[spectre] News about the the exhibition "Touch me" in Zagreb, Croatia

martin pichlmair pi at attacksyour.net
Tue Sep 20 11:16:52 CEST 2005 

when i was in edinburgh last week it amazed me to see how few  
wireless networks up there are open. in fact, the only way of  
checking email would have been to buy an account at t-mobile (think  
it was 5 pound/hour) and sit in a starbucks cafe to read my mails. so  
much for the mega-corporations.
in contrast, the city of tallinn (the estonian state?) seemed to have  
equipped half of the city with free hotspots and here in vienna there  
is certain tradition of running open wireless networks in cafes. of  
course the access points themselves are usually password-protected.

so: what is this project about?

is it art as an attack on free networks and freedom in general?

don't they know that real evil crackers are not attracted without  
challenges?

one more story:
there is a shop near vienna that has no cashiers, and neither cash- 
desks. goods - mostly from farmers living in the village - are there  
in plenty; mostly sheep and goat products e.g. milk, meat and cheese.  
everything is price-tagged and the customer is ordered to drop the  
money into a box in the shop. now if i were one of the NRD Van i  
would presumably walk into that shop and exchange all price tags or  
do any other funny stuff to teach people about their (quote from  
below) "... combination of user ignorance, complete absence of will  
to learn ...", would i?

maybe i'm just a bit critical today and teaching people computer  
security is right by all means - even when enforcing behaviour  
through code (by encrypting and securing wireless networks without  
any need) ........
martin

ps: my wlan at home is open. use ssl to protect my proprietary laptop  
(from the "technological mega-corporation" that builds on bsd). i  
trust people not to misuse it and so long, no one did. would be happy  
if someone ever contacts me when i'm online at home.



On Sep 20, 2005, at 12:49 AM, Darko Fritz wrote:

