• Flattr FoI: 
Falkvinge &Co. on Infopolicy
BEFORE-FALKVINGE-IF-ANY FALKVINGE &CO. ON
INFOPOLICY
Falkvinge on Infopolicy - Home
»
Wireless router. Photo by Keith Williamson, Flickr.

Hilarious: Activists Turn Tables On Political Surveillance Hawks, Wiretap Them With Honeypot Open Wi-Fi At Security Conference

18

Activism

Activism

Activists from the Pirate Party’s youth wing have wiretapped high-level political surveillance hawks at Sweden’s top security conference. They set up an open wi-fi access point at the conference and labeled it “Open Guest”, and then just logged the traffic of about a hundred high-ranking surveillance hawks who argue for more wiretapping, and who connected through the activists’ unencrypted access point. They presented their findings in an op-ed in Swedish this Tuesday.

The yearly security conference of Folk och Försvar (“People and Defense”) in the ski resort of Sälen is considered Sweden’s top security conference, with all relevant ministers of the cabinet present, all surveillance representatives present, and generally everybody present who would argue in public that surveillance of other people than themselves is the best idea since sliced bread.

At this conference, activists Gustav Nipe and Elin Andersson set up a honeypot open wi-fi, and labeled it “Open Guest”. About a hundred of the worst surveillance hawks used the honeypot access point during the conference. The activists were logging all so-called “metadata”: which servers were contacted and how. They present their findings in an op-ed in Swedish.

They start out by noting that it is borderline trivial to use this metadata from just casual browsing to uniquely identify the individual using the open wi-fi network, even manually combing through the collected data:

Analysis of the traffic metadata enables us to draw conclusions about which individuals were using our network. Visiting high-volume websites like the Aftonbladet tabloid won’t say much about the user in question, but when this is followed by connections to “mail.agencyX.se” and surfing on pages about a particular small city, the roster of possible candidates is dramatically reduced.

They also note that the people who are responsible for the very security of the country happily use open and unencrypted wi-fi to fetch governmental correspondence, and draw some conclusions from that:

On several occassions, we logged connections to mail servers of governmental agencies. Using an open, unencrypted network to read governmental correspondence is not good. For example, we saw connections to the mail server for the Swedish Civil Contingencies Agency (“Myndigheten för Samhällsskydd och Beredskap, MSB”). The agency’s mission is to develop society’s ability to prevent and deal with serious accidents and contingencies. We consider it problematic that their personnel is nowhere near sufficiently trained in information security.

But most of all, they wanted to make a statement against those who seed distrust and call for everybody else to be wiretapped, and seem to have succeeded well in doing so. They argue that they’re using the very same methods that the GCHQ, the NSA, and the FRA are using, albeit on a much smaller scale. They end their published findings thus:

In closing, we are happy to report that we have found no traces whatsoever of preparations of terrorism in our surveillance. However, we do note that people need to get much better at using the net in a secure manner.

Much kudos.

You've read the whole article. Why not subscribe to the RSS flow using your favorite reader, or even have articles delivered by mail?

About The Author: Rick Falkvinge

Rick is the founder of the first Pirate Party and is a political evangelist, traveling around Europe and the world to talk and write about ideas of a sensible information policy. He has a tech entrepreneur background and loves whisky.

Liked This?

By participating in the discussion and posting here, you are placing your contribution in the public domain (CC0). If you are quoting somebody else, credit them.

Contributors take own responsibility for their comments.

18

  1. 1
    LennStar

    “we are happy to report that we have found no traces whatsoever of preparations of terrorism in our surveillance”
    OMG! Thats totally wrong! It must say:

    Since we found no trace of terrorist planning, it is proof that some hidden conspiratorial meeting was going on which target was to abuse people’s right.
    We must therefore use enhanced interrogation at the members of the meeting to prevent terrorism in the future. For the safety of the people!

    Thats what they woudl have written, anyway.

    • 1.2

      It is more awful than it looks. These people think they are spying for a specific purpose while the reality is that the data gathered is available to anyone willing to make minimum effort.

