Hot Sales In China For Wi-Fi Key-Cracking Kits

alphadogg writes "Dodgy salesmen in China are making money from long-known weaknesses in a Wi-Fi encryption standard, by selling network key-cracking kits for the average user. Wi-Fi USB adapters bundled with a Linux operating system, key-breaking software, and a detailed instruction book are being sold online and at China's bustling electronics bazaars. The kits, pitched as a way for users to surf the Web for free, have drawn enough buyers and attention that one Chinese auction site, Taobao.com, had to ban their sale last year. With one of the 'network-scrounging cards,' or 'ceng wang ka' in Chinese, a user with little technical knowledge can easily steal passwords to get online via Wi-Fi networks owned by other people. The kits are also cheap. A merchant in a Beijing bazaar sold one for 165 yuan ($24), a price that included setup help from a man at the other end of the sprawling, multistory building."

WEP not secure, use WPA with random key

[Anonymous Coward]

Free Wifi cracking kit: Download here [backtrack-linux.org] and use with brain 1.0 and any USB wireless dongle.

How hard?

[Elitist_Phoenix]

Seriously. Usb Wifi Dongle + Rainbow Tables DVD + Backtrack = Win?!

Video in action

[DNS-and-BIND]

Video of cengwang ka in action here [ku6.com]. Someone whose mandarin is better than mine will have to provide a translation. "Mee-ma" means password. Heck, I might get one just to use it in airports and other places where jerks charge for internet. Evidently they are illegal as taobao.com [taobao.com] (the Chinese ebay) doesn't list them while a simple google search turns up dozens of vendors. I'll have to check on these next time I go to the computer market.

Another notable aspect of this story is that it's actually accurate. China is a blank slate to most Westerners and I have seen journalists fabricate the most outrageous lies simply because it "fits the narrative" (narrative=preconceived ideas). No surprise the guy who wrote this was in Beijing, it's like the world ends for journalists outside the fifth ring road.

Re:Are these available in the states?

[Rijnzael]

Sure are available DIY, for the price of a halfway decent wireless card (optimally supporting injection [aircrack-ng.org]), a box running linux, and the requisite AirCrack [aircrack-ng.org] (the latter for the total price of free).

Re:backtrack? aircrack-ng?

[SomeJoel]

Yeah, hey, look at TFS FFS you SOB:

a user with little technical knowledge can easily steal passwords

Note the lack of an article between "with" and "little".

Backtrack 4 on ebay

[kaptink]

Out of curiousity I put backtrack in to ebay and what do you know, theres half a dozen backtrack 4 dvds for sale as Hacking Operating System.

But no rerturns accepted!

Re:Are these available in the states?

[Anonymous Coward]

because anyone who knows what they are doing can get around a mac filter

Yes and no. It requires a few things to line up before you can just circumvent MAC filters. Namely, you need some legitimate devices on the wireless network to be active before you can use them.

That's for WEP ...

[Agarax]

You don't NEED packet injection, you just need it if you want to break into the network anytime soon. Sitting and listening to normal traffic will eventually get you enough packets to attempt to break it.

For WPA you don't even need packet injection, just deauth a client that is connected, collect their reconnection packets, and then run a dictionary/brute force attack against the handshake.

Re:I have a question.

[timeOday]

The summary says what the motive is: to make $24 selling the kits.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Are these available in the states?

[geekoid]

There are several tools you can use to get the SSID from a "Non broadcasting" device.

Linux:
http://www.kismetwireless.net/ [kismetwireless.net],
Airjack,
Many others...

Windows:
AirMagnet
AirSnort

I just listed the most common for the particular OS. I do know they can be compiled onto other systems.

If you take a minute to step away from your knee jerk reaction to correcting people and think about it, you would realize* that at some point it has to broadcast the SSID or know one could ever maintain connection.

http://tech.blorge.com/Structure:%20/2008/04/21/wi-fi-mythbuster-do-not-hide-your-ssid/ [blorge.com]

So it is trivial to get an SSID from one that is hidden.

* Against all evidence. I'm assuming your not actually an idiot

Re:backtrack? aircrack-ng?

[h4rr4r]

Indeed. I treasure my gmail account as I treasure the time I spend plundering your mothers anus.

Re:Video in action

[Anonymous Coward]

If you want actual news about China from Chinese folks, try ChinaSMACK [chinasmack.com]. They cover whatever Chinese internet users are talking about. Half of it is tabloid type crap, but it's more authentic than what you get in most newspapers.

Re:Are these available in the states?

