cheeto Posted February 15, 2015 Share Posted February 15, 2015 Hey guys I stumbled across a WiFi pineapple Disk. WTF? Is it real or rip off? http://www.aliexpress.com/store/product/WIFI-Pineapple-disk-mark-V-MK-V-MK-IV-3G-modem-wifipineapple-32GB-eMMC-6000MAH-li/633065_32237417187.html Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted February 15, 2015 Share Posted February 15, 2015 Rip off. Do not buy that. The WiFi Pineapple is only sold at hakshop.com Quote Link to comment Share on other sites More sharing options...
Rkiver Posted February 15, 2015 Share Posted February 15, 2015 Rip off. Do not buy that. The WiFi Pineapple is only sold at hakshop.com Well, and one other place. http://edutech-hakshop.myshopify.com/ But then again I am an official reseller. Quote Link to comment Share on other sites More sharing options...
cheeto Posted February 15, 2015 Author Share Posted February 15, 2015 Nothing against the Chinese or anything of that nature, but these guys are even using the Pineapple's logo. Come on.... I'll NEVER buy from people like that. Can't Hak5 take legal action? They're infringing on their intectual property. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted February 15, 2015 Share Posted February 15, 2015 (edited) Heh, kinda like the r00tabega. Also like how the default feedback is 5 stars. Edited February 15, 2015 by barry99705 Quote Link to comment Share on other sites More sharing options...
cooper Posted February 16, 2015 Share Posted February 16, 2015 I find it funny that they also sell this crappy mini-USB wifi adapter and mark it as working with the Pineapple. As you can tell from the image, they mean *their* Pineapple. The main reason it's funny is that the things you want to use a Pineapple for are best served with a powerful radio/antenna combo and then they pair it with that lump of shit... Note that on the same row where it says "Product details" "Feedback" etc to the right there's a "Report item" link where both IP holders and mere mortals are allowed to report a product as being counterfeit. No idea if they're going to act upon it in any way, but I've reported this knock-off as being counterfeit. Let's hope they listen. Quote Link to comment Share on other sites More sharing options...
cheeto Posted February 16, 2015 Author Share Posted February 16, 2015 That really sucks! Again, I think that copying a logo and selling as if it were the real thing is not only ripping off Hak5 but also customers that buy a fake product. No to mention everyone in this community who has collaborated with some great infusions. I remember the SAME thing happend with a USBJTAG I bought a few years ago. A group had copied the hardware and software. So the owner made a NEW USBJTAGNT which required serial key which is associated to the hardware. Case closed, no more clones. I would hope that the MKVI be protected somehow. Let's face it, making a claim in China regarding copyright is a long shot. Quote Link to comment Share on other sites More sharing options...
Xcellerator Posted February 16, 2015 Share Posted February 16, 2015 I spent a few months in southern China last year and from I saw, the chances of any copyright claims being dealt with are pretty slim. Complete shops on high streets blatantly advertise themselves as "Appla" or "Niek" and sell rip off products. If they can get by, then it'd be even easier for a website. Some shops don't even bother trying to change the name. Quote Link to comment Share on other sites More sharing options...
fugu Posted February 16, 2015 Share Posted February 16, 2015 So as an ethical thought experiment, not that I condone cyber attacks in anyway, if the website is fraud, and the skirt the laws, is it still illegal/wrong if someone where to dos them? (i do consider myself whitehat, so I personally would never do this) Quote Link to comment Share on other sites More sharing options...
overwraith Posted February 16, 2015 Share Posted February 16, 2015 (edited) So as an ethical thought experiment, not that I condone cyber attacks in anyway, if the website is fraud, and the skirt the laws, is it still illegal/wrong if someone where to dos them? (i do consider myself whitehat, so I personally would never do this) Chinese If it's in another country I don't think the feds mind. Check into it though. Extradition to china? I don't think so. Also there are stories all the time about china ripping off our manufacturers by reversing our stuff. Edited February 16, 2015 by overwraith Quote Link to comment Share on other sites More sharing options...
cooper Posted February 16, 2015 Share Posted February 16, 2015 Note that, by my understanding, you are typically prosecuted under the law of the jurisdiction you're in when you commit the crime. So, if the chinese don't have a law against DDOS attacks (wouldn't surprise me) but the US does (known fact) and you DDOS a chinese website from the US the chinaman can start legal proceedings against you on the basis that what you did to him from your country is illegal by your own countries norms and as such is what you legally need to abide by while there. In other words: Don't. Quote Link to comment Share on other sites More sharing options...
