 This is me. What is this? Don't drink too much. Don't drink too much. Hi everyone, evidently, I'm Toten. Excuse me. All right evidently, I'm Toten Koff and I'm talking about hijacking the outdoor digital billboard network, okay? Sweet, exactly. What we're covering today is why we did this. Is it gonna, there we go. Who are they? They being the company. Billboard technologies that exist because there are different manufacturers that build these billboards. The physical and network vulnerabilities. Tools and information needed in case you want to try this. It may come in handy theoretically. Oh no, that's coming. What not to do if you're going to hack a billboard and who would do this and why? And I have my obligatory disclaimer there that I am not suggesting teaching or condoning the hacking of outdoor digital billboards. Even though it's really, really cool and really, really fun. I didn't say a company but okay, I agree completely. Why we did this? I was told by my dad that I bet you can't hack that. No one else has done it yet. We saw it as a possible target for future laws. We don't have the money that Skollphone had to pay for the actual advertisement and claim it was a hack. And we were drunk and it sounded like an awesome idea at the time. Who are they? They being the company again. They are an international telecommunications company. Both that they have the only digital billboard network in the country. Now this is quickly changing because other companies are realizing they can save money and make money by doing this. As well as get the environmentalists off their back because they can claim that they're being green. By the time this presentation is done actually the company will have some billboards out in Europe like England, France and Tokyo even though that's not Europe. Who are they continued? They're a very litigation happy company. They have a super big team of lawyers I assume and I have none. As a matter of fact my dad said after giving this talk if I get arrested he doesn't have bail money even though he dared me to do this. No my dad says awesome. He actually made this presentation for me. The company logo appears as the blurry thing in all of the pictures and they utilize different manufacturers for their billboards so there's many more vulnerabilities that way. Billboard technologies. To our knowledge three primary types are in use. There's Verizon Telephone Network, Wireless and Satellite and Direct Connect. And by Direct Connect I mean you can walk up and plug your laptop in. Okay. Billboard technologies the Verizon Telephone Network interface. It's easily viewable they have a box there and inside of the box they have easily viewable testing and wiring instructions. So if you don't know if it's working you can plug a phone in and see if it's connected. And there's reason to believe that there's go no go in use. Unfortunately philosopher who did the telephone portion of this presentation is not here. He had to go catch a flight so if you ask me anything about telephone systems I'll plead ignorant. Self actuated data connections for updated purposes are presumed. And there's a picture of the connections as well as the test instructions. And the great thing about this was that there was no lock protecting this so you can just walk up to the billboard, see this box, open it, read the instructions and then perform the tests. Exactly you got to love Verizon employees. Billboard technologies wireless and satellite. The second type of billboard site noted contains a nondescript box with the satellite dish attached to the top of the billboard. The existence of POTS in addition to unencrypted wireless traffic at the sites of digital billboards presents a security risk. Now the great thing about this, about their wireless network is that it's unencrypted and it's not protected at all. We did a simple drive by and we were able to see the network that the billboard was projecting from and connect. You could capture packets to see where the billboard is broadcasting to, spoof that IP address, etc. etc. But again, I don't know how to do this because this is all in theory. That's a very bad picture of the security camera. There's only one at every billboard site pointed directly to the billboard. There's a security camera with the satellite, the plug-in technologies. There's also another unlabeled box that exists at the third site with a secured master lock, or it's secured with a master lock. The medium of external communication from this billboard is unknown at this time because we ordered a lockpick kit back in January and it came Wednesday. So that was great. Exactly. That's a picture of the plug-in place site. To the far left you can see that there's a power source. You don't want to touch that box. In the middle is the metal box with the master lock where we assume that's where you can plug your laptop in. And then there's a surge suppressor on the right. Known physical vulnerabilities. Social engineering. Sales people are really cool because they'll answer any questions you have if they think they're going to make a sale. We were able to find out image specs, uploading information, and some security procedures just by saying that we were interested in buying some space on their billboards. Also, I'm a college student majoring in marketing, still works. Okay, the billboard. As I said before, it has one security camera pointed at the image on the billboard. There's nothing surrounding the area around the bottom of the billboard. No gate, no fence. There's no security camera pointed to the box. It's located off the side of most major roads. Most of them don't have heavy traffic between 2.30 and 4 o'clock in the morning, I assume. Continue with the billboard's physical vulnerabilities. Usually they're within walking distance of a parking lot that's almost empty during the same hours. And the only thing between you and the console at the bottom of a billboard is a commercial master