Wireless Chicago Hackers Have Hijacking Job Appallingly Easy

[William Knowles <wk () c4i org>]

http://www.eprairie.com/news/viewnews.asp?newsletterid=6473

[When you read as much security news as I do, you begin to notice 
little anomalies, such is the case with this article below, it 
looks suspicisionly similar to an article in Fortune Magazine from 
1/26/2004 at...

http://www.fortune.com/fortune/peterlewis/0,15704,575710,00.html

While I guess you can blame this on the butterfly effect of two 
writers thinking the same thing on the same week, I think different 
forces are at work, you be the judge.  - WK]


1/28/2004

CHICAGO - Have you ever used the wireless network at a Chicago hotel 
or coffee shop? 

If you have, odds are a hacker owes you a thank you for letting him or 
her hijack your computer to spew spam over the internet. Also, to the 
establishment manager, the hackers say: "hanks ever so much for not 
securing the wireless network you recently installed. You've made it 
much easier for me to sit in your establishment and digitally browse 
the laptops of dozens of your patrons and guests." 

Driven by the demand brought on by business travelers and the 
nirvana-type promises of the wireless craze, establishments all over 
the world are adding wireless broadband connections. Before you jack 
your laptop into one of these public high-speed links, though, 
consider that by the time you check out of the hotel or finish that 
double-skinny latte someone else may have taken a stroll through your 
computer. 

I recently found myself in a discussion with an executive from a 
large, Chicago-based concern. The executive came away from the talk 
with enough doubt in his belief that his people will follow the rules 
his company has set down with regard to attaching to unapproved 
networks that he agreed to spend a day with me on a hacker's tour of 
wireless Chicago. 

What followed was an education of how appallingly simple it is to log 
onto the various public wireless networks around Chicago (or, for that 
matter, any city). Just to show how really simple this is, we used 
hacker tools easily downloaded from the Internet. At this juncture, I 
must add that it's not that hotels and coffee shops are the only ones 
with security issues. 

However, since laptop-toting business people may be carrying highly 
sensitive company files and they tend to frequent coffee shops and 
stay overnight at hotels, these locations become a target-rich 
environment for the digital predators. Much like the alligator lurking 
on the edge of the watering hole, the predator knows that sooner or 
later the unprepared wildebeest will stumble into his grasp. 

Our tour began with an upscale hotel in downtown Chicago that's known 
for a high number of executive-level business guests. 

I will admit that I did cheat a little in starting here as I've done a 
fair amount of reconnaissance in the way of war walking around 
downtown Chicago. In about 15 minutes, we had located 25 vulnerable 
laptops and four hotel back-office computers. We did this by simply 
looking for a wireless access point that was unsecured. Once found, we 
probed for computers that were daydreaming at the watering hole. 

Time for a disclaimer: We did not probe any of the vulnerable guest or 
hotel computers we were able to locate. The intent of this tour stop 
was to demonstrate how easy it is to find targets in the wild using a 
typically configured Windows laptop and connecting it to the hotel 
network as a typical business traveler would. We did not actually 
violate any guest or hotel computers. 

The next stop on the tour was a well-known and heavily frequented 
coffee shop. While sitting and sipping our double-shot espressos, I 
connected a laptop to the newly installed and highly publicized 
wireless network. Instead of doing the normal and expected activity of 
directing my computer outward to the Web, I used a popular security 
tool called NMAP (or network map) to see what else was on the network. 

Grossly simplified, NMAP enabled my computer to roam the coffee shop 
and find addresses that just might contain a wildebeest. The next step 
is to see which wildebeest is asleep at the watering hole by probing 
for ports that are unprotected. By the way, the typical PC has some 
65,000 ports. Hackers use a tool called a "port scanner" to see which 
wildebeest is day dreaming. 

Here's where my tour companion got an eye-opening experience: When it 
comes to computers, mobile business people often have an open-door 
policy. 

Many Windows-based laptops are sold with the vulnerable file-sharing 
option turned on by default. Even virtual private networks (VPNs), 
which create secure and encrypted tunnels to a corporate network over 
the Internet, are vulnerable to hackers. Though a VPN encrypts data 
traffic, underneath in the operating system layer there is still 
traffic that the predator can and will exploit. 

My tour companion came away with a new outlook of how well people 
secure - or should we say don't secure - their PCs. Oh, did I mention 
that the coffee shop was right around the corner from his corporate 
offices and many of the laptops we successfully exploited were from 
his own company? 

The take away from this tour is a set of simple rules we all know and 
practice in our day-to-day lives but seem to forget when we use those 
oh-so-convenient public wireless networks. Just lock your doors, don't 
talk to strangers and don't leave your wallet out in the open. 
However, when it comes to your laptop, forget about playing well with 
others and never share your toys.

-=-

Ben Apple is CEO of Chicago-based Management Solution Strategies. He 
has his CISSP certification and is a recognized instructor in IT 
security governance and IT security best practices. Apple can be 
reached at bapple () mgmtsolutions biz.


 


-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.