      While it seems obvious they should have a wired connection I don’t think people doing such sensitive work should be allowed to use the internet at all, not even privately. There is no way of knowing what they are sharing with who. If they need documents they can download them in advance. Ideally one uses a printer and has to get a stamp for every work related document that leaves the office.

  2. 2
    Fredrik

    I note that they did not seem to detect any unencrypted email server connections, and thus were unable to see: which email addresses were used, subject line or content of any mail.

    I’ve seen no evidence that the conference guests acted unsafely, and therefore resent the use of the Pirate Party’s name in such a poorly written article.

    • 2.1
      Markus

      It shouldn’t take much for a men in the middle attack?!? I don’t know the Sweden law, at least in Germany that would be criminal and bring in an indictment.

      • 2.1.1
        Caleb Lanik

        How would this be a man in the middle attack? They put up an unencrypted wifi network, they never claimed to be affiliated with the conference, and people chose to use that network of their own free will. When you connect to someone else’s router, they can see what servers you access. That’s how routers work. Is it a man in the middle attack when Starbucks knows what websites you access when you connect to their wifi?

    • 2.2
      Freeflight

      It looks like they did not detect any encrypted traffic at all:

      “On several occassions, we logged connections to mail servers of governmental agencies. Using an open, unencrypted network to read governmental correspondence is not good.”

      Also from the looks of it they didn’t even spent much effort on fetching the content of these connections, but rather on merely using the metadata from these connections, to make a point.

      I’m sure with some more effort, and actual intend, they could have accessed quite a bit more of sensible data.

  3. 3
    @Fredrik

    Didn’t the activists wiretap the metadata only and ignore the actual payload of the IP packets completely? This was, at least, my understanding of the article.

  4. 4
    LoL

    ..u made may day.. congratz…

  5. […] dawg, we heard you like wiretapping! Schwedische Aktivisten haben bei einer dieser Hardliner-Security-Konferenzen einen offenen WLAN AP h…, während drinnen die ganzen Funktionäre für mehr Abhörbefugnisse plädierten.Fefes […]

  6. 5
    iR

    Since these people connected to this device without permission, are they not guilty of unauthorized access to a network device? I doubt they can prove they were given permission to do so. Logging those doing illegal activity on your own devices sounds reasonable.

    • 5.1
      Christopher

      The law basically says that having an open Wi-Fi connection is like having a pair of clippers out saying “Borrow me at will!” on them.
      Basically, not illegal unless someone catches you using their open wireless network and tell you “Hey, knock it off, I do not give you permission to use this!”

    • 5.2
      Martijn

      I would think that a network name of “Open Guest” will allow anyone to make a successful case that they were under the assumption the network was free to use for all.

  7. 6
    ohdude

    Thanks for making my Heart smile in these wtf-times. very positiv and well considered activism!

  8. 7
    TrueBlue

    Do you really thing they are so stupid? Just gave you enough info as a red herring.

  9. 8
    The Interloper

    record all the packets with wireshark and zip them, and make them available for download via P2P, so that the traffic can be decrypted, passwords cracked, messages read, email accounts accessed and havoc wreaked.

    This should be standard operating policy worldwide for any high-level security conference. People that presume to determine security policy for the whole world should be punished to the extreme for failing to maintain their own basic computer security. Leadership is by example, and those that cannot lead by example should be destroyed.

Add a Comment

8 − 4 =

On Facebook

More in Activism

39

Activism – Nozomi Hayase

Activism – Nozomi Hayase

threwitontheground
19

Activism – Travis McCrea

Activism – Travis McCrea

Broken dictionary - CC photo by Flickr user eliajphilips
22

Activism – Zacqary Adam Xeper

Activism – Zacqary Adam Xeper

cheerse
11

Activism – Travis McCrea

Activism – Travis McCrea

paypalevil
21

Activism – Travis McCrea

Activism – Travis McCrea

Border Patrol In Montana
26

Activism – Travis McCrea

Activism – Travis McCrea

Other Recent Headlines

Swarmwise in Czech
19

Swarm Management

Swarm Management

Earth view taken by US Astronaut Terry Virts, Flight Engineer for Expedition 42 on the International Space Station Jan. 30, 2015 by NASA/Terry Virts.
16

