I work for a wireless internet company. My company handles well over 1000 wireless hotspots in hotels, coffee shops, auto dealerships, gorcery stores, etc. Tonight, I checked into a hotel which had pay Wi-Fi, and which wasn't run by my company. After checking all the available networks for a free and open network, but finding none, I determined that some social engineering was needed. I was determined to not have to pay for my WiFi. Using what I know from my job, and some social engineering tricks inspired by what I have seen on the Broken, I was able to get free Wi-Fi for the duration of my stay. And, I believe that this approach will allow anyone to get Free WiFi anywhere there is a pay-for-WiFi service.
So, here's how you do it.
1)First, make sure you are able to get on the network and get to the page which asks you to register and pay for the service. Next, you need to get the technical support telephone number for the Wifi service. This will usually be a toll free number like 1-800-something.
2)Call the WiFi tech support line and tell them that you cannot get to the login screen. They will ask you some questions, which is normal, and its best to be completely honest with them about everything except for 2 things: 1. You CANNOT get to the login screen and 2.IF they ask you if the service is a free or complementary service at the place you are at, you MUST tell them that you believe it is a free service, or that "nothing that I have seen indicates otherwise."
3)You will have to give your IP address and maybe your MAC address to the tech on the phone. This is what will allow them to put you on the system, bypassing the login and payment scheme.
4)Whats really important here is, at every step when they try and have you go to some webpage, you must tell them that the browser is returning a "this page cannot be displayed" error or the equivalent for your browser. Every time they have you try to go online and you get the login page, be sure to pause for a few seconds before you tell them its not working to simulate your browser trying to reach the login page, but failing. ONLY when they verify your IP address or ask you for your MAC address and AFTER they have had you disable your firewalls, refresh your connection, and after any other initial troubleshooting procedures, you will hear them pause and do some things on their end with the wireless router. This is what you want them to do. They may tell you that they are bypassing the login or creating a MAC Pass Through for you, but chances are, they will not tell you that this is exactly what they are doing. Only when they have you try your connection and you are able to access google.com or yahoo.com and not the login page, are you online and you can tell them that it worked.

I know thats probably not the most elegant explanation, but if there are any good questions I will try and answer them. I hope that somebody takes note of this because I think its the perfect thing for The Broken.

Digg this story here: http://www.digg.com/tech_news/The_Broken_Social_Engineering_Free_Wi_Fi_at_any_pa y_for_Wi_Fi_location

Question: if you are able to get to the page that gives you the number shouldn't you be able to get to the login screen?

Why don't you want to pay for your Wi-fi? Do you enjoy theft of service?

And who are you to judge me?

Nice.

Every where I go on these forums I see masherscf trolling :/

Nice.

Every where I go on these forums I see masherscf trolling :/

Not trolling, Just an honest question.

Question: if you are able to get to the page that gives you the number shouldn't you be able to get to the login screen?

Well, at all locations, the WiFi companies usually have little help cards with the number that they place out to help people who are having difficulty getting online. Also, you can always say you asked someone working at the restaurant/hotel/airport for the number. Tech Support personnel never ask how you got their number. They don't care, they just want to fix your problem as soon as they can.

Why don't you want to pay for your Wi-fi? Do you enjoy theft of service?

Theft of service really isn't an issue. At most places, (hotels, restaurants, etc) WiFi is offered for Free for any customers. At the Pay-for-WiFi locations, Having one or two people every once-in-a-while steal from the WiFi company affects their bottom line much less than say, stealing an Album from the record company. In the end, 99% of customers will still pay for WiFi, and those few who don't are just the smart ones who know how to work the system to their advantage. This is a major theory behind all social engineering.
And, masherscf, have you watched the episodes of the Broken? What do you say to the Free Pizza hack or (my favorite) the no-waiting at the theme parks social hack?

And, masherscf, have you watched the episodes of the Broken? What do you say to the Free Pizza hack or (my favorite) the no-waiting at the theme parks social hack?

Sorry, I was being a little grumpy that day. I think that nicking a bit of free wifi is forgivable.

Not to be all fuddy-duddied and dadified, but I am a father of two afterall.

The idea of swindling you're way into free food is actually pretty old. I'm surprised they didn't feature the old dine-and-dash as a cool "social engineering" hack.

In any case, I don't think using new phrases like "social engineering" and "pretexting" don't mask the fact that it's still just lies and fraud. Just because service people are idiots and you can out-smart them doesn't give people the right to stuff without paying.

It's not just cash-strapped teens and college students that do this. Police officers are trained to lie to suspects in order to get information from them. I've encountered elaborate online schemes meant to charge you legal without explicit permission. There's also the ***** who sold people pictures of cell-phones instead of cell-phone and thought she was fine (http://www.youtube.com/watch?v=ZJDK6ctRjqw). She openly cites buyer stupidity as a justification for here fraud. Telemarketers lie on regular basis. It's all the same jive that flim-flam artists, car salesman and horse traders have always used to rip people off.

I hate to sound all superior because I really don't honestly feel that way. I just think we have to honest when we try and get stuff for free...even if it doesn't hurt anyone. Heck, people cheat at taxes all the time.

Besides, don't you get pissed when people cut-in the movie line ahead of you. There's a special place in hell for people that cut the movie line.

In any case, I don't think using new phrases like "social engineering" and "pretexting" don't mask the fact that it's still just lies and fraud.

