74 comments

[ 5.4 ms ] story [ 144 ms ] thread
I'm sure the creator knows why, but for some reason, he isn't talking...

> For the record, I asked Caudill about getting a NSL, Caudill would only answer, "No comment."

Because I reckon that's exactly what happened. Paranoid US government steps in as usual.

That's exactly how I would respond if I had failed to build a security device that lived up to its hype.
That is reasonable. I just feel like rather than have this sort of streisand-esque effect, if that really was the case, why not just say it. If you see sites like outincrediblejourney[0] this industry relishes failure nearly as much as success. Sure it would be a ding on the ego but in the Def Con community being interdicted by the NSA on a project you were working on is probably worse than not having fort knox level security on some prototype device you were going to present.

[0]http://ourincrediblejourney.tumblr.com/

He'll be a martyr in the DefCon community if they think the NSA stopped him.
Someone probably convinced him that it was a stupid, snake-oil idea likely to get anyone using it caught. This can only be good news.

I'm literally laughing out loud at the people who think this was killed due to overwhelming popularity. How out of touch are you? I guess we already know.

WIRED raises one possibility:

> Online anonymity tools certainly aren’t illegal. Tools like VPNs have allowed users to obscure their IP addresses for years. The anonymity software Tor is even funded by the U.S. government. But it’s possible that secretly planting a ProxyHam on someone else’s network might be interpreted as unauthorized access under America’s draconian and vague Computer Fraud and Abuse Act.

http://www.wired.com/2015/07/online-anonymity-project-proxyh...

Right. And there's a free speech exception for incitement, plus potential civil liability. I suspect that he consulted a lawyer.
Don't know about the CFAA as a whole, but it's perfectly sensible for placing a repeater on someone else's network without permission to be illegal.
I'd bet that this wasn't shut down for "national security" reasons but probably because the device wasn't what it was hyped to be. This has happened before, see Haystack[1]

[1] https://en.wikipedia.org/wiki/Haystack_(software)

ProxyHam seems like a neat combination of existing technologies, but it was just a Raspberry Pi + WiFi + 900Mhz interface. Probably was fun to make, but not necessarily something that deserves a lot of hype by Wired etc. Maybe the developer decided it wasn't worth all the trouble.

Perhaps it was meant from the very beginning to be nothing more than an a publicity stunt. If so, it did an excellent job at that, at relatively little cost.
> probably because the device wasn't what it was hyped to be

No reason to not release the schematics, unless they were embarassingly bad.

The guy behind this just hooked together two Ubiquiti 900 MHz bridges. Unless Ubiquiti wants to share their schematics, I doubt there's much to show on the hardware side.
I lived through the aftermath of 2009 Iranian presidential elections. This brings back many memories, none of which are good. I simply cannot fathom how someone could play with the emotions (and potentially lives) of a nation, all for personal gain, for fame and greed ...
What do you mean?
This set of stories from WNYC's On the Media captures the arc quite well.

You scarcely need to read (or listen to) the stories, though I recommend you do.

IN IRAN, NEW SOFTWARE TAKES ON INTERNET CENSORSHIP Transcript Friday, May 14, 2010 http://www.onthemedia.org/story/132777-in-iran-new-software-...

IS HAYSTACK TOO GOOD TO BE TRUE? Transcript Friday, September 10, 2010 http://www.onthemedia.org/story/132909-is-

AFTER HAYSTACK: SPEECH AND PRIVACY ONLINE Friday, September 17, 2010 http://www.onthemedia.org/story/132917-after-haystack-speech...

I think the above commenter was trying to suggest that the concept was thought to be cool, but on further examination, turned out not to be able to help very much in situations like what you experienced.
It sure sounds like someone got a nastygram with a gag order.

Which if your America is Norman Rockwells and has first amendment protections, etc. seems like it would be prima facie unconstitutional.

But there is that thing in our current system where being a test-case just drains your finances as well putting you at risk of criminal prosecution; even if the order is blatantly wrongful.

If someone is issuing such orders we can only hope that they are currently about to be doxed by whistleblowers.

