Hilarious: Activists Turn Tables On Political Surveillance Hawks, Wiretap Them With Honeypot Open Wi-Fi At Security Conference

Wireless router. Photo by Keith Williamson, Flickr.

Activists from the Pirate Party’s youth wing have wiretapped high-level political surveillance hawks at Sweden’s top security conference. They set up an open wi-fi access point at the conference and labeled it “Open Guest”, and then just logged the traffic of about a hundred high-ranking surveillance hawks who argue for more wiretapping, and who connected through the activists’ unencrypted access point. They presented their findings in an op-ed in Swedish this Tuesday.

The yearly security conference of Folk och Försvar (“People and Defense”) in the ski resort of Sälen is considered Sweden’s top security conference, with all relevant ministers of the cabinet present, all surveillance representatives present, and generally everybody present who would argue in public that surveillance of other people than themselves is the best idea since sliced bread.

At this conference, activists Gustav Nipe and Elin Andersson set up a honeypot open wi-fi, and labeled it “Open Guest”. About a hundred of the worst surveillance hawks used the honeypot access point during the conference. The activists were logging all so-called “metadata”: which servers were contacted and how. They present their findings in an op-ed in Swedish.

They start out by noting that it is borderline trivial to use this metadata from just casual browsing to uniquely identify the individual using the open wi-fi network, even manually combing through the collected data:

Analysis of the traffic metadata enables us to draw conclusions about which individuals were using our network. Visiting high-volume websites like the Aftonbladet tabloid won’t say much about the user in question, but when this is followed by connections to “mail.agencyX.se” and surfing on pages about a particular small city, the roster of possible candidates is dramatically reduced.

They also note that the people who are responsible for the very security of the country happily use open and unencrypted wi-fi to fetch governmental correspondence, and draw some conclusions from that:

On several occassions, we logged connections to mail servers of governmental agencies. Using an open, unencrypted network to read governmental correspondence is not good. For example, we saw connections to the mail server for the Swedish Civil Contingencies Agency (“Myndigheten för Samhällsskydd och Beredskap, MSB”). The agency’s mission is to develop society’s ability to prevent and deal with serious accidents and contingencies. We consider it problematic that their personnel is nowhere near sufficiently trained in information security.

But most of all, they wanted to make a statement against those who seed distrust and call for everybody else to be wiretapped, and seem to have succeeded well in doing so. They argue that they’re using the very same methods that the GCHQ, the NSA, and the FRA are using, albeit on a much smaller scale. They end their published findings thus:

In closing, we are happy to report that we have found no traces whatsoever of preparations of terrorism in our surveillance. However, we do note that people need to get much better at using the net in a secure manner.

Much kudos.

Rick Falkvinge

Rick is the founder of the first Pirate Party and a low-altitude motorcycle pilot.

Join the Discussion

Your email address will not be published.

Since I'm not a robot spammer I'm also answering this easy question:

Discussion

  1. LennStar

    “we are happy to report that we have found no traces whatsoever of preparations of terrorism in our surveillance”
    OMG! Thats totally wrong! It must say:

    Since we found no trace of terrorist planning, it is proof that some hidden conspiratorial meeting was going on which target was to abuse people’s right.
    We must therefore use enhanced interrogation at the members of the meeting to prevent terrorism in the future. For the safety of the people!

    Thats what they woudl have written, anyway.

    1. Telmea Story

      Bingo!

    2. gaby de wilde

      It is more awful than it looks. These people think they are spying for a specific purpose while the reality is that the data gathered is available to anyone willing to make minimum effort.

      While it seems obvious they should have a wired connection I don’t think people doing such sensitive work should be allowed to use the internet at all, not even privately. There is no way of knowing what they are sharing with who. If they need documents they can download them in advance. Ideally one uses a printer and has to get a stamp for every work related document that leaves the office.

  2. Fredrik

    I note that they did not seem to detect any unencrypted email server connections, and thus were unable to see: which email addresses were used, subject line or content of any mail.

    I’ve seen no evidence that the conference guests acted unsafely, and therefore resent the use of the Pirate Party’s name in such a poorly written article.

    1. Markus

      It shouldn’t take much for a men in the middle attack?!? I don’t know the Sweden law, at least in Germany that would be criminal and bring in an indictment.

      1. Caleb Lanik

        How would this be a man in the middle attack? They put up an unencrypted wifi network, they never claimed to be affiliated with the conference, and people chose to use that network of their own free will. When you connect to someone else’s router, they can see what servers you access. That’s how routers work. Is it a man in the middle attack when Starbucks knows what websites you access when you connect to their wifi?

    2. Freeflight

      It looks like they did not detect any encrypted traffic at all:

      “On several occassions, we logged connections to mail servers of governmental agencies. Using an open, unencrypted network to read governmental correspondence is not good.”

      Also from the looks of it they didn’t even spent much effort on fetching the content of these connections, but rather on merely using the metadata from these connections, to make a point.

      I’m sure with some more effort, and actual intend, they could have accessed quite a bit more of sensible data.

  3. @Fredrik

    Didn’t the activists wiretap the metadata only and ignore the actual payload of the IP packets completely? This was, at least, my understanding of the article.

  4. LoL

    ..u made may day.. congratz…

  5. […] dawg, we heard you like wiretapping! Schwedische Aktivisten haben bei einer dieser Hardliner-Security-Konferenzen einen offenen WLAN AP h…, während drinnen die ganzen Funktionäre für mehr Abhörbefugnisse plädierten.Fefes […]

  6. iR

    Since these people connected to this device without permission, are they not guilty of unauthorized access to a network device? I doubt they can prove they were given permission to do so. Logging those doing illegal activity on your own devices sounds reasonable.

    1. Christopher

      The law basically says that having an open Wi-Fi connection is like having a pair of clippers out saying “Borrow me at will!” on them.
      Basically, not illegal unless someone catches you using their open wireless network and tell you “Hey, knock it off, I do not give you permission to use this!”

    2. Martijn

      I would think that a network name of “Open Guest” will allow anyone to make a successful case that they were under the assumption the network was free to use for all.

  7. ohdude

    Thanks for making my Heart smile in these wtf-times. very positiv and well considered activism!

  8. TrueBlue

    Do you really thing they are so stupid? Just gave you enough info as a red herring.

  9. The Interloper

    record all the packets with wireshark and zip them, and make them available for download via P2P, so that the traffic can be decrypted, passwords cracked, messages read, email accounts accessed and havoc wreaked.

    This should be standard operating policy worldwide for any high-level security conference. People that presume to determine security policy for the whole world should be punished to the extreme for failing to maintain their own basic computer security. Leadership is by example, and those that cannot lead by example should be destroyed.

  10. ahmed kamel

    record all the packets with wireshark and zip them, and make them available for download via P2P, so that the traffic can be decrypted, passwords cracked, messages read, email accounts accessed and havoc wreaked.
    This should be standard operating policy worldwide for any high-level security conference. People that presume to determine security policy for the whole world should be punished to the extreme for failing to maintain their own basic computer security. Leadership is by example, and those that cannot lead by example should be destroyed.

arrow