Comparison of the risks of working through your 3G modem and through someone else's WiFi.
This article has been for a long time in my plans and now, when firmware and Linux is practically brought to the perfect (except some routine questions), I can get to be a graphomaniac. In this article I’ll answer you why you should use someone else’s WiFi and what tactical advantages it gives.
For kitchen theorists and mum’s hackers.
I’ll start with busting a myth that it’s impossible. There are usually 2 main arguments in favor of this bullshit:
1. Adapters can connect only to your neighbor behind the wall;
2. It’s really hard to hack someone else’s WiFi so you have to have a big head, like horses have, to place such a brain.
Let’s take to the pieces both of them.
The first one is based on that kitchen theorists never worked with a normal equipment. Yes, adapter of the laptop can see a little of WAP (Wireless Access Point) and can connect only to the neighbor’s one, but there are no any difficulties in buying of equipment which “shooting” for a bit longer distance than a one wall.
https://bdfclub.com/attachments/1-jpg.9024/
^ adapter on ar9271 chipset with antenna with gain power of 5dBi - it can find WAP for a distance of tens of metres.
The second one is based on the lack of practical experience (except the error «WiFi is unhackable» there is another one: «i vvill install kali linuks and destroi u easy-peasy» - both of them speaks of the complete lack of practical experience of mum's hackers). I won’t lie, you’ll not learn how to hack a WiFi in 5 minutes. There is no magic pill, so you have to go into details. But also there is really nothing to study there for five weeks either. If you are taught by a practitioner, then it's enough for you to study 3-5 lessons with him for a couple of hours each, after which you’ll be able to hack WAPs for your work by yourself.
Absence of geolocation
The first tactical advantage is absence of the exact geolocation. The basis of a modem or a cellular phone is a radio module, it’s where you placing your sim-card. Firmware of the radio module is configured such a way that every 15 seconds, the ether is scanned and the signal strength of all available base stations is compared, so the radio module reconnects to the station with more powerful signal or continues to work through the current station, if its signal overlaps the others. The movement of the subscriber can be find out by the history of these requests.
In the cell phone there are GPS module too, and its accuracy is about 1 metre (military GPSs have accuracy about 15sm). That’s why you shouldn’t use your cell phone as a mobile Wi-Fi hotspot and that’s why you should use modems if working through someone else’s WiFi is impossible.
If you work through someone else’s WiFi, there are no any talks about «1 metre accuracy» of determining your location. You’re on the distance of tens and, maybe, even hundreds metres from WAP (yes, it’s not as cool as sellers convince you when saying about 4, 12 and sometimes 54 kilometres. In the city there are dissected landscape, lots of interferences and WAP is low-powered). But this is still tens or hundreds of times less accurate geolocation than when working through a modem.
https://bdfclub.com/attachments/2-jpg.9025/
^Adapter on ar9271 chipset with antenna with gain power of 5dBi and adapter on rt3070 chipset with antenna with gain power of 8dBi - the second one can find WAPs for a distance of hundred meters.
Absence of logs.
Logs are disabled on many routers. People are so careless that often it just amazes me. There are no passwords on admin-panels or there are default admin-admin/admin-1234.
But even if logging is enabled, it’s not a big problem because there are no volatile mediums on the routers, so you just have to reboot it using control console and logs becomes lost for ever.
Absence of payments.
You don’t have to pay for someone else’s WiFi. And the main advantage here is not saving your money but paying for the SIM-card using personal or working wallet instead of using terminals. It gives another one weighty criminating evidence for your probable enemy.
Complexity of the direction finding.
Undefined SIM-card and undefined modem don’t give you security. Because your real phone, phone of your wife or your neighbor can be known by analyzing of timings. Their phones can be analyzed and that’s the way how someone can get data about you.
Die hard.
