Activist pulls off clever Wi-Fi honeypot to protest surveillance state
“All traffic that occurred via our wireless network has been logged.”
By Cyrus Farivar
Jan 14 2015
The chairman of the youth wing of the Swedish Pirate Party successfully fooled attendees at a major Swedish security and defense conference into connecting to an open Wi-Fi network that he controlled—as a way to protest mass digital surveillance.
According to The Local, an English-language newspaper in Sweden, Gustav Nipe watched earlier this week as around 100 politicians, military officers and journalists logged into a network called “Open Guest” and proceeded to search for various non-work-related things including “forest hikes” and monitor eBay auctions.
Previously Nipe was involved in the Pirate Party’s efforts to create its own ISPin 2010, and founded the Church of Kopimism, which was formally recognized by Swedish tax authorities in 2011.
All traffic that occurred via our wireless network has been logged. By having access to the logs of Internet activity, we can among other things, see what websites have been visited.
The metadata analysis allows us to draw conclusions about who used our network. To go into general and frequently visited websites [such as Swedish newspaper] aftonbladet.se does not say much about the user in question, but if the person then additionally connects to [a government mail server X] and [then is looking at] websites about City Y—the number of candidates shrinks rapidly to a few possible.
That we can identify government officials, journalists and politicians with the help of a wireless network and their less thoughtful use of online services demonstrates the tremendous power available in controlling the Internet.
The operation we have performed during the two conference days in Salen based on the same principle as the great spy organizations such as the US NSA and the Swedish FRA uses. The difference is that they sign a year round operation, and to a much greater extent. They also have access to more advanced technology—the privacy intrusion is [still] enormous.
The FRA, the Swedish acronym for the National Defence Radio Establishment, is the Swedish equivalent of the National Security Agency (NSA) in the United States.
Last year, the European Court of Justice invalidated a directive that required ISPs and telecom firms to retain all kinds of telephone and Internet metadata for at least six months and provide it to law enforcement upon request. That directive had been in place for eight years.
In written testimony to the European Parliament in March 2014, former NSA contractor Edward Snowden called the intelligence-sharing regime a “European bazaar,” where individual European countries make separate deals with the NSA that ultimately are self-defeating. He said that these agreements, with unenforceable restrictions, allow American spies to tap, say, German fiber on the condition that it doesn’t conduct searches on Germans, and it will broker a similar deal in Denmark, for instance.
“Yet the two tapping sites may be two points on the same cable, so the NSA simply captures the communications of the German citizens as they transit Denmark and the Danish citizens as they transit Germany, all the while considering it entirely in accordance with their agreements,” he wrote. “Ultimately, each EU national government’s spy services are independently hawking domestic accesses to the NSA, GCHQ, FRA, and the like without having any awareness of how their individual contribution is enabling the greater patchwork of mass surveillance against ordinary citizens as a whole.”
Nipe, chairman of the Young Pirates, did not immediately respond to Ars’ request for comment.
Still, he concluded his statement to Swedish media by observing the “good news that through our reconnaissance we could not find any preparation for terrorist activities.”