Heard of drive-by hacking? Meet drive-by spamming

[InfoSec News <isn () c4i org>]

Forwarded from: "eric wolbrom, CISSP" <eric () shtech net>

http://news.zdnet.co.uk/story/0,,t269-s2121857,00.html

5th September 2002 
Graeme Wearden

'Warspammers' are taking advantage of unprotected wireless LANs to
send out millions of junk emails

The proliferation of insecure corporate wireless networks is fuelling
the growth of drive-by spamming, a security expert warned on Thursday.

Speaking at the First International Security Users Conference in
London, Adrian Wright, managing director of Secoda Risk Management,
warned that junk emailers are taking advantage of unprotected wireless
local area networks to bombard email users with unsolicited and
unwelcome messages.

"These people simply drive up to a building armed with their
pornographic email, log into the insecure wireless network, send the
message to 10 million email addresses and then just drive away," said
Wright.

A drive-by spammer would send spam by finding an unprotected SMTP port
on a company's server and then sending email as if they were a
legitimate user of the company's network. The mail server wouldn't be
able to tell otherwise.

The ability to send spam through a company's network without its
knowledge could allow the spammer to avoid bandwidth costs -- which
can be substantial for tens or hundreds of thousands of emails. It
also make sit much more difficult to trace the spam back to the
spammer -- a useful tactic for those who send spam as a service for
other companies and who may have been in trouble with the law.

In April, the US Federal Trade Commission said Tuesday said it had
busted dozens of alleged Web scammers in conjunction with law
enforcement from six US states and Canada. And in July, six Korean Web
sites were fined for bombarding Internet users with spam email. In
Europe, a new directive that bans the sending of unsolicited
commercial email should be in place some time next year.

What's more, many ISPs have no-spamming rules, which the drive-by
spammer will be trying to avoid. A company that falls victim to a
drive-by spammer could find itself cut off -- any messages sent by the
spammer will appear to come from within the company's network, and the
ISP will have no compunction closing down the connection until the
problem is resolved.

Between 60 and 80 percent of corporate wireless networks are insecure,
Wright warned, often because IT managers fail to change default
settings when they install a wireless LAN. This has already led to the
practice of wardriving, where people drive around cities looking for
insecure wireless LANs, and warchalking, where hackers drawing a chalk
symbol on a wall or pavement to indicate the presence of a wireless
networking node.

Warchalking signals have been springing up in areas such as London and
Silicon Valley over recent months. Opinion is split over how ethical
the practice is.

Matt Jones, who invented warchalking, told ZDNet UK News recently that
one advantage is that it alerts sysadmins to the fact their wireless
network is insecure. "I have already had emails from some sysadmins
who said they love the idea. Several even said they will print the
symbols on a card and put it in their office windows," Jones said.

Detractors, though, have warned that warchalking could encourage
malicious hackers to break into a company's wireless LAN with the
intention of stealing or damaging corporate data. Wright's revelation
about the existence of drive-by spammers has flagged up a new downside
to warchalking.

Wright illustrated that warchalking is alive in remote locations as
well as cities by producing a photo of a warchalking signal drawn on a
buoy floating at sea. Wright explained that it is possible to get
access to a wireless network at that point, because an ISP's
point-to-point transmitter onshore is transmitting a high-speed
wireless connection overhead.

Several wardriving exponents have been pictured using a Pringles
carton to detect Wireless LANs. Wright told his audience that a recent
competition to find the best wardriving antenna had been won by a can
of meat stew.



_______________________________________________________________________
eric wolbrom, CISSP                     Safe Harbor Technologies
President & CIO                         190 Goldens Bridge Ct.
Voice 914.767.9090 ext. 6000            Katonah, NY 10536
Fax   914.767.3911                              http://www.shtech.net
_______________________________________________________________________



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.