49

I live in a country with little freedom on the Internet (not as strict as in China, but some sites, particularly anti-government sites are inaccessible without a VPN). Recently the government just went collecting the Wi-Fi names of every house. I had to fill in my name, my address and my Wi-Fi name. I didn't have to to provide the password. Every house needed to fill in the survey. They refused to tell the reason.

My questions are:

  • Why would they do that?
  • If I can change my Wi-Fi name, or even the modem, whenever I want, then why would they do that? Should I do that right now?
  • To my knowledge*, once the password is passed, changing new password on the same modem won't help. However, I'm not sure that after they have gained the access on my modem, what can they do? Can they open the backdoor or something?


*I used to install Kali to break Wi-Fi passwords for fun, but unfortunately I didn't pass the first test of the tutorial. :( After I found out that all tutorials only give me a part of solution, I was lazy to try again.

Giacomo1968
  • 1,185
  • 5
  • 16
Ooker
  • 1,539
  • 1
  • 12
  • 17
  • 1
    Welcome on Security SE. Your question seems perfectly on topic to me on this site (I removed your little header mentioning this concern), just be sure to focus on a single specific topic when your write a question so they can be more easily answered (you will get more answers). Here you seem to address three different topics (why does the government do this? Is it sufficient to replace the WiFi password? What can be done by someone accessing my modem?), when in doubt prefer to ask them in three different questions. It is not me who downvoted you but chances are that this is the reason behind. – WhiteWinterWolf Dec 14 '15 at 14:13
  • 8
    Are you 100% sure this is from the government? It could be a third party hoping to use this information against you by means of a targeted MiTM attack or some other malicious goal. – Bacon Brad Dec 14 '15 at 18:37
  • 1
    I'm not sure that we are qualified to explain why an unnamed government would do something, or what that government might permit you to do with the SSID once they have it registered. – schroeder Dec 14 '15 at 18:39
  • @BradMetcalf quite sure. The survey paper had a signature of the chief police in my area. – Ooker Dec 14 '15 at 18:39
  • 6
    Have you considered changing the SSID after the authorities leave? It's not like they are collecting *immutable* information... – recursion.ninja Dec 14 '15 at 19:58
  • @recursion.ninja so what are they collecting? – Ooker Dec 14 '15 at 20:13
  • 5
    @ooker It is still possible this could be forged. After all many scams/attacks attempt to use legitimate information to appear legitimate themselves. I would verify with your local police to ensure this is in fact them and not a malicious third party. I am not saying it isn't your government attempting to collect this information but it sounds like a very suspicious thing to collect since they wouldn't have any issue subpoenaing your IP for a more detailed forensic analysis. – Bacon Brad Dec 14 '15 at 20:26
  • @BradMetcalf if this is a scam, then why would the attacker want to collect a bunch of SSIDs? They just need to randomly attack one, right? – Ooker Dec 14 '15 at 20:32
  • @Ooker, I would collect a whole bunch of them if I was a hacker/criminal. It gives me a higher chance of success. – Trevor Dec 15 '15 at 04:03
  • 5
    I wonder why the government would manually collect what could more easily be collected automatically (i.e. driving a Wi-Fi sniffer around the streets). – Craig McQueen Dec 15 '15 at 05:50
  • what government ?! – nsij22 Dec 15 '15 at 06:16
  • 1
    @CraigMcQueen but they won't know who owns which wifi? Or for an unknown reason maybe they just can't have that hi-tech? – Ooker Dec 15 '15 at 06:58
  • 4
    @nsij22 Vietnam – Ooker Dec 15 '15 at 06:58
  • 1
    Just as comment: Was/is there anything preventing you just using the default network name and registering that with the government? What would they do if the entire city han only "netgear" "wifi" etc. as network names.... – Josef Dec 15 '15 at 11:47
  • @Josef no, there isn't. They just ask, what you write in there is up to you. – Ooker Dec 15 '15 at 12:08
  • I think the only reasonable thing to believe is that they want to make someone in your quarter liable as accomplice for someone they've arrested. If they are real, that is (quite possible it's fraudulent, too). Why? Well simply because the SSID is publicly available information which you can collect for the purpose of geolocation or such **without** having to ask. Unless they want to tie the network to an individual for some reason, it makes no sense. That, and the SSID might be different next week, so the only thing it's useful for is pinning down someone for something that already happened. – Damon Dec 15 '15 at 15:42
  • @Damon I don't really get your idea. Did you mean that they have arrested a suspect, knowing that they had lived in my place, and now trying to find the exactly house by comparing the wifi revealed in the suspect's phone with the collected data? – Ooker Dec 15 '15 at 16:47
  • My idea is that they are trying to frame _someone_ for _something_, and that is something that has already happened (quite possibly they arrested someone). Thing is, if I just want to know your SSID, I walk in your street, turn on my computer, and open the "Network" pane, _and I see it_. Or run one of the many network-related tools that readily display that info along with signal strength for an estimate of distance (even harmless ones like InSSIDer do that). I don't need to ask anyone, it's public information. I _only_ need to ask if I want to pin a particular SSID to a particular person. – Damon Dec 15 '15 at 18:26
  • There exist already an open database of SSIDs at https://www.wigle.net which you can help building by installing an app on your phone – hashier Dec 21 '15 at 08:28
  • 2
    who knows, maybe they want the SSID so that they can configure your PC to transmit through the "Management Engine" (a CPU-independent network-connectable circuit that exists at least on Intel boards) which is described in this talk: http://2012.ruxconbreakpoint.com/assets/Uploads/bpx/Breakpoint%202012%20Skochinsky.pdf – SherlockEinstein Dec 25 '15 at 20:19
  • @SherlockEinstein That makes no sense. What would knowing the SSID have anything to do with the ME? Also, the ME only listens on the network when AMT is enabled, which is very, very rarely the case for consumer computers. – forest Apr 15 '18 at 07:28

