CreepyDOL: meet the hardware creator of a creepy monitoring tool!

CreepyDOL: meet the hardware creator of a creepy monitoring tool!

Henry Dalziel | General Hacking Posts, Hacker Hotshots, Latest InfoSec News, Pentesting Tools, Product Reviews | September 2, 2013

One of the highlights of DEFCON 21 was the unveiling of CreepyDOL and we are delighted to say that we have the creator and founder on Hacker Hotshots: (Tuesday October 8th at 12pm EST/ 9am PST) Brendan O’Connor.

Update1 Since we are on the subject of IT Security conferences make sure you go ahead and link up with up Cybercon events of 2015 and 2016.

Brendan will be presenting: “CreepyDOL: Cheap, Distributed Stalking”.

What is CreepyDOL?
According to our research CreepyDOL works by distributing senors, or nodes, throughout an area that are programmed to connect to any and every local Wireless network. Any Wireless (WiFi) network that the nodes find, they will connect to. Following connection, the nodes will listen to beacon packets that wireless nodes send out constantly, and report back to the device that Brendan designed and created. Our understanding is that CreepyDOL works within a Raspberry Pi and yet again demonstrates just how versatile the Pi really is.

Data that can be stored (without any form of ‘activation or authorization’ from within CreepyDOL) includes human behavioral patterns such as a person’s movement, their name and location, uploaded photos, email addresses and visited websites. Websites and Apps that are used on cell phones for example typically all leave a plethora of personal data that can be parsed out of the device and streamed back to CreepyDOL.

Whilst the software is open source, the hardware is expected to retail for $500.

The interesting thing about CreepyDOL is the ease at which data can be obtained about you – by anyone. Arguably a healthy percentage of the population does not seem to mind being tracked online for advertising purposes (through the use of cookies), although we do note that Mozilla are turning cookies off by default. One of the positive spin-offs about CreepyDOL is that it exposes how much data is being radiated from Wireless Devices. Much like firesheep exposed the http ‘vulnerability’, so CreepyDOL will expose the high levels of personal data that are emitted, and how easy it is to collect this data.

Efforts are being made to further protect cell phones and mobile devices from emitting such data, but as usual, these organizations are playing catch-up. As Brendan highlighted in an August 7th interview with Bloomberg, Apple devices are incapable of using protection in the first few seconds of a connection to a wireless network router which means that you can leak a lot of information online even if you are using a VPN. At the lowest level the wireless protocols are designed to emit packet beacons which signal your (or the devices’) location and a list of every connection it has connected to, and a hardware tool like CreepyDOL can therefore track the individual around a city for example.

About Brendan O’Connor
Brendan is a geek of many trades! Mr O’Connor is a full-time law student at the University of Wisconsin in Madison (scheduled to graduate May 2014) and he also manages his consultancy called Malice Afterthought. Brendan has trained the DoD and is clearly a highly talented information security professional.

In the Hacker Hotshots web show Brendan will, amongst other items, outline three points, they are:

  • That everything leaks too much data (especially web applications)
  • That is is now no longer possible to “blend into the crowd.”
  • And, the full-stack nature of the privacy leakage means that there aren’t simple technical solutions to these problems.

In summary
We are really looking forward to having Brendan on the show. Interestingly, we had a similar show last year with DJ Palombo when he discussed: “Raspberry Pi Hacking”. That episode demonstrated the ease at which a Raspberry Pi can be used for hacking and monitoring purposes whilst the CreepyDOL takes this to yet another level with its’ combination of hardware and software. If you are reading this post October 8th then hit the link at the top of the page to watch the video. If you have any questions please submit them in the chat box below or of course – during the show!

  • Patricia Liebenrood

    I am a student at Trident Technical College. I have taken numerous courses in Network Security. Currently, taking Ethical Hacking and Security Defense,

    I am very interested in learning as much as possible.

    Please send me any information that may be useful in the Security field.

Leave a comment or reply below...thanks!