Unlike hactivists LulzSec's recent posting of a false news story on the PBS Newshour website, any hardware hacker could build a "hidden" Newstweek device to distort news on wireless networks. Plus there is a web interface to configure the man-in-the-middle (MITM) attack, making it easy to modify keywords or sentences, and thereby create fake news reports for people reading the news at Wi-Fi hotspots.
Yes there are many ways to intercept Internet traffic or pull off a MITM attack, but that does not mean "average" users knows how to do so. The Firefox browser addon Firesheep is one of the easiest "canned" tools for the clueless, so an attacker can sniff and capture a user's unencrypted cookie information, HTTP session jacking, allowing anyone to become an Internet griefer. For a little bit different take on how to mess with people's minds, there is Newstweek to manipulate the news people are reading at wireless hotspots. For those who like to tinker with hardware, break out the soldering iron because building a Newstweek device just got easier with a detailed how-to post - starting with hardware, software, firmware, installing, and remote controlling the Newstweek device.
Part of the amusing disclaimer states, "Installing network modifying devices on a LAN you don't own, without permission, is probably illegal in most countries, unless you work for government."
Berlin-based Julian Oliver and Danja Vasiliev had created the Newstweek project to show how easily "trustworthy" news can be manipulated and controlled by "gatekeepers." Their Newstweek device intercepts traffic on wireless networks, allowing an attacker to modify headlines or manipulate the text in an article before relaying the tweaked data back to the victim. Newstweek uses ARP spoofing to change keywords or sentences; the Newstweek device is plugged into the wall at a wireless hotspot and is designed to be "hidden" or basically unnoticeable. The MITM attack takes advantage of the device which acts like a router, allowing manipulated data to passing through it.
There are detailed instructions to help people build their own Newstweek device, followed by how-to directions to set it up, and then run the remote controlled device from the "comfort of your home" or another Internet cafe. When checking via an Internet browser for the latest remote devices, at the time of publishing, Newstweek has been installed in France, several cities in Germany, and the Netherlands. By clicking on the European locations, you can see that some have not yet been setup and others ask for a username and password.
It remains to be seen if hardware or other hackers in the U.S. will jump on the Newstweek bandwagon.
Given Internet citizens reliance on digital communication, as paper and ink newpapers die out in favor of web-based news, censored news reports could easily color judgments and affect many readers. The reason anyone might use Newstweek may seem ethically questionable, but there could be "greater good" uses as well, such as inserting truthful and uncensored versions of the news in countries where news is "seen through a filter of government-issued data surveillance."
Instead of using IRC as a control interface, as seen in the video, the creators of Newstweek report:
We've implemented phone-friendly browser interfaces for local and remote control of the device. The local configuration page is designed for on-site configuration: you plug in the device, associate with it, and select your target network/AP. When it reboots it is 'armed' and awaiting filters. After you leave the location you visit the remote control browser interface, write filters and issue command scripts from the comfort of your home. The device will then periodically 'dial home' looking for your updates. If it's ever bumped offline for any reason, it will go back into local configuration mode, awaiting a new target or a pickup by its owner.
Right now, Newstweek supports sites like BBC, CNN, The Guardian, and several other targets to allow attackers to "Newstweek it." Yet the creators are implementing new features which will allow attackers to add any targeted website of their choosing.