Your enemy can get tactical advantage by disabling your SIM-card: you’ll lose your connection with your team. But it’s difficult to stay without Internet working through someone else’s access points. Even if your pool is minimal (5 WAPs), one of the WAPs will work and you can fastly send or get critically important information.
Furthermore disabling of the SIM-card doesn’t unmask your enemy - you’ll think that it’s blocked by MNO (mobile network operator) because your SIM-card is undefined. But if someone start jamming the range of 2.4 or even 5 GHz, it immediately unmasks him. When I am fooling with mdk3, I can hear screams all around me
https://bdfclub.com/attachments/3-jpg.9026/
^Adapter on rt3070 chipset with antenna of "wave channel" type (also known as "Yagi–Uda" or "Yagi" antenna) with gain power of 16dBi. That antenna gives stable signal even on extremely long range distances but needs a tripod to accurately pointing at the signal source.
Absence of identifiers.
Adapter leaves only hostname and MAC address in the logs of the router. Both of them can be falsified even by a child. Firstly, it gives you an opportunity to change your IDs on the IDs of the owner of WAP, for example MAC and hostname of his laptop. Secondly, it’s not a weighty criminating evidence because «MAC can be easily falsified, I can “draw” you MAC you need».
And with the modem IDs, everything is sad. Firstly, there are about 15 of them. And by changing your IMEI you just don’t get a fucking anything, except an unnecessary attention («don’t you fool us with the tariffs, making your traffic unlimited, huh?»). Secondly, modem IDs is a REALLY HARD evidence because nobody can spoof all 15 IDs at once.
Noncriticality of leakage of someone else’s identifiers.
Finally, the great virtue of working through someone else’s WAPs is a noncriticality of the leakage of his identifiers. Even if you unmask IP-address of the WAP, it doesn’t matter. Firstly, uniformed services will start their searches from the owner of the access point. For sure, he’ll scream about he was hacked, but who’ll believe him? Uniformed services will pick for long his WAP, so you’ll find out when it happens by a long absence of this WAP. And while the owner will be "worked over", you’ll have some time to change your residence.
This article has been for a long time in my plans and now, when firmware and Linux is practically brought to the perfect (except some routine questions), I can get to be a graphomaniac. In this article I’ll answer you why you should use someone else’s WiFi and what tactical advantages it gives.
For kitchen theorists and mum’s hackers.
I’ll start with busting a myth that it’s impossible. There are usually 2 main arguments in favor of this bullshit:
1. Adapters can connect only to your neighbor behind the wall;
2. It’s really hard to hack someone else’s WiFi so you have to have a big head, like horses have, to place such a brain.
Let’s take to the pieces both of them.
The first one is based on that kitchen theorists never worked with a normal equipment. Yes, adapter of the laptop can see a little of WAP (Wireless Access Point) and can connect only to the neighbor’s one, but there are no any difficulties in buying of equipment which “shooting” for a bit longer distance than a one wall.
https://bdfclub.com/attachments/1-jpg.9024/
^ adapter on ar9271 chipset with antenna with gain power of 5dBi - it can find WAP for a distance of tens of metres.
The second one is based on the lack of practical experience (except the error «WiFi is unhackable» there is another one: «i vvill install kali linuks and destroi u easy-peasy» - both of them speaks of the complete lack of practical experience of mum's hackers). I won’t lie, you’ll not learn how to hack a WiFi in 5 minutes. There is no magic pill, so you have to go into details. But also there is really nothing to study there for five weeks either. If you are taught by a practitioner, then it's enough for you to study 3-5 lessons with him for a couple of hours each, after which you’ll be able to hack WAPs for your work by yourself.
Absence of geolocation
The first tactical advantage is absence of the exact geolocation. The basis of a modem or a cellular phone is a radio module, it’s where you placing your sim-card. Firmware of the radio module is configured such a way that every 15 seconds, the ether is scanned and the signal strength of all available base stations is compared, so the radio module reconnects to the station with more powerful signal or continues to work through the current station, if its signal overlaps the others. The movement of the subscriber can be find out by the history of these requests.
