Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

AT&T Won't Block Black Hat Eavesdropping Demo

samzenpus posted more than 4 years ago | from the enough-rope-to-hang-yourself dept.

Security 126

snydeq writes "AT&T says it won't interfere with a highly anticipated talk on intercepting cell phone calls at the Black Hat conference this week. Hacker Chris Paget last week said that he plans to demonstrate on Saturday how to set up what's essentially a fake cell tower that allows him listen in on nearby mobile calls. But Tuesday, he wrote on his blog that he had 'heard that AT&T may be considering suing me to stop my talk.' AT&T, however, has insisted it has no plans to interfere with the talk."

cancel ×

126 comments

Sorry! There are no comments related to the filter you selected.

AT&T Doesn't Care (4, Insightful)

OverlordQ (264228) | more than 4 years ago | (#33064574)

But what about the types of people that actually enforce the wiretapping and interception laws?

Ya forget AT&T, ask the FBI (4, Insightful)

Sycraft-fu (314770) | more than 4 years ago | (#33064718)

I'm still not very convinced this is legal, and you want to be sure. While they might well say "It isn't like he caused any harm, just let it slide," they also might now. The law is the law and all that. Plus maybe some company pressures them in to it. Some provider who gets mad says "Hey, you need to charge this guy, he broke wiretapping laws!"

When you are doing something all on your own equipment in a controlled environment, then sure you are good to go. So having a lab with what you need and trying it on your own stuff, that is legal. However intercepting random people in the area of your tower? Don't think that is legal, doesn't matter if you are doing it as a demonstration or not.

Re:Ya forget AT&T, ask the FBI (5, Insightful)

msauve (701917) | more than 4 years ago | (#33064794)

"I'm still not very convinced this is legal...So having a lab with what you need and trying it on your own stuff, that is legal."

It's definitely NOT legal. If nothing else, he'll be transmitting without a license on frequencies he's not authorized to use. When you use a cell phone normally, it's transmitting under the carrier's license authorization. If he sets up his own "cell site," there's not a license to be found anywhere. It doesn't matter how much power is used, or how far the signal can travel, if it's an intentional radiator, it's illegal.

Re:Ya forget AT&T, ask the FBI (4, Interesting)

causality (777677) | more than 4 years ago | (#33064944)

"I'm still not very convinced this is legal...So having a lab with what you need and trying it on your own stuff, that is legal." It's definitely NOT legal. If nothing else, he'll be transmitting without a license on frequencies he's not authorized to use. When you use a cell phone normally, it's transmitting under the carrier's license authorization. If he sets up his own "cell site," there's not a license to be found anywhere. It doesn't matter how much power is used, or how far the signal can travel, if it's an intentional radiator, it's illegal.

I had the impression that you could, without a license, transmit on frequencies that require a license so long as it's extremely low power, to the point that beyond X number of feet (300?) no meaningful reception of your transmission is possible.

Before CD players in cars were common, you could get standalone CD players that broadcast the audio in the FM band. The car's radio/tape-player could be set to FM and turned to that frequency to pick up the audio from the CD. This was acceptable because the transmitter is in the same vehicle as the FM radio, so tiny power levels were sufficient.

I admit that I am not a lawyer and don't know much about FCC regulations. I get the impression they're not an agency with a sense of humor, and one you wouldn't want to have to deal with. Still, would cell frequencies be given some special treatment that is not given to FM radio frequencies?

Re:Ya forget AT&T, ask the FBI (1)

sumdumass (711423) | more than 4 years ago | (#33065046)

They even had microphones that would transmit to a certain radio station. However, those devices were licensed and certified for a particular consumer use. It wasn't that you didn't need a license, it's that the device used a specific channel set aside for something like that.

Re:Ya forget AT&T, ask the FBI (1)

riT-k0MA (1653217) | more than 4 years ago | (#33066200)

You still have something similar:
A USB MP3-Player [amazon.com] which plugs into your cigarette lighter and transmits on FM frequencies.

Re:Ya forget AT&T, ask the FBI (1)

StripedCow (776465) | more than 4 years ago | (#33066280)

If you'd run the whole experiment inside a Faraday cage, then it would be legal I suppose. But then, in order to get the point of this experiment proven, AT&T must cooperate (i.e., put one or more of their towers inside the cage).

Re:Ya forget AT&T, ask the FBI (3, Informative)

msauve (701917) | more than 4 years ago | (#33066564)

I had the impression that you could, without a license, transmit on frequencies that require a license so long as it's extremely low power, to the point that beyond X number of feet (300?) no meaningful reception of your transmission is possible.

Nope, not as a general rule. What you're thinking of are the small FM radio band transmitters (such as used for iPod to car radio), which the FCC allows under a specific rule (47 CFR 15.239 [gpo.gov] ) which limits their output. No such rule is available for someone wanting to operate their own cell site. It's illegal, regardless of how low the power or how short the range. Another poster mentioned a Faraday cage; still illegal (even though you'd be unlikely to get caught).

Re:Ya forget AT&T, ask the FBI (0)

Anonymous Coward | more than 4 years ago | (#33066734)

You're thinking of FCC Part 15 rules and they do not apply to cell phone frequencies.

In fact without a permit it is illegal to even own a receiver or transmitter capable of using cell phone frequencies. Only law enforcement and such get permits. That is just the facts, this demo will be in violation for sure and presumably he is already in possession of illegal radio equipment.

Re:Ya forget AT&T, ask the FBI (0)

Anonymous Coward | more than 4 years ago | (#33067990)

Before CD players in cars were common, you could get standalone CD players that broadcast the audio in the FM band. The car's radio/tape-player could be set to FM and turned to that frequency to pick up the audio from the CD. This was acceptable because the transmitter is in the same vehicle as the FM radio, so tiny power levels were sufficient.

