Michigan’s Grand Blanc Township thinks it has discovered a trick to weasel out of accountability: charging a reporter more for government records than most people earn in two years.

Independent journalist Anna Matson filed two requests for records about the township’s fire chief, Jamie Jent, being placed on administrative leave. That decision — later lifted after outcry from residents and firefighters — reportedly came after he raised concerns about staffing issues following the tragic September shooting at the township’s Church of Jesus Christ of Latter-day Saints.

The government told her she’d have to pay a combined $164,000 in labor costs ($100,000 for her first request and $64,000 for a second) for finding and reviewing the records in order for them to respond to the request. That’s ridiculous. Michigan’s legislature should act to ensure that other local governments don’t get any ideas.

There’s nothing unusually burdensome about Matson’s requests. If the township’s recordkeeping is so shoddy and its search capabilities so lacking that it costs six figures’ worth of employee time to find some emails and documents, that’s the township’s problem, not Matson’s. If anything, it begs another Freedom of Information Act request to figure out how the township reached that level of incompetence, and what officials are spending money on instead of basic software.

The township doubled down on evasiveness when Matson showed up to a board meeting last week to contest the fees, and it made nonsensical excuses to enter into closed session so that it could discuss its secrecy in secret.

Maybe the township thinks the fees will discourage the press from trying to hold it accountable. More likely, it will do the opposite: inspire reporters to keep digging. Intrepid journalists see obvious obstruction tactics like these and think, “I must be on to something.” We’re confident Matson will eventually uncover whatever the township doesn’t want her and her readers to see.

Michigan’s Freedom of Information Act, like the federal FOIA and state public records laws across the country, was intended to let everyone — not just rich people — find out what their government is up to and how their money is being spent.

The law allows agencies to charge reasonable fees — copying costs, mailing expenses, and limited labor charges calculated at the hourly wage of the lowest-paid employee capable of doing the work. Agencies aren’t permitted to charge for the first two hours of labor, and they can only charge for search and review time if not doing so would result in “unreasonably high costs.”

Officials are taking advantage of the media’s weak financial position to hold accountability for ransom.

We’re not fans of charging any labor costs for FOIAs. Tax dollars already pay for agencies to maintain public records. Allowing the public to access them is a basic government function. But putting that aside, how does finding records about one employee during a limited time frame — which was all her first request sought — cost six figures? The $64,000 price tag for the second request for departmental records is equally absurd and also shows the arbitrariness of the whole thing — how does the broader request cost less than the narrower one?

This obstruction tactic is hardly a local innovation. Last year, Nebraska’s legislature had to step in after the state’s Department of Environment and Energy tried charging the Flatwater Free Press more than $44,000 to review environmental records. It claimed figuring out what exemptions to the public’s records law applied would be time-consuming — essentially making the press pay for their time figuring out legal arguments to not give it the records it wanted.

The Trump administration — which has attempted to close FOIA offices and fired officials who released embarrassing information pursuant to FOIAs — recently demanded journalist Brian Karem pay a $50,000 bond just to expedite a lawsuit for documents about the classified records Trump took to Mar-a-Lago. It’s far from the first instance of fee bullying by the federal government, regardless of who is president.

Trump, of course, claims he did nothing wrong by taking those documents, but doesn’t want to let the public be the judge. The situation in Grand Blanc Township is similar — the same government that may have punished a fire chief for speaking up about public safety wants to punish a journalist for asking questions about it. It’s secrecy stacked on secrecy.

It’s no coincidence that so many of these overcharging cases involve requests by independent journalists or small local outlets. The government knows the news industry is struggling economically. That’s no secret. Officials are taking advantage of the media’s weak financial position to hold accountability for ransom. If they get their way, transparency will become a luxury only affordable to major media outlets that are unlikely to have much interest in public records from Grand Blanc Township in the first place.

The township needs to rescind its invoice, apologize to Matson, and get her the records she’s entitled to right away. Beyond that, state legislators need to put politics aside and follow Nebraska’s example by narrowing what the government can charge the public for its own records and making those limits unambiguous (and of course, they should also remove absurd provisions exempting the governor and legislature from transparency).

And if agencies have the nerve to defend these shakedowns in court, judges should hold government lawyers accountable for whatever frivolous legal arguments they concoct to justify charging well over the cost of a house in Detroit for basic transparency.

freedom.press/issues/censorshi…

FOR IMMEDIATE RELEASE:

The White House has launched a media bias tracker to catalog instances of supposedly distorted coverage by the press. Predictably, the site is long on hyperbole and short on substance.

