Interesting People mailing list archives
Beyond evil twin hotspots -- the pervasive retaking of control
From: David Farber <dave () farber net>
Date: Sat, 17 Mar 2007 14:40:19 -0400
Begin forwarded message: From: Bob Frankston <Bob2-19-0501 () bobf frankston com> Date: March 17, 2007 2:02:52 PM EDT To: dave () farber net, ip () v2 listbox com Subject: Beyond evil twin hotspots -- the pervasive retaking of controlPreface – this is a bit rambling because there are a number of interrelated issues. But it’s a reminder that the world of telecom is full of twisting and winding passages. We’re so used to spelunking the depths of telecom that it’s hard to accept the simplicity of the Internet – after all, how could we get from point A to B without wandering those imaginary passages – they seem so very real.
Rereading my own comments reminds me of a related problem and why I had to dump FiOSTV. Too bad our public policy on broadband and net neutrality is based on these kind of naïve dependences such as assuming we have the Internet because of rather than despite broadband (AKA B-ISDN). Ultimately the net is about what we can do as owners. Even if we don’t (yet) own the infrastructure we use End-to- End principles to wrest control as in the days of modems (vs ISDN).
Before getting to router issues I had a reminder of how many traps there are for the unwary or disabled. I’m helping someone with mental illness. She doesn’t remember but apparently placed a number of operator-assisted calls to her son in Israel in January -- $1000 worth. That may seem like a lot but at $10/minute it doesn’t take long. These calls would be 10¢ if she dialed direct and had bet $4/ month with Verizon (the fee for reducing the cost of 10x for international calls).
It’s one thing to be trapped by “evil twin routers” but another to have to be wary when dealing with your “friendly” phone company just placing calls. A single misdial to Djibouti (similar number) cost $50! I guess I shouldn’t be surprised that Verizon is insisting on payment though how does one justify a factor of 100x cost difference. Even more extreme when you consider this person has a DSL connection and thus there needn’t have been any charge at all. What is especially frustrating is that unlike the Internet there is no easy way to put a rule in the system – specs are specs and that’s that. This is indeed lottery pricing that would not be possible if there were real competition rather than faux competition within the gaming rules set by the FCC.
It’s an echo of the Moldova scandal when people downloaded programs that would dial Moldova and were forced to pay the outrageous charges. At least back then we weren’t use to using VoIP which made it so obvious the costs are totally bogus. Yet our policy makers seem to treat them as real.
The tendency to treat these artifacts as if they were immovable physical objects is a source of frustration for those of us who know these are just conventions and not real at all. I compare it to approximating 1.3 as 1 and then 1.3+1.3+1.3 = 3.000 when we then reintroduce presumed precision. Piling policy atop policy while treating each arbitrary model as reality seems to be the hallmark of our regulatory system.
It’s against this backdrop that the acceptance of broadband is so dangerous – the Verizon FiOSTV router is part of the campaign to take bake control that goes far beyond mere non-neutrality. Remember that convergence means everything converges on IMS and 3G.
I use a Dual-WAN router for reliability but also because I sometimes get higher speeds using multiple pipes. Since MIT is peered directly with the local providers I was able to achieve over 30mbps when copying files using Bit Torrent. Normally BT is far slower than copying directly simply because of asymmetric connections and the low probability of proximate caching. Too bad a number of web sites seem to rely on the IP address across sessions – the statelessness requirement doesn’t get tested often enough so it’s forgotten.
When I decided to try out FiOSTV I found I had to use their router. The specs are very good for the Antec but then phone companies revel in specs. In practice it seems to have problems due to limits on NAT tables and other issues that others have written about. At first I put up with the problems and cascaded one path of my Dual WAN router through it. But since only Verizon could fix the problem I would have to wait till they deemed it in their interest. After all, they had to deal with millions of users and a single exception wasn't that important.
This is a repeat of the X.400/SMTP battle. X.400 took ten years for a change cycle whereas SMTP took a weekend but you can fix your own bugs immediately and even try out new features.
I had a similar experience in speaking to a CTO at a cellular manufacturer -- he looked to corporate buyers for implementing new features. A corporation would buy a few thousand just to run an application so it made sense from his perspective even if it denied us wonderful surprises. We see this all over – it is why, as I've noted in the past, the STB (Set Top Boxes) can't compete with PC gamer video boards for dealing with compression.
The FiOSTV situation gives us additional cause for concern as they insist in owning the wires in my home -- again -- because they say the Internet wasn't designed for video bits – we “know” that only RG-6 can carry video. This whole broadband issue does make a mockery of neutrality -- if the first mile playing field is vertical why does the rest matter much? It’s as if they are trying to return us to 1960 when they were in full control of the wires and devices in our homes.
