Every morning I revise the logs for what is happening at our servers, this helps me understanding which are the trends with Arduino, which are the countries generating the most traffic, or if got slashdotted. Today I manage to extract from the list that there was a hige amount of data being transferred in one single date to just one IP number back in the Netherlands.
When this happens, I usually make some further research, because I want to understand whether this was an attack or not. If it had been an attack, I would have shut down that IP number/range to avoid problems like we had in the past when our server wash actually forced to timeout up to 50% of the requests due to netbots trying to download our programs constantly.
However, this morning, there were no signs of attack, instead I found out some traces of an article that was linking to our website at a Dutch server. This is a very similar effect to the so-called Slashdot-effect. As most of you know, Slashdot is an online forum for community generated technews (or news that are interesting to tech dudes). The attention that website attracts is so huge, that in case an article makes it to their portal, the website being mentioned there will suffer the sweet death of the fame. You will get so much traffic, that your server will think it was a DoS attack and your sysadmin will probably shut you down -just like I do with the Arduino.cc website- temporarily.
Turns out, in this case, on July 4th, took place the Hack In The Box 2010 conference in Amsterdam. Niels Teusink talked about: Hacking wireless presenters with and Arduino and Metaspoilt. If you go check his article you will see how he carefully reversed engineered a logitech presentation device:
[...] abuse vulnerabilities in the product to get a Metasploit payload on to the PC of someone using a wireless presenter, by just sending keystrokes to it. This article describes how I did it and why you may be at risk if you use any wireless input device (such as a wireless mouse) [...]
[...] someone in the audience [could] send a ‘next slide’ command to the dongle in order to go to the next slide before I wanted to do so? Or worse: could he send random keystrokes to my laptop (after all, the device is a keyboard!). Wouldn’t it be fun if you could make a random message appear on Steve Jobs’ (or Steve Ballmer’s) screen when he’s giving his latest keynote? Needless to say doing so may be a criminal offence in your country.
Everything you need is an Arduino board (here the link that generated so much traffic to our website) and a 30Eur wireless module. The article describes in a very nice way how to reverse engineer one of this weireless presenters step by step. It is very informative and will open the door to some other Arduino-related hacking around there.
Also at that conference Arduino interested people created an Arduino Village, yet another reason to get this many page requests in such a short time:
HITBSecConf2010 – Amsterdam will also feature a two-man team based Capture The Flag Live Hacking competition, an Arduino Village, a Hackerspaces Village (with participation from spaces in Utrecht, Den Haag, Brussels, Paris, Vienna and our very own Hackerspace Kuala Lumpur in Malaysia!) In addition to the above, members from TOOOL.nl will be on hand conducting a lock picking village and a hands on lock picking lab as well.