3 Answers3

47

I see two possible uses of such information from a government perspective. None of them involves the password or actually using your WiFi access.

  1. Forensic analysis: connected devices store an history of access points they were connected to, sometimes associated with "last seen" dates. Using this history, it is therefore possible to know where someone was and when, which can be very helpful for investigators.

    Concrete example: someone is arrested, his cellphone and laptops are seized for investigation, and their WiFi history is analysed (actually, in some cases, with some devices being a bit too talkative, it is not even needed to actually seize the device, but let's stay on topic). This will reveal where the suspect has been and when (for the last time at least), and because we are talking about associated access points it strongly leads toward some sort of relationship between the suspect and the AP owner (you do not distribute your WiFi password to any strangers, do you?), helping to construct a map of the suspect relationships (here having the ability to associate an SSID (the WiFi name) to an owner name takes all his importance).

  2. Geolocation: If by any means investigators can remotely access the list of the access points covering the area where a device is currently located, then it is possible to determine where the device (and most likely its bearer too) is located.

    Concrete example: An implant (to borrow NSA's terminology) is installed on a device with Internet but no GPS capability (laptop, tablet, etc.) or where the user has disabled GPS geolocation for privacy purposes. The implant phones home on a regular basis, sending a list of currently visible WiFi networks with the associated signal strength (the device doesn't need to be associated to any of them). Associated to a map of SSID geographical locations, this effectively allows to track in real time the suspect's movements.

In this case however, collecting the owner's name in such visible actions is less needed, war drivers and other Google cars know this very well. However depending on the details of this procedure it may also limit the possibilities for people to freely change their WiFi SSID name (let's say the form forbid this, it would be trivial for the authorities to detect undeclared changes and associate it to a name), thus possibly providing more accurate information on the long-term.

Regarding your mention about the WiFi password, as long as the WiFi access has been hacked by finding the password and not due to another unrelated weakness and unless the attacker also hacked the access point itself (and replaced its firmware for instance), then changing the password by a stronger one is sufficient to block any further exploitation of this access.

Regarding what can be done using a compromised access point, this is worth a separate question but you may already find a lot of information in already existing posts on this site (basically an attacker would gain a Man-in-the-middle (MiTM) position to intercept/modify all of your communication, this also opens opportunities to attack other devices of your internal network, and depending on the device's reset abilities the attacker could also prevent the access point firmware from being cleaned, effectively requiring the device to be replaced).

And yes technically you could change your WiFi "name" any time you want, however it is possible that your government may request you to fill a form to officially declare this change (or they just assume that only a minority of users will do this so it does not worth to track such changes).

