Life and code.
RSS icon Home icon
  • I’m Not l33t Enough to be a Blackhat

    Posted on August 11th, 2004 Brian No comments

    Since I work from home, I spend a fair amount of time working from the local cool coffee shop, The Common Grounds. They have good coffee, good sandwiches, friendly people, and (most importantly) free wireless Internet. I often spend a lot of my day there, sometimes beginning a little after lunchtime; and because Hedda is working so much, staying until they close at 22:00. The change of scenery helps keep me productive.

    Today, Chris and I were upstairs working as usual, and the network died. It’s happened a few times in the last few weeks, and it’s annoying, but no big deal. A few minutes later, this tall, white-haired man in a baby blue, button-up shirt comes upstairs carrying an Apple 17″ PowerBook G4 on one hand like a waiter balancing a tray of really expensive wine. With the other hand, he is manipulating the touchpad to fiddle with the settings on MacStumbler. He walks around the room, stands several feet away from us for a moment or two, and then asks Chris and I if we are doing anything weird on the network. “No,” we reply, “We were waiting for it to come back up.”

    Chris leaves for the day, and I head downstairs, since I prefer the first floor when I’m there solo. It’s almost twenty minutes later and the network still isn’t back up. There are several guys around the first floor conversing about this, and they seem convinced that somebody has hacked the network. Looking over the shoulder of one of the vigilantes’ screens, and eavesdropping a bit, leads me to understand that somebody is apparantly broadcasting their computer in peer-to-peer mode with the same SSID as the house access point. They not only believe this is why everybody has lost their connection with the network, they are sure that it is of malicious intent, and they are desperately searching for the culprit in an attempt to restore connectivity.

    For me, this is an S.E.P. as I am a savvy Internet addict. Rather than wait for the unreliable network to re-appear, I switched over to using my phone’s GPRS connection over BlueTooth. The connection is slower by several orders of magnitude, but at least it’s working. I’m happily chatting on IRC and copying files around the Library’s big iron, albeit slowly, while everybody else is sitting on their thumbs.

    You can probably guess the next part. The self-deputized officers are on the prowl for their mysterious network hacker, and they see a twenty-something with a huge laptop and a screen full of malicious-looking terminals, who also happens to be the only person in the place with an Internet connection.

    I could tell right away they were interested in me, but were afraid to ask. They huddled around over to my right, sort of in my view hoping I might say something. While I worked, the MacStumbler-wielding man walked over by me and proclaimed that the “signal is strongest right here.” Finally, one of them asked me, “Are you on a wireless VPN?” Now, I know what a VPN is, but they work over any type of network, not just a wireless. Naturally, I was confused by his bizzare apples-and-oranges question.

    “What does that even mean?” I reply.

    He immediately switched into luser mode. “Are you on the Internet?”

    “Oh, yea. I’m waiting for the wireless to come back up, so I’m connected through my phone, and it’s SLOOOOWWWWW.”

    He seemed satisfied, although to somebody not familiar with the coolness that is GPRS/BlueTooth, that claim would have surely sounded dubious. However, they left me alone to work, and that’s all I really cared about. The vigilante team continued their quest for the mysterious hacker.

    Maybe thirty minutes later, I look over my shoulder and see that somebody appears to be browsing the web again. So I flip on my network card and, sure enough, things are back to normal. Without warning, the head of the G4 guy suddenly appears to my right. “Are you the guy that’s messing with us?” he says in an accusing tone. He must have been watching me when I re-connected my network card.

    “Absolutley not. I’ve been waiting for the wireless to come back up, too,” I reply.

    “Well, the signal was strongest over here,” he fires back.

    “My network card has been off since it went down. I was connected through my phone, and I switched it off then.”

    He grumbled something in response and walked away. I’m sure he was convinced I was his mystery attacker. After all, who would make up an excuse like connecting through their phone! Fortunately for me, the net stayed up for the remainder of the evening. I fear I might have been lynched had it dropped again.

    So what could have caused this to happen? My personal theory is that the little LinkSys WAP serving the entire place occaisionally gets confused by all the traffic, and mistakenly switches itself into peer-to-peer mode. Whenever it would drop, I would notice a peer-to-peer connection was available with the same SSID as before, but if I connected to it wouldn’t work. I think that people are attempting to re-connect to the access point, not noticing that it’s a peer-to-peer network, which would suddenly give them the SSID of the network. The fact they have the same SSID is a red herring, though. The real problem is that the access point is screwed up and needs to be reset.

    Does that make sense? I admit I’m just waving my hands around on this. Got any better ideas? Email me. I don’t want to get lynched.

    Comments are closed.