Sign in with
Sign up | Sign in
Your question

Hacking WEP Article

Last response: in Wireless Networking
Share
May 11, 2005 8:57:41 PM

Anyone else find the How-To Hacking WEP article a little too detailed?

While I think it spurs on the industry to create better security, fix problems, etc. Does the entire general population need to know how to do this in great detail?
Aside from giving the full how-to on finding necessary information on APs, Laptops, and PCs, they did a good job at taking away any security offered by WEP.

Personally, I feel that without these articles, if I get hacked, or my company gets hacked, congratulations for being that good. But how many kiddies are going to go out there and be wanna-be hackers? Script kiddies..

Now I'm sure this information can be found elsewhere on the internet with some great deal of searching.. but this being a slightly more professional website geared toward home users/SOHO, do we really need to know how to hack WEP in detail?

This author of this article, while being informative and very helpful on one side, just made things harder for the ones who don't know how to completely protect themselves to the fullest extent.

In reference to another post: "This is like someone posting how to break into your car without using any special tools," etc.
How does that make you feel? Knowing that someone posted information on how to break into your personal property?

I could teach quite a few people on how to properly use a slim-jim or other techniques to break into a car, but I don't because that empowers them to do so. Otherwise they probably wouldn't go out doing it.

Granted, even if they break through the WEP, they still need to know what to do from that point, but still the security is just that much less secure.

I personally found the article information, well written, etc. but I don't think this is something that should have been posted to the general public. I've attended seminars on this stuff.. I've never seen a reputable webste/company issue anything this detailed.

The question is.. how useful is this to the standard reader of Tom's? Not very in my opinion. More destruction was done by this article than good.

Posts are welcome on this topic as it's probably will generate some kind of response.

Didn't review this post, so if anything sounds odd or is messed up, it was due to lack of time.

Riser

More about : hacking wep article

May 12, 2005 1:35:12 AM

I agree.
This is the kind of article you would normally only find on Phrack or other crackers site.
Although information of this type is good it is a resposibility of the author and those who publish it to make sure it is placed in some ethical context.
This has no such wording and I question that. The Fed article they reference at least posts some guidence on how to use the information.
It is dangerous and wrong for Toms not to provide some caution along with this info.
May 12, 2005 6:25:48 AM

caution? for what? to let people know that bypassing security for malicious intent is wrong? common sense takes care of that. but then again, common sense seems to have passed up a large portion of the world.

go tell your alien brothers, that ronnie cordova says they're gay!!! <A HREF="http://sockbaby.com" target="_new"> sock baby </A>
Related resources
May 12, 2005 12:14:21 PM

Like many other facets of technology there are positive and negative uses for it. This article makes no distinction. The concepts of property , ownership, privacy are already vague enough on the internet to dilute common sense to the point that thousands of script kiddies can participate in a variety of activities from DDOS attacks to identity theft for fun.
Besides linking to the FBI piece, this article doesn't relay any good or bad context malicious or otherwise.

I suppose we can make the assumption that most or all of those who read Tom's already know better. I don't know how safe that is to assume. You did say that common sense seems to have passed by much of the world. You may have been directing that at me, but if not, I do agree with that point especially in dealing with the huge expanse of the internet which is still largely anonymous which frees some users inhibitions enough to do things and say things that they could not in personnal situations. So cracking the neighbors WEP for a weekend lark may not be so far fetched.

I realize that people already determined to break WEP (for whatever reason) will set out to learn this info and won't relay on Tom's. They will seek out the information available. Most likley they will find it in places already geared toward the "dark side" or "black hat" interests.

I just think that Tom's is a little different and that it should make strides to place information like this in its proper context. It only costs a few sentences and may be enough for a kid somewhere to read and learn from while noteing that using it to crack the neighbors encryption may be criminal and is certainly a violation of their expectation of privacy. That may be better than the other possible unbounded interpretation of an article like this. That is if it can be broken it should be broken.
May 12, 2005 1:32:06 PM

I think the article can be best judged by this question..