If I'm not mistaken, those devices operate outside of the FCC's FM-regulated frequency range (88-108MHz). The devices you're referring to broadcast at 87.5 to 87.9 and 108.1 to (something).

Re:Ya forget AT&T, ask the FBI (1)

Albatrosses (1712146) | more than 4 years ago | (#33068058)

Nope - I had an LG Fusic (a featurephone with a built-in FM transmitter) way back in the day. It would transmit on any frequency from 88 to 108.

Re:Ya forget AT&T, ask the FBI (2, Interesting)

EETech1 (1179269) | more than 4 years ago | (#33065452)

We have 3 pico (femto maybe) cells at my work that take cdma calls and data and route them into Verizon somehow (LAN?). We also have 4 Spotwave systems set up in other locations to re-transmit CDMA and GSM voice and data outside the building, so I'm quite sure it is legal to have the equipment, and transmit on Cell phone frequencies, because it is something that can be arranged by our help desk, and our telecom guy installs them and maintains them, as they are purchased, or leased by our company. Now being able to set it up wherever you want to, and start intercepting calls meant to be covered by another site, might be a different story! /sidenote: I used to have a spotwave system camping with me and set it up in places where there was poor coverage, and it was amazing how people would naturally collect in front of my rig over a weekend, as they all used to get their voicemails and texts as they walked by, and wow here is the only place in the campground my cell phone works! I used to unplug it if they collected to much and blabbered too loud. it was great fun to see them all lose their signals at once. Hello??? Hello??? Cheers!

Re:Ya forget AT&T, ask the FBI (1, Insightful)

Anonymous Coward | more than 4 years ago | (#33065484)

If he sets up his own "cell site," there's not a license to be found anywhere

Funny, the "cell site" I run and maintain broadcasts on said frequencies and is perfectly legal.

http://www.repeaterstore.com/products/repeaterkits/ [repeaterstore.com]

I never had to contact the FCC nor AT&T for any such license either. In fact it was AT&Ts own team sent out whom recommended the hardware and configuration.

The team was one sales droid and two techs, so I will give that these are not experts on law.
But what they are experts on are acting as a representative of AT&T, and recommending this as standard operating procedure for small to large campuses, or in my case one large manufacturing plant that is RF shielded in the external walls, would give me pretty decent legal protection if your claim was actually true.

I'm sure if I wanted to jack its transmitter output up a couple orders of magnitude to match the other cell towers out there, they might have a problem with it. But there is no need for that, neither in my case nor the black hat demonstration.

Re:Ya forget AT&T, ask the FBI (2, Insightful)

msauve (701917) | more than 4 years ago | (#33066660)

Funny, the "cell site" I run and maintain broadcasts on said frequencies and is perfectly legal.

The manufacturers/sellers claim that, but funny, they never cite the regulations which would support such a claim.

This is a grey area - if they are legal, it's for the same reason you don't need a license to operate a cell phone, because it's communicating with a system licensed for that frequency band (the cell carrier). Wilson, probably the manufacturer with the best reputation in this market, says "Wilson cell phone boosters fully comply with FCC regulations for cellular devices and are FCC type accepted." Note that they're very careful not to claim that operation without a license is legal. FCC type acceptance only means that a device meets the technical specifications required for use with a particular service (spectral purity, max power output, etc.), it doesn't mean the device can then be used by anyone without a license. You can buy many transmitting devices without a license, but actually operating one is illegal without a license (e.g. ham radios, GPRS, "business band" FM, etc.).

Re:Ya forget AT&T, ask the FBI (1)

msauve (701917) | more than 4 years ago | (#33066772)

I should add...
"because it's communicating with a system licensed for that frequency band (the cell carrier)..." with that licensee's authorization. When you use a cell phone, it is operating under the authority of the carrier's license. If you go to Verizon and buy one of the pico cells they carry, you're operating it on frequencies they have a license for, and with their authorization. If you buy and use a repeater from Joe's Repeater Shack, and your carrier has no knowledge of it, it is very likely illegal - they can't authorize its use if they don't even know you have it.

Re:Ya forget AT&T, ask the FBI (1)

GrumblyStuff (870046) | more than 4 years ago | (#33065664)

So... what are you, AT&T, or the FBI going to do to prevent or track/trace or even find out about such exploits being used?

Rhetorically "you", of course. Literally, though, how would anyone find out?

Re:Ya forget AT&T, ask the FBI (0)

Anonymous Coward | more than 4 years ago | (#33066680)

Literally, though, how would anyone find out?

Uh, read slashdot? Attend a demonstration at a publicized conference?

Re:Ya forget AT&T, ask the FBI (1)

GrumblyStuff (870046) | more than 4 years ago | (#33067950)

Well, ok, yeah, I'll give you that one. But uh... you know, every/anywhere else in the world without it being announced?

Re:Ya forget AT&T, ask the FBI (1)

sp332 (781207) | more than 4 years ago | (#33067508)

Nope, the demo will definitely comply with FCC regs about operating in the GSM band. http://www.tombom.co.uk/blog/?p=195 [tombom.co.uk]

Re:Ya forget AT&T, ask the FBI (1)

msauve (701917) | more than 4 years ago | (#33068022)

LOL. Not possible. He's obviously ignorant of the applicable regulations, since he is implying that low power somehow makes it legal.

This isn't hard. He doesn't have a license from the FCC for the cellular band (he can't, because ATT does). Unlicensed intentional radiators are covered (mostly) by 47 CFR 15(c). There is no provision for unlicensed operation in the cellular bands.

Cellular service is covered by 47 CFR 22, which clearly states:

Sec. 22.3 Authorization required.

