Forgot your password?
typodupeerror
Security Wireless Networking Privacy Linux

Hot Sales In China For Wi-Fi Key-Cracking Kits 207

Posted by timothy
from the unsecured-is-so-much-nicer dept.
alphadogg writes "Dodgy salesmen in China are making money from long-known weaknesses in a Wi-Fi encryption standard, by selling network key-cracking kits for the average user. Wi-Fi USB adapters bundled with a Linux operating system, key-breaking software, and a detailed instruction book are being sold online and at China's bustling electronics bazaars. The kits, pitched as a way for users to surf the Web for free, have drawn enough buyers and attention that one Chinese auction site, Taobao.com, had to ban their sale last year. With one of the 'network-scrounging cards,' or 'ceng wang ka' in Chinese, a user with little technical knowledge can easily steal passwords to get online via Wi-Fi networks owned by other people. The kits are also cheap. A merchant in a Beijing bazaar sold one for 165 yuan ($24), a price that included setup help from a man at the other end of the sprawling, multistory building."
This discussion has been archived. No new comments can be posted.

Hot Sales In China For Wi-Fi Key-Cracking Kits

Comments Filter:
  • fp (Score:4, Funny)

    by Anonymous Coward on Wednesday May 05, 2010 @06:21PM (#32105304)
    First post using my neighbor's wifi!
  • by Locke2005 (849178) on Wednesday May 05, 2010 @06:21PM (#32105306)
    My neighbors have all started encrypting their wireless routers :-(.
    • by blair1q (305137) on Wednesday May 05, 2010 @06:31PM (#32105394) Journal

      How are you going to steal my bytes when I don't pub my SSID?

      • by Annymouse Cowherd (1037080) on Wednesday May 05, 2010 @06:33PM (#32105402) Homepage

        By sniffing traffic to determine the existence of your network?

        • by Tiger4 (840741) on Wednesday May 05, 2010 @07:13PM (#32105806)

          See that's where I fool 'em. I don't encrypt my traffic. They'll search all day and never find the key!

    • Re: (Score:2, Informative)

      by Rijnzael (1294596)
      Sure are available DIY, for the price of a halfway decent wireless card (optimally supporting injection [aircrack-ng.org]), a box running linux, and the requisite AirCrack [aircrack-ng.org] (the latter for the total price of free).
  • by Anonymous Coward on Wednesday May 05, 2010 @06:24PM (#32105338)

    Free Wifi cracking kit: Download here [backtrack-linux.org] and use with brain 1.0 and any USB wireless dongle.

    • by Kenz0r (900338)
      I've been meaning to buy a wireless dongle for playing around with Backtrack, but I heard not all of them support packet sniffing or packet injection.

      Can anyone recommend me a commonly available dongle that would support this, with good Linux drivers?
    • by antdude (79039)

      Any USB wirelss dongles? I never got my old Hawking Technology's Hi-Gain USB Wireless-G Adapter (Model: HWU54D; original version) to work under Linux and Backtrack CD. :(

  • How hard? (Score:2, Informative)

    Seriously. Usb Wifi Dongle + Rainbow Tables DVD + Backtrack = Win?!

    • Re: (Score:2, Informative)

      by fl_litig8r (904972)
      No. Fail as long as AP is using WPA or WPA2 and a decent non-dictionary passphrase. Rainbow tables don't work on all passwords. Usually they just pre-calculate PSKs using large dictionaries with some minor mangling applied. Also, because the SSID of the AP is hashed into PSK, you need a rainbow table for the specific SSID you are trying to hack. So while some common SSID's like "linksys" or "attwifi" (Google church of the renderlab for most common ssids with pre-made tables) may be more vulnerable, if thei
  • Video in action (Score:5, Informative)

    by DNS-and-BIND (461968) on Wednesday May 05, 2010 @06:33PM (#32105404) Homepage

    Video of cengwang ka in action here [ku6.com]. Someone whose mandarin is better than mine will have to provide a translation. "Mee-ma" means password. Heck, I might get one just to use it in airports and other places where jerks charge for internet. Evidently they are illegal as taobao.com [taobao.com] (the Chinese ebay) doesn't list them while a simple google search turns up dozens of vendors. I'll have to check on these next time I go to the computer market.

    Another notable aspect of this story is that it's actually accurate. China is a blank slate to most Westerners and I have seen journalists fabricate the most outrageous lies simply because it "fits the narrative" (narrative=preconceived ideas). No surprise the guy who wrote this was in Beijing, it's like the world ends for journalists outside the fifth ring road.

    • by grumpyman (849537)
      It seems to me that a lot of +5 insightful/informative comments here in slashdot about China are nothing more than "narrative" but not based on first-person observation/experience.
      • by Mashiki (184564)

        First person observation and experience in the old days was called journalism. Now we have reporters travelling the extra bit to make the news, especially when it doesn't fit their narrative.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        If you want actual news about China from Chinese folks, try ChinaSMACK [chinasmack.com]. They cover whatever Chinese internet users are talking about. Half of it is tabloid type crap, but it's more authentic than what you get in most newspapers.

    • I stay away from the bazaars when I visit Shanghai. Those peddlers can be harder to shake off than fleas on a dog's back.

      And no! I don't want a damn "Rolex" watch.