"An even funner talk, which I've long wanted to do, is to do the same thing with cell phones. Take a cellphone, pull it apart, disconnect the antenna, then connect it to a highly directional antenna pointed at a distant cell tower -- several cells away. You'd then be physically nowhere near where the cell tower thinks you are."

That would be interesting.

Wouldn't it be easier to get $20 USB modem with dedicated antenna connector?

You'd still need to be careful about device IMEI, how you get your SIM card and load with credits.

If it became known to be deployed, what's the bet some Erlang hacker upgrades the cell tower firmware to detect probable directional antennae?

How would that potentially work? Well, I'm no radio engineer but I know it's possible. Normally you receive signals of varying strength as users move throughout your cell. I'm fairly certain that sub-cell positioning metrics are already developed on the change between these various known signal states and directions. One would simply pick outliers (eg. with constant signal strength, or constant direction).

Why Erlang?
I assume he was referring to how a series of popular telephone switches from Ericsson had their software written in Erlang.

The towers themselves would just be a mishmash of DSPery and C/C++, however. Probably, anyways.

An Erlang is a unit of load on a cell tower (or more generally in any telephony circuit).

Edit: Not sure if this is what the parent was referring to, but if the tower software was written in Erlang, it's certainly an interesting coincidence.

This would be really easy by correlating signal strength measurements from several towers. Then, an analysis of these data would reveal unusual patterns that differ from what would result with the common isotropic antenna.

This kind of correlation is already in use by mobile networks to narrow the location of emergency calls from handsets that are not sending GPS or other positional data.

What about people like me, who live with in range of just one cell tower. When ever I am within range of my cell tower at home, my signal always comes from the same direction, and roughly with the same signal strength. So far I have yet to be disconnected, though who knows, maybe I am flagged for suspicious activity :)
> You'd then be physically nowhere near where the cell tower thinks you are

This wouldn't work with TDM networks (like GSM).

The cellphone periodically has to produce a timing advance offset, so that the phone can send the signals ahead of its time slot, to arrive at the tower when its time-slot is active.

So effectively, your phone measures light-path distance between the tower and your phone periodically, with the help of the tower (this happens in 1/2 km steps).

This however isn't triangulation, so all my attempts to use TA + tower location to make a fake GPS (way back in 2004) ended up giving me erratic movements as I went up and down (and behind buildings).

Faking Timing Advance would be near impossible, because it uses light speed (on the given day's humidity etc).

I personally think the arstechnica link should be replaced with this one.
"900MHz radio frequency so the owner could connect from up to 2.5 miles away from the source of the Internet connection. As a result, even if someone tracked down the location of an IP address, the user wouldn't automatically be discovered."

triangulation seems to be a weakness if you can separate it out with other stuff transmitting in that range which I think is quite easy to do with the right hardware.

For some reason people just can't let go of 900Mhz as some kind of NLOS data transmission panacea. The truth is radio is HARD.
These radios actually tend to be line-of-sight with a directional antenna. You just look where its pointing to in a 2.5 mi radius and look for the other radio.
This happens every summer with Defcon, non-issue all around, and yet every summer people act like the sky is falling when a talk is pulled.
I don't understand the sortof not-saying-it-but-maybe-saying-it implications that the big bad government had to "shut this down".

It was a 900mhz wifi router with some wishy washy "security" speak slathered on top of it to gain attention.

If you want a 900mhz wifi router, here: https://www.ubnt.com/airmax/nanobridgem/

Go nuts. In fact, look at all of the other really cool stuff that ubiquity sells!

My guess would be that this talk was either pulled because the author got in a little over their head, or the organizers of the event realized that this was just going to be a talk about a DIY wifi access point.

BTW, proxyham guy: COOL PROJECT! Wifi access points are really fucking cool, and building your own is really fucking cool too. Everybody should build one.

Ubiquiti stuff is great. Only low cost stuff I found that penetrates the Faraday cage that is Central American housing. (They're concerned about earthquakes, so they fill every wall with rebar and concrete. I need two long-range APs to cover my not-big house.)