Stations in the Public Mobile Services must be used and operated only in accordance with the rules in this part and with a valid authorization granted by the FCC under the provisions of this part ... (b) Authority for subscribers to operate mobile or fixed stations in the Public Mobile Services ... is included in the authorization held by the licensee providing service to them.

Additionally, he will likely be in violation of 47 CFR 15.9:

Sec. 15.9 Prohibition against eavesdropping.

Except for the operations of law enforcement officers conducted under lawful authority, no person shall use, either directly or indirectly, a device operated pursuant to the provisions of this part for the purpose of overhearing or recording the private conversations of others unless such use is authorized by all of the parties engaging in the conversation.

...and 47 CFR 15.5(b):

Operation of an intentional...radiator is subject to the conditions that no harmful interference is caused...

(he will be interfering with the operation of the ATT network)

Re:Ya forget AT&T, ask the FBI (4, Insightful)

Vellmont (569020) | more than 4 years ago | (#33065128)


"Hey, you need to charge this guy, he broke wiretapping laws!"

That might be just a bit difficult to convince a jury, given that his "wiretapping" is going to be limited to a small area that likely includes just the conference room full of people their for expressly this purpose, for not particularly long. If anyone doesn't want to be "wiretapped" perhaps they can restrain themselves and not make any phone calls during that short period in that room.

Why is it that some people are always so convinced "the law" is something like the laws of physics that's set in stone and not interpreted for a specific purpose?

I'm guessing he'll be breaking FCC regulations. If someone wants to make some big complaint about the few minutes he'll be running his demo, well I'd help contribute to whatever pathetic fine they might try to assess. In reality this would never happen since the FCC has better things to do.

Re:Ya forget AT&T, ask the FBI (2, Informative)

GrumblyStuff (870046) | more than 4 years ago | (#33065674)

From what I've heard of jury duty and from people I know who have had jury duty, they strongly emphasis only whether or not the law was broken and will screen for anyone thinking. Guess if they can't get a plea bargin, they go for the next easiest thing.

Jury nullification (0)

Anonymous Coward | more than 4 years ago | (#33066950)

From what I've heard of jury duty and from people I know who have had jury duty, they strongly emphasis only whether or not the law was broken and will screen for anyone thinking. Guess if they can't get a plea bargin, they go for the next easiest thing.

If you're in the US, you should know your rights as a jury member:

http://en.wikipedia.org/wiki/Jury_nullification

Re:Ya forget AT&T, ask the FBI (1)

hesaigo999ca (786966) | more than 4 years ago | (#33067470)

It is a well known issue that none of the cell phone SPs are ever held accountable and yet always get to charge the big bucks for all those services. Just for the sake of showing how weak the system is, if I were that guy, I would go through with it even if there were cops there to take me in after the presentation for breaking a law...I am sure many
people would help fund him for his his lawyer....we could all donate 1$ each...as well, this helps to promote more people to do this sort of thing, hence they will have NO choice but to up their infrastructure to be more secure in the end...

Just like someone from google giving an example in the wild of a zero day hack for M$, 1 week after telling them about it, so that the bug does not go on forever without being fixed, this is a forced attempt to make them fix their broken systems. I hope he goes through with it....

Re:AT&T Doesn't Care (0)

GSV Eat Me Reality (1845852) | more than 4 years ago | (#33064770)

  AT&T is probably going to strike back later on - with lobbying campaigns to put more vague provisions in new laws that make it illegal to do anything like what he is going to talk about.

  I'd imagine their lobbyists and lawyers will use terms like "potential disruptions to communications networks" and "danger to national security" and other buzzwords. Meanwhile as with nearly all such laws regarding technology the real effects will be to stifle experimentation and innovation by anyone without a license to do so, and the paperwork will grow to even more immense proportions.

  People will hack systems anyway, it'll just become even more dangerous to one's continuing free existence to even do innocent hacking.

  I'm going to abuse an old movie quote. "The more they tighten their grip, the more control over their systems will slip thru their fingers."

  I don't see that there is any amount of lawyers, lobbyists, laws, enforcement (that's a laugh) or anything else that will stop people from hacking new technology. Can't say that I have any idea what's going to happen in the future, but I suspect that William Gibson might have been on track with that a couple of decades ago.

  Paranoid, me? WTF do I know, I'm just another General Systems Vehicle, putting out little fires all around the sphere of humanity wherever I can and trying to do so in a manner that helps the whole.

Re:AT&T Doesn't Care (3, Insightful)

Nikker (749551) | more than 4 years ago | (#33064898)

As long as he only uses an informed and willing volunteer over a private connection would this demonstration really come under wiretapping laws? If they are going to send it through speakers infront of a crowd it would be more like an elaborate microphone than anything else.

Re:AT&T Doesn't Care (0)

Anonymous Coward | more than 4 years ago | (#33065098)

Who said AT&T would SUE?

They'll wait for you to blow your wad on the Fed's doorstop.

THEN they'll sue.

no AT&T wants to know so they can do this (1)

chronoss2010 (1825454) | more than 4 years ago | (#33066970)

this way they can then rmeove that tower later after there illegal spying is done

Hmm (1)

MoeDumb (1108389) | more than 4 years ago | (#33064576)

Did he hear it over an AT&T line?

Re:Hmm (0)

Anonymous Coward | more than 4 years ago | (#33067746)

It ain't no fortunate phone.

Rumour? (3, Informative)

amirulbahr (1216502) | more than 4 years ago | (#33064580)

So he blogged that he heard that AT&T might sue him to stop the talk, AT&T deny the rumour, it makes headlines.

Re:Rumour? (0)

Anonymous Coward | more than 4 years ago | (#33064598)

Well, slashdot headings at the very least.

Re:Rumour? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#33064790)

I'm amazed that this article isn't from kdawson.