    • Re:Video in action (Score:5, Informative)

      by Zarel (900479) on Wednesday May 05, 2010 @11:30PM (#32107680)

      You Slashdotters haven't been very nice when talking about my country recently. :( But I'll forgive you. Here's a translation:

      woman: "[incoherent] Wi-Fi key cracking kits are an extremely important threat to the safety of the Internet"

      woman: "Here, we simply follow these instructions, and then use the CD drive [sic] to access the password cracking software, and five seconds later, it indeed shows us five Wi-Fi access points. Clicking one, the computer starts to automatically crack the password, and after a while, it displays a string of numbers."

      man: "[incoherent] Looking at this, does this say that it's done yet?"

      other man: "Yeah, it says it's successful; it's connected to the Internet now."

      man: "So you can go and browse the web now?"

      other man: "Yep, you can, using its [the key cracker's] connection."

      other man: "Here, you can see four wireless signals, and the connections are pretty nice, at a speed of [incoherent]."

      woman: "Continuing our explanation, these key cracking kits are a type of external Wi-Fi card, but their ability to search for access points is stronger. What's scarier is that it comes with black-hat hacking software, that can let you hack into others' router administration panels. If this kind of tool falls into the wrong hands, it could have serious consequences, such as disruption of service."

      other man: "This software is very powerful. This one can crack passwords, and see here, I'm copying this guy's files - copying them to my own computer."

      woman: "[some organization I didn't catch the name of] says that Internet hacking incidents are steadily increasing. In actuality, securing a computer is not difficult, and modern OSes have mechanisms to limit how many people can connect, and who has permission to connect."

      other man: "Here, they've disabled DHCP and I'm connected, but I can't browse the Web since I don't have an IP address."

      woman: "To clarify, Wi-Fi cracking happens overseas as well. Several countries have already enacted laws preventing it; [incoherent] and Singapore, for instance, have made Wi-Fi cracking crimes. England has not only made it illegal, but are actively hunting infringers. However, China still hasn't passed laws regarding it."

      caller: "There are two sides to every issue. One one hand, it's password cracking, which is clearly wrong. But on the other hand, it's accessing the Internet for free, which should really be controlled by the owner of the access point and definitely [interrupted]"

    • TRANSLATION (Score:3, Informative)

      Quick translation, since I'm kinda in a hurry (though, c'mon, DNS-and-Bind, you've lived there for 7 years? if I remember from a previous post, and you can't speak fluent mandarin now, plus a few dialects? What have you been doing with your time?)

      Anchorwoman: We will now explore the background behind these (Wifi Keys) and the hidden danger they present to internet security.
      The journalist installed the Wifi Cracking kit according to the instructions, and then used the Cd-rom to open the password cracking so

  • I have a question. (Score:3, Interesting)

    by 3seas (184403) on Wednesday May 05, 2010 @06:36PM (#32105444) Journal

    Why is china or the people of, so interested in causing problems on the internet?

    IS this just a way of rebelling that is safe for them from their government (the party they would really like to rebel against.)

    • Why would they want to rebel against the Party? Since Deng Xiaoping hijacked the people's revolution onto the capitalist road back in 1982, things have only gotten better in the PRC. Every year for the past thirty years has been better than the last. They got the Olympics and now the World Expo, and hell even the President of the United States bows his head [youtube.com] in acknowledgement of China's superiority. Obviously the Party is doing something right.
      • Re: (Score:3, Informative)

        by DigiShaman (671371)

        Without question, China is on fantastic road to recovery. Each year I go over there, I'm blown away at the level of progress going on. But make no mistake about it, going the capitalist road was rather self-serving of the CCP. The amount of kickbacks and bribery that goes on dwarf that of our American politicians. That's saying a lot.

    • by vxice (1690200)
      No we do it here too. We just have been messing with the internet longer so it is no longer news, damn n00bz.
    • by timeOday (582209) on Wednesday May 05, 2010 @07:34PM (#32106038)
      The summary says what the motive is: to make $24 selling the kits.
    • Meaning even if it seems the Chinese have a disproportionately high interest in net vandalism activity or whatever, statistically per capita they may actually have a disproportionately low interest in net vandalism activity or whatever.

  • Backtrack 4 on ebay (Score:3, Informative)

    by kaptink (699820) on Wednesday May 05, 2010 @06:46PM (#32105536) Homepage

    Out of curiousity I put backtrack in to ebay and what do you know, theres half a dozen backtrack 4 dvds for sale as Hacking Operating System.

    But no rerturns accepted!

  • by Anonymous Coward

    ...Kuang Grade Mark Eleven

  • As much as you stand to benefit by stealing another person's connection, have you ever considered what would happen if they found out, and started spying on your traffic?

    • by mlts (1038732) *

      That's why you always use a proxy server. I don't advocate using other connections because it might be someone who has a clue and a transparent web proxy, and might just be working on a new device (a la Phorm) to intercept and modify traffic en route, so all the slashdot postings posted by users using that AP turn into goatse troll posts.

      Best type of proxy server, if you can afford it? I'd probably say bite the bullet, pay the $20 a month and get a linode VM. Here, install and lock down your distro of cho

  • The main piece of the kits, an adapter with a six-inch antenna that plugs into a USB port, comes with a CD-ROM to install its driver and a separate live CD-ROM that boots up an operating system called BackTrack. In BackTrack, the user can run applications that try to obtain keys for two protocols used to secure Wi-Fi networks, WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). After a successful attack by the applications, called Spoonwep and Spoonwpa, a user can restart Windows and use the revealed key to access its Wi-Fi network.

    Ya. sure anyone can do it.

  • by gmuslera (3436)
    Such things could have an interesting effect in France if that law gets approved, specially if punishes you if someone downloads something illegal using your connection, even if the access wasnt enabled but cracked into.
  • 165 yuan is not cheap at all.

  • And your password is as short and simple as "sugar" (from the article) you deserve to be targeted by Chinese script-kiddie hackers.

What this country needs is a dime that will buy a good five-cent bagel.

Working...