Network Surveillance Apparatus Team WiFiSpi Aaron Collier, Scott Matheson, Steven Tran-Giang

Agenda  Background  Motivation  Accomplishments  Challenges  Recommendations  Proposed Budget  Actual Budget  Acknowledgements  Conclusion  References  Q/A

Background  A cheap and easy way to monitor a suspicious network  Minimal Footprint  The network will be monitored with a microcomputer  Increase in Wireless throughout the city

Motivation  Initial idea for the NSA was formed by Scott Matheson  Wanted to create a way to be able to monitor traffic without being hardwired  Originally more of a black hat idea  Pushed towards white hat by Aaron Collier

Accomplishments  A working Network Surveillance Apparatus that is capable executing a successful man in the middle attack with the ability to intercept and log packets.  An FTP/Snort Server capable of pulling and deleting captures from the NSA, and then filtering out packets based on rulesets.  A better understanding of how easy it is to intercept packets wirelessly

Challenges  The Hummingboard was incompatible with PwnPie and Kali  The USB wireless had new chipset drivers released with many issues and with the kernel support for the board was unable to use older versions of the driver  Under our suspicion either SAIT’s network policy or a rogue DNS server caused issues with our DNS configuration  Simplistic network bridging tools had been depreciated causing us to find alternative means to bridge and NAT the device’s network

Technical Recommendations  Use a microcomputer that you know is compatible with the OS you wish to use  Make sure the chipsets of all tools are compatible and fully supported  Know the security policies of the network you are on  Verify hardware driver support

Team Recommendations  Start project ASAP, or you will fall behind very quickly  Account for last minute changes and emergencies in your Gantt chart.  Document, document, document  If you come up with your own project be prepared for a lot of self- guidance.  Know that anything the can go wrong will go wrong

Proposed Budget Item Cost HummingBoard-i2ex $110.00USD HP ProLiant DL360P G8 $2,104.83CDN Computer(Hash Calculation System) ~$1,000CDN Wireless Network Interface Card ~$60CDN Contingency Funds $500CDN TOTAL~$3, Hardware Costs

Proposed Budget Cont. ItemHoursRateCost Aaron500$90/hr$45,000 Steven500$90/hr$45,000 Scott500$90/hr$45,000 TOTAL1500$135,000 Operating Costs

Actual Budget Item Cost HummingBoard-i2ex $110.00USD HP ProLiant DL360P G8 $2,104.83CDN Alfa Wireless USB Card $42.99 Wireless Network Interface Card ~$60CDN Contingency Funds $500CDN TOTAL~$2, Hardware Costs

Actual Budget Cont. ItemHoursRateCost Aaron104$90/hr$7,110 Steven104$90/hr$5,220 Scott104$90/hr$8,550 TOTAL312$90/hr$20,880 Operating Costs

Grand Total $23,697.82

Acknowledgements  Team WiFiSpi wishes to thank the individuals who provided invaluable knowledge and the assistance of our project:  Colin Chamberlain – Project sponsor, provided us with server hardware, monitors, keyboards, mice. As well as keeping us on track with the project over the last thirteen weeks.  Tim Williams – Help with TCP dumps and Snort  Dylan Saunders – Tunneling two connections  Jason Fisher – Miscellaneous hardware and access to soldering iron.

Acknowledgements  Arch Linux Community  Solid-Run Community  Aircrack-ng Community  William Parker – CentOS Snort Setup Guide  Linux Man Pages

Conclusion  Team WiFiSpi successfully created a prototype (NSA) that allows for the interception of packets wirelessly  Proof of concept for the filtering of packets through Snort  All of us have grown as IT Professionals

References  Photos taken by Steven Tran-Giang and Scott Matheson

QUESTIONS?