Civil Liberties – Nozomi Hayase

Civil Liberties – Nozomi Hayase

error451
3

Copyright Monopoly – Martin Doucha

Copyright Monopoly – Martin Doucha

https://www.flickr.com/photos/btckeychain/9510887345/in/photostream/
21

Cryptocurrency – Nozomi Hayase

Cryptocurrency – Nozomi Hayase

Printing Press
54

Freedom of Speech – Zacqary Adam Xeper

Freedom of Speech – Zacqary Adam Xeper

Bitcoin concept
14

Cryptocurrency – Nozomi Hayase

Cryptocurrency – Nozomi Hayase

liberator
8

Civil Liberties – Christian Engström

Civil Liberties – Christian Engström

Open water - Photo by Flickr user elisfanclub
14

Reflections – Zacqary Adam Xeper

Reflections – Zacqary Adam Xeper

About The Author

Rick is the founder of the first Pirate Party and is a political evangelist, traveling around Europe and the world to talk and write about ideas of a sensible information policy. He has a tech entrepreneur background and loves whisky.

More On Infopolicy

handcuffs
32

Quality Legislation – Zacqary Adam Xeper

Quality Legislation – Zacqary Adam Xeper

US Capitol Buildings
24

Quality Legislation – Nozomi Hayase

Quality Legislation – Nozomi Hayase

Bitcoin concept
15

Cryptocurrency – Nozomi Hayase

Cryptocurrency – Nozomi Hayase

PyramidCapital
36

Diversity – Zacqary Adam Xeper

Diversity – Zacqary Adam Xeper

Money cut into pieces - Photo by Flickr user Tax Credits
90

Swarm Economy – Zacqary Adam Xeper

Swarm Economy – Zacqary Adam Xeper

Adobe the leech - original photo by OakleyOriginals on Flickr
180

Swarm Economy – Zacqary Adam Xeper

Swarm Economy – Zacqary Adam Xeper

peter_sunde_0237
74

Swarm Economy – Lionel Dricot

Swarm Economy – Lionel Dricot

solarroad
16

Swarm Economy – Zacqary Adam Xeper

Swarm Economy – Zacqary Adam Xeper

NSA Seal Holding the Heartbleed Logo
40

Infrastructure – Zacqary Adam Xeper

Infrastructure – Zacqary Adam Xeper

Bitcoin concept by Antanacoins. CC-By-SA, Flickr.
44

Cryptocurrency – Charlie Shrem

Cryptocurrency – Charlie Shrem

Bottles of Snake Oil - Photo by Jagrap on Flickr
32

Copyright Monopoly – Zacqary Adam Xeper

Copyright Monopoly – Zacqary Adam Xeper

facebook
12

Swarm Economy – Zacqary Adam Xeper

Swarm Economy – Zacqary Adam Xeper

523377_63619557
4

Infopolicy – Henrik Brändén

Infopolicy – Henrik Brändén

photo_10071_20090418-646x363
71

Copyright Monopoly – David Collier-Brown

Copyright Monopoly – David Collier-Brown

National_Security_Agency_headquarters,_Fort_Meade,_Maryland_public_domain_image
170

Infopolicy – Christian Engström

Infopolicy – Christian Engström

"God Hates Signs" next to "God Hates Fags" protesters
8

Freedom of Speech – Zacqary Adam Xeper

Freedom of Speech – Zacqary Adam Xeper

Many different currencies - CC photo by epSos.de
46

Diversity – Zacqary Adam Xeper

Diversity – Zacqary Adam Xeper

le_tresor_rackham_le_rouge_1280x1024
12

Copyright Monopoly – Lionel Dricot

Copyright Monopoly – Lionel Dricot

Valve mechanism
101

Freedom of Speech

Freedom of Speech

Books before copyright
100

Copyright Monopoly – Johnny Olsson

Copyright Monopoly – Johnny Olsson

This publication is protected under the Constitution of the Kingdom of Sweden. Any problem you have with this publication remains exclusively yours. Accountable publisher: Rick Falkvinge.
All text on this site is Public Domain / CC0 unless specifically noted and credited otherwise. Copy, remix, and inspire. (Troll policy.)
Log in | Original theme design by Gabfire themes (heavily modified)