cooper Posted February 16, 2015 Share Posted February 16, 2015 I spent a few months in southern China last year and from I saw, the chances of any copyright claims being dealt with are pretty slim. Complete shops on high streets blatantly advertise themselves as "Appla" or "Niek" and sell rip off products. If they can get by, then it'd be even easier for a website. Some shops don't even bother trying to change the name. Which shows that even in China you can't call a knockoff by the original brand's name. You might not get any money and they may start calling it the Wyfy Pyneapple, but you can claim ownership of the original name and you can claim ownership of the logo and they can and maybe even do enforce those things. Quote Link to comment Share on other sites More sharing options...
overwraith Posted February 16, 2015 Share Posted February 16, 2015 (edited) Note that, by my understanding, you are typically prosecuted under the law of the jurisdiction you're in when you commit the crime. So, if the chinese don't have a law against DDOS attacks (wouldn't surprise me) but the US does (known fact) and you DDOS a chinese website from the US the chinaman can start legal proceedings against you on the basis that what you did to him from your country is illegal by your own countries norms and as such is what you legally need to abide by while there. In other words: Don't. I just can't see the United States actually extraditing to China. We are not the best of friends, we are business partners, but there has been a history. If there actually was an instance of extradition that happening? On a cautionary note however I am not actually going to try it, is generally a bad idea. Who knows, my ISP might not like the traffic even traveling over my connection, could shut me down. Edited February 16, 2015 by overwraith Quote Link to comment Share on other sites More sharing options...
cooper Posted February 16, 2015 Share Posted February 16, 2015 (edited) You don't need to extradited because you can be tried by local law since you broke a US law while in the US. You get to go to a US jail to be fucked in the ass by a US inmate though I suspect that won't make you feel a lot better about the entire situation... If you drive into a flock of chinese tourists and maybe even kill a handful of them, do you really think you need to be extradited to China to be held accountable for what you did? Edited February 16, 2015 by Cooper Quote Link to comment Share on other sites More sharing options...
overwraith Posted February 16, 2015 Share Posted February 16, 2015 But the company whom you are targeting does not have a presence in the US, therefore there isn't really a plaintiff. I learned in my cyber forensics class that people lots of times do get off on cyber attacks against other countries because there really is no law structure that governs interactions like these between countries. Your statements just simply don't reflect reality, at least not in the United States. Quote Link to comment Share on other sites More sharing options...
cooper Posted February 16, 2015 Share Posted February 16, 2015 (edited) How about when the server this chinaman is using is hosted in the US? I'm trying to think of similar incidents that happened in the past where it was the other way around. The best I can come up with is when that US military plane in Italy flew his plane way too low through a skiing resort, nicked the cable of a ski lift with the tail fin of his jet, snapped the cord and a bunch of tourists fell to their deaths. The US army wasted no time to ship these airmen home. They were eventually tried in a US court (NATO agreements made this the appropriate court) and acquitted on the basis that the plane altimeter was malfunctioning and so the pilot wasn't aware he was flying at 300ft as opposed to the allowed minimum of 2000ft... http://en.wikipedia.org/wiki/Cavalese_cable_car_disaster_%281998%29 According to this page the pilot eventually got ratted out by his navigator, found guilty of obstruction of justice (deliberate destruction of onboard video footage) and served 4.5 months of his 6 month sentence. Both were kicked out of the army. So here there was a treaty of sorts in play, jurisdiction was determined, a trial happened and eventually someone even got 2 weeks for each tourist he killed (yay justice). Another thing would be the Roman Polanski child rape thing that made the guy move to France. He's polish, committed a crime in the US against a US citizen, pled guilty as part of a plea bargain, found out he'd have to do time and then be deported, didn't like those prospects and thus fled to France. Because Polanski had naturalized to become a french citizen and France, under their extradition agreement with the US, can refuse to extradite a citizen and chose to invoke this right the guy remains free to this very day. Hrmm.... Well, anyways, still don't. It's the smarter move to make. Edited February 16, 2015 by Cooper Quote Link to comment Share on other sites More sharing options...
