They’re here, they’re there, they’re everywhere, so beware!


Wake-on-LAN (“WOL”) is implemented using a specially designed packet called a magic packet, which is sent to the computer to be woken up. The magic packet contains the MAC address of the destination computer, an identifying number built into each network interface card (“NIC”) or other ethernet device in a computer, that enables it to be uniquely recognized and addressed on a network.

Powered-down or turned off computers capable of Wake-on-LAN will contain network devices able to “listen” to incoming packets in low-power mode while the system is powered down. If a magic packet is received that is directed to the device’s MAC address, the NIC signals the computer’s power supply or motherboard to initiate system wake-up, much in the same way as pressing the power button would do…

The magic packet is a broadcast frame containing anywhere within its payload 6 bytes of all 255 (FF FF FF FF FF FF in hexadecimal), followed by sixteen repetitions of the target computer’s 48-bit MAC address, for a total of 102 bytes. Since the magic packet is only scanned for the string above, and not actually parsed by a full protocol stack, it may be sent as any network- and transport-layer protocol…

Abuse of the Wake-on-LAN feature only allows computers to be switched on; it does not in itself bypass password and other forms of security, and is unable to power off the machine once on…802.11 wireless interfaces do not maintain a link in low power states and cannot receive a magic packet

This does not entirely explain Attkisson’s computer hacking issues. For example, it says that wake-on-LAN can’t power down the computer. But it does suggest that reporters for the AP, CBS and other media outlets should disconnect their ethernet cables and unplug their computers before going home after work. (Roger Simon has related thoughts.)

2 Responses to “They’re here, they’re there, they’re everywhere, so beware!”

  1. Andrew_M_Garland Says:

    Turn off the computer using the power supply toggle switch. That is easier than unplugging the network connections.

  2. Neil Says:

    Wake-On-LAN can’t itself power down the computer, but if you’ve used the WoL function to power it up, and gained enough access to root around for whatever files you’re looking for, it would be trivial to leave the PC in whatever state you wish before severing the connection–you could turn it off, you could put it in a hibernate state. Heck, you could wipe the hard drive if that would serve some purpose.

    Check out or for legitimate uses of exactly the same technology.

    There is absolutely nothing flaky about the technological portions of Ms. Attkisson’s story. The only interesting part would be to find out exactly how the exploit was accomplished. My personal bet would be on an inside job, or other form of social engineering. CBS must be filled with enthusiastic Obama supporters who could be manipulated into slipping a little something into Ms. Atkisson’s work computer…

Leave a Reply