>
> http://www.kontejner.org/priopcenje/
>
> from bbc
> http://nrd.picigin.net/app/backend/Spoof_9/news.bbc.co.uk/frames.html
>
>  Printers made people mad
>
> During the exhibition "Touch me" in Zagreb, Croatia, art group NRD  
> Van broke into local insecure wireless networks. The group hijacked  
> several users printers and fooled them into believing they became  
> alive by printing information about their online habits. Two people  
> suffered injuries as result of fearful reactions. In an exclusive  
> interview with the artists...
>
>
>
> ... we tried to shed some light as to why there was so much  
> manipulation with and abuse of animals, and in the end also people,  
> in the "Touch Me" exhibition. The talk with the artists lead us  
> also to check up on certain information with the T-Com, whose  
> unprotected wireless networks were used by the NRD Van artists as  
> their chosen medium of manipulation. But let start from the beginning:
>
>
> What happened? What is your work about?
>
> To do our work we have chosen completely uprotected wireless  
> networks that the T-Com is installing around with such a hype.  
> These networks provided us a good example for end user ignorance  
> meeting corporate greed for profit.
>
> There is a large number of them installed all around Zagreb and we  
> have decided to tinker with that setting in order to start, in an  
> entertaining way, a communication with users of particularly  
> insecure networks.
>
> Networks that particularly appealed to us were those where we could  
> find printers that could be accessed once you were connected to  
> their wireless network.
>
> It needs to be noted that those are not simply networks that you  
> can connect to and access Internet, but networks where the key  
> network component "wireless router" was left without a password, so  
> that we could do anything we please without owners of those  
> wireless nodes ever noticing.
>
> By using the router user name and T-Com's on-line telephone  
> directory we could soon dig out the address and the first and last  
> name of the account owner. The remaining data used in printing on  
> remote printers were recorded by monitoring and rdirecting the  
> network traffic our way.
>
> With a little bit of knowledge about network technologies in such  
> insecure networks in real time one can track in real time data such  
> as address and content of a web page that user is visiting at the  
> moment or text of an email message that user is receivig or sending  
> at that moment...
>
> How were you entering the "communication" with users?
>
> After intercepting their private data, we would initially first  
> print out on their printer: "Dear so and so, can you please check  
> if I have enough paper? I was silent for so long that I would now  
> like to print out entire novels..."..
> After that we would wait for couple of minutes to send another  
> message: "What do you mean who?! Me, your printer that has finally  
> come to life, isn't that exciting :)"...
>  ..After that we would most commonly relate the messages to the  
> current stream of data that we would get if the person would start  
> to search the web (and some of them immediately googled for the  
> message) or to the data we had already before printing out the  
> first messages.
>
> For us this seemed as a amusing and interesting way to let people  
> know that their communication infrastructure is fragile and that  
> they should do something about it...
>
>  Yet two people got hurt... One smashed his printer against the  
> floor and injured his foot in the process, while the other jumped  
> through the window freaked out by the printer that "came to life"?
>
> When we speak of jumping through the window, we're not sure it can  
> be said that it was our intent to make people do such things.
>
> The genious radio experiment "War of the Worlds" that Orson Welles  
> did in 1938 has proven that art can and, in a way, must question  
> the limits of mediation through media.
>
> In our talks with the injured and their families it was Orson  
> Welles's example that people could grasp and accept as a key  
> reference and acknowledgement that our work can indeed be called art.
>
> Besides shocking them, you also made them learn something new,  
> didn't you?
>
> Learning through shock, manipulation and complex mediation are  
> exactly the artistic forms and procedures that we find interesting  
> and that we use in our work. Here we'd like to take a quote from  
> Walter Benjamin who says: that a revolutionary author should  
> overcome the constrains of dealing with product in order to bring  
> about a transformation of "tools of production"., and that culture  
> and art must contain a dialectical component too.
>
> Such a statement in these post- times probably seems too  
> doctrinary, but we think that the society lingers behind the modern  
> condition established by communication technologies, and therefore  
> to start catching up we need to resort to the old school ideas of  
> K.Marx or W.Benjamin. ;)
>
> What do you think what will the people whom you have scared,  
> manipulated and, in the manipulated, injured think of such  
> interpretations?
>
> Those who got scared live in a state of permanent fear anyhow,  
> while for those whom we have manipulated and we continue to  
> manipulate we wish that the process of learning will start as soon  
> as possible. To those who got hurt we apologized and promised to  
> buy them a new printer, DVD release of "War of the Worlds" and a  
> GNU/Linux LiveCD. We also configured their router, so they are  
> secure now. And they typed in their own passwords ;)
>
> ... yet it was their accident that helped you get into the  
> coverstories of CNN, BBC, ...
>
> The whole media coverage in our case is a complete scam, that is  
> pure unadulterated lie.
>
>  You quoted the corporate greed as a reason that there is so many  
> insecure networks in Zagreb?
>
> We have quoted a combination of user ignorance, complete absence of  
> will to learn anything related to computers _and_ corporate greed  
> for profit as instrumental in generating such situations.
>
> Ignorance and absence of will to learn new things became so deeply  
> rooted through decades of tradition and culture of using computer  
> and new technologies. Those who have contributed most to this  
> situation are the two technological mega-corporation Microsoft and  
> Apple. Their users are proud dummies.
>
> In this particular case of our insecure wireless networks the T-Com  
> knows all to well that leaving wireless nodes installed in users'  
> appartments completely unprotected, even without a password for  
> loging into and taking control over the node, leaves users at the  
> mercy of anyone who commands basic knowledge of how networks  
> function. The only reason for leaving nodes as they are is to  
> reduce costs of maintenance and user support, and thus to increase  
> profits. In this way the T-Com allows its users an easy log on onto  
> the node, but users are not aware that this means also an easy log  
> on for anyone in their vicinity.
>
> You claim that leaving nodes without password is solely the  
> responsibility of T-Com?
>  Solely. The Telecommuncations Act, Article 105 clearly states: (1)  
> Provider of public telecommunication services must undertake  
> necessary technical and organizational steps in order to make  
> secure own telecommuncation services, and together with the  
> operator undertake the necessary steps to protect the security of  
> telecommuncational network. Steps undertaken must ensure the level  
> of security adequate to the level of danger for network security,  
> provided that technical and technological solutions exists and  
> costs of such steps are reasonable.
>  (2) In case of a particular danger for telecommuncation network  
> security, the provider of public telecommuncation services must  
> notify users of its serevices of the existence of such danger. If  
> the danger is beyond the reasonable steps the services provider  
> must undertake, the services provider must notify users of its  
> services of possible counter-measures to remove the danger and/or  
> its consequences, including the notification of potential cost of  
> such steps.
>  (3) Provider of public telecommuncation services is required to  
> delegate a person resposible for impelementation of steps from this  
> article.
>
>
> In the case of wireless networks, the T-Com is not implementing any  
> level of security it is required to, and we still recall the dialer  
> bills that it tried to push its users to pay. A low level of  
> security means low maintenance costs, low costs of user care and  
> often, as in the dialer case, just another chance to rip off the  
> ignorant. When viewed against the background of a culture of  
> ignorance promoted by leading actors of software industry, the  
> existing condition can hardly be changed.
>
> What could in your opinion change this existing condition?
>
> GNU/Linux
>
> ______________________________________________
> SPECTRE list for media culture in Deep Europe
> Info, archive and help:
> http://coredump.buug.de/cgi-bin/mailman/listinfo/spectre
>
>

More information about the SPECTRE mailing list