confab 'Last HOPE' to track attendees with RFID".

Update June 6, 2008: Additional speakers/topics

* Crafting a Security-Enhanced Wikipedia - Virgil Griffith
* What's Wrong With Your Company's Website? - The Cheshire Catalyst
* VoIP (in)security: Italians Do It Better - Alessio L.R. Pennasilico aka mayhem
* SWF and the Malware Tragedy - BeF, fukami
* Simulating the Universe on Supercomputers - Mark Vogelsberger
* Ghetto IDS and Honeypots for the Home User - Black Ratchet
* How to Make Cool Things with Microprocessors - Mitch Altman
* The Phone Losers of America - Various PLA representatives
* Botnet Research, Mitigation, and the Law - Alex Muentz
* The (Im)possibility of Hardware Obfuscation - Karsten Nohl
* Evil Interfaces: Violating the User - Gregory Conti
* Macro Social Engineering - LexIcon
* Building a Hacker Space - Representatives of the Global Hacker Space Movement
* Current and Emerging Robotic Technologies - Ben Sgro
* Methods of Copying High Security Keys - Barry Wels, Han Fey
* Threat Modeling - Kevin M. Williams
* Monumental Women and their Influence on Modern Technology - L33tphreak
* RIAA Litigations: How the Tech Community Can Help - Ray Beckerman
* Autonomously Bypassing VoIP Filters with Asterisk - Blake Cornell
* AntiSocial Networking: Vulnerabilities in Social Nets - Nathan Hamiel, Shawn Moyer

See a summary of all my Defensive Computing postings.