The following statement can be attributed to Seth Stern, director of advocacy for Freedom of the Press Foundation (FPF):

“If Trump thinks the media is getting stories wrong or being unfair to him, he should release the public records, correspondence, and legal memoranda that prove it, instead of wasting time and taxpayer money on silly websites.

“He’s got more power than anyone to correct the record with documented facts and has countless platforms on which to do so. Instead, he calls reporters ‘piggy’ and posts empty rants that don’t refute anything, while doing everything in his power to hinder Americans’ access to public records containing verifiable facts.

“Trump’s anti-speech antics are highly unpopular, and I doubt many people take his ramblings about ‘fake news’ seriously at this point. He has made it extremely clear that his beef is not with media bias but with journalists not flattering him and regurgitating his lies. It’s a safe bet that his bias tracker will not have anything to say about the influencers and propagandists he favors over serious journalists.

“People understand the obvious conflict inherent in an image-obsessed presidential administration appointing itself the arbiter of media bias. I expect that after the initial wave of publicity, few Americans will be paying attention to this latest stunt, let alone consulting it when deciding what news to consume. The gimmick is wearing thin.”

Please contact us if you would like further comment.

freedom.press/issues/white-hou…

404 Media

2025-08-13 21:53:37

Trump Administration Outlines Plan to Throw Out an Agency's FOIA Requests En Masse

The Department of Energy (DOE) said in a public notice scheduled to be published Thursday that it will throw out all Freedom of Information Act (FOIA) requests sent to the agency before October 1, 2024 unless the requester proactively emails the agency to tell it they are still interested in the documents they requested. This will result in the improper closure of likely thousands of FOIA requests if not more; government transparency experts told 404 Media that the move is “insane,” “ludicrous,” a “Pandora’s Box,” and “an underhanded attempt to close out as many FOIA requests as possible.”

The DOE notice says “requesters who submitted a FOIA request to DOE HQ at any time prior to October 1, 2024 (FY25), that is still open and is not under active litigation with DOE (or another Federal agency) shall email StillInterestedFOIA@hq.doe.gov to continue processing of the FOIA request […] If DOE HQ does not receive a response from requesters within the 30-day time-period with a DOE control number, no further action will be taken on the open FOIA request(s), and the file may be administratively closed.” A note at the top of the notice says it is scheduled to be formally published in the Federal Register on Thursday.

The agency will send out what are known as “still interested” letters, which federal agencies have used over the years to see if a requester wants to withdraw their request after a certain period of inactivity. These types of letters are controversial and perhaps not legal, and previous administrations have said that they should be used rarely and that requests should only be closed after an agency made multiple attempts to contact a requester over multiple methods of communication. What the DOE is doing now is sending these letters to submitters of all requests prior to October 1, 2024, which is not really that long ago; it also said it will close the requests of people who do not respond in a specific way to a specific email address.

FOIA requests—especially complicated ones—can often take months or years to process. I have outstanding FOIA requests with numerous federal agencies that I filed years ago, and am still interested in getting back, and I have gotten useful documents from federal agencies after years of waiting. The notion that large numbers of people who filed FOIA requests as recently as September 2024, which is less than a year ago, are suddenly uninterested in getting the documents they requested is absurd and should be seen as an attack on public transparency, experts told 404 Media. The DOE’s own reports show that it often does not respond to FOIA requests within a year, and, of course, a backlog exists in part because agencies are not terribly responsive to FOIA.

“If a requester proactively reaches out and says I am withdrawing my request, then no problem, they don’t have to process it,” Adam Marshall, senior staff attorney at the Reporters Committee for Freedom of the Press, told me. “The agency can’t say we’ve decided we’ve gotten a lot of requests and we don’t want to do them so we’re throwing them out.”

“I was pretty shocked when I saw this to be honest,” Marshall added. “I’ve never seen anything like this in 10 years of doing FOIA work, and it’s egregious for a few reasons. I don’t think agencies have the authority to close a FOIA request if they don’t get a response to a ‘still interested’ letter. The statute doesn’t provide for that authority, and the amount of time the agency is giving people to respond—30 days—it sounds like a long time but if you happen to miss that email or aren’t digging through your backlogs, it’s not a lot of time. The notion that FOIA requesters should keep an eye out in the Federal Register for this kind of notice is ludicrous.”