Once caveat is that Dual WAN routers for consumers seem to have appeared in 2004 and are still stuck there. Another reminder that as much as we can do as individuals we have to build on what is available. As I much as I do want to program it all myself I do need many others contributing their efforts in order to create opportunity. The alternative of waiting for a small number of companies to accidentally do what is my interest, especially when it is conflict with theirs, is indeed problematic. Even more problematic is asking Congress for favors rather eliminating the need to ask them by giving us the rights of ownership.
http://www.frankston.com/?Name=FTCBBW for more on the policy issues. -----Original Message----- From: David Farber [mailto:dave () farber net] Sent: Saturday, March 17, 2007 10:00 To: ip () v2 listbox com Subject: [IP] Re: thieves stealing data thru "evil twin" hotspots Begin forwarded message: From: Bob Frankston <Bob2-19-0501 () bobf frankston com> Date: March 16, 2007 8:40:04 PM EDT To: dave () farber net, ip () v2 listbox com Cc: "'Paul Saffo'" <Paul () Saffo Com> Subject: RE: [IP] thieves stealing data thru "evil twin" hotspots This is a reminder of the importance of end-to-end security (including encryption). Link-level security only gives the illusion of security. Of course it's also a reminder of the risks of the bubble-baby security offering by firewalls. Unfortunately, these firewalls seem necessary because too many systems are very vulnerable. But when you remove a system from this cocoon of safety it isn't necessary ready for the world. One example of the damage done by these firewalls is that new systems seemed to be designed with the assumption the firewall is a security boundary so that “public” means “within this LAN”. That only perpetuates the problem. We must separate our security topology from the accidental properties of the physical topology or else these problems with only become worse while leaving the computer systems themselves inflexibly dependent upon the accidental paths of wires. For the road a good work-around is to setup one's own VPN to a home system but that's too difficult for most people. At very least you should be able to setup a relationship between any pair of machines such as your laptop and your home computer. A full design of resilient trust systems is difficult -- especially when systems can be compromised -- but we should at least setup a relationship between the computer back home or in the office and the one you take on the road. We're not going to eliminate all threats but we should try to deal with the most obvious problem -- the need to trust every element on the paths we use to communicate. Of course the more independent we are of the path the less traditional telecom models apply. Encryption makes it more difficult to apply strategies such as blocking a particular port. Port blocking may make sense if we can detect extreme cases but such approaches are at odds with giving us more control over how we communicate. Worse port blocking leads to the temptation to treat the use of encryption as a crime rather than responsible behavior. -----Original Message----- From: David Farber [mailto:dave () farber net] Sent: Friday, March 16, 2007 17:12 To: ip () v2 listbox com Subject: [IP] thieves stealing data thru "evil twin" hotspots Begin forwarded message: From: Paul Saffo <paul () saffo com> Date: March 16, 2007 4:58:01 PM EDT To: Dave Farber <dave () farber net> Subject: LAT: thieves stealing data thru "evil twin" hotspots http://www.latimes.com/news/local/la-me- wifihack16mar16,0,5875273.story?coll=la-headlines-california Ensnared on the wireless Web Hackers' latest tactic to steal information is setting up fake hotspots that users unwittingly use to access Internet. By Tami Abdollah Times Staff Writer March 16, 2007 As Los Angeles and hundreds of other communities push to turn themselves into massive wireless hotspots, unsuspecting Internet users are stumbling onto hacker turf, giving computer thieves nearly effortless access to their laptops and private information, authorities and high-tech security experts say. It's an invasion with a twist: People who think they are signing on to the Internet through a wireless hotspot might actually be connecting to a look-alike network, created by a malicious user who can steal sensitive information, said Geoff Bickers, a special agent for the FBI's Los Angeles cyber squad. It is not clear how many people have been victimized, and few suspects have been charged with Wi-Fi hacking. But Bickers said that over the last couple of years, these hacking techniques have become increasingly common, and are often undetectable. The risk is especially high at cafes, hotels and airports, busy places with heavy turnover of laptop users, authorities said. "Wireless is a convenience, that's why people use it," Bickers said. "There's an axiom in the computer world that convenience is the enemy of security. People don't use wireless because they want to be secure. They use wireless because it's easy." For Mark Loveless, just one letter separated security from scam. Logging on to his hotel's free wireless Internet in San Francisco last month, Loveless had two networks to choose between on his laptop screen — same name, one beginning with a lowercase letter, one with a capital. He chose the latter and, as he had done earlier that day, connected. But this time, a screen popped up asking for his log-in and password. Loveless, a 46-year-old security analyst from Texas, immediately disconnected. A former hacker, he knew an attack when he saw one, he said. Most Internet users do not. About 14.3 million American households use wireless Internet, and this figure is projected to grow to nearly 49 million households by 2010, according to JupiterResearch, which specializes in business and technology market research. "There's literally probably millions of laptops in the U.S. that are configured to join networks named Linksys or D-Link when they are available," said Corey O'Donnell, vice president of marketing for Authentium, a company that provides security software. "So if I'm a hacker, it's as easy as setting up a network with one of those names and waiting for the fish to come." Linksys and D-Link are two of the many commercial brands of wireless routers, products that allow a user to connect to the Internet using radio