"How useful is this article to the targeted audience?"

I work in IT everyday for years.. Never once have I ever had to even think about doing this.

I'm sure the information can be found plenty of places.. but this article truly serves no purpose to anyone except those who wish to exploit it.

Common Sense has often proved to be 'wrong' in most justice systems too. :) 

Then again, Locks on doors are only meant to keep honest people out.. if you want in, you'll find a way.

I just question the integrity of this article.. Every article has had a benefit of some sort..

Being in IT, I'm just waiting for some idiot to think he's going to hack the WEP we have in place so he can go wireless.

Additionally, I tell my VPN users not to use wireless while VPNing into the network..

Caution.. even common sense (though proven wrong in court, yada yada) should have made someone at Tom's think twice about this article.
May 12, 2005 2:44:10 PM

that thinking is exactly why we have warnings that say "do not eat" on boxes of thumbtacs.

go tell your alien brothers, that ronnie cordova says they're gay!!! <A HREF="http://sockbaby.com" target="_new"> sock baby </A>
May 12, 2005 3:07:19 PM

Sorry, its not that simple. If you want to think of it that way go ahead.
May 12, 2005 3:12:20 PM

There is one use and it involves law enforcements use of authorized "wire tapping". Evidence has to be understood to be used in court and so any data collected legally would have to be decrypted (in transit if possible) for analysis to use in a court of law.
I don't know for sure but Toms probably isn't used to train cops in digital forensics so I agree this infos use is questioable here.
May 12, 2005 4:23:40 PM

oh but it is that simple. there will always be people that will use items/information irresponsibly. no ammount of do not eat, do not stuff up your a$$ warnings is going to change that. warning labels are for liabilty reasons only. they will never protect people from themselves or from other people.

go tell your alien brothers, that ronnie cordova says they're gay!!! <A HREF="http://sockbaby.com" target="_new"> sock baby </A>
May 12, 2005 5:31:54 PM

I disagree with your statement that " no amount of" of warnings or information about the legality of actions will have any effect. However, your opinion and mine as well is based on assumptions and not on any conclusive evidence of any kind so there is no proving either you or I correct on that one. So its your opinion and my opinion, although I have been studying this for some time, perhaps you have as well.

Yes there will always be those who choose to be irresponsible. However the key word here is choose. For the most part ethics on the internet isn't very clear especially for adolecents and teenagers experimenting with technology. Unlike uses for thumbtacs and gerbels the typical authority figure in a household is much less informative about how to use internet technology. Some would say it was a parents fault for not knowing enough to guide the kids. Well that's hard to say given such a fast paced technology.

Liability is certainly a reason for issuing guidance and warnings, but its not the only reason. Not all users are experienced enough to know the consequences of their actions on the internet. It is my opinion that the article in question should make it clear or at least mention that "Cracking WEP" on a newtork (not owned or controlled by the "breaker" - even this isn't clear enough) is something like :
1- Seeing a box in a foyer of a house protected by a combo lock
2- Cracking the locks combo
3- Opening the box and taking the contents

Because most or all of us understand trespass and privacy this scenario has some probability to be understood with common sense. The connection to the WEP example is less related to common sense especially for young adults who already see the virtual world as free for the taking.

Information like this deserves to be put into a context of right and wrong along with likely consequences of taking the action to crack WEP.
May 12, 2005 5:40:20 PM

How many calories are in a thumbtac?
May 12, 2005 6:13:46 PM

i do see your point more clearly now, but i still think a warning on an article like this is only usefull for liability. i dont think a warning like that is a deterent to any young person that has the idea that it would be fun to crack a wep key. i think any one that doesnt realise that breaking a wep key for malicious intent either isnt smart enough in which case is not a threat, or have no sense of morals and a warning label would have no effect on them. the warning label would have an effect only on a very small number of the population it was intended for, thats all im saying.

go tell your alien brothers, that ronnie cordova says they're gay!!! <A HREF="http://sockbaby.com" target="_new"> sock baby </A>
May 12, 2005 6:26:11 PM