overwraith Posted February 16, 2015 Share Posted February 16, 2015 (edited) In that case you would be charged and prosecuted, is it hosted in the US? (whois) C:\Users\username\Desktop\WhoIs>whois.exe http://www.aliexpress.com Whois v1.11 - Domain information lookup utility Sysinternals - www.sysinternals.com Copyright (C) 2005-2012 Mark Russinovich Connecting to COM.whois-servers.net... Connecting to whois.markmonitor.com... Domain ID: 413519034_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2014-10-28T12:38:28-0700 Creation Date: 2006-04-16T11:16:46-0700 Registrar Registration Expiration Date: 2016-04-16T11:16:46-0700 Registrar: MarkMonitor, Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdatePro hibited) Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransfe rProhibited) Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeletePro hibited) Registry Registrant ID: Registrant Name: Timothy Alexander Steinert Registrant Organization: Hangzhou Alibaba Advertising Co., Ltd.(µ¥¡σ╖₧Θÿ┐Θçîσ╖┤σ ╖┤σ╣┐σæèµ£ëΘÖÉσà¼σÅ╕) Registrant Street: No. 699 Wangshang Road , Binjiang District Registrant City: Hangzhou Registrant State/Province: Zhejiang Registrant Postal Code: 310052 Registrant Country: CN Registrant Phone: +852.22155100 Registrant Phone Ext: Registrant Fax: +852.22155200 Registrant Fax Ext: Registrant Email: dnsadmin@hk.alibaba-inc.com Registry Admin ID: Admin Name: Timothy Alexander Steinert Admin Organization: Hangzhou Alibaba Advertising Co., Ltd.(µ¥¡σ╖₧Θÿ┐Θçîσ╖┤σ╖┤σ╣┐ σæèµ£ëΘÖÉσà¼σÅ╕) Admin Street: No. 699 Wangshang Road , Binjiang District Admin City: Hangzhou Admin State/Province: Zhejiang Admin Postal Code: 310052 Admin Country: CN Admin Phone: +852.22155100 Admin Phone Ext: Admin Fax: +852.22155200 Admin Fax Ext: Admin Email: dnsadmin@hk.alibaba-inc.com Registry Tech ID: Tech Name: Timothy Alexander Steinert Tech Organization: Hangzhou Alibaba Advertising Co., Ltd.(µ¥¡σ╖₧Θÿ┐Θçîσ╖┤σ╖┤σ╣┐σ æèµ£ëΘÖÉσà¼σÅ╕) Tech Street: No. 699 Wangshang Road , Binjiang District Tech City: Hangzhou Tech State/Province: Zhejiang Tech Postal Code: 310052 Tech Country: CN Tech Phone: +852.22155100 Tech Phone Ext: Tech Fax: +852.22155200 Tech Fax Ext: Tech Email: dnsadmin@hk.alibaba-inc.com Name Server: ns8.alibabaonline.com Name Server: nsp.alibabaonline.com Name Server: nsp2.alibabaonline.com Name Server: nshz.alibabaonline.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2015-02-16T12:25:20-0800 <<< The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. MarkMonitor.com does not guarante e its accuracy. By submitting a WHOIS query, you agree that you will use this Dat a only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to MarkMonitor.com (or its systems). MarkMonitor.com reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. MarkMonitor is the Global Leader in Online Brand Protection. MarkMonitor Domain Management(TM) MarkMonitor Brand Protection(TM) MarkMonitor AntiPiracy(TM) MarkMonitor AntiFraud(TM) Professional and Managed Services Visit MarkMonitor at http://www.markmonitor.com Contact us at +1.8007459229 In Europe, at +44.02032062220 C:\Users\username\Desktop\WhoIs> It does look like there is some kind of European presence, I see at the very end an "In Europe" something or another. Most of the rest of it looks fairly Chinese in origin however. But you're right it would probably be a bad idea to DoS this one. C:\Users\username\Desktop\WhoIs>whois http://www.markmonitor.com Whois v1.11 - Domain information lookup utility Sysinternals - www.sysinternals.com Copyright (C) 2005-2012 Mark Russinovich Connecting to COM.whois-servers.net... Connecting to COM.whois-servers.net... Connecting to whois.markmonitor.com... Domain ID: 5604337_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2014-10-28T12:38:28-0700 Creation Date: 1999-04-23T00:00:00-0700 Registrar Registration Expiration Date: 2015-04-22T21:00:00-0700 Registrar: MarkMonitor, Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdatePro hibited) Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransfe rProhibited) Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeletePro hibited) Registry Registrant ID: Registrant Name: MarkMonitor Inc. Registrant Organization: MarkMonitor Inc. Registrant Street: 391 N Ancestor Pl, Registrant City: Boise Registrant State/Province: ID Registrant Postal Code: 83704 Registrant Country: US Registrant Phone: +1.8003377520 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: custserv@markmonitor.com Registry Admin ID: Admin Name: MarkMonitor Inc. Admin Organization: MarkMonitor Inc. Admin Street: 391 N Ancestor Pl, Admin City: Boise Admin State/Province: ID Admin Postal Code: 83704 Admin Country: US Admin Phone: +1.8003377520 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: custserv@markmonitor.com Registry Tech ID: Tech Name: MarkMonitor Inc. Tech Organization: MarkMonitor Inc. Tech Street: 391 N Ancestor Pl, Tech City: Boise Tech State/Province: ID Tech Postal Code: 83704 Tech Country: US Tech Phone: +1.8003377520 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: custserv@markmonitor.com Name Server: ns7.markmonitor.com Name Server: ns3.markmonitor.com Name Server: ns6.markmonitor.com Name Server: ns5.markmonitor.com Name Server: ns1.markmonitor.com Name Server: ns4.markmonitor.com Name Server: ns2.markmonitor.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2015-02-16T12:35:31-0800 <<< The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. MarkMonitor.com does not guarante e its accuracy. By submitting a WHOIS query, you agree that you will use this Dat a only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to MarkMonitor.com (or its systems). MarkMonitor.com reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. MarkMonitor is the Global Leader in Online Brand Protection. MarkMonitor Domain Management(TM) MarkMonitor Brand Protection(TM) MarkMonitor AntiPiracy(TM) MarkMonitor AntiFraud(TM) Professional and Managed Services Visit MarkMonitor at http://www.markmonitor.com Contact us at +1.8007459229 In Europe, at +44.02032062220 C:\Users\username\Desktop\WhoIs> Looks like markmonitor is based in Boise, so US. Like I said I am not going to try, someone wanted to know however, so it's up to us to give reasons for why we think the feds would or would not prosecute. I think that this particular conglomerate does have US affiliations, therefore it would not be a good idea to do so, we have reached a verdict. Edited February 16, 2015 by overwraith Quote Link to comment Share on other sites More sharing options...
