Brendan O'Connor is an unabashed hacker who has worked for DARPA and taught at the US military's cybersecurity school. CreepyDOL (Creepy Distributed Object Locator), his new personal tracking system, allows a user to track, locate, and break into an individual's smartphone. "For a few hundred dollars," he says, "I can track your every movement, activity, and interaction, until I find whatever it takes to blackmail you."

Privacy is becoming ever more difficult to insure in today's connected world. It is not clear whether it is governments or businesses that are more interested in your innermost secrets, but both have a pretty good handle on most of us. CreepyDOL and similar systems now threaten to make the ability to ferret out a person's private affairs available to anyone with the inclination and a few hundred dollars to spare.

CreepyDOL is a network of sensors that communicates with a data-processing server. The sensor network runs on boxes about the size of a small external hard drive, with each node containing a Raspberry Pi Model A, two Wi-Fi adapters, and a USB hub. Previously developed by O'Connor, these are called F-BOMBs (Falling/Ballistically-launched Object that Makes Backdoors) and are sufficiently rugged to be thrown, or even dropped from a UAV. Each F-BOMB costs just over US$50, giving a network of 10 a price of around $500.

The F-BOMBS run software that allows the nodes to communicate with each other, as well as look for Wi-Fi traffic within its detection range. The nodes look for various forms of data, including Dropbox and iMessage data, that can provide information about the user of the smartphone. Some data only reveals that a particular protocol is being used by a particular user, while others may leak a great deal of personal information, including names, pictures, and email addresses. To stay within the law, O'Connor tested CreepyDOL with software settings that made the sensor nodes blind to any but his own smartphones.

All the acquired information is reported back to the data processor, which analyzes, organizes, and stores the personal data. The system includes the ability to display people moving around the area covered by the sensor network in real time.

The impact of CreepyDOL is that it eliminates the idea of "blending into a crowd." If you're carrying a wireless device, CreepyDOL will see you, track your movements, and report home, even if you aren't using it.

O'Connor appears (mostly) to be wearing a white hat in this project. “At some level I’m doing this because it’s interesting, but I’m also doing it to prove that this level of knowledge and detail isn’t only the province of intelligence agencies anymore. If you think that only the government, with millions and billions to blow on watching someone can create this problem for privacy, then we’re not going to solve it.”

On the other hand, his security consultancy Malice Aforethought is selling F-BOMBS to the public. Will CreepyDOL emerge from the hacker underground? Time will tell.

Source: Malice Aforethought