About the Wall of Sheep
Our mission is to raise security awareness. Computer crime and identity theft loom large in most people's unconscious fears because they do not know:
- How they are at risk, and
- The steps they can take to protect themselves.
We explain both, but the way we do it is unconventional . . .
What We Do
The Wall of Sheep is an interactive demonstration of what can happen when network users let their guard down. We passively observe the traffic on a network, looking for evidence of users logging into email, web sites, or other network services without the protection of encryption. Those we find get put on the Wall of Sheep as a good-natured reminder that a malicious person could do the same thing we did . . . with far less friendly consequences. More importantly, we strive to educate the "sheep" we catch—and anyone who wants to learn—how to use free, easy-to-use tools to prevent leaks in the future.
Some Background
Nearly every time a network is accessed, an email account is checked, a web application is logged into, or a message is sent, some form of identification is passed between systems. By simply listening to this network traffic and sorting out the interesting bits, ill-intentioned third parties can often steal a password or other credentials with little to no effort. In reality, on average, the occurrence of such eavesdroppers is infrequent, but that does not diminish the consequences if they are listening. Why risk a chance when you don't have to? Awareness and education is the key. The tools and knowledge to protect yourself are freely available. Most of the time, they are built into your current system.
Our Approach
The Wall of Sheep shows what happens when there are eavesdroppers on your network. If you access a network we are listening to without protecting yourself, we will see your username and password. Then we will post identifying elements* of your transaction on the the Wall in front of all of your friends and colleagues. At that point, we hope you will come to us and learn how to avoid such mistakes in the future.
The Bottom Line
A potential attacker might maliciously and criminally use your mistakes against you. We do the opposite by raising security awareness and providing education on how to be defensive. It is very easy to become a "sheep," but it is just as easy to learn how to avoid turning into one.
*but never the whole thing