You sir, win the quote-of-the-day award. I totally agree with your above post. I think that a lot of people have forgotten that lying and fraud is what "social engineering" really is. If your smart enough to figure out these tricks, or learn them from somewhere like Kevin Mitnick's Book or The Broken, then it comes down to your personal morality, or lack-there-of.

Like I've said before, there is a thin line being social engineering and being an asshole, and it really comes down to if the victim is the victim because they are being nice, or because they are being stupid.

In my opinion, the pizza company was being nice, I'm sure they could do any number of things that would protect them from what the broken did, but it would unnecessarily burdened the customer, while on the other hand, the tech support could do any number of things to stop the wifi fraud that wouldn't burden the costumer (any more than they already are because they had to call you in the first place).

You might have a different opinion, like I said, it's a thin line.

You might have a different opinion, like I said, it's a thin line.

Well, there is a difference between defrauding old ladies out of their savings and scamming a free pizza. Both might land you in hell, if you believe in that sort of thing.

ok i think that this is more about the EXPLOIT then the "stealing" i mean isnt that what the show is about! c'mon dude.. thats like saying you would rather pay full price for something if it came up less at the register. {excuse me miss but that was labeled 29.95 not 15.49}

ok i think that this is more about the EXPLOIT then the "stealing" i mean isnt that what the show is about! c'mon dude.. thats like saying you would rather pay full price for something if it came up less at the register. {excuse me miss but that was labeled 29.95 not 15.49}Poor analogy. You should report it as being an error - but legally, they need to give it to you at the scanned in price. Then again, how often does something scan in CHEAPER ... my experience has always been the other way "but thats not the price it was listed at on the shelves".

ok i think that this is more about the EXPLOIT then the "stealing" i mean isnt that what the show is about! c'mon dude.. thats like saying you would rather pay full price for something if it came up less at the register. {excuse me miss but that was labeled 29.95 not 15.49}

Calling is an "exploit" is just another label.

Many grocery stores want you to point out scanning errors. Even if they charged you less, they will sometimes give you the item free plus twice the value is the item.

Point of fact, have often asked for a correction when I thought that the cashier was made in error, regardless of if the error is in my favor or not. It's just common courtesy. The constant drive to get something for free just isn't an issue.

Once, I made a deposit at the bank of $100, bust the teller mis-entered the amount as $5,100. The bank had a $5,000 short fall that day, but they had no idea where the error was. For $5,000, you have bet they looked pretty hard. I week later, I noticed that my bank balance was way off. They didn't want to admit it, but they never would have found the mistake without my help. It was a $5,000 error in my favor. But, I gave the money back.

Don't you hate it when the guy at the computer fair will tell you anything you want to hear in order to sell you a part? Is that social engineering? Is that a cool exploit? Or, is that just the guy being a dick head just to make a buck under false pretenses. He's taking advantage of you for not knowing about the part. Should you have done your homework first? Or, should you rely on strangers to try and be helpful and not rip you off.

bottom line, if you call up a company employee, and ask for their password, and they actually give you their password, the company deserves to get hacked, and that is social engineering.

bottom line, if you call up a company employee, and ask for their password, and they actually give you their password, the company deserves to get hacked, and that is social engineering.

Bottem line: No one "deserves" to have to be preyed upon by criminals.

If you leave your car unlocked, do you deserve to get your CDs and stereo swiped?

If someone calls up your grandma and tricks her into giving out her banking information, does she deserve to lose her savings?

Does it makes a difference that the victim is a company and not an individual?

One should expect all sorts of exploitations without properly trained employees, but it's not a justification for criminal acts.

Calling it "social engineering" doesn't cover-up that fact that it's just good old lies and fraud.


Nonsequiter: I wonder if the child molester forums make up labels to make having sex with children sound acceptable.

No one "deserves" to have to be preyed upon by criminals.

If you leave your car unlocked, do you deserve to get your CDs and stereo swiped.

One should expect all sorts of exploitations without properly trained employees, but it's not a justification for criminal acts.

Well we can just agree to disagree. :/

Well we can just agree to disagree. :/

Well, I agree that you disagree with me. People can do that. ;)

I just don't think that being smarter than other people gives you right to take advantage of them. If you're gifted with crafty skills or quick wits, you need to use those skills to help people, not hurt them.

Well, I agree that you disagree with me. People can do that. ;)

I just don't think that being smarter than other people gives you right to take advantage of them. If you're gifted with crafty skills or quick wits, you need to use those skills to help people, not hurt them.

And we can all hold hands and dance around flowers and they'll be no hate in the world.

using your intellect to cheat people is the same as using your fist.

Thats like saying Using a spoon to eat soup is the same as using a fork.

no. it isn't.

Exactly ;)

how about this, you explain why you thihnk that, and i'll show you where you are wrong.

Why I think that my analogy was the same as your analogy?

Why I think that my analogy was the same as your analogy?
okay first off neither of us used an analogy. i was saying that that taking advantage of someone is wrong, whether you outsmart them or beat them up. i was also showing that if simple brute force was used you wouldn't be defending it.

you on the other hand seem to be saying that it is hard to eat soup with a fork or harder than if you used a spoon. which most people would agree with

you said that using your fist was the same as outsmarting them... which it isn't... sure, you can achieve the same thing either way.

You COULD eat soup with a spoon, or you COULD eat soap with a fork, both achieve the same thing, but are COMPLETELY different.