August 10, 2008, 8:17 PM — The Wall of Sheep has become a fixture of the Defcon hacker conference: a wall with a long list of details showing who at the conference has sent readable data using insecure wireless connections.
For Brian Markus, better known to conference attendees as "Riverside," it just may become a line of business.
Last month, Markus and three of his fellow volunteers incorporated a company called Aries Security, which they bill as an education and security awareness consultancy that can come in and identify risky behavior on corporate networks.
The company is still in an experimental state, meaning that none of the partners have actually quit their day jobs, Markus said.
They don't expect companies to start projecting their own Wall of Sheep displays in their lobbies, but they say the network analysis tools they've developed could be helpful when aimed at corporate networks. "We can go into a company if they need help with a security awareness program," Markus said. "There are an amazing amount of things that we could see by watching the traffic go by."
Wall of Sheep got its start in 2002, when Markus and friends were sniffing wireless LAN traffic at Defcon. It turned out there were plenty of people putting their data out on those networks. "We were saying there are so many of them, they are everywhere." Inspired by a T-shirt, they decided to call the people they could observe "sheep," and they started sticking paper plates on the wall with some of the user details they'd found. They list login names, domain or Internet Protocol addresses and partial passwords.
Hotel management wasn't crazy about the idea of paper plates being stuck to the walls, so the Wall of Sheep was soon using a projector.
They've seen some pretty crazy stuff revealed on open wireless LANs over the years, including fake usernames and passwords, brand-new computer attacks, a tax return and what Markus calls "nontypical adult material."
Today the project attracts dozens of volunteers at the conference who spend hours hunched over computers analyzing data before it's put up on the wall. "It's a tremendous amount of human labor," Markus said.
Wall of Sheep made its first appearance ever at Defcon's less chaotic sister conference Black Hat this year, and it got a lot of attention when French journalists tried to post sensitive information on the wall that was culled from a Black Hat network set up for reporters.
Because the journalists had illegally sniffed the Black Hat network without permission, Markus refused, and eventually the journalists were ejected from the conference. "We said, 'No way,'" he said. "It's completely against what all of us are trying to do."