For today’s hot seat in the Infosec Institute interview series, we have a known wireless security geek: none other than Douglas Berdeaux, a.k.a Trevelyn. He is the founder of Weaknet Laboratories and the lead developer of known open-source security projects and tools like WEAKERTHAN Linux, WiFiCake-NG, WardriveSQL, GPS-Parser-ng, WPA Phishing Attack for EAP Phishing, SSWR (Scripted Security for Wireless Routers), Catchme-NG, Perlwd (Perl UNiX MD5 HASH Cracking application), and many more. Because of his contributions to wireless hacking and information security, he is also listed in the SOLDIERX HDB.
Now, let’s hear it from Douglas!
How did WeakNet Laboratories started? Can you share to us the main goal or the mission and vision of Weaknet Laboratories?
The idea for WeakNet Labs was founded a little late. I didn’t start using the name until about January of 2007, when I actually had a full lab since about 2003. It didn’t have a name back then and consisted of a bunch of computers that I pulled from the side of the road on garbage night in my urban neighborhood. They were an eye-sore that crowded the hell out my living room, to say the least, but they also gave me spiritual momentum.
I wanted to learn about TCP/IP, that’s originally why I garbage-picked the systems. I gave my old IRC friends all shells and taught them how to hack my wifi routers and my neighbors’wifi if they wanted to from the systems. It was well before any InfoSec lab like it existed, as far as I know, and anyone I trusted had free reign to hack anything within the server room. When I later moved into a bigger house and had enough room to have my own space, I made the lab official.
I never really had a solid mission, I guess. As far as hacking goes, I never stuck with a color of hat and tried to teach as much as possible. I had very little money and cherished knowledge above all. With that said: my vision is to continue teaching, supporting, and for all of us to feed from each other’s resources. WeakNet Labs is special in that it never had permanent members, except me. People came and went over the years and we were business partners that, most of the time, never met, never made money (from WeakNet or the name WeakNet), and barely kept in touch. We were each other’s professional references, technical support – you name it, we fixed or coded it at some point.
I remember teaching people Algebra, Calculus 1, how to hack their school computers, how to bypass passwords their families had set, how to install Linux alongside of Windows, and even how to beat certain video games on our IRC channel. Once I started programming, around 2004-ish, I was able to give help and get help with my code from people all around the world that were also learning. From this symbiosis-like system, WeakNet Labs thrived for years and I owe a lot to all of those who helped me over the years.
I noticed that most of the tools you made are focused on wireless penetration testing, how did you fell in love with wireless penetration testing and security?
Well, this is an easy one. I had already seen Freedom Downtime when it became available on DVD and several movies about hackers and hacking tutorial videos from abroad online. But it wasn’t until I saw that first Aircrack demo video from Christophe Devine (that I just call the “moskau! moskau!” video) that I fell in love with both security and WiFi. That video landed directly on my heart and soul. WHAX! was awesome and Christophe’s work has inspired me even up to today. WiFi is everywhere;in 2005, it was an open door into our homes and businesses. One could be a ghost, so to speak, and enter your network from the comfort of their car, or with a directional antenna – from their home.
What do you think are the chronic threats in wireless devices?
Encryption flaws andthe Protocol flaws. The Protocol flaws make solid encryptions vulnerable and vise-versa. The protocol flaws that open denial of service holes. In fact, since wireless devices share the air as a medium, even noisy air is a threat to a solid network and its devices. Also, never forget there’s always the human factor and physical security that will be “chromic” as we don’t really have a cure for that still – no matter how hard corporations try ;)
What makes WEAKERTH4N Blue Ghost and WEAKERTHAN Linux unique and different from other Linux penetration testing distributions?
Well. WEAKERTH4N wasn’t actually supposed to be released to the public. It was just a live disk that I wanted to use on my systems in the lab so that when they were (sometimes very messy) hacked, I could just reboot them and have all of my network settings start up and scripts ready to go.
Now, it is simply an architected system from which I can release all of my software, including my own compiled kernels, at once. Being on a live disk, my users don’t have to worry about dependencies or anything like that. I am not trying to compete for anything really.
You have a lot of cool projects that you have shared in your website for free, what do you think is the most special software you created? Why? Can you tell us more about this tool?
Our published book “RAIDING THE WIRELESS EMPIRE” will always be my favorite project. As far as code goes: I’d have to say the WARCARRIER application is my new favorite code project. WARCARRIER is a curses based application that reads GPS, Bluetooth, and WiFi and makes specialized reports of all of them using the Google Maps API. It’s my favorite because I feel like it’s a milestone for me. I have always wanted a better Wardriving application that was curses-based and read from all three different types of radios at my disposal. I created Object-Oriented Perl modules to interface with GPSd, the output from Airodump-NG, Bluetooth devices and even to create code for the Google Maps API. Essentially, I began creating a fast, reusable code base for Wardriving.
How did you get started with penetration testing?
The lab itself. Having that was blessing – and I made it from other people’s wasted technology ;)
In your free time, what do you usually do aside from coding?
Play video games, make music, and drive a lot.
So what project are you currently developing right now?
Well, when I was asked to be interviewed, I decided to debut my latest project with you; WARCARRIER OS. This is a Wireless Professionals live disk. Here are the very first publicly available screen shots. I created scripts to display on-screen stats for WiFi, Bluetooth and GPS – just like the curses WARDRIVING application. I have patched and tested the Linux 3.7.10 Kernel with AUFS3.7, compacted custom CUDA 5.0 libraries, CUDA enabled cracking software, NVIDIA 310.x drivers, Radeon, Intel GPU drivers, bleeding edge compat-drivers and kernel compiled wireless drivers, smarter driver loading for different system configurations, my own ACPI scripts and key bindings for mostly all laptops, including support for Apple users, gcc 4.9, GPSd 3.2, mostly all of the latest wireless hacking tools and exploits (each one compiled and tested), spectrum analyzer support for 802.11, and loads of wireless administration and analysis software.
This project has been my dream for years. I wanted to bring together GPS, WiFi, Bluetooth, wireless (not just WiFi) hacking and, most importantly, wireless administration into one obsessive, finely tuned, polished and neatly packaged disk that is moderate in size.
Any final words for our readers out there? Do you like to share something?
Yes. Everything in Linux is a file. Master regular expressions, awk, sed and grep (and Perl), and you will master Linux. And when you’re done hacking the planet, hack the sky!