Re:Rumour? (3, Insightful)

bsDaemon (87307) | more than 4 years ago | (#33064810)

Yeah. It's called "New Media." It's like news, but without the journalism degrees or standards of professionalism.

Re:Rumour? (3, Insightful)

chapstercni (238462) | more than 4 years ago | (#33064952)

Yeah.. cause we can see how professional all those journalists are that have the degrees. They are impartial, and fact check everything.

Re:Rumour? (2, Insightful)

bsDaemon (87307) | more than 4 years ago | (#33065004)

There are still plenty that do, although it's true that gone are the days of Cronkite. It's sad, really, but 24-hour news cycles mean they can't put as much time and effort into making sure that they cover relevant information accurately. That's not an excuse, more of an indictment. Do people even watch the evening news anymore?

Re:Rumour? (2, Funny)

inKubus (199753) | more than 4 years ago | (#33065500)

Why does news only have to last 24 hours? Any story worth telling probably has at least a few years worth of action in it. Slow is better. Trust me.

Re:Rumour? (2, Interesting)

GrumblyStuff (870046) | more than 4 years ago | (#33065686)

I try but they always tack on some celebrity or sports shit and then I turn off the TV.

Re:Rumour? (3, Insightful)

houghi (78078) | more than 4 years ago | (#33066034)

It's like news, but without the journalism degrees or standards of professionalism.

So it's like news?

Re:Rumour? (1)

nmb3000 (741169) | more than 4 years ago | (#33065496)

So he blogged that he heard that AT&T might sue him to stop the talk, AT&T deny the rumour, it makes headlines.

To be honest, the first think I thought when I read his blog entry was "scapegoat". Maybe he realized his hack doesn't work quite right, or is flawed in some other way and wants an easy way out of giving the presentation? Claiming worry about a big lawsuit sounds pretty good for that.

I'm betting at this point that AT&T came forward because they:

1) Want to make sure he can't use them as an excuse, and
2) They really want to know (probably more than most people) if the hack really works.

I can easily see some top-level AT&T execs (and other providers probably) asking their technical people if such a hack is possible. After getting a bunch of "no, sir, it's impossible!" all around, they're likely eager to see if their tech people really know their stuff or were just blowing sunshine up their butts.

Providers themselves are probably the last group that would stop such a presentation. The FBI on the other hand, they might be first in line.

Re:Rumour? (1)

Phroggy (441) | more than 4 years ago | (#33065516)

So where did he get the idea AT&T might sue? Did they tell him they might sue? Did someone else with inside knowledge of AT&T's plans tell him they might sue? Did some random person think to themselves, "hey, AT&T could sue!" and told him it was a possibility? Did he make it up himself and lie about it?

Also, did AT&T decide not to sue because they looked at the situation, considered their best course of action, and determined that suing wasn't the right thing to do? Or did they decide to sue, but then changed their minds when word got out because they knew it would make them look bad?

Re:Rumour? (0)

Anonymous Coward | more than 4 years ago | (#33065542)

Inception perhaps?

Glad AT&T is not being evil (this time) (2, Insightful)

onionman (975962) | more than 4 years ago | (#33064582)

Good to hear that AT&T is actually doing the "right thing" and hopefully learning from the research instead of attempting to suppress it.

Re:Glad AT&T is not being evil (this time) (2, Informative)

DJRumpy (1345787) | more than 4 years ago | (#33064612)

The right thing is to give these companies time to respond and to close potential security vulnerabilities before the information goes public. In this case, that obviously is not going to happen (by that I mean addressing vulnerabilities). I hate that they have to release this information in such a public way and wish they wouldn't, but I see the need for it all the same.

Re:Glad AT&T is not being evil (this time) (2, Insightful)

MessedRocker (1273148) | more than 4 years ago | (#33064634)

Sometimes the greatest incentive to change your ways is to have your foibles on public display.

Re:Glad AT&T is not being evil (this time) (1)

blackraven14250 (902843) | more than 4 years ago | (#33064680)

I remember reading on another story about this demonstration that this vulnerability is one that's been known for a decent amount of time so far. If so, this is the needed course of action, since the companies won't change until word gets out that the system is unsafe.

Re:Glad AT&T is not being evil (this time) (1)

Miamicanes (730264) | more than 4 years ago | (#33065106)

I think it's not so much a matter of not knowing about this as a potential vulnerability, as it is a case of the hardware necessary to pull it off suddenly becoming cheap and affordable to just about anyone with the slightest interest in doing it.

Perfect illustration of "exploit" that becomes possible due mainly to falling prices:

My best friend owns two Blu-Ray players. One is Region "A". He bought it for $99 the day after Thanksgiving last year. The other is Region "B". He paid around $160 for it, including shipping, from the guy in Hungary or Romania who was selling them on eBay. Both are perfectly happy to feed 1080p24 video via hdcp-protected hdmi to his TV. If he cared, I'm sure he could buy a Chinese Region "C" Blu-Ray player for another hundred bucks or so, plus maybe another $50 for a HDMI switcher. Region coding only works as long as players are too expensive to just go out and buy one from every region you care about.

Re:Glad AT&T is not being evil (this time) (4, Informative)

klingens (147173) | more than 4 years ago | (#33065294)

There already was a public talk about this GSM vulnerability last december. Back then, the group cracking the protocol didn't have the hard/software to demultiplex the connections a GSM basestation has to handle in realtime. That problem is now solved and so the hack is fully functional. The rainbowtables needed to crack the protocol were publicly created for almost all of 2009. The GSM industry had PLENTY of time to react and get their shit together, instead they stonewalled, ignored and threatened the hacking group as Mr. Piaget described back in his December 2009 talk.
The DECT industry group for cordless phones who use a similar encryption method but weaker as GSM had their protocol examined bofore that in 2008 or so by the same people. When the hackers approached the DECT people they were basically welcomed and both, DECT group and hackers, worked together on fixing the protocol, spec and especially implementations.
Ironically the DECT industry group and the GSM association is made of largely of the same companies...