Downside is the admin system needs Java and runs as a service you browse to (and pretty sure there's a mongo dependency in there). Suppose it makes more sense in a dedicated office environment.

Yeah, exactly. Just installed a Ubiquiti setup in Guatemala between a tree on a mountain top (4G USB modem with high-gain antenna, solar panel, RouterBoard) to my parents house 2km down in the valley (where there isn't cell phone coverage).

Works great! Had to use a high power flashlight at night to get the angle perfect, but it sure beats satellite internet once we got it dialed.

You should photograph and blog something about this. It sounds super cool. Bravo
Nice work! What sort of bandwidth are you getting from it? Is the latency alright?
Definitely write a post about this. Why a flashlight? Was no laser pointer available?
I think it's pretty clear that they sold out.
I don't think that's clear at all. I think that's your jaded viewpoint and a shot in the dark.
is it fair to say that all of the speculation in this thread is merely shots in the dark?
When I first read about this idea I wasn't crazy about it, because it would be so easy to determine the source and destination of the 900 MHz signal. One of the comments in this article raises the same point: HFDF, huff-duff, high-frequency direction finding. This is WWII era stuff.

Instead of RF, I think a point to point IR laser link would make much more sense. It has a very significant limitation in that it would require line of sight (with maybe 1 judiciously placed reflector). But the advantages would be that 1) nobody would be expecting it and 2) it wouldn't be continuously announcing itself to the world.

...with the distinct disadvantage that the laser is pointing directly at you...

Why not just jump on someone's wifi connection while spoofing your MAC? Directional antenna client-side for distance. Problem solved.

Using a standard ~2.4HGz parabolic dish with a Ubiquiti Bullet M radio, I've hit strong APs at ~5Km.
Stab in the dark here (given your use of metric): do you also happen to use a common flaw in APs that use the tail section of an SHA1 hash in their SSID?
If you're speculating about my identity, no.

If you're twitting me about style, I just like "Km" more than "km" :) I mean, "KB" and "Kbps" are pretty standard, no?

KB=kilobyte, Kb=kilobit.
Yes, and ...?

Some say "kB" and "kb", rather than "KB" and "Kb".

But maybe k=1000 vs K=1024?

Yeah, 1 Km does not mean 1000 meters, it doesn't mean 1024 meters really either, it's just written as 1 km. For some reason, the metric system is only capitalized for mega, giga, and tera... only mega conflicts (with milli), nothing else is t or g. K, M, T, G seems more consistent than k, M, T, G.
There is a ton of FUD, but seriously? It is quite odd, Caudill responded to questions indicating that it had nothing to do with intellectual property or the FCC. Also the tweet said "immediately canceling talk" without explanation. One would think he would have said something about deadlines slipping or another conflict when canceling the talk. An NSL is probably not the case, but I also find it difficult to believe he just couldn't get it done in time given the utter lack of explanation and the media now moving in.
Perhaps it was just vaporware to begin with, and the creator knew this sort of action would create more of a stir than releasing the "schematics" or delaying it constantly. Not that I really trust government, but it seems FAR more likely that it was just vaporware.
Lol the best part? You'll never find the guy ;p (Because he has the device)
I think this device is way, way overhyped. If you are at the point where you need a device like this to get away from some government agency (or terrorists, or whomever) you expose yourself to so much risk just planting a 802.11 to 900 MHz bridge it's not even funny, and then if you have someone who is remotely competent is tracking you, I would imagine they'd having something like some SDRs or a couple of spectrum analyzers and notice unusual traffic on one of the few unregulated frequency bands, and would have no trouble at all triangulating you (believe me, the FCC is excellent at this). Would your normal law enforcement officer/agent from $THREE_LETTER_AGENCY always do this? Probably not, but if they're not going that far, you're probably safer just connecting in a normal fashion and doing things like MAC spoofing, or for added distance, just using a good 802.11 transciever with a excellent dish or yagi antenna. The 900 MHz bridge planted at the WiFi AP just screams "I'm doing something probably really bad", and the name of the game here is "keep a low profile."
Nice try LEA
If I were associated with the government, why would I encourage you to just use a very good 802.11 transceiver with the appropriate (dish or yagi) antenna instead? If I were with $YOUR_GOVERNMENT I think I'd encourage you to use "ProxyHam" as it would sure make my job easier (and would probably increase the number of charges I could bring against you).
> I think this device is way, way overhyped.