Liability. Yeah, I can't speak for riser so I'm only quessing that he was surprised that TOMs wouldn't put some wording in there to reduce the appearance that TOMs advocates cracking WEP. It surprised me when I read it. Seems kind of foolish of the editors for not putting it in.
Yeah, I see and agree that those kids (or others) who already make it a habit of trying to break every security feature out there won't be swayed by a warning or caution.
I guess it is those few who are "on the virtual fence" that concern me here. How many there are I don't have a clue, but you are probably right its not many.
May 12, 2005 6:52:55 PM

My thoughts are like this....

People are getting reamed for downloading music.. When that started, did anyone know it was really illegal? A lot of people were clueless.

Now, breaking WEP. It's a challenge for some people.. just to do it, but it's not something physical or something that you can see/hear/etc. So a lot of people that break WEP might think that it's not really doing anything wrong. I mean, now that detailed instructions are out there, maybe it's OK to do it since Tom's is telling us how to do it.

WEP is there but I don't think people realize that it's actually protecting something. It sounds stupid but you have to think about it to understand that it's there to do something.

Like climbing a fence. We all did it when we were little and some of us probably still do. It's there to keep you out and other things in. We see it and some of us try to climb it. No harm in it. But that's trepassing.

How many people think like that when cracking WEP? No harm done, nothing wrong. It's there.. let's just do it and walk away.

Tom's article just gave people the way to see the fence and how to climb it.
June 21, 2005 10:35:10 PM

That's a good way to look at it.

I am a 21 yr old who is extremely interested in Network Securtiy especially using wireless. I never really gave it a look but recently (past year) became pretty interested in the in's & out's of Networking, wireless security.

Yes i Do enjoy reading about "hacker" things, watching "hacker" movies... and do find articles on "War driving" fascinating. But i don't go around and actually do it.

I also BUY hacking books all the time to read, like hacking exposed and those big huge books to entertain myself.

Well, Maybe THG should'nt of posted this big in detailed explanation and could of just explained the Software.

But you could also go to the auditor website and get TONS of info.. not exactly an "HOW TO" but i do understand what you guys are saying.

and there are alot of malicious people out there that will deffinetly take this article and grab a friend and the software/hardware needed and probley go around attacking people. it's a shame.. but for me i just find it an interesting read.

I guess this will make you IT buffs more carefull on your security lol.


thanks,

Rob423

Asus A7N8X Deluxe
80gb Maxtor
200gb WD 8mb cache..
Lian-Li PC-60
LiteOn 52X/LiteOn 811s DVD-RW
AMD XP2800+
LeadTek GF4Ti4200 128mb
Hitachi CML174
1GB Corsair XMS PC3200
June 23, 2005 12:59:55 PM

I agree with you.. I just think the information should be a little more discreet.. or maybe this information should be held in workshops and not posted on the general public.
If another form of security, WPA for example, would go more mainstream, I wouldn't mind the how-to on hacking WEP. I was in a store last night pricing out their wireless stuff for a quick side job I'm doing. I didn't see a single wireless AP or Router that supported WPA.

I'm sure there are going to be people out trying to hack WEP, but even then, if they need to use Tom's how-to to do it, they probably won't know how to do anything else except browse the internet on the hacked wireless.
June 25, 2005 10:58:38 PM

yeah well that's why it's not really a big deal because if you think about it like you just said, they won't be able to do much eitheway. and another thing is this. You can just as well drive around and just get on tons of wireless lans.. because most of the home users are idiots and don't protect anything anyway. So they don't even need toms guide, I've gone onto dozens just cruisin around and not even meanin to do it.

Alittle thing maybe THG can incorporate into there Forum which i see a few forums do is this. You have a VIP room or something along those lines where you need a really large amount of posts to be able to enter that room. And this is where people who actually help people and use this site in a normal helpfull fashion can read articles with such "dangerous" information.

just an idea. this way kids who just sign on here can just immediately read these articles.