Re:Glad AT&T is not being evil (this time) (1)

bogaboga (793279) | more than 4 years ago | (#33064616)

Good to hear that AT&T is actually doing the "right thing" and hopefully learning from the research instead of attempting to suppress it.

For AT&T, 'learning from research' would be admitting inferiority in a way. It's better for them to stay away officially then send geeks of their own to 'learn from the research', even though their own geeks failed to see iPhone problems before millions did.

Re:Glad AT&T is not being evil (this time) (3, Informative)

ScrewMaster (602015) | more than 4 years ago | (#33064636)

Good to hear that AT&T is actually doing the "right thing" and hopefully learning from the research instead of attempting to suppress it.

Time was when "research" and "AT&T" were damn near synonymous. But yeah, it's good that they're keeping the sharks in check.

Re:Glad AT&T is not being evil (this time) (0)

zonker (1158) | more than 4 years ago | (#33064920)

One of my uncles was a researcher at AT&T's Bell Labs and later BellCore. Most of the researchers in BellCore were let go and replaced with pencil pushers and lawyers. Today it is known as Telcordia and they no longer do R&D in the old facility. He now works at a bay area startup designing next generation solar panels. He often talks about missing doing raw science.

Re:Glad AT&T is not being evil (this time) (1)

Score Whore (32328) | more than 4 years ago | (#33065258)

Time was when AT&T wasn't just a name purchased by Cingular.

Re:Glad AT&T is not being evil (this time) (2, Informative)

evilviper (135110) | more than 4 years ago | (#33065442)

Time was when "research" and "AT&T" were damn near synonymous.

There was a time when Nuclear Power Plants and "Westinghouse" were nearly synonymous, yet now they're making cheap toasters that don't work.

The "AT&T" of today only happens to use the same name as the "AT&T" of years ago. Other than that, they died out entirely, much like Polaroid. What's now calling itself AT&T is, in fact, SBC, and has all the baggage associated with that shiftless company.

Re:Glad AT&T is not being evil (this time) (0)

Anonymous Coward | more than 4 years ago | (#33066754)

>>There was a time when Nuclear Power Plants and "Westinghouse" were nearly synonymous, yet now they're making cheap toasters that don't work.

Not exactly. There are still products sold under the brand Westinghouse, but it merely the name, different company. Westinghouse proper is now owned by Northrop Grumman.

Re:Glad AT&T is not being evil (this time) (1)

Michael Kristopeit (1751814) | more than 4 years ago | (#33064686)

would it be evil for AT&T to give the FBI the location of the talk and express concern about the electronic transmitter being demoed, which broadcasts a signal to phones before they allow calls to be intercepted?

what about every single person in the audience and surrounding city that might not really care how cell phone security works as long as people aren't advertising how to listen to their calls. he might have an angry mob on his hands.

Re:Glad AT&T is not being evil (this time) (1)

GNUALMAFUERTE (697061) | more than 4 years ago | (#33064724)

If you could cover any significant urban area with a small and low powered antennae sitting on a table inside a theater, mobile calls would be a lot cheaper than they are. This is research, and it's being done inside the lab. Also, stopping research is fucking stupid. If I got my conference interrupted by the FBI, I would go ahead and sell the technology to spammers. That would be far worse. Do not attempt to stop research, ever. It is the wrong thing to do, both in ethical and practical considerations.

Re:Glad AT&T is not being evil (this time) (1)

Michael Kristopeit (1751814) | more than 4 years ago | (#33064768)

why would your new research mesh network node ever need to trick users of a competitors network and intercept their traffic? why not just demonstrate a call strictly over your own network relays? is it because the latency of such a network makes voice calls horribly awkward? the advertised device and method of interception has no applicable use for research other than unwarranted interception. the advertised demo is neither ethical or practical.

Re:Glad AT&T is not being evil (this time) (0)

zonker (1158) | more than 4 years ago | (#33064940)

You think the FBI isn't already there? They've played a game called Spot the Fed [defcon.org] for years. It's damn near a tradition. They are there to learn what's going on in the hacker community. It's beneficial to them too.

Re:Glad AT&T is not being evil (this time) (1)

pspahn (1175617) | more than 4 years ago | (#33065064)

I was under the impression that if you went to Las Vegas, and something happened that you didn't want people to know about (maybe embarrassment, blackmail, or you don't want your grandchildren to know)... I thought it was supposed to stay there. Have I been lied to?

Maybe I should visit Atlantic City instead.

Re:Glad AT&T is not being evil (this time) (0)

Anonymous Coward | more than 4 years ago | (#33067434)

maybe at&t's reasoning is: "he hasn't committed a crime... yet."

a c&d or threat of a lawsuit might stop him for a short time, but may not permanently stop him from his work..

on the other hand, a video of him explicitly wiretapping private conversations is much more likely to get him sent to jail.

This fella is quite talented... (0, Flamebait)

bogaboga (793279) | more than 4 years ago | (#33064584)

...not to mention that he definitely has a lot of time on his hands.

Use linux? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#33064590)

Only if I were a total fag. Let's be honest people. Linux is teh gay.

Words and Deeds are often different (1, Insightful)

meerling (1487879) | more than 4 years ago | (#33064638)

Just because one person at AT&T said they won't do anything about it, there is absolutely no guarantee that someone else doesn't have different plans.
There are many examples of a corporate spokesman saying one thing, while the company immediately did the opposite.

just imagine:

Well dressed spokesman speaking to TV reporter: "Absolutely not! There is no credibility to the rumor that there is any terrorist activities or police actions taking place at this facility! The rumors are absolutely false! I can only guess that maybe someone who doesn't know any better got a little excited when someone in shipping started playing with some bubblewrap. Everything is just fine, no trouble what so ever."

