Proxyham and its Disappearance

There are many different technologies to provide anonymous internet access.  While having a private access to the internet is good for many people, it can be critical for journalists and activists.  Tor, using onion routing, and VPNs providing encrypted tunnels for data, just to name a few.  But all these solutions have weaknesses.  With Tor you never know who is running the exit node you use.  There may also be defects in how legitimate exit nodes handle data.  VPN providers may keep logs that they must provide to the government under a court order.  The issue with all these technologies it that they are fully virtual.  There is still a direct network link, however well obfuscated, that leads directly to you.

DSCN0363

Photo Courtesy of Ben Caudill and Wired

Benjamin Caudill, the founder of Rhino Security Labs, came up with a solution.  It is called Proxyham.  He calls it a physical proxy, to be used as a compliment to traditional tools such as Tor.  Proxyham is a small device based on a raspberry pi, that contains a tradition 2.4Ghz or 5Ghz wifi radio, as well as a long range 900 Mhz transmitter.  The device can be left near a public hotspot.  It will then forward the wifi connection over 900Mhz, up to 2.5 miles to the real user.  The genius of this solution, is that even if a trace does manage to get through whatever other obfuscation methods you use, investigators will only find the ip address and location of the Proxyham.    “You can have it all the way across town, and worst case scenario the police go barge into the library across town,” Caudill said.  … The internet signal travelling back to the user is at such low frequency, Caudill added, that it’s really hard for anyone to track it down. At that frequency, “the spectrum is crowded with other devices,” such as baby monitors, walkie talkies, and cordless phones. – Wired

Caudill had planned to present at this year’s DefCon next month.  But last Friday, the Twitter feed of Rhino Security Labs posted that the presentation was no longer taking place.  DefCon has also confirmed that Caudill informed them that he was not going to present. Not only is he not presenting at DefCon, the entire project has been canceled, all prototypes destroyed, and research halted.  In a call from Wired, Caudill said he couldn’t say why he canceled the project. He is CEO of his own company, so it wasn’t his employer.  There was speculation that the FCC found fault with how the device used 900 MHz radio, but Caudill refuted this claim, stating that the device transmitted at under the 1 Watt limit.  So far the only explanation that makes any sense is that he is under a gag order by… somebody.  When asked if he had a run in with law enforcement he replied,”No comment.”

As stated by Wired,”Online anonymity tools certainly aren’t illegal. Tools like VPNs have allowed users to obscure their IP addresses for years. The anonymity software Tor is even funded by the U.S. government. But it’s possible that secretly planting a ProxyHam on someone else’s network might be interpreted as unauthorized access under America’s draconian and vague Computer Fraud and Abuse Act.”

So is the government now cracking down on the development of security technology they can’t crack?  Look at what is happening to Apple in relation to iMessage and full device encryption.  They are being punished for using this kind of security.  If it was simply a matter of conforming to the Computer Fraud and Abuse Act, why all the secrecy?

This blog was based on two articles, one by Wired, detailing the disappearance of the project: http://www.wired.com/2015/07/online-anonymity-project-proxyham-mysteriously-vanishes/

And another by Motherboard cited in the Wired post with a more detailed explanation of the initial proposal by Rhino Security Labs:

http://motherboard.vice.com/read/with-this-device-you-can-connect-anonymously-to-wi-fi-25-miles-away

Edit:  Interesting speculation by hackaday:

Let’s Speculate Why The ProxyHam Talk Was Cancelled

It’s July. In a few weeks, the BlackHat security conference will commence in Las Vegas. A week after that, DEFCON will begin. This is the prime time for ‘security experts’ to sell themselves, tip off some tech reporters, exploit the Arab Spring, and make a name for themselves. It happens every single year.

The idea the ProxyHam was cancelled because of a National Security Letter is beyond absurd. This build uses off the shelf components in the manner they were designed. It is a violation of the Computer Fraud & Abuse Act, and using encryption over radio violates FCC regulations. That’s illegal, it will get you a few federal charges, but so will blowing up a mailbox with some firecrackers.

If you believe the FBI and other malevolent government forces are incompetent enough to take action against [Ben Caudill] and the ProxyHam, you need not worry about government surveillance. What you’re seeing is just the annual network security circus and it’s nothing but a show.

The ProxyHam is this year’s BlackHat and DEFCON pre-game. A marginally interesting security exploit is served up to the tech media and devoured. This becomes a bullet point on the researcher’s CV, and if the cards land right, they’re able to charge more per hour. There is an incentive for researchers to have the most newsworthy talk at DEFCON, which means some speakers aren’t playing the security game, they’re playing the PR game.

In all likelihood, [Ben Caudill] only figured out a way to guarantee he has the most talked-about researcher at DEFCON. All you need to do is cancel the talk and allow tech journos to speculate about National Security Letters and objections to the publication of ProxyHam from the highest echelons of government.

If you think about it, it’s actually somewhat impressive. [Ben Caudill] used some routers and a Raspberry Pi to hack the media. If that doesn’t deserve respect, nothing does.

Author- Mark White

http://hackaday.com/2015/07/14/how-to-build-a-proxyham-despite-a-cancelled-defcon-talk/

Advertisements