fugu Posted February 16, 2015 Share Posted February 16, 2015 regardless, the hardware it 99% likely to be trojaned and damaging, I just feel bad for the people who mistakenly buy it instead of from the hakshop. Quote Link to comment Share on other sites More sharing options...
overwraith Posted February 16, 2015 Share Posted February 16, 2015 regardless, the hardware it 99% likely to be trojaned and damaging, I just feel bad for the people who mistakenly buy it instead of from the hakshop. Send one to an AV company, I'm sure they would love to play with it. They do that whole debugging and black box forensics all the time. Quote Link to comment Share on other sites More sharing options...
cooper Posted February 16, 2015 Share Posted February 16, 2015 My final note on the DDOSsing of the server would be that you should keep in mind that you're effectively talking about attacking something like eBay over what 1 seller is peddling there. I genuinely expect Alibaba to contact the seller to prove their merchandise is valid in the face of a formal complaint. I once had ordered something from a seller and roughly 1.5 weeks after ordering I was told my order was on hold pending proof of shipment from the vendor. Another week later I received notice that my order was being refunded and this seller was kicked off their site. I didn't have my plaything but at least I was made whole and I honestly suspect the vendor was in a rather less pleasant situation. Quote Link to comment Share on other sites More sharing options...
fugu Posted February 16, 2015 Share Posted February 16, 2015 I genuinely expect Alibaba to contact the seller to prove their merchandise is valid in the face of a formal complaint.I missed the part where it said the name of the website from the OP. I, too, would also think Alibaba would not want to risk their reputation by selling fraud goods. I was thinking this was some crappy Chinese website with no traffic and nothing in English except maybe hak5 and pineapple. Quote Link to comment Share on other sites More sharing options...
overwraith Posted February 16, 2015 Share Posted February 16, 2015 Honestly though they had a good idea putting a battery in it. Quote Link to comment Share on other sites More sharing options...
cheeto Posted February 16, 2015 Author Share Posted February 16, 2015 Also, I think they have an integrated 3G modem hooked up too. Nice idea. Perhaps something to consider for future versions. Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted February 16, 2015 Share Posted February 16, 2015 Let's please not entertain any sort of vigilante action, DDOS included. Alibaba is a large and well respected company in China with a reputation for upholding intellectual property rights. I don't know the specifics of their laws, but I assume something like safe harbor may apply. We've been aware of this for a few weeks. Unfortunately it has taken some time to get our IPR paperwork sorted. We've finally been verified by Alibaba as the original rights holder and are pending take-down requests. Battery wise, they can get away with putting one in it more easily because they don't even have to attempt passing any sort of regulations. We jump through some major hoops to keep things on the up-and-up. 3G wise they just mean it has a USB port. We've had interesting dealings with IPR in the past. Search Apple Inc v Hak5 LLC even... If we can make it through getting sued by Apple, surely we can best a counterfeit knockoff. If I haven't said this recently - know that from the bottom of our hearts Seb and Sara and Shannon and Paul and myself love you all deeply for giving us the freedom to live our dreams making cool stuff. Stay tuned for some ridiculously cool new and innovating stuff from us (no hints, but not Pineapple related). Thanks! Quote Link to comment Share on other sites More sharing options...
cooper Posted February 17, 2015 Share Posted February 17, 2015 (edited) Got this email this morning: [...]We refer to your recent report about suspicious product listing(s).Please be informed that we have removed the reported listing(s) in accordance with our Product Listing Policy / relevant policy.Thank you for your kind attention to our platform, and we appreciate your information greatly![...] Interesting supplemental:The product doesn't appear anymore when you search for "Wifi Pineapple" but the link to the product page still produces working display of the product, including options for purchasing one... Maybe they'll fix that after the Chinese New Year celebration ends at the end of the month. Edited February 17, 2015 by Cooper Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.