Disclaimer - If anyone is uncomfortable answering this question, or feels it is inappropriate to ask here, please tell me.

I'm attending a graduate level model politics event that is VERY cut-throat. Model legislation is frequently stolen (digitally or the old fashioned way), and this is all an accepted aspect of the simulation. Anything goes. It means that keeping digital legislation protected locally is very important - and I'm fairly set in that regard (using TruCrypt, and some other tools)

Traditionally, communication within the simulation was entirely written, which added an old-school level of espionage to the event. Now we're starting to see the use of laptops in-session, and a lot of the communication is moving towards digital/wireless means.

Specifically I have two related questions:

1) On an unsecured (or rather, un-encrypted, but browser-login) wifi network, my traffic is sent clear-text, and can be sniffed by anyone in range. Does anyone know of an IM client or other direct peer-to-peer chat client that adds its own layer of encryption? Something like connecting to a VPN is not preferable, because anyone that I'd like to communicate with in the room would need to connect through it as well, or we've defeated the purpose.

2) Flip-side of my concern. Is there a specific piece of software that I can use to sniff and interpret traffic on the fly, and reassemble the multitude of different traffic it might see? I would probably encounter typical IM traffic (AOL, MSN, ICQ, Yahoo) as well as browser based communication (Facebook, Hotmail) and POP3/IMAP. Sniffing is no problem, but I've never run into a good tool that can make sense of all the different data quickly, and display it in a mannor that is digestable in such a fast-paced environment.

Again, if you feel that question 2 is inappropriate from a newcomer on this forum, I would understand completely.

Thanks

Very interesting perspective with regards to avoiding the provided network altogether. I have a laptop capable of using a SIM card and the cell network - though I've never elected to purchase a data plan. I'll look into this.

One of the challengs - while I can ensure my own security (I could use a VPN myself, or even an encrypted VNC session into a machine safe at home), this would be negated by the fact that the people in this environment that I need to communicate with may not have taken adequate steps themselves. Dealing with the digital side of this type of competition is relatively new - evolving - it's a security issue, but not all of the delagates will be adequately prepared. This is not to downplay the significance of the threat - it's there, and we will encounter it - it's just not widely enough protected against by most of the delegates, because it's such a new challenge.

So even if my route to whatever I use as an ISP is secure, if other delgates in the room are receiving my communication through their own insecure connection, my efforts are negated. Hence me looking for a client that itself would supply a layer of encryption (software that I could provide perhaps on a USB key to delegates I need to communicate with)

Physical security is something that really requires my own attentiveness more than anything else. Remembering to dismount a secure volume if I need to leave my laptop - or perhaps never leaving my laptop.

In terms of explicit permission. I'll need to look specifically into the legality side of things. In terms of the event, if a tactic is legal (in terms of the actual law of the city/state or province/country we're in) it's fair game in the competition. There are a few exceptions and explicit rules, but they don't relate to this aspect of the competition. The next major event is being held in the United States. So presumably I need to look into whether capturing over-the-air data is legal/not. I was under the assumption that because the network is not encrypted, it IS legal to sniff the traffic. Admittedly, I'm assuming this because it was a justification used by other participants in the past - so I'll need to do my own investigation. Perhaps someone (preferably from the US) has insight into this?

I would say use Hamachi for your local LAN like VPN it also has option to Chat in it and you can map drives to trusted computers. Another cool thing about Hamachi is that all tunnels are 256 AES encrypted. Next I would lunch Cain & Able and then after a Man in the Middle Attach I would lunch Wireshark to make sure I had all traffic to replay later. This is all with the understanding that it's accepted to sniff and intercept IP traffic on this network. All the tools I listed above are free windows based GUI tools anyone can learn to use...


Brian

Yes Hamachi has a built in Chat client.

As for sniffing... I feel it;s always best to sniff like you are on a mirror port so i recommend to ARP poison the subnet to get all traffic to flow though you WiFi NIC. Once you have this running you can use Ethereal/Wireshark to sniff and record all traffic so later you can decode every little packet and reconstruct all client traffic. You could try to sniff in promiscuous mode but I am unsure if you would get all the traffic and be able to decode it correctly.

Brian

My laptop is only a Dell D600 (1.2 Ghz) and I ARP poison with it all the time. The ARP Poisoning dose not take much CPU but you do need to have a good Wireless connection. I would also advise setting up just some of the filters in Cain and not trying to capture HTTPS as this will slow things down and I do not  think you will have the local ability to crack 128bit SSL. I would ask that if you decide to go this route that you practice on you on little network (Make sure you have permission to do so) and watch the little status bar at the bottom of Cain and make sure packet loss dose not get above 5% or you will crack the subnet. I have a real small video on how to use APR poisoning in Cain here http://www.anti-hacker.info/video/Cain/Cain%20MITM.html

Have fun, be safe, and make sure you have permission...


Brian