The DOE notice essentially claims that the agency believes it gets too many FOIA requests and doesn’t feel like answering them. “DOE’s incoming FOIA requests have more than tripled in the past four years, with over 4,000 requests received in FY24, and an expected 5,000 or more requests in FY25. DOE has limited resources to process the burgeoning number of FOIA requests,” the notice says. “Therefore, DOE is undertaking this endeavor as an attempt to free up government resources to better serve the American people and focus its efforts on more efficiently connecting the citizenry with the work of its government.”

Lauren Harper of the Freedom of the Press Foundation told me in an email that she also has not seen any sort of precedent for this and that “it is an underhanded attempt to close out as many FOIA requests as possible, because who in their right mind checks the federal register regularly, and it should be challenged in court. (On that note, I am filing a FOIA request about this proposal.)”

“The use of still interested letters isn't explicitly allowed in the FOIA statute at all, and, as far as I know, there is absolutely zero case law that would support the department sending a mass ‘still interested’ letter via the federal register,” she added. “That they are also sending emails is not a saving grace; these types of letters are supposed to be used sparingly—not as a flagrant attempt to reduce their backlog by any means necessary. I also worry it will open a Pandora's Box—if other agencies see this, some are sure to follow.”

Marshall said that FOIA response times have been getting worse for years across multiple administrations (which has also been my experience). The Trump administration and the Department of Government Efficiency (DOGE) have cut a large number of jobs in many agencies across the government, which may have further degraded response times. But until this, there hadn’t been major proactive attempts taken by the self-defined “most transparent administration in history” to destroy FOIA.

“This is of a different nature than what we have seen so far, this affirmative, large-scale effort to purport to cancel a large number of pending FOIA requests,” Marshall said.

Limitations on Use of “Still-Interested” Inquiries

^{www.justice.gov}

Die Piratenpartei nimmt das Ergebnis der Volksabstimmung zur Digitalen Integrität in Zürich mit grossem Bedauern zur Kenntnis und wir bedanken uns bei allen, die Ja gestimmt haben. Wir respektieren selbstverständlich den demokratischen Entscheidungsprozess, doch das Ergebnis stellt einen Rückschlag für das wichtige Anliegen dar, ein Grundrecht auf ein selbstbestimmtes Offline‑Leben zu sichern.

Renato Sigg, Präsident Piratenpartei Zürich und Mitglied des Initiativkomitees: „Ohne die Digitale Integrität wird es keine menschenwürdige Digitalisierung geben. Sie braucht es auch, um eine nachhaltig erfolgreiche Resilienz und Digitale Souveränität sicherzustellen.“

Warum ist das Ergebnis problematisch?

Nur die AL stimmte für die Digitale Integrität. Die ablehnenden Parolen der etablierten Parteien – SVP, EDU, FDP, Mitte, EVP, GLP und Grüne signalisieren, dass Sie absichtlich in Kauf nehmen:

• Entscheidungen durch Algorithmen: Die Gefahr, dass Maschinen künftig über medizinische Eingriffe, Bewerbungsverfahren oder andere persönliche Angelegenheiten entscheiden.
• Umfassende Überwachung: Eine flächendeckende Erfassung, Vermessung und Analyse persönlicher Daten.
• Langfristige Datenspeicherung: Unbegrenzte Aufbewahrung personenbezogener Informationen ohne klare Fristen.
• Unsichere Datenlagerung: Risiken durch unzureichende Sicherheitsmassnahmen, die Missbrauch nahelegen.
• Digitale Monopolisierung von Dienstleistungen: Der Trend, physische Angebote (z. B. Billetautomaten) zugunsten rein digitaler Services abzuschaffen, wodurch Personen ohne digitale Anbindung benachteiligt werden.

Dies zeigt, dass die Piratenpartei die einzige Partei ist, die sich für eine menschenwürde Digitalisierung einsetzt und die Anliegen der Bevölkerung angemessen vertritt.

Melanie Hartmann, Vorstand Piratenpartei Schweiz: „Das Resultat an der Urne zeigt, dass Digitalpolitik immer noch nicht in der Mitte der Gesellschaft angekommen ist. Unabhängig davon ist und bleibt Digitale Integrität das dringend nötige Grundrecht für eine menschenwürdige Digitalisierung.“

Unser Appell

Wir fordern die politischen Entscheidungsträger auf, die Bedenken von Teilen der Bevölkerung ernst zu nehmen und die folgenden Prinzipien in zukünftige Gesetzgebungen einzubetten:

• Transparenz: Klare Offenlegung, welche Daten erhoben werden und zu welchem Zweck.
• Einwilligung: Strikte Vorgaben, dass jede Verarbeitung personenbezogener Daten restriktiver geregelt wird.
• Recht auf Vergessenwerden: Garantierte Löschung von Daten nach Ablauf eines angemessenen Zeitraums oder auf Wunsch der betroffenen Person.
• Datensicherheit: Verpflichtende technische und organisatorische Maßnahmen zum Schutz vor unbefugtem Zugriff.
• Option für Offline‑Dienstleistungen: Sicherstellung, dass grundlegende öffentliche Dienste weiterhin ohne digitale Voraussetzung verfügbar bleiben.

