Re: thieves stealing data thru "evil twin" hotspots

[David Farber <dave () farber net>]

Begin forwarded message:

From: Bob Frankston <Bob2-19-0501 () bobf frankston com>
Date: March 16, 2007 8:40:04 PM EDT
To: dave () farber net, ip () v2 listbox com
Cc: "'Paul Saffo'" <Paul () Saffo Com>
Subject: RE: [IP] thieves stealing data thru "evil twin" hotspots

This is a reminder of the importance of end-to-end security  
(including encryption). Link-level security only gives the illusion  
of security. Of course it's also a reminder of the risks of the  
bubble-baby security offering by firewalls. Unfortunately, these  
firewalls seem necessary because too many systems are very  
vulnerable. But when you remove a system from this cocoon of safety  
it isn't necessary ready for the world.



One example of the damage done by these firewalls is that new systems  
seemed to be designed with the assumption the firewall is a security  
boundary so that “public” means “within this LAN”. That only  
perpetuates the problem. We must separate our security topology from  
the accidental properties of the physical topology or else these  
problems with only become worse while leaving the computer systems  
themselves inflexibly dependent upon the accidental paths of wires.



For the road a good work-around is to setup one's own VPN to a home  
system but that's too difficult for most people. At very least you  
should be able to setup a relationship between any pair of machines  
such as your laptop and your home computer.



A full design of resilient trust systems is difficult -- especially  
when systems can be compromised -- but we should at least setup a  
relationship between the computer back home or in the office and the  
one you take on the road.



We're not going to eliminate all threats but we should try to deal  
with the most obvious problem -- the need to trust every element on  
the paths we use to communicate. Of course the more independent we  
are of the path the less traditional telecom models apply.



Encryption makes it more difficult to apply strategies such as  
blocking a particular port. Port blocking may make sense if we can  
detect extreme cases but such approaches are at odds with giving us  
more control over how we communicate. Worse port blocking leads to  
the temptation to treat the use of encryption as a crime rather than  
responsible behavior.





-----Original Message-----
From: David Farber [mailto:dave () farber net]
Sent: Friday, March 16, 2007 17:12
To: ip () v2 listbox com
Subject: [IP] thieves stealing data thru "evil twin" hotspots







Begin forwarded message:



From: Paul Saffo <paul () saffo com>

Date: March 16, 2007 4:58:01 PM EDT

To: Dave Farber <dave () farber net>

Subject: LAT: thieves stealing data thru "evil twin" hotspots



http://www.latimes.com/news/local/la-me-

wifihack16mar16,0,5875273.story?coll=la-headlines-california

Ensnared on the wireless Web



Hackers' latest tactic to steal information is setting up fake

hotspots that users unwittingly use to access Internet.

By Tami Abdollah

Times Staff Writer



March 16, 2007



As Los Angeles and hundreds of other communities push to turn

themselves into massive wireless hotspots, unsuspecting Internet

users are stumbling onto hacker turf, giving computer thieves nearly

effortless access to their laptops and private information,

authorities and high-tech security experts say.



It's an invasion with a twist: People who think they are signing on

to the Internet through a wireless hotspot might actually be

connecting to a look-alike network, created by a malicious user who

can steal sensitive information, said Geoff Bickers, a special agent

for the FBI's Los Angeles cyber squad.



It is not clear how many people have been victimized, and few

suspects have been charged with Wi-Fi hacking. But Bickers said that

over the last couple of years, these hacking techniques have become

increasingly common, and are often undetectable. The risk is

especially high at cafes, hotels and airports, busy places with heavy

turnover of laptop users, authorities said.



"Wireless is a convenience, that's why people use it," Bickers said.

"There's an axiom in the computer world that convenience is the enemy

of security. People don't use wireless because they want to be

secure. They use wireless because it's easy."



For Mark Loveless, just one letter separated security from scam.



Logging on to his hotel's free wireless Internet in San Francisco

last month, Loveless had two networks to choose between on his laptop

screen — same name, one beginning with a lowercase letter, one with a

capital. He chose the latter and, as he had done earlier that day,

connected. But this time, a screen popped up asking for his log-in

and password.



Loveless, a 46-year-old security analyst from Texas, immediately

disconnected. A former hacker, he knew an attack when he saw one, he

said.



Most Internet users do not.



About 14.3 million American households use wireless Internet, and

this figure is projected to grow to nearly 49 million households by

2010, according to JupiterResearch, which specializes in business and

technology market research.



"There's literally probably millions of laptops in the U.S. that are

configured to join networks named Linksys or D-Link when they are

available," said Corey O'Donnell, vice president of marketing for

Authentium, a company that provides security software. "So if I'm a

hacker, it's as easy as setting up a network with one of those names

and waiting for the fish to come."



Linksys and D-Link are two of the many commercial brands of wireless

routers, products that allow a user to connect to the Internet using

radio frequency.



As the field of wireless connectivity expands, so too does a hacker's

playground. More than 300 municipalities across the country are

planning or already operating Wi-Fi service.