frequency. As the field of wireless connectivity expands, so too does a hacker's playground. More than 300 municipalities across the country are planning or already operating Wi-Fi service. Los Angeles Mayor Antonio Villaraigosa last month announced plans for citywide Wi-Fi in 2009. USC already offers free wireless, and by the end of March, Los Angeles International Airport will officially offer wireless at all its terminals under a new contract with T-Mobile. Some airlines already offer Wi-Fi at LAX. "There are no signs for any service at all, so if any passenger is accessing a free wireless service … they should be cautious," said Nancy Castles, an airport spokeswoman. A survey at Chicago's O'Hare Airport by Authentium revealed 76 peer- to-peer networks, or access points that are connected to via another user's computer, with 27 of them advertising access to free Wi-Fi — a trademarked term for the technical specifications of wireless local area network operation. The company also found that three of the networks had fake or misleading addresses, one sign the hotspots could be hackers. "At a busy place like O'Hare, in one hour a bad guy could get 20 laptops to connect to his network and steal the users' account information," said Ray Dickenson, vice president of product management at Authentium, who conducted the survey last September. Corporate networks are sometimes the most vulnerable, as employers push for a more mobile workforce without always educating its users on the security risks of wireless Internet. Many workers rely on corporate firewalls in the office and an automatic default network setting that links them to their corporate networks. Outside the office, the firewall is no longer in place. That means the computer is unprotected. Once hackers have "got a toehold in a network, it's pretty much game over," Bickers said. Most laptops are configured to search for open wireless points and common wireless names, whether or not the user is trying to get online. That leaves people open to hacking. In two new attacks, called "evil twin" and "man in the middle," hackers create Wi-Fi access points titled whatever they like, such as "Free Airport Wireless" or an established, commercial name. In the "evil twin" attack, the user turns on a laptop, which may automatically try to connect. When it does, it is connecting to a fake access point, or "evil twin," and the hacker gets into personal files, steals passwords or plants a virus. The hacker can become a "man in the middle" when he funnels the user's Internet connection through this false access point to a true wireless connection. The unsuspecting Wi-Fi surfer may then proceed to enter credit card information, access e-mail or reveal other sensitive data that can be tracked by the hacker. Meanwhile, the session appears ordinary to the user. Although the FBI has been aware of this kind of attack for about five years, its use has increased in the last couple of years and is being seen as a "huge threat," Bickers said. "The actual tools you need, the software, the hardware, etc., to mount this sort of attack has become insanely easy to acquire," Bickers said. "You need a laptop, wireless radio and the ability to download a free tool and run it. It literally is child's play." The creation of the access point itself is not generally considered criminal; it's what happens next — tracking people's Internet use — that can cross the line. These hacking techniques are considered to be "tantamount to a computer intrusion and illegal interception of wireless communication that can be prosecuted under federal law," Bickers said. But computer evidence and statistics are hard to come by, said Arif Alikhan, a former federal prosecutor and former chief of the cyber and intellectual property crimes section for the U.S. attorney's office in Los Angeles. People can unwittingly compromise their computers in a multitude of ways, and often there's no trace. "You can tell how many burglaries occur because you're victimized, and someone knows they're victimized," Alikhan said. "People don't always know if someone is using their wireless network, and it's very difficult to tell unless you trace back every single connection…. It happens more than I think we all realize." The U.S. attorney's office will not comment on pending investigations; however, wireless hacking cases are relatively new, and few if any current cases involve "evil twin" or "man in the middle" attacks, law enforcement authorities said. "This is a classic case of law and law enforcement being a little behind the technological curve," Bickers said. Other types of wireless-related Internet hacking cases have recently popped up across the country. Nicholas Tombros was found guilty in 2004, under the federal Can-Spam Act, of "war-spamming." He drove around the Venice Beach area with his laptop and used unprotected wireless access points to send spam. He could receive up to three years in federal prison at his sentencing next month. He is the only defendant who has been charged in a case involving wireless hacking by the Greater Los Angeles section of the U.S. Department of Justice's cyber and intellectual property crimes division since it was established in October 2001, according to Assistant U.S. Atty. Wesley L. Hsu, deputy chief of the section. "They are technically difficult cases…. They're difficult cases to put together, so law enforcement is having to sort of catch up," Hsu said. On Sept. 30, Gov. Arnold Schwarzenegger signed into law the Wi-Fi User Protection Bill, which aims to block unauthorized sharing of open Wi-Fi networks and inform users of the dangers of unsecured networks. Starting in October, warnings and tips will be required on all wireless home-networking equipment sold in California. The law specifically addresses "piggybacking" — or the use of another person's wireless network to access the Internet — a problem that security experts say has been a concern for years. tami.abdollah () latimes com ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/@now Powered by Listbox: http://www.listbox.com ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/@now Powered by Listbox: http://www.listbox.com ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/@now Powered by Listbox: http://www.listbox.com
Current thread:
- Beyond evil twin hotspots -- the pervasive retaking of control David Farber (Mar 17)