Johannes Neukom, Vorstand der Piratenpartei Zürich: „Wir akzeptieren das Resultat, finden es aber schade, dass die Menschen die Notwendigkeit der Digitalen Integrität noch nicht erkannt haben. Der Kanton hätte als erstes alle seine M365-Projekte stoppen müssen. Diese Niederlage wird kein Hindernis sein, dass wir weiterhin für die digitalen Rechte im ganzen Kanton kämpfen werden. Eine Annahme der Initiative hätte uns diesen Kampf aber enorm erleichtert. Eine demokratische Gesellschaft ist ohne einen festgeschriebenen Schutz im digitalen Raum nicht möglich. Mit den kommenden Überwachungswerkzeugen, die dem Staat zur Verfügung stehen, wird das umso wichtiger.“

Ausblick

Die Piratenpartei wird das Ergebnis gründlich analysieren und gemeinsam mit zivilgesellschaftlichen Akteuren, Experten und interessierten Bürgerinnen und Bürgern an konkreten Alternativen arbeiten. Ziel ist es, ein ausgewogenes Verhältnis zwischen technologischem Fortschritt und dem Schutz individueller Freiheitsrechte zu schaffen.

Ivan Büchi,Präsident Piratenpartei Ostschweiz: „Im Verlauf der nächsten Wochen werden wir im Kanton Glarus einen Memorialsantrag zur digitalen Integrität einreichen. Das Recht auf ein offline Leben schulden wir nicht nur unseren Kindern, sondern allen Menschen, die ein Leben ohne ständige Smartphone‑Nutzung führen möchten.“

Alexis Roussel, ehemaliger Co-Präsident der Piratenpartei Schweiz und Autor des Buches „Notre si précieuse intégrité numérique“ (Unsere so wertvolle digitale Unversehrtheit):
Der weitere Weg ist klar: Die Einführung des Grundrechts auf Digitale Integrität in anderen Kantonen und auf Bundesebene ist der Weg für eine digitale Gesellschaft, in der die Menschen respektiert und nicht eingeschränkt oder zur Nutzung gezwungen sind.

Die Piratenpartei dankt ausserdem Philippe Burger, der mit seiner generellen grossen Unterstützung und tatkräftigen Mithilfe sowie Formulierung des Abstimmungstextes diese Volksinitiative überhaupt erst möglich gemacht hat.

piratenpartei.ch/2025/12/02/ab…

Steve and James discuss holiday ICE raids and airlines announcing that they will shutdown a program that sold our travel data to the government.

youtube.com/embed/Eg_ci8PEozY?…

Sign up to our newsletter to get notified of new events or volunteer. Join us on:

• Mastodon;
• Facebook;
• Blue Sky;
• Twitter.

Check out:

• Surveillance Memory Bank and Resources;
• Our Administrative Coup Memory Bank;
• Our Things to Do when Fascists are Taking Over.

Some links we mentioned:

• Trump DHS Plans Immigration Raids on Churches Over Holidays;
• Airlines Will Shut Down Program That Sold Your Flights Records to Government.

Image Credit: 4300streetcar, CC By-SA 4.0, Wikimedia commons page.

masspirates.org/blog/2025/12/0…

404 Media

2025-11-18 18:43:23

Airlines Will Shut Down Program That Sold Your Flights Records to Government

Airlines Reporting Corporation (ARC), a data broker owned by the U.S.’s major airlines, will shut down a program in which it sold access to hundreds of millions of flight records to the government and let agencies track peoples’ movements without a warrant, according to a letter from ARC shared with 404 Media.

ARC says it informed lawmakers and customers about the decision earlier this month. The move comes after intense pressure from lawmakers and 404 Media’s months-long reporting about ARC’s data selling practices. The news also comes after 404 Media reported on Tuesday that the IRS had searched the massive database of Americans flight data without a warrant.

