Spammers attack wireless networks

[InfoSec News <isn () c4i org>]

http://www.vnunet.com/News/1139931

By Emma Nash 
03-04-2003

Nearly three-quarters of malicious connections to wireless networks
are used for sending spam, according to new research.

Security consultant Z/Yen set up two wireless local area networks
(Lans) on behalf of RSA Security to monitor unauthorised connections -
a so-called 'honeypot' trap.

The survey found that almost a quarter of unauthorised connections to
the wireless Lans were intentional, and 71 per cent of those were used
to send emails.

"The biggest problem for someone wanting to deliver spam is having
anonymity," said Z/Yen consultant Phil Cracknell.

"If there's an opportunity to deliver email through someone else's
network, and there's no log of it, then this is a perfect opportunity
for spammers."

Last week, the government published proposals to crack down on spam,
which is estimated to account for up to 40 per cent of global email.

If the proposals come into force, senders of unsolicited email will
require prior consent from recipients, and web users will have to be
told if cookies are being used, with the option to reject them.

Individuals will also be given more power to decide if they want to be
listed in subscriber directories.

E-commerce minister Stephen Timms warned that the spread of
unsolicited email could damage the development of online business.

"Spam has become the curse of the internet," he said. "It's a source
of major frustration as it clogs up inboxes the world over. Spam is in
danger of becoming a real deterrent to online communication."

John Mawhood, head of the commercial and technology department at law
firm Tarlo Lyons, said the legal issues surrounding unsolicited use of
wireless Lans are cloudy, but sending unauthorised email could create
problems for internet service providers (ISPs).

"If it is discovered that someone is engaging in denial-of-service
attacks, for example, you could end up with the provider of the
network being accused of collaborating," he said.

"A person who manages a wireless Lan, in the sense of owning and
running it, will be responsible for the traffic on their network. The
ISP will want to make sure spam is not originating from its systems."

In the honeypot test, the first unauthorised connection to the
wireless Lans was made in just over two-and-a-half hours.

"I think this is pretty worrying," said Tim Pickard, European
strategic marketing director at RSA Security. "Every fourth connection
is malicious, which is quite high."

The honeypots were deployed following research by RSA and Z/Yen that
showed a third of wireless Lans in the City are vulnerable to attacks
by hackers.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.