Asus A7N8X Deluxe
80gb Maxtor
200gb WD 8mb cache..
Lian-Li PC-60
LiteOn 52X/LiteOn 811s DVD-RW
AMD XP2800+
LeadTek GF4Ti4200 128mb
Hitachi CML174
1GB Corsair XMS PC3200<P ID="edit"><FONT SIZE=-1><EM>Edited by Rob423 on 06/25/05 07:00 PM.</EM></FONT></P>
June 26, 2005 1:37:56 AM

Yeah.. That'd be cool with the forums.

On WEP, while I understand why they did it.. and most people don't use WEP even though they have it.. for those who do have it setup probably have more information than your average person who doesn't use WEP. It can go either way. But there is always the chance that someone who didn't know how now knows and they know what to do once they hacked through it.

I don't think the article should have been posted so word-for-word until WPA makes a bigger appearance on the market.
Anonymous
June 27, 2005 8:21:36 PM

I agree with both of you guys but in my experience, if people were'nt smart enoguh too find (the widely available) information by themself, they wont even manage to do it(as simple as it is) without someone actually holding their hands!
I have a few friends that are OK with computer/networking and I have to tell them every step at least once before they can do it on their on.

You guys know Cain&Abel(or ARP poisonning in general)? that program coupled with wardriving and/or WEP cracking can be pretty damageable.

As easy as C&A is to understand most of the people wont understand it...

Asus P4P800DX, P4C 2.6ghz@3.25ghz, 2X512 OCZ PC4000 3-4-4-8, MSI 6800Ultra stock, 2X30gig Raid0
June 27, 2005 8:44:13 PM

yea i see what your saying. I mean yea the article was alittle to "detailed"

But it's cool that THG analyzes these apps and runs these "cool" little experiments, even tho the info can be used to damage.

But yeah that forum idea i had, i think we should try to get something going to maybe get that in progress.... maybe get alittle vote thing going... anyone know alittle info on how we can get something cookin with this idea?

Thanks

Rob423

Asus A7N8X Deluxe
80gb Maxtor
200gb WD 8mb cache..
Lian-Li PC-60
LiteOn 52X/LiteOn 811s DVD-RW
AMD XP2800+
LeadTek GF4Ti4200 128mb
Hitachi CML174
1GB Corsair XMS PC3200
June 30, 2005 5:47:26 PM

I went to a security seminar in Detroit last year and this guy poisoned a cookie and ordered a $5000 plasma TV for 25% off..

he stated that by doing it that way, it doesn't show up as a red flag because it's common to see things at 25%.. he wanted to buy one, had the money.. so why not buy it and get 25% off so it's legit? If they called, he'd say it orderd it online and had no clue about it. As most people know, cookies are stored on your computer can't really be traced.

After he proceeded to checkout with the item listed under $4000 after his discount he made, he canceled the order.

You can no longer poison cookies on Best Buy's online website.. heh
July 1, 2005 4:08:34 AM

slick idea..,

Asus A7N8X Deluxe
80gb Maxtor
200gb WD 8mb cache..
Lian-Li PC-60
LiteOn 52X/LiteOn 811s DVD-RW
AMD XP2800+
LeadTek GF4Ti4200 128mb
Hitachi CML174
1GB Corsair XMS PC3200
Anonymous
July 4, 2005 3:15:49 PM

ah! thats cool.
But as you pointed its getting harder and harder to forge packet/files/cookies and such without being detected!

Altoguh I recently saw that a vulnerability in real player could be exploited with a malformed/forged mp3/avi file to exectue arbitrary code thru a buffer overflow.

Thats pretty impressive and its pretty much the same "poisonning principle" taken to another level!

Asus P4P800DX, P4C 2.6ghz@3.25ghz, 2X512 OCZ PC4000 3-4-4-8, MSI 6800Ultra stock, 2X30gig Raid0
July 5, 2005 1:13:17 PM

I just found the link to the company that did the test; they're called Imperva.