“As part of ARC’s programmatic review of its commercial portfolio, we have previously determined that TIP is no longer aligned with ARC’s core goals of serving the travel industry,” the letter, written by ARC President and CEO Lauri Reishus, reads. TIP is the Travel Intelligence Program. As part of that, ARC sold access to a massive database of peoples’ flights, showing who travelled where, and when, and what credit card they used.
The ARC letter.
“All TIP customers, including the government agencies referenced in your letter, were notified on November 12, 2025, that TIP is sunsetting this year,” Reishus continued. Reishus was responding to a letter sent to airline executives earlier on Tuesday by Senator Ron Wyden, Congressman Andy Biggs, Chair of the Congressional Hispanic Caucus Adriano Espaillat, and Senator Cynthia Lummis. That letter revealed the IRS’s warrantless use of ARC’s data and urged the airlines to stop the ARC program. ARC says it notified Espaillat's office on November 14.

ARC is co-owned by United, American, Delta, Southwest, JetBlue, Alaska, Lufthansa, Air France, and Air Canada. The data broker acts as a bridge between airlines and travel agencies. Whenever someone books a flight through one of more than 12,800 travel agencies, such as Expedia, Kayak, or Priceline, ARC receives information about that booking. It then packages much of that data and sells it to the government, which can search it by name, credit card, and more. 404 Media has reported that ARC’s customers include the FBI, multiple components of the Department of Homeland Security, ATF, the SEC, TSA, and the State Department.

Espaillat told 404 Media in a statement “this is what we do. This is how we’re fighting back. Other industry groups in the private sector should follow suit. They should not be in cahoots with ICE, especially in ways may be illegal.”

Wyden said in a statement “it shouldn't have taken pressure from Congress for the airlines to finally shut down the sale of their customers’ travel data to government agencies by ARC, but better late than never. I hope other industries will see that selling off their customers' data to the government and anyone with a checkbook is bad for business and follow suit.”

“Because ARC only has data on tickets booked through travel agencies, government agencies seeking information about Americans who book tickets directly with an airline must issue a subpoena or obtain a court order to obtain those records. But ARC’s data sales still enable government agencies to search through a database containing 50% of all tickets booked without seeking approval from a judge,” the letter from the lawmakers reads.

Update: this piece has been updated to include statements from CHC Chair Espaillat and Senator Wyden.

Airline-Owned Data Broker Selling Your Flight Info to DHS Finally Registers as a Data Broker

It’s a legal requirement for data brokers to register in the state of California. ARC, the airlines-owned data broker that has been selling your flight information to the government for years, only just registered after being contacted by the office …

^{Joseph Cox (404 Media)}

Alice Ceresa, tradotta e traduttrice
a cura di Tania Collani, Tatiana Crivelli
edu.sefeditrice.it/catalogo/al…
Società Editrice Fiorentina

il pdf del libro è liberamente scaricabile

Alice Ceresa, tradotta e traduttrice

Questo volume indaga per la prima volta la dimensione plurilingue e transnazionale dell’opera di Alice Ceresa (1923-2001), una delle voci più originali della letteratura in lingua italiana del Novecento.

^{edu.sefeditrice.it}

Giovedì 4 dicembre, h. 12:30, “Oggettistica”_
Incontro in collegamento con l’Università di Perugia

info:
slowforward.net/2025/12/01/4-d…

per assistere in diretta:
https://t.ly/0jBvh

slowforward

2025-12-01 08:31:46

4 dicembre, “oggettistica”: incontro in collegamento con l’università di perugia

grazie a Fabrizio Scrivano per questo invito

cliccare per ingrandire

link per assistere: t.ly/0jBvh

#dipartimentoDiLettere #fabrizioScrivano #letteratura #mg #oggetti #oggettiLetterari #oggettistica #oggettivita #teoriaDellaLetteratura #tic #ticEdizioni #universitaDegliStudiDiPerugia #universitaDiPerugia

qr.ae/pC5s1X

non capisco una cosa, ma anche per i più scettici, se putin dice di aver conquistato la città per 4 volte, non è la dimostrazione che o le 3 volte prima erano false, o l'ha persa già 3 volte e quindi una quarta conquista suona nel migliore dei casi "molto temporanea"? a casa mia a uno che racconta balle puoi credere giusto la prima volta... siamo così coglioni che raccontano N volte una balla e ogni volta ci ricaschiamo? tipo i no vax... a sentire loro chi si vaccinava doveva morire in 1 anno massimo. direi che è evidente che non è successo. ci potevi credere all'inizio ma adesso è palese che era una cazzata, no? a casa mia mi freghi la prima volta ma non le successive... si chiama imparare dall'esperienza.

