Forget the NSA – the real threat to your digital privacy may soon be the kid who lives across the street, or even your real big brother.
This new breed of DIY mass surveillance comes courtesy of security researcher Brendan O’Connor, who plans to unveil his latest dastardly creation, the Creepy Distributed Object Locator, or CreepyDOL, at the DefCon hacker conference, which kicks off in Las Vegas on August 1.
Compact and unassuming, the CreepyDOL box is capable of covertly scooping up various personal details from nearby cell phones, tablets, or laptops. That personal data, which can include name, email address, and sometimes even photos, is then sent back to a remote database controlled by the CreepyDOL owner. A user must simply plug in the CreepyDOL box into an outlet where it has access to public Wi-Fi. Any device that connects to the Wi-Fi is secretly intercepted by the CreepyDOL.
CreepyDOL is only the latest spy computer from O’Connor, who runs security consultancy firm Malice Afterthought. O’Connor unveiled a different version, dubbed the F-BOMB (a.k.a. Falling or Ballistically-launched Object that Makes Backdoors), at the Shmoocon hacker conference in January 2012.
“With these F-BOMBs, I can gain creepy identity information pretty easily and passively,” O’Connor tells Forbes. “I can track people over whole areas of a city just by tracking watching their wireless devices as they wander around.”
The CreepyDOL consists of various spy nodes, which are made from Raspberry Pi mini-computers, and runs on Linux. The system O’Connor plans to show off at DefCon contains ten spy nodes. Aspiring creeps will reportedly be able to buy the device for less than $60.
O’Connor designed the CreepyDOL to be left around a city or town, in public spaces. Because of this, the device includes a variety of security features, including Tor anonymity software to hide the location of the central database and robust encryption of collected data, to help prevent anyone who finds it from figuring who planted the box.
As nefarious as it all sounds, O’Connor says one of his motivations for building CreepyDOL is to “prove that this level of knowledge and detail isn’t only the province of intelligence agencies anymore.”
“If you think that only the government, with millions and billions to blow on watching someone can create this problem for privacy, then we’re not going to solve it,” he says.
O’Connor also believes that collecting this personal data, which he plans to visualize, will help average people understand how much information their devices leak.
“If every person on the planet can use this surveillance technology, I think we should start to design things not to leak information at every level,” he says. “You leave behind a trail that can be tracked not just by the NSA or a law enforcement agency, but by any kid in a basement with less than $500.”
Digital Trends will be on the ground at DefCon, so check back later this week for more from the hacker conference.