In the background, a group of fully outfitted swat or paramilitary in black body armor and assault rifles run out of the nearby building and take cover behind a shipping crate, an explosion is heard and gray smoke pours out of the doorway the team just came from...

Re:Words and Deeds are often different (1)

bsDaemon (87307) | more than 4 years ago | (#33064838)

Or when Kennedy came out saying that no Americans would be involved in any invasion of Cuba right about the time of Bay of Pigs fiasco with the CIA...

Re:Words and Deeds are often different (2, Insightful)

nacturation (646836) | more than 4 years ago | (#33065002)

Just because one person at AT&T said they won't do anything about it, there is absolutely no guarantee that someone else doesn't have different plans.

The way I read it was: "Oh no, we won't interfere with the talk at all. But just wait until you see what we do after the talk!"

We are living in very interesting times. (-1)

GNUALMAFUERTE (697061) | more than 4 years ago | (#33064678)

AT&T will eventually react violently to this, but they have already shown more restraint than they would have shown 5 years ago. 15 years ago, they wouldn't have even known about this, or just ignored it. 10 years ago, they would have silently shut them down. 5 years ago, they would have made a huge PR stunt, and tried to get the FBI to stop this 'hazard'. Now, they are just dealing with it, powerless.

Our lives are filled with technology, and IT has gone mainstream. Very big parts of our infrastructure (most of the internet, just to give one example) relies on Free Software. Our beloved corporate overlords are getting anxious, because they can't control things the way they were used to. They will get increasingly violent and orwellian as they keep loosing control of the world.

The world has gone p2p, critical systems are now running in a decentralized manner, and that is pissing off your owners. Seeing them slowly realize how irrelevant they are becoming is going to be painful, distressful, but amazingly entertaining. Enjoy, and welcome to the future.

Re:We are living in very interesting times. (2, Insightful)

countertrolling (1585477) | more than 4 years ago | (#33064924)

...critical systems are now running in a decentralized manner...

Not so. Your entire internet is still in the hands of a small group that can cut your connection at any time with a simple flip of a switch or drop of an anchor.

I see AT&T's position (1)

Montezumaa (1674080) | more than 4 years ago | (#33064710)

While I detest AT&T on multiple levels, this shows that AT&T is thinking clearly(at least at the very moment at time). AT&T was probably advised, from a legal standpoint, that they(AT&T) had no legal basis to use to stop this demonstration. It is the same reason why we can learn how to build a multitude of bombs, learn how to make various drugs, and learn a plethora of various knowledge on the internet and out in the "real world". The First Amendment to the United States' Constitution cannot and will not be put on hold to make any group happy. Aside from threats of violence, "free speech" cannot be withheld from the citizenry.

Even though people, today, tend to believe to contrary, the U.S. Constitution is still very much alive(in that is still protects us the same way it has since its inception). While AT&T might have won a temporary injunction to stop this(if they properly sopped for a judge), it would have been quickly squashed on appeal and the information would have been disseminated rather quickly. The fact is that AT&T does not want negative press.

Of course, that could change. I mean, in the interest of being consistent, AT&T might just try to kill this at the last minute.

Re:I see AT&T's position (3, Insightful)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#33064736)

On the other hand, if they don't kill it, the presenter may well have just committed a number of crimes in front of a live audience, and probably a fair few cameras)...

If they don't, he'll just have some nastygrams to hang on his wall, and a story of being oppressed by the man, without any lingering consequences.

They might just be ignoring it entirely, figuring that the Streisand effect is not with them on this one; but the path of maximum vindictiveness actually requires them to let him go ahead...

Re:I see AT&T's position (1)

LurkerXXX (667952) | more than 4 years ago | (#33065338)

the presenter may well have just committed a number of crimes in front of a live audience, and probably a fair few cameras.

A live audience filled with feds...

Re:I see AT&T's position (-1, Redundant)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#33064758)

On the other hand, if they don't kill it, the presenter may well have just committed a number of crimes in front of a live audience (and probably a fair few cameras)...

If they do, he'll just have some nastygrams to hang on his wall, and a story of being oppressed by the man, without any lingering consequences.

They might just be ignoring it entirely, figuring that the Streisand effect is not with them on this one; but the path of maximum vindictiveness actually requires them to let him go ahead...

Maybe it will help the network (2, Insightful)

Anonymous Coward | more than 4 years ago | (#33064746)

Too many problems with the iPhones - personal towers might be a good idea

Re:Maybe it will help the network (1)

maxwell demon (590494) | more than 4 years ago | (#33065942)

Too many problems with the iPhones - personal towers might be a good idea

Maybe that's why AT&T doesn't want to block the presentation. They hope to learn something about building cell towers.

That's a wrong headline (1)

BudAaron (1231468) | more than 4 years ago | (#33064760)

Headlines like that truly annoy me. The implication is that AT&T is going to allow eavesdropping when in fact they are just not going to stop a talk! I don't like AT&T but that doesn't mean I like to see them or anyone else incorrectly maligned!

Re:That's a wrong headline (1)

Michael Kristopeit (1751814) | more than 4 years ago | (#33064824)

the false implication is that the demo WILL happen. a demo has been scheduled... claims have been made, but there is certainly no certainty that the demo will actually happen and fulfill all the claims.

Defcon != Blackhat (2, Informative)

baeyogin (461380) | more than 4 years ago | (#33064894)

Different conference. My understanding is that the EFF is involved, and signs are being posted around the perimeter. Either way, I won't be using a GSM enabled phone. Should be interesting.

