3G dongles and customer names

[overwraith]

So you have all probably heard about this raspberry pi craze that has been going around, how people are making all sorts of intrusive devices that utilize raspberry pi's. My Question is in order to get a raspberry pi connected to the internet in order to do nefarious things doesn't the raspberry pi have to have some sort of 3g dongle? And if it does wouldn't the phone companies be able to connect the user's name to that particular device because they have a "contract" with the phone company? If I wanted to make a raspberry pi that recorded audio like a cold war bug, and it was found wouldn't my evil network be made as soon as the phone company queried it's database? I read somewhere that the user only looses about 35 dollars for every pi that gets discovered, but I just don't see them getting away with it if it has to connect to the phone company's network. I did a google search, and apparently somebody made a lamp which tweets private conversations.

There's another thing, does the raspberry pi foundation map the mac's of which devices it sells in which transactions?

Edited April 29, 2015 by overwraith

[digip]

Many questions there but your main one on 3G and connecting to the internet, I'm not sure if you are confusing the Pi with another device you may be thinking of, but the Raspberry Pi is just a small ARM computer in the size of your wallet, that can do the same things(relatively speaking) as any other computer, from wireless and ethernet connections to your network, to connecting over 3G USB devices(which you plug into the USB port like you would any computer - not exclusive to the Pi). They can be used for running as a small desktop OS, file server, Linux web server or whatever you can think to put on them for the ARM architecture to run doing whatever you can make it do.

3G is just another means of connecting to the internet over your cellular data plan, such as a mifi or other cellular modem, phone as a hotspot, etc, but it's not something built into the Raspberry Pi(at least none that I've heard of).

This is their site though if you want to know more about them: https://www.raspberrypi.org/products/

I'm wondering if you are thinking of Arduino boards that you can program to do various other things though and build onto with hardware you buy as accessories and program them yourself - https://www.google.com/search?num=50&newwindow=1&q=arduino+projects&oq=arduino&gs_l=serp.1.0.0i71l8.0.0.0.2255.0.0.0.0.0.0.0.0..0.0.msedr...0...1c..64.serp..0.0.0.x3FxkEgJekY

[overwraith]

There are 3g modems supported by the raspberry pi. There are also a lot of projects associated with these little devices.

http://elinux.org/RPi_VerifiedPeripherals

Ok, so wired has a lamp hack article for the raspberry pi, but I have been having hit and miss connections to it, so might want to do some verification of the link (AV verification).

http://www.wired.com/2014/04/coversnitch-eavesdropping-lightbulb/

Don't know exactly how they got the raspberry pi to do audio, but I think it probably had something to do with a usb sound card. Sorry for not being more clear on the peripherals.

Edited April 29, 2015 by overwraith

[digip]

There are 3g modems supported by the raspberry pi.

I'm still not sure what your point is here, but yes, they can use 3G.

Again. The Pi, is just another computer, but in a small form factor. They have support for HD video, sound, USB, internet, HDD's, etc.

I'm not sure what it is you are asking though. Leave the Pi out for a second, and can a provider track their cellular modems, yes. Do they know who is using them, unless not stolen, then for the most part, yes, since you pay for the use of them. This has nothing to do with the Pi though, they aren't exclusive to the Pi.

[digininja]

If you wanted the Pi to collect audio then you could just connect a USB microphone and then enable that. Easiest thing would be to have it record to a local file then have that copied off the device periodically either over 3G or some other mechanism.

[overwraith]

The question isn't so much can the pi do it, I am sure you can plug one of these 3g modems into it, and have a program which sends the recorded audio to another computer. The question is can't the cellular provider connect your name to your modem if you get discovered? They have a contract with you, don't they acquire your name in the process, and other such data? Not tracking the modem, but connecting you to your modem (the one in the raspberry pi)? What data do they collect during the contract process?

Edited April 29, 2015 by overwraith

[digininja]

The contract process can change from provider to provider but even a basic contract will require a name and address. If it is one that requires monthly payments then they will also have some kind of banking information for you.

Best way to find out is to go into a store, say you are thinking of getting one of their devices and ask what information they require, they will be able to tell you much more than we can.

[overwraith]

Ok, I might have to do that. I am just curious about how people think they can possibly get away with planting bugs and things with raspberry pi's when the phone provider probably has some kind of information about the customers. I suppose one could provide false information, but I would think that would be somewhat prone to error, where the phone provider would get tipped off somehow.

[digininja]

If you are planning on doing this to plant a bug then you wouldn't do it with a raspberry pi and 3G dongle you'd buy a propper bugging device. The reason for using a Pi is to give PC capabilities within the target. If you are doing it legitimately then it doesn't matter who owns the dongle as you have a contract, if you are doing it illegally then you steal the dongle so it has no ties to you.

