[Tfug] OT? Theft of service

Bender bender at bendertherobot.com
Fri Jan 24 21:43:36 MST 2014


----- Original Message ----- 
From: "Bexley Hall" <bexley401 at yahoo.com>
To: "Tucson Free Unix Group" <tfug at tfug.org>
Sent: Friday, January 24, 2014 1:07 PM
Subject: [Tfug] OT? Theft of service


> Hi,
>
> A friend-of-a-friend has effectively isolated herself out of
> "fear" that she is being "hacked" by her neighbors.  Before
> getting out the tinfoil and making *hats*, I want to reassure
> myself that this sort of thing really is impractical, nowadays
> (to the extent she claims its being done).

Some more generalities might help...
Age of friend?
What sort of hacks?
Is any WiFi involved?


> So, I'm inviting the pedants to nit-pick my assertions, below:
>
> E.g., a land line can be "stolen" (shared) iff the adversary has
> physical access to the wiring.  In an apartment house, dorm, etc.
> this is relatively easy as there is typically a "phone panel"
> *somewhere* that is "lightly protected".  Or, individual
> cable distributions *to* the rooms that aren't armored.
>
> However, in a residential neighborhood (single family, detached
> homes), this is a bit harder.  You either access the main panel
> (usually under lock and key) that feeds the subdivision, *or*
> the small "taps" throughout the neighborhood (which usually
> require a special wrench to open).

POTS is under attack from scrap metal thieves. It doesn't take long to find 
a telco pededstal that has heavy plastic wrap to protect it from the 
elements.

Those main panel covers are wrenched off to sell for scrap. (in addition to 
the copper) The latest time my POTS went out, that's what the Century Link 
contractor told me when I asked about the box out back in the alley.


> [This assumes utilities are below grade.  Overhead would be even
> more problematic!]
>
...
> Ages ago, CATV access was governed by access to the medium.  So,
> a "tap" off the feed -- or, any subscriber's "drop" -- was as
> good as having your own account!  I.e., the cable company had
> to physically "sniff" the neighborhood to know of theft (there
> were some "active" countermeasures explored to "toast" unprotected
> hookups).
>
> With *digital* cable (is all cable "digital", now?), I assume the
> media gives you *nothing* -- you need to access the output of the
> cable box in order to have access to *content*.  I.e., you would
> need to have a tap *inside* the victim's home (and be limited to
> watching whatever *they* were watching at the time).

There is still analog cable access in Cox areas. With a digital STB or a 
cable card in a TV you can still access digital channels that are in the 
clear, I believe.


> For cable internet, I assume the same sorts of issues as DSL would
> apply:  access to the media (though this could be upstream from the
> cable box) *and* a valid account name/password.

For cable internet you tell the provider a hard ware address off of the 
modem. They find it in their system and provision it. There have been 
boilerplate access credentials and what not, but someone other than me would 
know better.

> Satellite TV (Dish) would be the same as CATV (?)

direc and dish use smart cards with encryption that make hacking the service 
impractical.

5 + years ago, Dish service was being compromised with generic DVB boxes 
from Korea. Someone would determine the latest keys and distribute them. 
That started a race of updating the latest keys after they changed. Then 
keys changed more and more often. Eventually the authorities caught up with 
people distributing the keys and the encryption was improved.

> Finally, is it *practical* nowadays to steal cell phone service?
> E.g., it was my understanding, years ago, that you could "sniff"
> the required authentication information from phones "left on"
> (my ex-BinL had many "unauthorized charges" on a phone some decades
> ago).  But, I would assume that this is no longer practical (at
> least I don't hear the horror stories of it happening).
>
> Bottom line: for her to be a victim of *all* of these sorts
> of "attacks" (hacks), she'd have to have some really *capable*
> neighbors (adversaries) *and* they'd have to be *really*
> "motivated" (i.e., as if she had poisoned their cat, etc.)
>
> I don't want to dismiss her worries only to discover these things are
> *possible* -- or "likely".  OTOH, it is painful to see someone going
> through life in fear of availing themselves of common services that
> others take for granted...

Most likely, wireless is possible to be hacked. Social engineering or ill 
intentioned associations are next.

When dealing with tech one doesn't undertand, where the media 
sensationalizes things, it's no wonder people get irrational. Then, if you 
have a living situation that naturally results in isolation....

I know a septuagenarian who heard media reports of exploits and went open 
loop every time some story popped up. She did no banking or anything I think 
is the slightest bit risky other than some web browsing and email 
conversation with family topics. Windows updates and annual antivirus 
maintenance was an ordeal for her. Nevertheless, she had no tolerance for 
taking "the risk" so she cancelled AOL and computes off the 'net.

Then there's an octagenerian who has no fear. She insists on opening any and 
all emails. She has a son who rescues her from the latest Windows malware 
when she gets it.


> Thanks!
> --don
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
> 


---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com





More information about the tfug mailing list