All statistics in this report come from Kaspersky Security Network (KSN), a global cloud service that receives information from components in our security solutions voluntarily provided by Kaspersky users. Millions of Kaspersky users around the globe assist us in collecting information about malicious activity. The statistics in this report cover the period from November 2024 through October 2025. The report doesn’t cover mobile statistics, which we will share in our annual mobile malware report.

During the reporting period:

• 48% of Windows users and 29% of macOS users encountered cyberthreats
• 27% of all Kaspersky users encountered web threats, and 33% users were affected by on-device threats
• The highest share of users affected by web threats was in CIS (34%), and local threats were most often detected in Africa (41%)
• Kaspersky solutions prevented nearly 1,6 times more password stealer attacks than in the previous year
• In APAC password stealer detections saw a 132% surge compared to the previous year
• Kaspersky solutions detected 1,5 times more spyware attacks than in the previous year

To find more yearly statistics on cyberthreats view the full report.

securelist.com/kaspersky-secur…

Want to know if somebody is lying? It’s always so hard to tell. [dbmaking] has whipped up a fun little polygraph, otherwise known as a lie detector. It’s nowhere near as complex as the ones you’ve seen on TV, but it might be just as good when it comes to finding the truth.

The project keeps things simple by focusing on two major biometric readouts — heart rate and skin conductivity. When it comes to the beating heart, [dbmaking] went hardcore and chose an AD8232 ECG device, rather than relying on the crutch that is pulse oximetry. It picks up heart signals via three leads that are just like those they stick on you in the emergency room. Skin conductivity is measured with a pair of electrodes that attach to the fingers with Velcro straps. The readings from these inputs are measured and then used to determine truth or a lie if their values cross a certain threshold. Presumably, if you’re sweating a lot and your heart is beating like crazy, you’re telling a lie. After all, we know Olympic sprinters never tell the truth immediately after a run.

Does this work as an actual, viable lie detector? No, not really. But that’s not just because this device isn’t sophisticated enough; commercial polygraph systems have been widely discredited anyway. There simply isn’t an easy way to correlate sweating to lying, as much as TV has told us the opposite. Consider it a fun toy or prop to play with, and a great way to learn about working with microcontrollers and biometric sensors.

youtube.com/embed/rpxLFYz5RgQ?…

hackaday.com/2025/12/02/little…

Nel contesto odierno, proteggere una rete richiede molto più che impostare una password complessa. Un attacco informatico contro una rete wireless segue un percorso strutturato che evolve dal monitoraggio passivo fino alla manipolazione attiva del traffico.

Analizzeremo questo processo in tre fasi distinte: l’ottenimento dell’accesso, le manovre post-connessione e le contromisure difensive necessarie.

1. Fase di Pre-connessione: Sorveglianza e Accesso

Il penetration test di una rete wireless inizia analizzando la sua superficie di attacco: si osservano le identificazioni visibili e si valutano configurazioni deboli o non sicure.

Monitoraggio e Identificazione del Target

Il primo passo consiste nell’utilizzare strumenti in modalità “monitor” per raccogliere informazioni dettagliate sui punti di accesso (AP) e sui client attivi. Abilitando l’interfaccia wireless in questa modalità e lanciando il comando seguente, l’analista scandaglia ciascun canale della rete:

[strong]airodump-ng wlan0mon[/strong]
Output di airodump-ng in modalità monitor: identificazione delle reti WPA2 e dei client connessi.
Questi dati sono fondamentali per selezionare il bersaglio. Segnali di debolezza includono un SSID facilmente riconoscibile, un basso numero di client o l’assenza del protocollo WPA3. Una volta individuato il target, si esegue una scansione mirata per aumentare la precisione con il comando:
airodump-ng -c <canale> --bssid <BSSID> -w <file_output> wlan0mon

Intercettazione dell’Handshake

Per ottenere l’accesso completo su reti WPA/WPA2, è necessario catturare l’handshake, ovvero lo scambio di pacchetti che avviene quando un client si associa al router. Se non si verificano connessioni spontanee, si interviene con un attacco di deautenticazione.

Utilizzando Aireplay-ng, si inviano pacchetti che disconnettono temporaneamente il client vittima:
aireplay-ng –deauth 5 -a <BSSID> -c <Client_MAC> wlan0mon
Al momento della riconnessione automatica del dispositivo, l’handshake viene registrato da Airodump e salvato su disco in un file .cap.
Altro esempio di output di airodump-ng: evidenza di canali e durata pacchetti.

