[spectre] News about the the exhibition "Touch me" in Zagreb, Croatia

Darko Fritz fritz.d at chello.nl
Tue Sep 20 00:49:05 CEST 2005 

http://www.kontejner.org/priopcenje/

from bbc
http://nrd.picigin.net/app/backend/Spoof_9/news.bbc.co.uk/frames.html

  Printers made people mad

During the exhibition "Touch me" in Zagreb, Croatia, art group NRD Van 
broke into local insecure wireless networks. The group hijacked several 
users printers and fooled them into believing they became alive by 
printing information about their online habits. Two people suffered 
injuries as result of fearful reactions. In an exclusive interview with 
the artists...



... we tried to shed some light as to why there was so much 
manipulation with and abuse of animals, and in the end also people, in 
the "Touch Me" exhibition. The talk with the artists lead us also to 
check up on certain information with the T-Com, whose unprotected 
wireless networks were used by the NRD Van artists as their chosen 
medium of manipulation. But let start from the beginning:


What happened? What is your work about?

To do our work we have chosen completely uprotected wireless networks 
that the T-Com is installing around with such a hype. These networks 
provided us a good example for end user ignorance meeting corporate 
greed for profit.

There is a large number of them installed all around Zagreb and we have 
decided to tinker with that setting in order to start, in an 
entertaining way, a communication with users of particularly insecure 
networks.

Networks that particularly appealed to us were those where we could 
find printers that could be accessed once you were connected to their 
wireless network.

It needs to be noted that those are not simply networks that you can 
connect to and access Internet, but networks where the key network 
component "wireless router" was left without a password, so that we 
could do anything we please without owners of those wireless nodes ever 
noticing.

By using the router user name and T-Com's on-line telephone directory 
we could soon dig out the address and the first and last name of the 
account owner. The remaining data used in printing on remote printers 
were recorded by monitoring and rdirecting the network traffic our way.

With a little bit of knowledge about network technologies in such 
insecure networks in real time one can track in real time data such as 
address and content of a web page that user is visiting at the moment 
or text of an email message that user is receivig or sending at that 
moment...

How were you entering the "communication" with users?

After intercepting their private data, we would initially first print 
out on their printer: "Dear so and so, can you please check if I have 
enough paper? I was silent for so long that I would now like to print 
out entire novels..."..
After that we would wait for couple of minutes to send another message: 
"What do you mean who?! Me, your printer that has finally come to life, 
isn't that exciting :)"...
  ..After that we would most commonly relate the messages to the current 
stream of data that we would get if the person would start to search 
the web (and some of them immediately googled for the message) or to 
the data we had already before printing out the first messages.

For us this seemed as a amusing and interesting way to let people know 
that their communication infrastructure is fragile and that they should 
do something about it...

  Yet two people got hurt... One smashed his printer against the floor 
and injured his foot in the process, while the other jumped through the 
window freaked out by the printer that "came to life"?

When we speak of jumping through the window, we're not sure it can be 
said that it was our intent to make people do such things.

The genious radio experiment "War of the Worlds" that Orson Welles did 
in 1938 has proven that art can and, in a way, must question the limits 
of mediation through media.

In our talks with the injured and their families it was Orson Welles's 
example that people could grasp and accept as a key reference and 
acknowledgement that our work can indeed be called art.

Besides shocking them, you also made them learn something new, didn't 
you?

Learning through shock, manipulation and complex mediation are exactly 
the artistic forms and procedures that we find interesting and that we 
use in our work. Here we'd like to take a quote from Walter Benjamin 
who says: that a revolutionary author should overcome the constrains of 
dealing with product in order to bring about a transformation of "tools 
of production"., and that culture and art must contain a dialectical 
component too.

Such a statement in these post- times probably seems too doctrinary, 
but we think that the society lingers behind the modern condition 
established by communication technologies, and therefore to start 
catching up we need to resort to the old school ideas of K.Marx or 
W.Benjamin. ;)

What do you think what will the people whom you have scared, 
manipulated and, in the manipulated, injured think of such 
interpretations?

Those who got scared live in a state of permanent fear anyhow, while 
for those whom we have manipulated and we continue to manipulate we 
wish that the process of learning will start as soon as possible. To 
those who got hurt we apologized and promised to buy them a new 
printer, DVD release of "War of the Worlds" and a GNU/Linux LiveCD. We 
also configured their router, so they are secure now. And they typed in 
their own passwords ;)

... yet it was their accident that helped you get into the coverstories 
of CNN, BBC, ...

The whole media coverage in our case is a complete scam, that is pure 
unadulterated lie.

  You quoted the corporate greed as a reason that there is so many 
insecure networks in Zagreb?

We have quoted a combination of user ignorance, complete absence of 
will to learn anything related to computers _and_ corporate greed for 
profit as instrumental in generating such situations.

Ignorance and absence of will to learn new things became so deeply 
rooted through decades of tradition and culture of using computer and 
new technologies. Those who have contributed most to this situation are 
the two technological mega-corporation Microsoft and Apple. Their users 
are proud dummies.

In this particular case of our insecure wireless networks the T-Com 
knows all to well that leaving wireless nodes installed in users' 
appartments completely unprotected, even without a password for loging 
into and taking control over the node, leaves users at the mercy of 
anyone who commands basic knowledge of how networks function. The only 
reason for leaving nodes as they are is to reduce costs of maintenance 
and user support, and thus to increase profits. In this way the T-Com 
allows its users an easy log on onto the node, but users are not aware 
that this means also an easy log on for anyone in their vicinity.

You claim that leaving nodes without password is solely the 
responsibility of T-Com?
  Solely. The Telecommuncations Act, Article 105 clearly states: (1) 
Provider of public telecommunication services must undertake necessary 
technical and organizational steps in order to make secure own 
telecommuncation services, and together with the operator undertake the 
necessary steps to protect the security of telecommuncational network. 
Steps undertaken must ensure the level of security adequate to the 
level of danger for network security, provided that technical and 
technological solutions exists and costs of such steps are reasonable.
  (2) In case of a particular danger for telecommuncation network 
security, the provider of public telecommuncation services must notify 
users of its serevices of the existence of such danger. If the danger 
is beyond the reasonable steps the services provider must undertake, 
the services provider must notify users of its services of possible 
counter-measures to remove the danger and/or its consequences, 
including the notification of potential cost of such steps.
  (3) Provider of public telecommuncation services is required to 
delegate a person resposible for impelementation of steps from this 
article.


In the case of wireless networks, the T-Com is not implementing any 
level of security it is required to, and we still recall the dialer 
bills that it tried to push its users to pay. A low level of security 
means low maintenance costs, low costs of user care and often, as in 
the dialer case, just another chance to rip off the ignorant. When 
viewed against the background of a culture of ignorance promoted by 
leading actors of software industry, the existing condition can hardly 
be changed.

What could in your opinion change this existing condition?

GNU/Linux

More information about the SPECTRE mailing list