Re:Defcon != Blackhat (1)

phantomfive (622387) | more than 4 years ago | (#33065118)

lol really? Is Defcon seriously marketing themselves as 'not blackhat' now? Man, they've really gone downhill. I don't want to go anymore. Time was that was their main selling point: convention of hackers, or which were definitely blackhats back in the day.

Re:Defcon != Blackhat (2, Informative)

Anonymous Coward | more than 4 years ago | (#33065238)

No, what baeyogin was saying is that the "Black Hat" conference takes place before DEFCON. They're both in Vegas, and Black Hat is the 28th-29th, while DEFCON comes afterwards.

There's nothing 'non-' or 'un-blackhat' about DEFCON.

Close one! (1)

arstchnca (887141) | more than 4 years ago | (#33064938)

Somebody at AT&T should be getting a pat on the back. He or she just helped the company dodge a Barbara-Streisand-Effect bullet.

He's worried about the wrong people (0)

Anonymous Coward | more than 4 years ago | (#33064980)

He should be worried about being arrested rather than being sued. It's illegal for civilians to intercept cell phone signals. Why would AT&T step in? They'll just let him commit a crime and the police will take care of the rest. And since he's gone to the trouble of announcing this to the world, law enforcement already knows what is going to happen, and they'll have personnel ready when the moment arrives.

Remeber Adobe? (4, Insightful)

PinkyGigglebrain (730753) | more than 4 years ago | (#33065158)

Anyone else remember how Adobe got the FBI to arrest and charged Sklyarov?

It doesn't matter what some mediadroid says. All it would take is one phone call from the right person at AT&T to the right person in the DOJ.

AT&T could deny any and all prior knowledge when the Feds arrest the presenter for breaking some law or another. Hell, AT&T could even call for his release afterward knowing that history would repeat itself.

Considering how big AT&T is again there really isn't anything anyone can do even if they did move openly. Boycott? HA!, how many of us can afford to give up our cell phones, home phones and Internet connections in protest? AT&T knows they have most of us by the tender bits.

Re:Remeber Adobe? (0, Troll)

Score Whore (32328) | more than 4 years ago | (#33065248)

Remember when Chris Paget defamed AT&T by making up a false story of impending litigation in a lame attempt to create some press for himself?

(That's one way it could go.)

I also heard that Chris Paget only runs Windows Me on his desktop because he thinks everything else is just dumb. That's what I heard anyway.

Re:Remeber Adobe? (1)

vlueboy (1799360) | more than 4 years ago | (#33065362)

Boycott? HA!, how many of us can afford to give up our cell phones, home phones and Internet connections in protest? AT&T knows they have most of us by the tender bits.

Maybe. But AT&T is NOT cable. Dialup and DSL usually have competitors that we can flee to in case of poor signal or service. It's not like it runs most of the world's internet... it's just an American company, and faces hard competition from Verizon, Sprint, T-Mobile and others. If underdeveloped places provide only AT&T service, then consider yourself weird --the VZ map is the most complete one when it comes to cell service, if their ads have taught us anything all these years.

Other than that, iPhones/iPads are the only remaining interweb machines completely tied up by AT&T (again, not beyond the United States.) In four(*) years, only true masochists will be left on Apple hardware at AT&T, unless Verizon and others really screw up their soon-to-be-opened iPad cell market.

(*) I hear the switch will happen in 2011 or 2012. Allow 2 years for current binding iPad internet contracts to expire, and another 2 for those signing up last minute right before those switches.

Re:Remeber Adobe? (1)

evilviper (135110) | more than 4 years ago | (#33065402)

Considering how big AT&T is again there really isn't anything anyone can do even if they did move openly. Boycott? HA!, how many of us can afford to give up our cell phones, home phones and Internet connections in protest? AT&T knows they have most of us by the tender bits.

AT&T, Verizon, and Sprint all provide competitive cell phone service. Sure, maybe you'd have to give up the exact model of cell phone you currently use, but that's it.

"Home phone" is a bit of an anachronism now. Wire a cell phone into your lines at home, and it's your home phone now. FIOS and cable are just VoIP now. You can go with them, or some other 3rd party VoIP service (magic jack, et al.).

And as for internet, most people that can get high-speed at all, have at least a couple choices of providers these days. Don't like the telco? Try the cable co. Bet they'll provide better service at nearly as low of a price. And lots of people that are happy with their internet service, are switching to wireless anyhow... Sprint's EVDO is below $60/mo. WiFi is free in many cases. Cell phone plans often come with data service as well. etc.

15 years ago... (1)

Vellmont (569020) | more than 4 years ago | (#33065182)

Listening in on cell phone calls was sometimes as trivial as turning on your TV to the right UHF station. If you wanted to get sophisticated, you bought a scanner to listen on the right frequency.

It's interesting someone found a way to make a base station an do a MITM attack, but this is nothing compared to the massive problem with cloning, interception, and everything else than went on in the analogue era of cell phones for many many years.

Isn't that the point? (1)

Seraphim_72 (622457) | more than 4 years ago | (#33065198)

No AT&T, you can't stop him. That is the problem, and the point of his talk.

Sera

I hate people (-1, Troll)

Ozlanthos (1172125) | more than 4 years ago | (#33065206)

Why is it that some people suck so badly that they feel the need to do stupid shit like write virii, write scripts that turn your computer into a slave for their use, write scripts that steal your info, write programs that allow them to cheat like little bitches on Battle Field 2, write programs that allow them to listen in on your cell phone conversations, write programs that pretty much bork your fucking windows partition? Why can't these fucking pieces of shit just play the fucking game, surf pr0n, download movies, comment on /., and check their fucking email like normal people????????????? I mean really, if you are so fucking smart you can write programs that do all of these things, why aren't you doing something more productive with your "skillz"?