Cracking della Crittografia

Acquisito il file, si passa all’attacco offline. Strumenti come Aircrack-ng esaminano ogni password contenuta in una wordlist (come la comune rockyou.txt), combinandola con il nome dell’AP per generare una Pairwise Master Key (PMK). Questo processo spesso utilizza algoritmi come PBKDF2 per l’hashing.

Il comando tipico è:
aircrack-ng -w rockyou.txt -b <BSSID> handshake.cap
La PMK generata viene confrontata con i dati crittografati dell’handshake: se coincidono, la password è rivelata. Per password complesse, si ricorre a strumenti come Hashcat o John the Ripper, ottimizzati per l’accelerazione GPU.

2. Fase Post-connessione: Mimetismo e MITM

Una volta superata la barriera iniziale, l’attaccante ha la possibilità di interagire direttamente con i dispositivi nella rete locale. L’obiettivo ora cambia: bisogna mimetizzarsi tra gli altri dispositivi e raccogliere dati senza essere rilevati.

Mappatura della Rete

Il primo passo post-connessione è costruire una mappa della rete. Strumenti come Netdiscover eseguono una scansione ARP attiva sull’intera sottorete per raccogliere IP e MAC address:
netdiscover -r 192.168.1.0/24 Screenshot reale da laboratorio: handshake WPA2 catturato all’esecuzione del comando aireplay-ng

Successivamente, Nmap permette un’analisi profonda. Con il comando nmap -A <IP_Target>, si esegue una scansione aggressiva per identificare porte aperte, versioni dei servizi e il sistema operativo del target, rivelando potenziali vulnerabilità come software obsoleti.

Man in the Middle (MITM) e ARP Spoofing

La strategia offensiva più potente in questa fase è l’attacco Man in the Middle, spesso realizzato tramite ARP Spoofing. L’attaccante inganna sia il client che il gateway alterando le loro cache ARP, posizionandosi logicamente tra i due.

I comandi manuali per realizzare ciò sono:

1. arpspoof -i wlan0 -t <IP_Client> <IP_Gateway> (Convince il client che l’attaccante è il gateway).
2. arpspoof -i wlan0 -t <IP_Gateway> <IP_Client> (Convince il gateway che l’attaccante è il client).

Per automatizzare il processo, si utilizzano framework come MITMF, che integrano funzionalità di DNS spoofing, keylogging e iniezione di codice. Un esempio di comando è:

mitmf –arp –spoof –gateway <IP_Gateway> –target <IP_Target> -i wlan0

3. Metodi di Rilevamento e Difesa

Il successo di un attacco dipende dalla capacità difensiva del bersaglio. Esistono strumenti specifici per individuare comportamenti anomali e bloccare le minacce tempestivamente.

Monitoraggio del Traffico con Wireshark

Wireshark è essenziale per l’analisi profonda. La sua interfaccia permette di identificare pattern sospetti come le “tempeste ARP”. Per configurarlo al rilevamento dello spoofing:

1. Accedere a Preferenze > Protocolli > ARP.
2. Abilitare la funzione “Rileva schema richiesta ARP”.

Questa opzione segnala irregolarità, come la variazione frequente del MAC associato a uno stesso IP. Inoltre, il pannello “Informazioni Esperto” evidenzia risposte ARP duplicate e conflitti IP, indici chiari di un attacco in corso.
Output di netdiscover in laboratorio: IP e MAC dei dispositivi attivi

Difesa Attiva con XArp

Per una protezione automatizzata, XArp offre due modalità: passiva (osservazione) e attiva (interrogazione). Se XArp rileva che il MAC del gateway cambia improvvisamente, invia un probe diretto per validare l’associazione IP-MAC e generare un alert.

Scenario Pratico di Attacco e Risposta

Per comprendere meglio la dinamica, consideriamo un esempio in una rete LAN aziendale:

1. L’Attacco: Un attaccante connesso via Wi-Fi lancia arpspoof, impersonando simultaneamente il router (192.168.1.1) e il client vittima (192.168.1.100).
2. Il Rilevamento: Su una macchina della rete è attivo XArp, che rileva una variazione improvvisa dell’indirizzo MAC del gateway. Il software attiva un probe, confronta la risposta e conferma la discrepanza, generando un alert immediato per l’amministratore.
3. La Reazione: A questo punto le difese si attivano. Un firewall locale può bloccare il traffico verso il MAC falsificato, oppure l’amministratore può ripristinare la corretta voce ARP forzando l’associazione corretta con i seguenti comandi:

Su Linux: sudo arp -s 192.168.1.1 00:11:22:33:44:55

Su Windows: arp -s 192.168.1.1 00-11-22-33-44-55

Questa operazione impedisce nuove sovrascritture finché la voce statica rimane in memoria.