[rtb61]

Of course these kits can be used far more destructively than just for free browsing. By penetrating a secure and encrypted connection, the legal holder of that connection is far more likely to be held criminally liable for the activity on their network.

Guilty until proven innocent for child porn, threats of violence against politicians and, terrorist related speech, these kits are quite dangerous. In China of course their version of the three worst things to do on the internet are speaking out for freedom, democracy and an end to government corruption, of course those is a far more risky activities to do in China.

Any political candidates out there, don't be cheap, wire up you homes because wireless could be the end of your career.

Re:this is why my network is "unsecured".

[Fnord666]

My wireless router filters devices by mac address.. if I understand it correctly, there's no way for it to be cracked into so long as the filters in my router are enabled. It recognizes my netbook, a skype phone, and an ipod that I own. All other devices will "see" the network but will not be able to access it.. if I understand the way it works correctly anyway. :)

If someone wants to use your network, they will capture packets so that they can see what MACs are authorized. They then alter the MAC address of their wireless card to be one of the authorized values and bob's your uncle.

Re:this is why my network is "unsecured".

[X0563511]

MACs can be sniffed, and spoofed.

The trick is to not use it while the "true" device is (you'll just cause problems)

Re:Are these available in the states?

[h00manist]

Aircrack is, curiously, one of the few tools that cannot be ported to windows, and which actually manages to attract people to run linux, just for this app. It's a "killer app", as they call it, which carries it's platform. Makes me think, sometimes, more open source software should be circulated without any windows ports or binaries at all, to keep people on open source platforms... of course, it goes against the whole idea of open...

Re:Video in action

[Zarel]

You Slashdotters haven't been very nice when talking about my country recently. :( But I'll forgive you. Here's a translation:

woman: "[incoherent] Wi-Fi key cracking kits are an extremely important threat to the safety of the Internet"

woman: "Here, we simply follow these instructions, and then use the CD drive [sic] to access the password cracking software, and five seconds later, it indeed shows us five Wi-Fi access points. Clicking one, the computer starts to automatically crack the password, and after a while, it displays a string of numbers."

man: "[incoherent] Looking at this, does this say that it's done yet?"

other man: "Yeah, it says it's successful; it's connected to the Internet now."

man: "So you can go and browse the web now?"

other man: "Yep, you can, using its [the key cracker's] connection."

other man: "Here, you can see four wireless signals, and the connections are pretty nice, at a speed of [incoherent]."

woman: "Continuing our explanation, these key cracking kits are a type of external Wi-Fi card, but their ability to search for access points is stronger. What's scarier is that it comes with black-hat hacking software, that can let you hack into others' router administration panels. If this kind of tool falls into the wrong hands, it could have serious consequences, such as disruption of service."

other man: "This software is very powerful. This one can crack passwords, and see here, I'm copying this guy's files - copying them to my own computer."

woman: "[some organization I didn't catch the name of] says that Internet hacking incidents are steadily increasing. In actuality, securing a computer is not difficult, and modern OSes have mechanisms to limit how many people can connect, and who has permission to connect."

other man: "Here, they've disabled DHCP and I'm connected, but I can't browse the Web since I don't have an IP address."

woman: "To clarify, Wi-Fi cracking happens overseas as well. Several countries have already enacted laws preventing it; [incoherent] and Singapore, for instance, have made Wi-Fi cracking crimes. England has not only made it illegal, but are actively hunting infringers. However, China still hasn't passed laws regarding it."

caller: "There are two sides to every issue. One one hand, it's password cracking, which is clearly wrong. But on the other hand, it's accessing the Internet for free, which should really be controlled by the owner of the access point and definitely [interrupted]"

TRANSLATION

[vampire_baozi]

Quick translation, since I'm kinda in a hurry (though, c'mon, DNS-and-Bind, you've lived there for 7 years? if I remember from a previous post, and you can't speak fluent mandarin now, plus a few dialects? What have you been doing with your time?)

