Wall of Sheep

What is the Wall of Sheep?

The Wall of Sheep is an interactive demonstration of what can happen when network users let their guard down. We passively observe the traffic on a network, looking for evidence of users logging into email, web sites, or other network services without the protection of encryption. Those we find get put on the Wall of Sheep as a good-natured reminder that a malicious person could do the same thing we did . . . with far less friendly consequences. More importantly, we strive to educate the "sheep" we catch—and anyone who wants to learn—how to use free, easy-to-use tools to prevent leaks in the future.

 

 

 

Our Mission

Our mission is to raise security awareness. Computer crime and identity theft loom large in most people's unconscious fears because they do not know:

  1. How they are at risk, and
  2. The steps they can take to protect themselves.

We explain both, but the way we do it is unconventional . . .

Some Background

Nearly every time a network is accessed, an email account is checked, a web application is logged into, or a message is sent, some form of identification is passed between systems. By simply listening to this network traffic and sorting out the interesting bits, ill-intentioned third parties can often steal a password or other credentials with little to no effort. In reality, on average, the occurrence of such eavesdroppers is infrequent, but that does not diminish the consequences if they are listening. Why risk a chance when you don't have to? Awareness and education is the key. The tools and knowledge to protect yourself are freely available. Most of the time, they are built into your current system.

Our Approach

The Wall of Sheep shows what happens when there are eavesdroppers on your network. If you access a network we are listening to without protecting yourself, we will see your username and password. Then we will post identifying elements* of your transaction on the the Wall in front of all of your friends and colleagues. At that point, we hope you will come to us and learn how to avoid such mistakes in the future.

The Bottom Line

A potential attacker might maliciously and criminally use your mistakes against you. We do the opposite by raising security awareness and providing education on how to be defensive. It is very easy to become a "sheep," but it is just as easy to learn how to avoid turning into one.

*but never the whole thing

What are some of your catch lines/shirt/tags/sayings?

"If you wouldn't say it in public, don't say it without encryption!"

"Encrypt or you'll regret it in the end" & "Encrypt or you'll get it in the end"

"Baaaaad security will make you a sheep"

"Sheep suck ewe swallow"

"Be a Shepherd not a Sheep!"

"Like sheep to the slaughter"

"Your maaaaa is a sheep"

"Since you can't tase your users... Let us Shock them!"

"Baaa means no!"

"Sheep happens"

"Tough Security Lessons to be Learned"

What are a few of the most crazy things you have seen while sniffing traffic?

  • We watched someone's girlfriend breakup with them live over the wire.  (She was being pretty heinous -- Comedy!)
  • Someone decided it would be a good idea to file their taxes while at Defcon. (We disagree)
  • A well respected author and authority in the security community decided to share their unpublished book (and their bank statements) with us by not using SSL. (Great book btw.  We still give them a hard time for this)
  • One of the hacking communities "Network" professionals logged into their vanity domain to later become a sheep of the year.
  • Press, press, and more press...
  • Someone "privately" IM'ing a friend about coming out.  News flash... You out yourself if you speak "privately" without encryption...

History

A long time ago in what seems like a Defcon far, far away...  A number of security minded attendees were sitting around a table enjoying a few drinks while sniffing traffic.  

During a conversation one of the people around the table said "Wow look at this guy, this is just sad".. then another person said "Wow, look at this one".. of course this became a challenge to the others to find someone with security even more pathetic than that guy, so it became a bit of a one-upping game.  

After a while, someone said "Wow, there so many!"  then moments later another person said "they're like sheep!".  Which is when we dubbed people with lax/miss-configured/etc. security "sheep" or "sheeple"

Yes, they really were like sheep and there were more than we could count. 

We decided it would be fun & funny to put the peoples names & passwords on a piece of paper then draw a picture of a sheep next to their name as a wake-up call to the sheep in an attempt to change the behavior.

So why the plates you ask?  There seemed to be a serious lack of 8"x11" paper lying around Defcon at the time. No problem... Riverside was able to commandeer a stack of paper plates from the SUPER GREASY pizza station a little ways away.  With the help of Cal (A Defcon Goon) we were able to get the rest of what we needed to get the plates on the wall.

Needless to say, the hotel staff was not too pleased with us taping plates to their walls.  At the end of the conference, they asked that we never "tape" things to their walls like that again.  Being who we are, we picked apart what they said and brainstormed a way to still put sheep on the wall without "taping" them to the wall.  Riverside then came up with the idea to write an application and project the sheep onto a wall.  It's been that way ever since.

 

FAQ

Q)The big sign that says "SHEEP" in this history picture.  Was that all it said?

A) No, the sign actually had additional words to it, however, the hotel staff made us fold the paper in 1/2 to cover the rest.

Q) I'd like to have the Wall of Sheep in my company or at our conference, how much does it cost?

A) please send an email to sales@wallofsheep.com for a quote.

SPONSORS

http://www.wallofsheep.com/pages/sponsors