Update on December 4, 2013: Want to watch the videos?
CreepyDOL (Creepy Distributed Object Locator) is the name of the sensor networking project I’ve been working on since January, with the initial thoughts coming from a post-DEF CON 20 musing on the airplane. I presented it at Black Hat USA and DEF CON 21. I could summarize, but frankly Ars Technica did a really good job of hitting the high notes with their summary, and Forbes did one of the best early pieces. The project also got coverage on Gizmodo, Gizmag, Dark Reading, The New York Times, CNN, and so on. I even got on Bloomberg TV. All in all, a pretty wide reach for a security talk.
I cited some prior good work having to do with large-scale data collection and academic sensor network research in my slides, but I missed a really neat presentation from 44Con in 2012, where a project called Snoopy did some very related work. Both Snoopy and CreepyDOL start from the problem of “beacon frames are leaking too much data,” but then they take it a fascinating direction: rather than doing the very simple work through the NOM Filters that I describe in my talks, they do some really deep analytics, and sometimes go into a fully active wireless attack mode, complete with deauth, MitM, SSLStrip, etc. Their sensor system is quite different, too—more-powerful endpoints, connected in a star topology, compared to my distributed network (using Reticle) of really simple endpoints—and I encourage everyone to go check out their work. I hate (and not just due to my academic background) to miss citing to prior work, so I’m sorry I didn’t know about the project in time to put it in my slides. My apologies to the authors, and seriously—go check out their work. It’s great.
(As a side note, “I looked and I couldn’t find anything, then way later discovered someone else had solved some of the same problems I did” is pretty much the exact reason I started Hark, a project to create a hacker archive that gives us the discoverability of academic work, while making sure to encourage more than just formal papers. I’d really love to be able to get it running, but we need your help: check out the Kickstarter to learn more, and support the effort!)
Since a huge number of people have asked: I will be selling completed F-BOMBs (the hardware I use for CreepyDOL, now in version 2) in a few weeks, for those who would like to purchase them. They’re a great base platform for a lot of different areas of work: they’re more powerful than usual sensors, while also being much cheaper. (Of course, many sensor motes are ultra-low-power, which these are not; everything is a tradeoff.) If you’d like to get announcements when preorders for the F-BOMB are being taken, as well as a few other milestone announcements from CreepyDOL, sign up for the CreepyDOL Announce List.
In addition, I will be releasing everything related to CreepyDOL—source code, some binaries, disk images, VMs, parts lists, sketches—all at once, as soon as I can; I’m aiming for the end of August, but that date may slip. (There’s some code cleanup that I need to do; while some projects enjoy having large amounts of profanity in the code base, I’m going to work on removing mine. :-) ) Rest assured, that code is coming.
Have more questions about CreepyDOL? Drop me a line: brendan -at- maliceafterthought -dot- com.
Thank you to all the people I’ve ceaselessly annoyed and/or ignored for the last several months while getting this all ready (especially Kathryn Sweet), to the Black Hat and DEF CON CFP committees, and to everyone who showed up to my talks at either conference. And, not least, to the kind and gentle Goons, who insisted that I take the ritual shot of Jack Daniels before I began my DEF CON talk.
Below, my slides from Black Hat, my slides from DEF CON, and the YouTube copy of the video demo I showed at each (there’s no sound).
A whole bunch of insanely famous security researchers, plus myself, wrote an amicus brief for Weev. Go read it at https://github.com/ussjoin/weevamicus/releases.
Update, July 29, 2013: Two good articles on the amicus brief and the effect that Weev’s conviction has as we approach the DEF CON and Black Hat USA season: Security researchers file appeal for Weev following AT&T/iPad “hack” and Fear of prosecution hampers security research, the latter of which focuses particularly on the damaging effects to all consumers from harassing independent security researchers.
I’m a hacker; I’m also a law student. I’ve spent some time trying to convince those in column A that they need to also spend some time in column B; we need more people who can do both. I haven’t been able to spend a huge amount of time doing both at once—but that changed over the last few months.
Back at ShmooCon 2013, Meredith Patterson, Dan Hirsch, Sergey Bratus, and I were discussing Weev—for those of you who haven’t followed, he got sent to prison for 41 months for adding 1. This is one of those really, really bad ideas: the interpretation of the Computer Fraud and Abuse Act that the government used to convict him was that even public information, publicly served, could be restricted if someone said so, after the fact. A lot of security researchers have publicly destroyed their work, representing months or years of their time, rather than try to do their work after this conviction. It’s terrifying, and for good reason: if Weev, then all of us, too.
We formed a group to write what’s called an amicus brief. Amicus is short for amicus curiae, or friend of the court; the plural is amici curiae. An amicus brief, then, is a kind of letter to the court, asking them to take into account the perspective of some group that isn’t party to the litigation—which in the case of a criminal case, means someone who isn’t the defendant or the government. In this case, the perspective is that of the independent security researchers who are affected, and the court in question is the Third Circuit Court of Appeals, since that’s where Weev’s appeal is sitting now.
