The National Security Agency isn’t the only one who can track your every move with their mass surveillance. Security researcher, Brendan O’Connor, has created a low-cost system of spy boxes and mapping software along with them which will enable anyone to track everyone else in a neighborhood or a city from the comfort of their home (or basement, if that sounds more spy-like).
O’Connor, who also runs the security consultancy firm Malice Afterthought, intends to unveil this system at this year’s Def Con hacker conference that will take place on August 1 to August 4.
The system is called “Creepy Distributed Object Locator” or CreepyDOL, which makes it sound as creepy as it actually is. CreepyDOL consists of a system of ten spy nodes, which are, in fact, small Raspberry Pi computers running Linux. Each of them costs less than $60, which is really cheap when you consider the powerful possibilities of these things.
They are designed to be hidden around the city. They can track the movements of mobile devices such as smartphones, and all the information they capture is sent to a database where the administrator uses that to see and monitor targets on a graphical map-based interface.
CreepyDOL is only the newest addition to a surveillance system O’Connor has been working on for more than 18 months now. His research done before has been funded by the DARPA (Defense Advanced Research Projects Agency), which is Pentagon’s research department.
The first piece of his CreepyDOL system that was part of his earlier research, is a small device called the F-BOMB (to clarify the name a little bit: it is an acronym for “Falling or Ballistically-launched Object that Makes Backdoors”). He made that one to demonstrate how the small spy box device can be planted in a company to wirelessly spy on a target.
When describing his earlier work, O’Connor said:
“With these F-BOMBs, I can gain creepy identity information pretty easily and passively. I can track people over whole areas of a city just by tracking their wireless devices as they wander around.”
CreepyDOL system is just a result of his further development of his earlier devices. He also perfected his software on those devices so targets can be tracked over a much wider area.
How CreepyDOL actually works
When the target’s mobile device or laptop gets in the range of one of the spy boxes, and connects to the same public WiFi network, the spy device can find out the MAC address of victim’s device and send it back to O’Connor’s server. When the victim opens a web page, or runs a certain app, CreepyDOL box runs the network sniffing software, Kismet, in order to pick up more sensitive information such as usernames, email addresses and victim’s version of operating system.
But wait, that’s not the creepiest part. O’Connor’s devices can even grab the victim’s photo in case they visit a certain dating site that isn’t protected with SSL encryption. All that information is combined to create the victim’s profile on O’Connor’s server.
“I take all this data, throw it together, and visualize it to show people with real faces and identities and histories moving around a map in 3D.”
He is going to present the screenshots of the mapping software and demonstrate how it’s pulling user’s private information at his Def Con talk.
Why did he create such a creepy spy device
Here’s what O’Connor says on why he developed these powerful spy devices:
“At some level I’m doing this because it’s interesting. But I’m also doing it to prove that this level of knowledge and detail isn’t only the province of intelligence agencies anymore. If you think that only the government, with millions and billions to blow on watching someone can create this problem for privacy, then we’re not going to solve it.”
It is unbelievable how much our mere browsing the Web can leave behind a trail that can be tracked not just by the NSA … but by any kid in a basement.