Anchorwoman: We will now explore the background behind these (Wifi Keys) and the hidden danger they present to internet security.
The journalist installed the Wifi Cracking kit according to the instructions, and then used the Cd-rom to open the password cracking software. After 5 seconds, the computer monitor correctly displayed 5 wireless network signals. Click on any of the networks and the computer will automatically start cracking the password. After 4 minutes, a series of numbers appears on the display.
I'm just going to freeform this bit, I'm translating background chatter, not just the subtitles. Mostly Mr. Hu and the reporter talking, I won't note who is who, but it should be kind of obvious...also, there's stuff that isn't in the subtitles, so it should flow better
Guy1: oh, this is the password (background)
Guy1: AAAAA....
Reporter: His password is 8 A's (this is the subtitle guy number 1)
Guy1: What an idiot!
Reporter: Take a look at it now, did it work?
Mr. Hu (Hu something-ying, the middle character is too low resolution), network expert at a Wuhan Guangtong Computer Technology Development company: It succeeded, we're already online.
Reporter: So we can get online directly?
Mr. Hu: Yes, we're online through his network(thanks to the key)
Here we have 4 signals, this signal isn't bad! 18megabit speeds.
Anchorwoman: The computer expert explains, the Wifi Cracking kit is essentially a just wireless card, but its ability to search out wireless networks is much stronger than normal wireless cards. What's scarier, is that it's combined with a "hacker" software program that can easily hack into other people's host machine (host computer), if this apparatus is used for nefarious purposes, it could result in computer files being accessed, privacy leaks, etc., with serious consequences.
Mr. Hu: This is a serious threat to internet security. It can reveal secrets, and interferes with security. Look, I can directly make copies of his files, copy it directly to my own computer.Anchorwoman: Wuhan network expert Mr. Hu of the XYZ company IT dept. says that reports of successful network intrusion attempts are skyrocketing. He also explains that protecting yourself is not difficult, by setting the number of user accounts or adjusting the router settings.
Mr. Hu: Turn off the DHCP on the router, then even if you access the network, you can't get online,since there's no IP address. The important thing is to do it from the router.
Anchorwoman: The phenomenon of Wifi password cracking is common outside China, regardless of the nation. Singapore considers it to be a crime, and the UK considers it illegal and you can be arrested. In China, however, there are no laws about Wifi password cracking.
Phone caller, from Hubei, works with communications related company: This thing presents two main problems. The first is password cracking. This is a security/safety problem. The other is using other people's Wifi connections for free, this is a problem of stealing access. If you check and can find evidence of.....(is cut off)

I may have cut a few corners, but that's the gist. I don't do much technical translation, but this one was light on the technical terms anyway, so if you have questions or need other stuff translated, let me know.

Re:How hard?

[fl_litig8r]

No. Fail as long as AP is using WPA or WPA2 and a decent non-dictionary passphrase. Rainbow tables don't work on all passwords. Usually they just pre-calculate PSKs using large dictionaries with some minor mangling applied. Also, because the SSID of the AP is hashed into PSK, you need a rainbow table for the specific SSID you are trying to hack. So while some common SSID's like "linksys" or "attwifi" (Google church of the renderlab for most common ssids with pre-made tables) may be more vulnerable, if their passphrase is a 20-character, non-dictionary mix of alphanumeric, upper/lower case and special characters, you won't be cracking it in your lifetime using today's best hardware. For some impressive cracking of WPA/2 (after you capture the 4-way handshake), check out Pyrit, which uses GPU computing to blow away programs like aircrack or cowpatty. Using a radeon 4850, I can calculate over 20,000 PSKs/sec for any given SSID using a wordlist, john the ripper, crunch, or any other dictionary tool. But just to give you an idea of how futile this can be, I've calculated over 5 billion PSKs for a neighbor's WPA2-PSK router (it has a non-standard SSID) and I've only gone through 2% of an incomplete wordlist which is being mangled with john the ripper. Note: this is not for malicious intent. I have 2 neighbors using WEP that I cracked in about 10 mins and I haven't used their wifi -- just new to backtrack and playing around. To sum up: I doubt I'll ever crack my neighbor's WPA2, even if I were calculating 100,000 PSKs/sec. There are just too many possibilities once you leave the dictionary. So my advice: Use a non-standard SSID, and WPA2-PSK (radius is even better, obviously) with a non-dictionary password of 12 or more characters. Most hackers will give up on you and move on. This junk they're selling in China just sounds like WEP cracking stuff, which any slashdotter could learn in about an hour or less from the aircrack-ng site.

Re:Are these available in the states?

[Maarx]

Aircrack is, curiously, one of the few tools that cannot be ported to windows, and which actually manages to attract people to run linux, just for this app. It's a "killer app", as they call it, which carries it's platform. Makes me think, sometimes, more open source software should be circulated without any windows ports or binaries at all, to keep people on open source platforms... of course, it goes against the whole idea of open...

While I cannot debate it's status as a "killer app", the reason it works is not that the code for Aircrack cannot be ported, but instead because Windows does not possess the underlying DLL's to support it. In fact, the fork project, Aircrack-ng, has a port for Windows, with a giant alt-text disclaimer on the download link that says it doesn't work without DLL's that they do not provide (i.e., they do not believe exist). The result is the same, but it's inaccurate to speak of it as an inability to translate the program "source".