Chris Schiffhauer
  • 115
  • 4
WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
  • By simply changing the name before the attack, do I force them to visit me again? And is there a way to know that I have been attack or not? Can they know the sites I'm visit if I use VPN? Sorry for asking too much – Ooker Dec 14 '15 at 15:35
  • @Ooker this site encourages one question per post usually, I'd say these other questions possibly warrant their own posts. You'd likely get a better response, too. – James T Dec 14 '15 at 16:12
  • 3
    @Ooker Honestly, I am not sure the government would bother hacking your WiFi. If they want to see your internet traffic there are better means (see: NSA, GCHQ surveillance programmes) – Luke Dec 14 '15 at 16:13
  • @Luke that's what I wonder too. If they don't want to hacking my wifi, then why bother collecting them? – Ooker Dec 14 '15 at 17:46
  • 5
    @Ooker, it's probably for geolocation reasons. If someone's cell phone reports seeing an access point named OOKER_01, and you registered your access point at your house, if a cell phone sees OOKER_01 they know they're probably somewhere within 100m of your house. Using signal strength and triangulation, they can probably get good geolocation even if GPS or GLONASS satellites are out of view. – John Deters Dec 14 '15 at 18:16
  • @JohnDeters but they have my house address already – Ooker Dec 14 '15 at 18:37
  • 3
    @Ooker, if someone else has a cell phone that sees your access point, they know that person's phone may be near your house. Apple already uses WiFi to assist with geolocation this way; perhaps your government wants to use this to improve location information of government vehicles or government workers. Maybe this will help keep government inspectors truthful about whether or not they visited your area. – John Deters Dec 14 '15 at 18:45
  • @JohnDeters but if they want to track their staff, they can simply track the phones vis GPS. I live in a normal city where GPS is absolutely accessible. – Ooker Dec 14 '15 at 18:53
  • 4
    maybe they want to hold you accountable as an accessory to a crime if they find a criminal has been using your Access Point to commit fraud or do some hacking? It's hard for us to state with authority "why" your government requires this, we don't work for your government and didn't make those choices. We can only say why other people use WiFi SSIDs. – John Deters Dec 14 '15 at 19:00
  • 2
    At the risk of being overly pedantic, aren't both uses you give ultimately the same, namely geolocation, and the only difference being whether it's real-time or historical? – Lilienthal Dec 14 '15 at 20:02
  • @Lilienthal: I've updated my post to give two concrete examples, hoping it may better highlight why I see this as two different uses. Ultimately, you are right, the use is the same: helping authorities to refrain illegal activity and maintain social order (I'm even more ultimate than you ;)!). But maybe we can bring a bit of nuances in there and distinguish different uses applicable in different situations through different means and targeting different goals. – WhiteWinterWolf Dec 14 '15 at 21:33
  • @WhiteWinterWolf The use case is quite different I agree and it's worth explaining both. I only brought it up because your intro made me think that two different techniques were used when that's not really the case: both use known SSID maps to track devices that can read SSIDs. – Lilienthal Dec 14 '15 at 22:58
  • The karma infusion of wifi pineapple would help in implementing scenario #1: https://scotthelme.co.uk/wifi-pineapple-karma-dnsspoof/ - if there's a peaceful demonstration, a government van could sit with a pineapple and record all SSIDs broadcasted by the participants, and know who they are or where to find them. – lorenzog Dec 15 '15 at 00:25
  • Perfect for the two concrete examples. At your mention about replacing firmware, why changing the password would adequate to block access? They could have opened the backdoor, right? – Ooker Dec 15 '15 at 04:34
  • 2
    @Ooker: As I said, password change can block access **unless** the access point has been hacked and does not allow the firmware to be reliably reinitialized. Please note that this tread is focused on the government collecting SSID's issue, for more information regarding the firmware related issue, you should create a new question. – WhiteWinterWolf Dec 15 '15 at 09:56
17

This seems like a bureaucratic way of instilling FUD (Fear, Uncertainty and Doubt) in a population.

For example in the old Soviet Union, neighbors would routinely spy on neighbors and agencies collected notes on citizens. But the raw data of those notes were so enormous—and the bureaucracy was/is so inneffecient—that the actual information collected was utterly useless. But the fear of the data collection—in and of itself—kept people in line. As journalist Agnes Smedley once said:

“Everybody calls everybody a spy, secretly, in Russia, and everybody is under surveillance. You never feel safe.”

The whole idea is in an oppressive society nobody talks about spying, nobody confirms spying happens when it happens, but everyone is in fear about being spied on and knows one or two people who might have been a victim of spying so seeds of fear are planted. Thus these people behave as if they are spied on all the time no matter what they do. Which is to say they live in fear of the darkest aspects of the unknown.

So by bureaucrats doing what you describe, the government is acting in a way that reminds it’s citizens that they are watching you. And there is even the side effect of citizens themselves keeping tabs on each other such as stating some neighbor didn’t report an SSID and now they are being fined or their business is being hassled by local authorities. Never underestimate the power of a few neighborhood busy-bodies gossiping nonsense just to gossip.

If the goal of an oppressive government is to oppress, then random acts of questioning its citizenry can be considered one way of putting pressure on a a population to remind them who is in charge.

Because in a practical level, it is trivial for someone to drive or walk around a neighborhood and log all the SSIDs one can detect without bothering anyone. I mean Google does it all the time, right?

Giacomo1968
  • 1,185
  • 5
  • 16
  • 1
    As far as I know Google has no reliable link between an SSID and a physical identity: they just know the approximative location, not the owner name of the scanned access points. – WhiteWinterWolf Dec 14 '15 at 22:42
  • 2
    @WhiteWinterWolf You make a decent point but my answer basically states that personal contact by a government for information like this is not often done for the information being gathered but rather to remind citizens who is in charge. – Giacomo1968 Dec 14 '15 at 22:45
  • 1
    This could be a more reasonable answer, since if their action purely for investigation, not hijacking people, then why would they refuse to tell the reason? – Ooker Dec 15 '15 at 04:24
  • 4
    Exactly what i had in mind. First, authoritive governments (no matter what they try to advertise) are not up to date with technology, it's the intelligence department that does all the work, and those don't need no government to operate. second, people rarely change their ssid, i can show you a list on my computer to prove it, it all says (operatorNameNumber) – Ayyash Dec 15 '15 at 07:51
1

I had a chance to ask an insider, and they said that at that time there was a group of reactionary changing the Wi-Fi names to antigovernment statements, so they had to collect them to stop this. But I think if they really wanted to do this they could use other means, couldn't they? So this might be a way to remind people about their existence?

Ooker
  • 1,539
  • 1
  • 12
  • 17