Cybereye | The Wall of Sheep
- By William Jackson
- Aug 11, 2008
One of the more entertaining features at this year's Black Hat Briefings, held last week in Las Vegas, was the Wall of Sheep, an Aries Security project that monitored the conference's wireless local-area network in search of unsecured traffic that could be used to publicly embarrass security violators for the amusement of others.
The results showed that even in a crowd primarily composed of independent security researchers and administrators from the high-tech industry and government, there is plenty of lax security in online habits.
The Wall of Sheep has been a fixture for some years at Defcon, the freewheeling hackers' convention that traditionally follows the Black Hat Briefings. The operators passively sniff traffic for unsecured transmissions and post the offenders' credentials, with some identifying data obscured, to shame violators into more responsible behavior.
There was no lack of traffic. Laptop PCs at the conference are as common as shoes -- maybe more so. Aruba Networks Inc. operated the network this year, and Black Hat/Defcon founder Jeff Moss announced that during the first day of the conference, the operators had clocked 240 gigabits of traffic.
There was also no lack of mischief. Aruba protected 709 clients that tried to connect to rogue access points on the network. Every year, attendees are admonished to use proper security when accessing the network and reminded of the risks of taking chances in an environment rife with people who fancy themselves crackerjack hackers.
It turned out that laptop PCs weren't the biggest security problem this year. It was the 'other' category.
'Laptops are pretty secure,' Moss said. But the Sheep folks found tons of Internet-enabled phones and other tools for Web browsing and e-mailing that were operating with clear text.
'Pay attention to your mobile devices,' Moss said. 'That's the weak spot right now.'
It illustrated the problems Ian Angell warned about in his opening keynote address at the conference. Angell, professor of information systems at the London School of Economics, has made a name for himself by cheerfully pointing out that technology tends to create at least as many problems as it solves. Computers aren't as smart as we sometimes assume they are, and we will ultimately regret it if we blindly depend on them to take care of us.
'If you become complacent, computers will really screw you up,' he said. 'Never put anything on a computer you wouldn't want the whole world to see -- because they will see it.'
And so, just as people are beginning to understand that they cannot trust their laptop PCs to go online without additional security, along comes a new generation of powerful devices that offer even more convenience and create even more problems.
Angell is not a Luddite, and he accepts that digital technology, like sex, is here to stay despite its risks. Within the narrow confines in which it is intended to operate, it can provide great benefits. Unfortunately, it never stays within those confines. Developers design a technology, users begin using it in ways not anticipated, and others look for ways to exploit it.
So when you go online, do not expect technology to provide you with a safety net. You are more or less on your own.
'Digital technology is part of the problem, not the solution,' Angell said. 'There is no solution, only contingencies.'
William Jackson is a Maryland-based freelance writer.