Based on what?

> believe me, the FCC is excellent at this

Any HAM radio operator or junior electrical engineer is excellent at this. Triangulation isn't magic. http://www.homingin.com/beginr.html#toc

> Based on what?

Based on the fact this got any media coverage whatsoever. Idea is cool, from the technical perspective of bridging from one frequency range to another (and there's obviously money to be made in it, as the equipment he used is manufactured by Ubiquiti for something similar to this purpose), but really is a very poor way to try and keep a low profile or make yourself less traceable/make an easier escape.

> Any HAM radio operator or junior electrical engineer is excellent at this. Triangulation isn't magic. http://www.homingin.com/beginr.html#toc

Right, I think it drives home just how relatively straightforward it is, not to say the FCC has a monopoly on the technique by any standards. I had mentioned the FCC, as this tends to be their domain, and I've been on the wrong side of their triangulation once in my youth. ;)

(comment deleted)
While we're discussing what is likely, just keep in mind that you can't use a 2011 understanding of what is an "implausible" action by government. No matter how implausible it seems, we've all been wrong about what they wouldn't plausibly do before, sadly.
(comment deleted)
The missing link here in my mind is what is on the other end of the 900Mhz link? Someone has to have an internet connection on the other end of it. It is not clear who would want to provide that and pay for it or how many users you could get on that link at the same time across the ISM band which is inherently noisy because cordless phones, baby monitors and all kinds of other unlicensed devices use it, 2.5 miles seems pretty optimistic. The best anonomizer I have found is simply finding an open WiFi hotspot and connect to it remotely. I live in a fairly urban area and if you use a directional high gain parabolic antenna you can connect to any number of open hot spots from afar and it is almost impossible to figure out where you are unless someone has a triangulation equipment set up ahead of time.
Without evidence to the contrary, let's stick with the most probable explanation: The device didn't work.
Sort of related: are there any actual hams in SF (probably SoMa, Dogpatch, Potrero, or maybe Mission, given my location and aspect) interested in trying to setup a (unencrypted) Broadband-Hamnet (BBHN, formerly HSMM) mesh network?

I've got a couple 2.4Ghz nodes but I'd been willing to try other frequencies. Ubiquiti gear is pretty cheap and nice.

http://www.broadband-hamnet.org/

From what I hear, you might find some interested people at Noisebridge.
I'd be interested; will have a roof at 2nd/townsend at some point late this year. More interested in satcom, though.
What satellites are you interested in?

I've got a handheld VHF/UHF yagi which is kind of fun (ISS, SO-50), but a rotor and a roof to put it on would be a lot nicer.

>ProxyHam, according to Errata Security CEO Rob Graham, was little more than the combination of a Raspberry Pi computer and a ... 900 MHz bridge from a company called Ubiquiti Networks...

I work at Cambium Networks (http://www.cambiumnetworks.com/), one of Ubiquiti Network's biggest competitors on this exact type of radio.

They provide you with a network bridge between two radios. The same effect could be reproduced with 2.5 mi of ethernet cables, except it's wireless. This is definitely nothing new. You still need a connection to the Internet at the other endpoint. How this secures you, I'm not sure. Also these radio's are line-of-sight and the antenna is directional. You could effectively follow the direction the radio is pointing at and find the 2nd radio installation.

From my perspective, this is a useless tool. It physically secures your computer. Plus ProxyHam is extraneous, these radio's work with minimal configuration. ProxyHam sounds more like a wireless broadband radio installer than a privacy device.

I would like to see some Ubiquiti gear that boots from removable media so I can use my own software to control it, similar to Soekris or PC Engines.

It is the Ubiquiti "OS" that keeps me away.

At least some of the Ubiquiti gear can run OpenWRT.
Would you believe I want to run something else other than Linux?