Also, if an illegally planted device gets found planted in a company then they would have to report it to the police, they would then have to care enough to put some effort into investigating it and then be able to get a warrent to get the owner's information from the telco. A lot of effort isn't likely to be put in.

[overwraith]

It's just hypothetical don't worry. If I do it, it will be only to myself for fun. Also, I would never consider giving the teleco false information and getting caught for it. That would be dumb.

Edited April 29, 2015 by overwraith

[digininja]

I'm sure it is but don't forget, if someone is going to do something illegal then they can do illegal acts to set it up. If you are planning to shoot someone and buy and register the gun in your name then you deserve to get caught. If you are planning to illegally plant a device in a company office then you don't buy and register any part of it to yourself.

[overwraith]

Wait, so there are actually proper bugging devices? I didn't think anybody actually sold those.

[digininja]

http://lmgtfy.com/?q=bugging+devices

[overwraith]

I think we have taken a detour to George Orwell's 1984....

[digininja]

You are fairly new to the whole hacking scene aren't you? This stuff has been around and on sale for years. Get yourself to DC and go visit the National Spy Museum.

[overwraith]

A little bit new, yes. I am actually pretty good at programming, the hacking bit is more of a hobby. I took some information security classes, so I do occasionally wonder how the pen tester's etc do things.

I actually coded several ducky payloads (no asm), but that is really more batch programming than hacking.

Edited April 29, 2015 by overwraith

[barry99705]

Pretty sure there's still a spy gadget store in Chicago.

[overwraith]

Come to think of it I think there used to be a spy shop around where I live. Pretty sure it's not there any more though.

Shannon ought to do a build your own bug segment, I guarantee loads of people would watch it. Was thinking about buying the books for hardware related development, but that would be a lot of learning in addition to the stuff I am going to have to do for work.

Edited April 30, 2015 by overwraith

[cooper]

Sounds like a cool idea. Plus the Arduino platform is much better suited for this sort of thing, being low-power, small and cheap and all.

[metatron]

rPi is fairly small, they can be fitted into a power strip/extension lead fairly easily, also their thin enough and produce fairly little heat.

The "spying" devices you normally get from stores are quite expensive. You can always log files locally and set it up as an AP with a name like Mikes iPhone, so you can just log in remotely and manage the files from outside the building.

Range isn't too bad, but the pro stuff will use the power lines in the building as an antenna.

[Mampt0n]

Another point on your original post, I think anyone would struggle to get the information from a Telco unless law enforcement were the ones who found the bug and it had proper chain of custody, criminal investigation etc.

Otherwise it would just be an irate IT manager demanding private customer info from a Telco based only his say so that it was related to illegal hacking. If the Telco distributed that info without a court order or police involvement, you could sue them blind!

[Xcellerator]

I don't know how it works in other countries, but here in the UK, you can get a 3G/4G sim over the counter without even registering it in the shop. Besides that, there are loads of "student telcos" that let you sign up for a pay as you go sim online. Its just a name/address form and they send you the sim in the post. Anonymous internet really isn't too hard if you know where to look. (forgetting about triangulation techniques, etc)

Edited May 5, 2015 by Xcellerator

[digininja]

Anonymous internet really isn't too hard if you know where to look. (forgetting about triangulation techniques, etc)

I call bullshit on that, anonymous internet is extremely hard and goes way beyond connecting to the internet from an IP that isn't easily traced back to you. Think browser cookies, social media and mail accounts and all sorts of other things you do once you are actually online.

[cooper]

Very true. Bottom line is there's a break-even point between how hard you're trying to stay hidden and how hard 'they' are trying to find you. Piss off enough people to a sufficiently high degree and you're fucked.

The problem with staying anonymous is YOU. You need to not only hide your IP for the hidden version of you, this hidden version of you must have *ZERO* links back to the real you and the real you must have *ZERO* links to the hidden you. You don't browse the same websites, you don't use the same hardware, you don't move money between the two, you can't make purchases as the real you for the hidden you, purchases for the hidden you can't show up at the doorstep of the real you or the real you's work, in conversation you never mention the other you. If you get a nice bonus at work, the hidden you cannot mention that you've had a bit of a windfall. If the hidden you managed to acquire a significant amount of money, the real you can't use it to pay that dental bill or the car repair. As with everything in security, the bad guys (in this case being Big Brother) only need you to slip up *once*. So unless you're infallible and all the tools you use are equally infallible, eventually you WILL get found.

Doing this is *HARD*! If you've got a family, I'd say it's pretty much impossible as at least your significant other will notice something's up and if you're really unlucky accuse you of cheating - good luck talking your way out of that one Moriarty.

[digininja]

Look at Sabu, one mess up where he accidentially linked logged into a IRC channel from a traceable IP or something similar got him caught. Regardless of what you think about what he was doing, he was smart and knew how to hide himself and he failed.