Why it feels creepy to do so
Totally legit safe salesman
As a 30 year old man that knows how to program I get a lot of questions from relatives. Everything from ?But what is Bitcoin really?? to ?What if hackers take my bank information!? The good news for them is that large scale hacks are usually just enterprise database dumps which feel a lot less personal and a lot less scary. But what about a targeted attack on you? I always wondered how easy or difficult it would be to glean information of a specific person. As I found, getting some basic info is really not that hard. What follows is an experiment I performed on myself to see how vulnerable I was.
As a note, please don?t use this information to attack people. As you will read later in the article at some point it starts to feel super creepy.
My field experiment was to see how realistic the possibility is to uncover the details of someone?s personal life by hacking into their Wi-Fi. (To be clear, the target in this experiment was fully informed of my intentions.) In order to pull off this operation, I needed three things. The first was a laptop computer. The second, and most difficult to acquire, was a USB wireless device that would allow me to access Wi-Fi (called a dongle), which I was able to purchase for less than $40 on Amazon. The third item was a piece of software called VirtualBox (a ?virtual machine? program) that I downloaded for free from the internet.
Most people access the internet wirelessly, so I searched for Wi-Fi hacking programs. As absolutely no surprise, the first website I came across had swathes of information and details on the programs one could use and how to use them. In my case, all I needed was a version of an operating system called Backtrack. Providing I had a Wi-Fi dongle with the correct specifications, I could start hacking straight away. (The Wi-Fi dongle needs to be set to something called ?monitor mode? so that it can listen to the traffic on a Wi-Fi network.) The trickiest part is that only certain manufacturers make dongles that can be put into this mode, and therefore I had to search the Internet to make sure I ordered the correct one. Total time: ten minutes.
What the backtrack program looks like
Now comes the fun part. Would I actually be able to hack a Wi-Fi network? The short answer: yes. And it?s embarrassingly easy to do. Not only was I able to gain access to someone?s wireless network, but the program even showed me the Wi-Fi network password in plain text. This is what I believe to be the most important and potentially powerful achievement from this simple hack.
With access to someone?s Wi-Fi password, I would have a high chance of accessing more of their passwords (such as those for their e-mail, social networking, and possibly even bank accounts). Just think of your password and all of the possible variations you could add on to it. Perhaps only adding a number at the end or, if you?re clever, adding a few characters such as ?!@#$?, etc. Being able to access someone?s network password and realizing the potential dangers that could result if the password was in malicious hands is a scary revelation. It made me think twice about the digital world we live in. As I carried out this experiment I felt a sense of power and presence; once I had their network password, what else could I do and be capable of? I was curious to try out more. In my spiral of corruption, I decided to take things a step further (with permission of my ?victim?, of course…)
Once you have access to a wireless network, you have access to all of the information being passed by the computer to and from the Wi-Fi router. A program called Wireshark was a convenient tool to sniff out this traffic. With this software I was able to determine what websites are visited and, in some cases, even see the plain text usernames. As long as I was hacked into the Wi-Fi network before someone connected to it, I could capture all the network traffic. For example, if I was connected to your Wi-Fi network and started to listen to the network traffic before you turned on your computer then I would be able to see the ?digital handshake? your computer makes with the Wi-Fi router. With this I would have access to all of your web browsing data.
Admin panel for the wifi
The Wi-Fi router is the box in the corner of the room where the wireless signals come from. You can actually access many functions of it using any web browser (Internet Explorer, Firefox, Google Chrome) providing you have the password. As it would turn out, my ?victim? uses the same password for just about everything, including the password that connects them to the router. This gave me real power and it was at this point that things became really interesting. With this password, I was able to reboot the Wi-Fi router without actually touching it.
This was the first time I could perform an operation in the digital world that could actually have physical implications in the real world.
As soon as I pressed a button on my keyboard, the ?victim? would be disconnected from whatever they were doing. It could be something as mundane as sharing a Tweet or looking things up on Google, or it could be something more important such as a Skype job interview or purchasing a plane ticket. Since I knew that my ?victim? wasn?t doing anything too important I could put my worries to rest.
Sniffing traffic
Once the reboot occurred, all I had to do was to make sure that I connected to the network before they did ? which allowed me to see the ?digital handshake? and have access to their browsing behaviour and their usernames. The ?door?, so to speak, was basically open at this point. If they used the same password for both their Wi-Fi and their router administrator account, it would be likely that they also used it for their Gmail, Facebook, Twitter, LinkedIn, etc. accounts. If they used the same password for their online banking, then they would be in real trouble.
Is what I did wrong?
Personally, I have never been truly able to put into words why I don?t like the idea of someone spying on me. I don?t have anything to hide, but for some reason, I don?t like the feeling of being watched. After performing this experiment, I was finally able to find the reason behind my feelings. From the perspective of a hacker, I have realized that there is a very distinct and visceral line that must be crossed. Until you have experienced it ? or at the very least, tried to step into the shoes of a hacker like I have ? you may never truly understand these feelings of disdain.
That is why I do not like the idea of someone watching. We can all think of how creepy it would be to stand behind someone who is on their computer and just watch their screen, but it takes a certain type of person to take that imagination and apply it to reality. What they end up seeing is more than just the information; it?s the person behind the monitor that they?re observing. Whether it is a single individual or a group, the people doing the hacking can see me, understand me, and influence me.
I don?t fear what they know about me. I fear them.
