The Wall of Sheep team has 10 core people and approximately two to three times as many "floaters", curious people who drop in to help out. Using open source tools like ettercap, Wireshark and the BackTrack distribution, the team sniffs network traffic and posts login information (partially obscured) on a projector for all to see. Team members told us that many new volunteers often start laughing and "cracking up" when they capture their first passwords. "They think we’re running complicated tools, but it’s really easy," team member "Cedox" told us.
Perhaps the most embarrassing "ownage" was Mr. Joseph Simon who had his credit card and other personal identifying information captured by the team. The posting of login information isn’t done with malicious intent and is meant to improve security awareness amongst the attendees and the team will remove login names upon request. At least ten people took advantage of that "service" at Defcon. In fact, so many people asked to be de-listed that team members fashioned up a crude table-top sign advertising the fact.
While attendees are fairly careful about using their laptops on the wireless network, mobile phone users often blindly log into the network and surf away. Many of these iPhone and Windows Mobile phone users were caught and displayed on the wall. Some of the more popular phone logins captured were Twitter, ICQ and even Yahoo mail.
Wall of Sheep member Beau Haugh said developers are constrained by small keyboards which forces them to focus on usability rather than security. "Special characters [in passwords] are best practices for security gurus," Haugh told us adding that they are "a big pain the butt" to type on a phone keyboard. He added that mobile applications are usually more concerned about pulling data from sources rather than secure authentication.
The team also discovered that many iPhone users were getting "owned" as soon as they walked onto the convention floor because most users unknowingly have their phones set to automatically connect to available wireless networks. Of course this is a horrible feature to leave enabled at Defcon because the wireless network is considered to be the most hostile in the world. By the second day of the convention, the Wall of Sheep screen displayed a helpful reminder to iPhone users - "You don’t want your phone auto-connecting to *anything*"
"Riverside", the Wall of Sheep administrator, and Haugh said phone users and developers need to consider the phones as computers in terms of power and vulnerability. "Smart phones are treated as consumer devices and not powerful computers that they are," said Haugh.
Riverside added that he has a huge backlog of data to go through and it might be a while before they know how many people were really caught on the Wall of Sheep.