In the cell phone there are GPS module too, and its accuracy is about 1 metre (military GPSs have accuracy about 15sm). That’s why you shouldn’t use your cell phone as a mobile Wi-Fi hotspot and that’s why you should use modems if working through someone else’s WiFi is impossible.
If you work through someone else’s WiFi, there are no any talks about «1 metre accuracy» of determining your location. You’re on the distance of tens and, maybe, even hundreds metres from WAP (yes, it’s not as cool as sellers convince you when saying about 4, 12 and sometimes 54 kilometres. In the city there are dissected landscape, lots of interferences and WAP is low-powered). But this is still tens or hundreds of times less accurate geolocation than when working through a modem.
https://bdfclub.com/attachments/2-jpg.9025/
^Adapter on ar9271 chipset with antenna with gain power of 5dBi and adapter on rt3070 chipset with antenna with gain power of 8dBi - the second one can find WAPs for a distance of hundred meters.
Absence of logs.
Logs are disabled on many routers. People are so careless that often it just amazes me. There are no passwords on admin-panels or there are default admin-admin/admin-1234.
But even if logging is enabled, it’s not a big problem because there are no volatile mediums on the routers, so you just have to reboot it using control console and logs becomes lost for ever.
Absence of payments.
You don’t have to pay for someone else’s WiFi. And the main advantage here is not saving your money but paying for the SIM-card using personal or working wallet instead of using terminals. It gives another one weighty criminating evidence for your probable enemy.
Complexity of the direction finding.
Undefined SIM-card and undefined modem don’t give you security. Because your real phone, phone of your wife or your neighbor can be known by analyzing of timings. Their phones can be analyzed and that’s the way how someone can get data about you.
Die hard.
Your enemy can get tactical advantage by disabling your SIM-card: you’ll lose your connection with your team. But it’s difficult to stay without Internet working through someone else’s access points. Even if your pool is minimal (5 WAPs), one of the WAPs will work and you can fastly send or get critically important information.
Furthermore disabling of the SIM-card doesn’t unmask your enemy - you’ll think that it’s blocked by MNO (mobile network operator) because your SIM-card is undefined. But if someone start jamming the range of 2.4 or even 5 GHz, it immediately unmasks him. When I am fooling with mdk3, I can hear screams all around me
https://bdfclub.com/attachments/3-jpg.9026/
^Adapter on rt3070 chipset with antenna of "wave channel" type (also known as "Yagi–Uda" or "Yagi" antenna) with gain power of 16dBi. That antenna gives stable signal even on extremely long range distances but needs a tripod to accurately pointing at the signal source.
Absence of identifiers.
Adapter leaves only hostname and MAC address in the logs of the router. Both of them can be falsified even by a child. Firstly, it gives you an opportunity to change your IDs on the IDs of the owner of WAP, for example MAC and hostname of his laptop. Secondly, it’s not a weighty criminating evidence because «MAC can be easily falsified, I can “draw” you MAC you need».
And with the modem IDs, everything is sad. Firstly, there are about 15 of them. And by changing your IMEI you just don’t get a fucking anything, except an unnecessary attention («don’t you fool us with the tariffs, making your traffic unlimited, huh?»). Secondly, modem IDs is a REALLY HARD evidence because nobody can spoof all 15 IDs at once.
Noncriticality of leakage of someone else’s identifiers.
Finally, the great virtue of working through someone else’s WAPs is a noncriticality of the leakage of his identifiers. Even if you unmask IP-address of the WAP, it doesn’t matter. Firstly, uniformed services will start their searches from the owner of the access point. For sure, he’ll scream about he was hacked, but who’ll believe him? Uniformed services will pick for long his WAP, so you’ll find out when it happens by a long absence of this WAP. And while the owner will be "worked over", you’ll have some time to change your residence.