If you are trying to exfiltrate some data from a location and don’t want anyone to capture your source IP address, the best way to do that is to have an anonymous proxy router that can disguise your real IP address behind its own. Such devices have existed for many years, but Ben Caudill has come along with a new version that he calls ProxyHam.
It works by connecting your network to the router’s Wi-Fi bridge, and in turn, it routes your data over a 900 MHz radio to a distant computer with a hi-gain antenna. The antenna picks up the signal and masks your IP address, keeping you at a distance, supposedly safe from detection.
Caudill was scheduled to speak at the DEF CON security conference earlier this month to show off his innovation, under the heading called the Anonymous Proxy Router Project. The presentation was supposed to demonstrate how to build an anonymous proxy router for a couple hundred bucks out of commonly available parts. Sadly, the session was canceled in July; the principles are mum as to the cause. Units that were built by Caudill’s company Rhino Security have been destroyed and aren’t for sale, and the source code is no longer available.
One reasonable explanation for why the talk was canceled is because it’s likely that ProxyHam breaks the law. First, FCC Part 97 has a prohibition against using encryption — such as the SSH or HTTPS protocols that you most certainly would be using with ProxyHam — over the 900 MHz band radio signals. Then, depending on where you place your ProxyHam or its equivalent, you could be doing something unauthorized on the target network, which comes under the Computer Fraud and Abuse Act.
Speculation about the router and the talk has run rampant, and some have noted that this mysterious cancellation all but ensures that Caudill and his anonymous proxy router will be the star of DEF CON — without ever even being demonstrated. “Ben Caudill used some routers and a Raspberry Pi to hack the media,” Brian Benchoff wrote on Hackaday. “If that doesn’t deserve respect, nothing does.”
Enterprise Impact of the Router
Certainly, the idea behind ProxyHam isn’t going away, and various folks around the Internet have stepped up to the challenge. I found three sources on how to build a similar version of the router. Benchoff covered the task for Hackaday, and an alternative anonymous proxy router was suggested by Samy Kamkar via TechWorm. And there is a third post from Robert Graham of Errata Security that shows yet another way to construct the device. All three versions cost about the same and have about the same minimal level of skill required to assemble the various parts.
This means that no matter what the motivations behind ProxyHam and its peers, enterprise IT managers should be on notice. They must be aware that these kinds of devices could be operating over their networks; it is only a matter of time.
The best defense is to make sure you tune your intrusion prevention filters. You can also use other tools to monitor what kinds of data leave your network. If you don’t have any outbound networking monitoring in place, now is the time to consider implementing such a tool. The ProxyHam router isn’t the only way data can be sent off-site: A simple connection to a personal Google Drive account is a lot less work and may be just as effective. But this issue is certainly worth more consideration because of the sheer impact it could have.