-Oz

Re:I hate people (0)

Anonymous Coward | more than 4 years ago | (#33065518)

I mean really, if you are so fucking smart you can write programs that do all of these things, why aren't you doing something more productive with your "skillz"?

Probably because it's not about proving anything. It's fun. Yes, breaking or altering things to make them achieve an unintended result is fun. Creating something is not necessarily fun, in part due to the labor (and money) involved, and because it's an all-or-nothing ordeal; whereas when you modify something, the results tend to be immediately observable. It's just another derivative work.

Re:I hate people (0, Troll)

Ozlanthos (1172125) | more than 4 years ago | (#33065584)

Yeah sure, seems like a whole lot of fun when I can't use windows online anymore...Your assertion seems dichotomously true, and yet false. I derive great pleasure from making things that no one has had the brain-power to think up before. In that context, it seems like such "derivative works" are the product of laziness on the part of the authors to me.

-Oz

Re:I hate people (0)

Anonymous Coward | more than 4 years ago | (#33065660)

It is laziness. I take pride in my laziness, in order to produce a working product. If I did not, I would be programming 8 hours for every 1 hour that I do now. You seem to think that laziness is a bad thing. Laziness does not equate lower quality.

Your assertion

I didn't make an assertion. I said that duplicating or creating an 'original' product is not ALWAYS fun. In many cases, it IS fun. The "brain-power" that you imagine your creations to require is almost certainly not one of wits; thinking of something is easy - creating it isn't.

Re:I hate people (0, Troll)

Ozlanthos (1172125) | more than 4 years ago | (#33065876)

I've created many products that in the beginning stages were in fact "derivative works". However, I don't see how your line of reasoning relates to assholes writing crap-ware that fux up your windows machine to the point of rendering it inoperable. How is that supposed to be "fun" for anyone? I can imagine a modicum of smug at having ruined someone's ability to get online, but again, if you are smart enough to do that, you can do much more productive things with your time (whether or not you write "ALL" of the code involved...you know, like making Open Office work seamlessly with Microsoft Office...Or making Battlefield 2 work flawlessly on Ubuntu!)

-Oz

Re:I hate people (0)

Anonymous Coward | more than 4 years ago | (#33066476)

I don't know if you know many hackers in the exploit business (either professional/security or video games) but most of them do not actually use what they create. A proof-of-concept might be created by the former because it was cool at the time. In video games, the hacker usually spends a few days/weeks debugging the hell out of the game, and then tests his exploit for a day, distributes it, and moves on to another project. DRM crackers tend to follow the same ruleset: they identify a new DRM scheme a game uses, download/install that game, develop the exploit, and never play that game again.

Remote machine control (i.e. trojan backdoors) as you mentioned earlier is an interesting field that is both useful and malevolent. A lot of the development in this area is by people who think it's cool to figure out new ways to automate system interaction - not to control thousands of compromised zombie computers. To change subjects, viruses that destroy a computer's foundations don't usually start out with the intent of nuking machines everywhere. No, someone somewhere just thought it would be cool to theorize just how badly things could go under the worst of conditions.

The one common thread here is that all of these people had an interest in one area (video games, security, DRM, remote admin, system operation/stability, cellular tech/radio) and they sought to apply their skills in a way they found fun. Usually this excitement comes from learning more about the target, or the increase in aptitude of their trade (programming/RE/security), or because the process of hacking is a rush to them.

Most of the 'hackers' I mentioned do not themselves use what they make to cause harm. Not because they are always ethical, and not because they are always afraid of repercussions, but because most of the time, employing their tool is even less fun than devising it is. There are exceptions, but they are uncommon. The people you are angry at, the real people who cause harm, are usually not the exploit authors. They cobble available information together in a way we would laugh at - these people are not, as a rule, capable of creating anything new or worthwhile.

Street Creds (1)

cstec (521534) | more than 4 years ago | (#33065252)

I wonder how many will actually cut AT&T some slack or give them credit for NOT interfering?

Re:Street Creds (1)

Jaden42 (466735) | more than 4 years ago | (#33067204)

I wonder how many will actually cut AT&T some slack or give them credit for NOT interfering?

\insert is this your first time on slashdot joke here\

er (0)

Anonymous Coward | more than 4 years ago | (#33065280)

Claiming that AT&T is threatening to sue him will serve to garner him more attention, which is probably exactly what he wants.

Propaganda (0)

Anonymous Coward | more than 4 years ago | (#33065450)

The guy is making as much ado about his presentation as possible. He forced AT&T to deny that they will be suing him, nice propaganda move - probably no one in AT&T gave a f**k what's his presentation until he started spreading rumors about AT&T.

nokitel code (0)

Anonymous Coward | more than 4 years ago | (#33065848)

I bet he got it.

but seriously operation takedown aka hackers 2, this was kind of a major plot point.

How times have changed (1)

houghi (78078) | more than 4 years ago | (#33066060)

I think it is strange that we are now more worried about being sued then about the technical knowledge and the fact that if he can do it, everybody else can do it.

And this is a place where everbody says IANAL. This is a place about IT. And yet most people are more concerned about the law then about the technical side of it all.

So let's see what calls we can pick up... (3, Funny)

pinkushun (1467193) | more than 4 years ago | (#33066146)

Senator Stampingston: Gentlemen, it's clear that we're in a universally precarious situation. Dethklok has summoned a troll.
General Krosier: That's impossible, there's no such thing as trolls.
Senator Stampingston: Then how do you explain the dead unicorns?

Um... Okay, moving on to the next call...

strange (1)

StripedCow (776465) | more than 4 years ago | (#33066290)

Don't they teach students about man-in-the-middle attacks anymore, these days?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>