I was chosen to do the primary drafting on the brief, since I’m a law student and was willing. A friend of mine, Alex Muentz, who’s a Real Lawyer who practices in Pennsylvania, was willing to sign the brief and submit it to the Third Circuit (because he’s awesome). A whole lot of work later, I had an initial draft, which the amici tore apart; over the next two months, then, we built something pretty good. It was a heck of a team effort: every single member of the group contributed at least a thought to the brief that we didn’t have before, and several contributed a lot of great material and ideas. All the work was done for free, even by the Real Lawyers (of which there are two, Alex and Peyton, in the amicus group).
In the end, we were fortunate enough to receive consent to file from both parties—both Tor Ekeland, who’s Weev’s attorney, and the US Attorney assigned to the appeal. This was great; courts usually let amici file, but not always, so it removed one last speedbump.
So who are these mysterious amici? It’s a pretty epic list: we kick the Magnificent Seven’s butts.
To make sure the court knew how cool these people were, we made an Appendix. Ordinarily, the appendix on these sorts of briefs is reserved for documents from the record, affidavits, etc. Instead, we attached the CVs of everyone in the group—a staggering 61 pages worth, in the end.
Well, the brief’s done (it will be submitted on July 8, 2013); we can hope the court reads it. The attorney on behalf of the United States will be able to write his brief, after which Weev’s attorneys will have one more shot. The amici will be done, however; we don’t write response briefs (unless the court specifically asks us; in general, if a Court of Appeals says to write more, you do that).
So now we wait, and hope. If you’d like to donate to Weev’s ongoing legal battles, you can do so at the CFAA Defense Fund, which is set up by Weev’s attorneys. We did our work pro bono so they don’t have to.
Thanks, of course, to all of the amici—especially those who signed on at the beginning, when the draft was nonexistent or terrible. Thanks also to all those who proofread the drafts, often over and over—including my parents (both Real Lawyers), my brother (also a Real Lawyer, who graduated in May), and my girlfriend, Kathryn Sweet, who in addition to reading several drafts of the brief and fixing my grammar, also had to deal with me while I wrote it—for about three months.
If you’d like to talk to me about this, leave a comment below, or email me: blog -at- ussjoin -dot- com.
I want to draw out my earlier concept a bit: if Weev, then everyone. Why? After all, Weev is a notorious troll. He’s ranted at some length about his dislike for Aaron Swartz, and in general, people dislike him. What could be wrong with letting him rot in prison, and waiting for someone we like more to be thrown in prison next? We’ll get the next one.
We can’t do that: mighty Casey will strike out, immediately; he got three strikes, but we only get one. In the United States, we have a system of precedent: higher courts rule, and their rulings control lower courts. Higher courts can overrule themselves, and sometimes do; for instance, in 2003, the United States Supreme Court ruled in Lawrence v. Texas, which overturned its previous decision in Bowers v. Hardwick that gays were evil. (I am paraphrasing.) Obviously, more recently, they’ve taken larger steps for the GLBT community. So that happens.
But it doesn’t happen much; it takes a long time for a court to recognize that it did the wrong thing. So in the interim, people live their entire lifetimes under the wrong rule of law—whether that’s in slavery, whether that’s working until people die from exhaustion, or any other area in which they might not be doing too well. And that assumes the right rule of law ever comes out: in Buck v. Bell, the Supreme Court allowed the forced sterilization of “mental defectives,” and they’ve never overturned that. (There are a few specific reasons that Buck still stands today, actually—but it’s true that it’s generally considered a constitutional right to have children, these days. If you’re curious why they haven’t overturned Buck, ping me.)
So what does this have to do with Weev? Well, it’s like this: Weev has appealed to the Third Circuit Court of Appeals, which has precedential weight: what they say becomes the law, until they change their minds (or the Supreme Court changes them for them). We can’t afford, as a community, to spend twenty, thirty, fifty, or a hundred years in a situation where corporations can retroactively punish users of the web for looking at their publicly-offered websites. Not only will that immediately destroy the security research community, but it will, ultimately, destroy the Internet as it stands. (Imagine you dislike someone. If they read your blog, even once, you can later call the FBI and state that they accessed your website without permission, and push for a felony conviction. Sound far-fetched? That’s essentially what the EFF concluded, too. It’s terrifying, and the EFF was talking about Terms of Service violations—and in Weev’s case, there wasn’t even a TOS at issue.)
The moment to stand and fight this is, therefore, now; “They claimed it was for the sake of their grandparents and grandchildren, but it was of course for the sake of their grandparent’s grandchildren, and their grandchildren’s grandparents.” (Young Zaphod Plays it Safe, by Douglas Adams.) And don’t think that living outside the Third Circuit (Delaware, New Jersey, Pennsylvania) makes you safe: Weev was actually in Arkansas when he allegedly committed his “crimes.” Since Internet traffic goes everywhere, there’s always a way to make venue lie in a particular area.
As I said back in April: Miranda was a rapist, Washington was a murderer, and Gideon was a thief. We don’t have to like someone to agree that they need their rights protected—because if we don’t defend them, we will all lose our rights. That’s the way criminal law works. So we defend Weev, because in doing so, we defend us all. Not a bad idea.
Some rights reserved, but not all of them, as that's rude. Design courtesy of, well, me.