At first, it seemed like a clever art installation housed on the web, but now we're not so sure... the Newstweek hack may indeed be legit.
Earlier this year, Newstweek claimed to have developed a way to hack into webpages on a local Wi-Fi network using a homemade device that plugged into a receptacle. The device connects to the local hotspot, acting as a virtual router—the center for all network traffic—allowing a remote hacker immediate access to web content viewed on the network. That hacker could then alter all web content being viewed on the network by its users, rewriting news and switching out images, manipulating trusted media content into something similar to what The Onion churns out everyday.
Imagine: One day you're at the local cafe or in the airport waiting for your flight, browsing the web, reading a few stories from trusted news sources like CNN or Newsweek. You find yourself surprised by some of the recent headlines, something like "Beijing to Invest in U.S. Army" and "Osama Lives!". It seems unbelievable, yet it's from trusted news sites, so it's got to be real, right?
No, it's got to be Newstweek.
Vague Terrain called it "...one of the most elegantly conceived and executed network art projects in the past few years, if not in the brief history of computational art."
But that's where the suspicion arose—"art project". Newstweek wasn't conceived by a group of nefarious web hackers, but by a pair of code-savvy, Berlin-based artists, Julian Oliver and Danja Vasiliev, who aim to exploit the trustworthiness of big media outlets, showing how news can be manipulated and controlled by the "gatekeepers." No matter how convincing it sounds, the word "art" makes it hard to believe.
Newstweek initially claimed they would issue a how-to for making the device within days of its release, but that turned into months and months of waiting. In the last week of April, the complete instructions eventually surfaced on the Newstweek website, showing a detailed guide to not only make the device, but to execute the elaborate man-in-the-middle attack as well.
So, does this device really work? Looks like it. And you can build one for about 70 bucks.
The hidden Newstweek wall plug device uses ARP spoofing to change the text displayed on the news websites on the local Wi-Fi network. After assembling the device and installing the Newstweek firmware, you'll need to do some field research for proper placement. Then, plug the device into a wall socket, acquire the ESSID name of the network, and setup the device to reboot and join the local Wi-Fi hotspot. After the grunt work, you're ready to start manipulating website content from the comfort of your own home, using the simple web frontend that configures the hack.
Currently, Newstweek only supports the following news sites (though more are sure to follow): BBC, CNN, Le Monde, Lenta Ru, Le Figaro, Der Spiegel, Il Tempo, El Mundo, and The Guardian.
If you're interested in building your own Newstweek device, check out the detailed how-to on their site. With a little dedication and technical know-how, you can easily pull off this hack. Check out the below video for a thorough demonstration on what it can actually do.