Los Angeles Mayor Antonio Villaraigosa last month announced plans for

citywide Wi-Fi in 2009. USC already offers free wireless, and by the

end of March, Los Angeles International Airport will officially offer

wireless at all its terminals under a new contract with T-Mobile.



Some airlines already offer Wi-Fi at LAX. "There are no signs for any

service at all, so if any passenger is accessing a free wireless

service … they should be cautious," said Nancy Castles, an airport

spokeswoman.



A survey at Chicago's O'Hare Airport by Authentium revealed 76 peer-

to-peer networks, or access points that are connected to via another

user's computer, with 27 of them advertising access to free Wi-Fi — a

trademarked term for the technical specifications of wireless local

area network operation. The company also found that three of the

networks had fake or misleading addresses, one sign the hotspots

could be hackers.



"At a busy place like O'Hare, in one hour a bad guy could get 20

laptops to connect to his network and steal the users' account

information," said Ray Dickenson, vice president of product

management at Authentium, who conducted the survey last September.



Corporate networks are sometimes the most vulnerable, as employers

push for a more mobile workforce without always educating its users

on the security risks of wireless Internet.



Many workers rely on corporate firewalls in the office and an

automatic default network setting that links them to their corporate

networks. Outside the office, the firewall is no longer in place.

That means the computer is unprotected. Once hackers have "got a

toehold in a network, it's pretty much game over," Bickers said.



Most laptops are configured to search for open wireless points and

common wireless names, whether or not the user is trying to get

online. That leaves people open to hacking.



In two new attacks, called "evil twin" and "man in the middle,"

hackers create Wi-Fi access points titled whatever they like, such as

"Free Airport Wireless" or an established, commercial name.



In the "evil twin" attack, the user turns on a laptop, which may

automatically try to connect. When it does, it is connecting to a

fake access point, or "evil twin," and the hacker gets into personal

files, steals passwords or plants a virus.



The hacker can become a "man in the middle" when he funnels the

user's Internet connection through this false access point to a true

wireless connection. The unsuspecting Wi-Fi surfer may then proceed

to enter credit card information, access e-mail or reveal other

sensitive data that can be tracked by the hacker. Meanwhile, the

session appears ordinary to the user.



Although the FBI has been aware of this kind of attack for about five

years, its use has increased in the last couple of years and is being

seen as a "huge threat," Bickers said.



"The actual tools you need, the software, the hardware, etc., to

mount this sort of attack has become insanely easy to acquire,"

Bickers said. "You need a laptop, wireless radio and the ability to

download a free tool and run it. It literally is child's play."



The creation of the access point itself is not generally considered

criminal; it's what happens next — tracking people's Internet use —

that can cross the line.



These hacking techniques are considered to be "tantamount to a

computer intrusion and illegal interception of wireless communication

that can be prosecuted under federal law," Bickers said.



But computer evidence and statistics are hard to come by, said Arif

Alikhan, a former federal prosecutor and former chief of the cyber

and intellectual property crimes section for the U.S. attorney's

office in Los Angeles. People can unwittingly compromise their

computers in a multitude of ways, and often there's no trace.



"You can tell how many burglaries occur because you're victimized,

and someone knows they're victimized," Alikhan said. "People don't

always know if someone is using their wireless network, and it's very

difficult to tell unless you trace back every single connection…. It

happens more than I think we all realize."



The U.S. attorney's office will not comment on pending

investigations; however, wireless hacking cases are relatively new,

and few if any current cases involve "evil twin" or "man in the

middle" attacks, law enforcement authorities said.



"This is a classic case of law and law enforcement being a little

behind the technological curve," Bickers said.



Other types of wireless-related Internet hacking cases have recently

popped up across the country.



Nicholas Tombros was found guilty in 2004, under the federal Can-Spam

Act, of "war-spamming." He drove around the Venice Beach area with

his laptop and used unprotected wireless access points to send spam.

He could receive up to three years in federal prison at his

sentencing next month.



He is the only defendant who has been charged in a case involving

wireless hacking by the Greater Los Angeles section of the U.S.

Department of Justice's cyber and intellectual property crimes

division since it was established in October 2001, according to

Assistant U.S. Atty. Wesley L. Hsu, deputy chief of the section.



"They are technically difficult cases…. They're difficult cases to

put together, so law enforcement is having to sort of catch up," Hsu

said.



On Sept. 30, Gov. Arnold Schwarzenegger signed into law the Wi-Fi

User Protection Bill, which aims to block unauthorized sharing of

open Wi-Fi networks and inform users of the dangers of unsecured

networks. Starting in October, warnings and tips will be required on

all wireless home-networking equipment sold in California.



The law specifically addresses "piggybacking" — or the use of another

person's wireless network to access the Internet — a problem that

security experts say has been a concern for years.



tami.abdollah () latimes com







-------------------------------------------

Archives: http://v2.listbox.com/member/archive/247/@now

Powered by Listbox: http://www.listbox.com



-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/@now
Powered by Listbox: http://www.listbox.com