4. Contromisure Tecniche per la Sicurezza delle Reti

Nel contesto odierno, le contromisure tecniche non devono limitarsi al rilevamento, ma puntare a impedire l’esecuzione dell’attacco a monte. Di seguito analizziamo le strategie principali per proteggere reti LAN e WLAN.

Tabelle ARP Statiche

Una delle tecniche più semplici ma efficaci è la configurazione manuale di voci statiche. Di default, i sistemi operativi usano tabelle ARP dinamiche che possono essere manipolate. Inserendo manualmente le voci (come visto nello scenario precedente), si impedisce ogni modifica non autorizzata. È importante ricordare che queste configurazioni vanno reinserite ad ogni riavvio o automatizzate tramite script.

Modifica dell’SSID e Gestione del Broadcast

I router utilizzano spesso SSID predefiniti (es. “TP-LINK_ABC123”) che rivelano il modello del dispositivo e le relative vulnerabilità note. Cambiare l’SSID in un nome generico (es. “net-home42”) riduce l’esposizione. Inoltre, disabilitare il broadcast dell’SSID rende la rete invisibile ai dispositivi che non la conoscono. Sebbene non sia una misura assoluta (il nome è recuperabile dai beacon frame), aumenta la difficoltà per attaccanti non esperti.

Filtraggio degli Indirizzi MAC

Il MAC filtering consente l’accesso solo ai dispositivi esplicitamente autorizzati nel pannello di amministrazione del router. Qualsiasi altro dispositivo viene rifiutato. Anche questa misura può essere aggirata tramite MAC spoofing, ma resta un’ottima prima barriera in reti con un numero limitato di dispositivi.

Disabilitazione dell’Amministrazione Wireless

Molti router permettono la configurazione remota via Wi-Fi. Questo espone la rete al rischio che un attaccante, una volta connesso, possa accedere al pannello di controllo. È fortemente consigliato disabilitare la gestione wireless, limitando l’accesso amministrativo alle sole porte Ethernet cablate.

Uso di Tunnel Crittografati

Le comunicazioni sensibili devono sempre avvenire su canali cifrati per rendere inutile l’intercettazione dei dati (sniffing). Esempi fondamentali includono:

• HTTPS invece di HTTP per la navigazione web.
• SSH invece di Telnet per l’accesso remoto.
• VPN per creare tunnel sicuri tra dispositivi.

Inoltre, l’adozione del protocollo WPA3 introduce il sistema SAE (Simultaneous Authentication of Equals), rendendo la rete molto più resistente agli attacchi a dizionario rispetto al WPA2.

Aggiornamento del Firmware

Le vulnerabilità del firmware sono un vettore di attacco spesso trascurato. È essenziale controllare periodicamente il sito del produttore e installare le patch di sicurezza. L’aggiornamento può chiudere backdoor, correggere falle nel protocollo WPS e migliorare la stabilità generale.

Conclusione: Verso una Sicurezza Proattiva

La sicurezza delle reti locali rappresenta oggi una delle sfide più importanti della cybersecurity. Come abbiamo osservato, un attacco può iniziare silenziosamente con una scansione (airodump-ng) per poi evolvere in manipolazioni attive (MITM).

La facilità con cui è possibile violare una rete poco protetta evidenzia quanto siano ancora sottovalutate le tecniche di base. Allo stesso tempo, strumenti potenti e gratuiti come Aircrack-ng, Wireshark e XArp sono disponibili sia per gli attaccanti che per i difensori: la differenza la fa la competenza.

In sintesi, abbiamo visto che:

• L’accesso può essere forzato catturando l’handshake e usando wordlist (aircrack-ng -w rockyou.txt).
• Una volta dentro, l’attaccante può mappare l’infrastruttura (netdiscover, nmap).
• Il traffico può essere manipolato tramite ARP Spoofing (arpspoof, MITMF).
• La difesa richiede un approccio multilivello: monitoraggio, alert automatici e hardening della configurazione.

La sicurezza informatica non è una configurazione “una tantum”, ma un processo adattativo. Essere proattivi è l’unico modo per garantire integrità e privacy in un panorama tecnologico in costante mutamento.

L'articolo Anatomia di una Violazione Wi-Fi: Dalla Pre-connessione alla Difesa Attiva proviene da Red Hot Cyber.