lock. And sometimes that's not even there. And there's a picture of their master lock. Network vulnerabilities. They're vulnerable to people connecting wirelessly because, again, they don't encrypt and they don't protect... They don't protect it at all, right, Sharti? Yes. They're vulnerable to packet sniffing and actually war-dialing. We didn't have the opportunity to try this, but we were talking to a sales associate and they said it is a concern of theirs. Network vulnerabilities. They're guilty of not closing unused ports, no encryption, using default usernames and passwords, and using global usernames and passwords. We got that through social engineering, which basically consisted of talking to a guy that worked there and buying him some drinks. He said, hey, how about them billboards? Speaking of drinking. Drink more. Some useful information. Image requirements from the company's website. Digital billboard or digital bulletins should be 200x7104 pixels. Red, green, blue, 72 dpi in a JPEG format. It's also nice to know which billboard you're going to, unless you just want to drive aimlessly around. Also, the company's website has a nice nifty map of where all their billboards are and which ones are connected to which. Also, a cover story is awesome in case you get questioned by authority figures like police or parents. Now, so I was war-dialing, or not war-dialing, but war-driving by myself. And I stopped for a second in the parking lot and a cop knocked on my window and I'm like, oh crap. He's like, what are you doing, ma'am? I'm looking up directions to my grandmother's house. Can you help me? I'm so lost and I started crying. And it was nice he escorted me to my grandmother's house. Okay, tools needed. A laptop. Duh. Depending on which billboard you approach, you may need a laptop with wireless and packet snipping tools. A lockpick kit. If you use it, you get plus one ninja point, plus one style. Bolt cutters in lieu of lockpick kit in case eBay's really slow with your lockpick kit. With the use of bolt cutters, you lose a ninja point, but you gain a brute forcing that bitch point. And miscellaneous tools dependent upon the type of the billboard. What not to do. Try this during the day or peak hours of the evening as a general rule of thumb. Wait about half an hour after last call to ensure that the drunks are well on their way and the cops are messing with them and not caring about you filling around at the bottom of a billboard. Don't do it in Vegas. Well no, actually that'd be really funny. Do it in Vegas. Wait, I didn't say that though. Don't do it during the holidays and or during the weekend because the cops are driving around doing more rounds than usual. Don't forget to use gloves in case it gets televised. Don't mess with the box with the bright orange sticker on it. Yeah, I don't know who this company is, I don't know. Huh? Okay. Oh, okay. Unamerican.com and it has the sticker of the company's name. I don't know if you guys can see this or not, but I'm not saying the company's name because, oh crap, this is being filmed. What not to do. Hack a billboard near house. Leave any sort of evidence that you were there besides the image and pay for the advertisement and claim it was a hack. I'm just saying. Who would do this? Artists. It's a new medium that's in a public place, gets lots of exposure. Young people because hormones plus destruction of someone else's property equals lulls and that's math. You can't argue with math. Hackers because it's something new to exploit and take advantage of and it's really, really fun. Assumably. Who else would do this? Extremists because digital billboards would be a great way for them to spread their message to a large audience quickly and with little or no cost to them. Governments see extremists above. Why would they want to do this? Vandalism because there will always be someone who wants to destroy someone else's property. Digital graffiti. Again, it's a new medium and they can either slightly alter pre-existing advertisements to convey another meeting. Or the images can be taken offline and the graffiti artists could use them as a clean canvas. Sort of like. Oh my goodness. The digital graffiti research labs. You know how they have the. Yeah. How they. I forget what it's called. Yes, they use laser projector to do graffiti. You could take the billboard offline and, you know, do laser graffiti. Why else would they want to do this? Gorilla advertising. Now this is sort of a buzzword that doesn't have any real meaning, but it usually alludes to aggressive unconventional marketing methods that is done on the cheap. It uses psychology and focuses more on creativity and generating more referrals and bigger transactions. Spreading propaganda. I mean, think about it. Why sell just for the news, TV commercials, emails and posters? By placing your message on the billboard network, it'll appear for eight seconds on every billboard in the network continuously for an undetermined amount of time. And the lulls. But this defense will only work in internet court. Huh? Yes. No, I RC. Oh. Oh no. Special thanks to my dad. Because. Oh. Torev for doing the social engineering work. Philosopher for doing all the research on phones. Shardy for sitting up here and drinking with me. Just for the record, I'm not her dad. Um, Alex for giving me booze and making sure I calm down. And Neon Rain for the anti-nause pill. All right. For more information, you can contact me directly at totankoff at gmail.com. I will soon have a website with pictures, information and video. Not necessarily my pictures, information and video. Just ones of us floating around the web. Um, any questions? Yes. And the guy who just took off his hat. You could arguably take over the entire sequence. Um, filter or have several images rotate. Or as somebody very, very sadistic told me, suggested you could have, it flashed so people driving could have seizures. Oh. Anybody else? Okay cool. Peace.