Hot Sales In China For Wi-Fi Key-Cracking Kits

alphadogg writes "Dodgy salesmen in China are making money from long-known weaknesses in a Wi-Fi encryption standard, by selling network key-cracking kits for the average user. Wi-Fi USB adapters bundled with a Linux operating system, key-breaking software, and a detailed instruction book are being sold online and at China's bustling electronics bazaars. The kits, pitched as a way for users to surf the Web for free, have drawn enough buyers and attention that one Chinese auction site, Taobao.com, had to ban their sale last year. With one of the 'network-scrounging cards,' or 'ceng wang ka' in Chinese, a user with little technical knowledge can easily steal passwords to get online via Wi-Fi networks owned by other people. The kits are also cheap. A merchant in a Beijing bazaar sold one for 165 yuan ($24), a price that included setup help from a man at the other end of the sprawling, multistory building."

Re:Are these available in the states?

[Annymouse Cowherd]

By sniffing traffic to determine the existence of your network?

Re:Are these available in the states?

[Rijnzael]

You have a fundamental misunderstanding of 802.11 and belligerence/holier-than-thou attitude to boot. An 802.11 access point will not respond to a probe with its actual SSID if it's configured to not broadcast SSID. If it were not heeding this directive, you'd still see the access point using a Windows station. This condition is the express purpose of the "don't broadcast SSID" directive.

You can verify your incorrectness by disabling SSID broadcast on an AP with proper firmware, actually saving the setting, ifconfig interface down/ifconfig interface up and attempting iwlist again. If you see an ESSID other than an empty string in your output, then you'll see the access point on Windows too, provided the band is supported by your Windows wireless hardware as well. Any other result is you doing it wrong or just plain trolling.

The only time you'll see the actual SSID of these types of APs are clients setting the ESSID field in packets they send to the AP, which would require you to sniff.

People like you are a significant contributing factor in the slow adoption of Linux, so thanks for that.

Re:Are these available in the states?

[GillyGuthrie]

and it makes it simple for my wife to let others on.

It seems simpler to configure WPA/WPA2 and just type in a password than to manually configure the router to allow a specific MAC address...

Re:I have a question.

[Anonymous Coward]

The CCP has done some smart things. In the usual slashdot style:

1: Send foreign exchange students into American flagship schools.
2: Learn American technology, get degrees in scientists that Americans are driven away from because CS people are considered rejects, nerds, people with "assburger's syndrome", and dweebs compared to the accepted American ideal of actors, singers, coaches, quarterbacks, or sports figures.
3: Head back to China.
4: Use said technological knowledge to do 50 years of advances in 5 years.
5: Use said social and society knowledge to commit espionage on a massive, unheard of scale for IP to use.
6: Offer US companies manufacturing for pennies on the dollar for doing things domestically. More IP in Chinese hands.
7: Strongarm more IP (I'm sure a corporate exec visiting a Chinese plant and held by the police will happily give up their access to the critical file shares if it means that, or visiting one of the black vans and "disappearing".)
8: Use Supreme Court decisions in the US legitimizing foreign presences and dollars to influence US elections.
9: Use Bush's fucked up policies in the Middle East to obtain a sturdy control of oil and energy resources globally.
10: ???
11: Profit. Perhaps just overrun Taiwan just to show that the US doesn't mean jack shit on the world stage anymore.

Re:Are these available in the states?

[rtb61]

For those crimes being accused is sufficient to destroy your life, especially when it often takes a considerable period of time to clear things up, months and often years. The 'other side' is law enforcement and they have no problem tracking accessing you via your ISP. As for selectively breaking into a connection to target a specific person, simple proximity and monitoring over a short time will be sufficient to identify the specific target, upon whom you wish to piggy back questionable traffic.

Not long ago a person was presumed guilty by the RIAA and a civil court a fined hundreds of thousands of dollars, with no physical evidence just the ISP records, with the persons claim that someone broke into their network not being accepted as a defence with out "PROOF OF BREAK IN" ie they were required to prove themselves innocent. Of course that is civil versus criminal but the point can be mute if it is equally punishing at the end of the day.

Oddly enough legally speaking having a completely insecure and open wireless network would be safer than a secured and encrypted network ie on the unsecured one you do not have to prove someone else accessed it.

PS the first step of breaking into people's computers is breaking into their network especially their internal network versus secured beyond the firewall internet connection (well, hopefully at least that). In charged political times and under social economic stresses, these destructive attacks become more prevalent, the real point is innocent until proven guilty needs to be at the forefront of all computer and network based crimes, especially when it comes to confiscation of technological devices for forensic analysis until the investigation is completed months or years later.

Re:Are these available in the states?

[fsulawndart]

All the Cisco APs have built-in RADIUS servers.