They used to have a white paper on Cookie Poisoning, but it's been replaced with SQL Injection, which he also demonstrated.

Some guy in the audience was heckling him about how he could demo it but he couldn't put it to use in real life. The audience was strictly a tech-savvy group. The challenge came out - hack this guy's website.

He used SQL Injection - which this whitepaper does an excellent job of covering - to gain access to this guy's website and become an admin.... in 3 1/2 minutes.

Here's the link to the whitepaper.. on a quick search I didn't find the cookie poisoning article.
<A HREF="http://www.imperva.com/application_defense_center/white..." target="_new">imperva white paper</A>
Anonymous
July 5, 2005 2:48:39 PM

Cool! intersting link thanks for the read =)

Asus P4P800DX, P4C 2.6ghz@3.25ghz, 2X512 OCZ PC4000 3-4-4-8, MSI 6800Ultra stock, 2X30gig Raid0
July 19, 2005 6:53:05 PM

I have heard that now they have come out with software that can crack it easily and quickly with one computer. That is obviously pointed towards those that are willing to do illegal stuff to get their network. I agree that this article probably should have had some kind of disclaimer or wording to discourage people from doing it, but how I read it was that their purpose was to let people test their own networks, that's how it read to me.
July 19, 2005 7:09:50 PM

It takes about 2 minutes with some software.

Originally, hacking with software didn't exist. Tools were created to test networks.. and then.. ooops. They became hacking tools.

So, today's best network testing tools are also today's best hacking tools.

But WEP takes about 2-5 minutes to crack with a piece of software that does everything for you.

In one way the article is good in letting you know the strength.. but then again.. it was all or nothing. The article covered breaking WEP.. the encryption... not a simple password.

If it was cracking a simple password, no big deal.. but this was showing how to crack the entire process.. so WEP is rendered useless, no matter how complex the key is.
July 19, 2005 7:31:34 PM

So the 2 minute ones crack the password if it can, this one gets the wep key behind the password so no wep encryption can beat it. I get it, yeah, it definitely should have had a disclaimer or something. Of course, a guy in florida did get arrested for cracking and using someone else's connection, so maybe less people will do it.
July 19, 2005 8:29:44 PM

Yeah, it's nearly impossible to catch someone. He was caught because someone saw him sitting in front of their house using a laptop. That's how he was caught.

But WPA has been out for a while.. yet no one buys it because it's a little more expensive.. it's not getting driven by the market for some reason and I guess that encryption is really good.

I don't know why they would bother naming the first type of wireless encryptio WEP "Wired Equivalent Privacy" .. I guess it had to do with making people think they're safe.. now the damage is going to hit..
July 19, 2005 9:06:55 PM

No one buys it? Meaning what? It's the standard. WPA2 will be once it's widely adopted. I guess your trying to say nobody uses it maybe? Not sure but if you mean literally then thats wrong of course. Everyone buying a new AP or AP/Router buys it. They may not implement it. If not then they atypically ren't doing anything to secure their LAN. WEP's weaknesses are so widely known at this point I would think a very small percentage use it. I do but that is only because I use an old .11b AP and most of my client devices are still .11b I could just be missing the boat on your point but WPA is what is used in contemporary locked down WLAN's.
Anonymous
July 20, 2005 2:33:25 PM

It usually takes me some time to crack a wep key tought. The process of intercepting packet is long. Once you have enough it takes seconds...

I beleive you need a directionnal antena to really catch many packets really fast, my builtin card just wont do it fast enough.

And yeah a guy sitting with a laptop in front of your house is somewhat weird hehe.

I do see a few WPA, maybe 10%-15% of all the AP's have WPA, 40% have wep and around 50% are wide open...Thats from peronal experience.

Also WPA can be brute forced with dictionnary attack its just not an exact science like cracking WEP =)

Asus P4P800DX, P4C 2.6ghz@3.25ghz, 2X512 OCZ PC4000 3-4-4-8, MSI 6800Ultra stock, 2X30gig Raid0
!