Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[ISN] Wireless Chicago Hackers Have Hijacking Job Appallingly Easy
From: William Knowles (wkc4i.org)
Date: Thu Jan 29 2004 - 04:22:58 CST
[When you read as much security news as I do, you begin to notice
little anomalies, such is the case with this article below, it
looks suspicisionly similar to an article in Fortune Magazine from
While I guess you can blame this on the butterfly effect of two
writers thinking the same thing on the same week, I think different
forces are at work, you be the judge. - WK]
CHICAGO - Have you ever used the wireless network at a Chicago hotel
or coffee shop?
If you have, odds are a hacker owes you a thank you for letting him or
her hijack your computer to spew spam over the internet. Also, to the
establishment manager, the hackers say: "hanks ever so much for not
securing the wireless network you recently installed. You've made it
much easier for me to sit in your establishment and digitally browse
the laptops of dozens of your patrons and guests."
Driven by the demand brought on by business travelers and the
nirvana-type promises of the wireless craze, establishments all over
the world are adding wireless broadband connections. Before you jack
your laptop into one of these public high-speed links, though,
consider that by the time you check out of the hotel or finish that
double-skinny latte someone else may have taken a stroll through your
I recently found myself in a discussion with an executive from a
large, Chicago-based concern. The executive came away from the talk
with enough doubt in his belief that his people will follow the rules
his company has set down with regard to attaching to unapproved
networks that he agreed to spend a day with me on a hacker's tour of
What followed was an education of how appallingly simple it is to log
onto the various public wireless networks around Chicago (or, for that
matter, any city). Just to show how really simple this is, we used
hacker tools easily downloaded from the Internet. At this juncture, I
must add that it's not that hotels and coffee shops are the only ones
with security issues.
However, since laptop-toting business people may be carrying highly
sensitive company files and they tend to frequent coffee shops and
stay overnight at hotels, these locations become a target-rich
environment for the digital predators. Much like the alligator lurking
on the edge of the watering hole, the predator knows that sooner or
later the unprepared wildebeest will stumble into his grasp.
Our tour began with an upscale hotel in downtown Chicago that's known
for a high number of executive-level business guests.
I will admit that I did cheat a little in starting here as I've done a
fair amount of reconnaissance in the way of war walking around
downtown Chicago. In about 15 minutes, we had located 25 vulnerable
laptops and four hotel back-office computers. We did this by simply
looking for a wireless access point that was unsecured. Once found, we
probed for computers that were daydreaming at the watering hole.
Time for a disclaimer: We did not probe any of the vulnerable guest or
hotel computers we were able to locate. The intent of this tour stop
was to demonstrate how easy it is to find targets in the wild using a
typically configured Windows laptop and connecting it to the hotel
network as a typical business traveler would. We did not actually
violate any guest or hotel computers.
The next stop on the tour was a well-known and heavily frequented
coffee shop. While sitting and sipping our double-shot espressos, I
connected a laptop to the newly installed and highly publicized
wireless network. Instead of doing the normal and expected activity of
directing my computer outward to the Web, I used a popular security
tool called NMAP (or network map) to see what else was on the network.
Grossly simplified, NMAP enabled my computer to roam the coffee shop
and find addresses that just might contain a wildebeest. The next step
is to see which wildebeest is asleep at the watering hole by probing
for ports that are unprotected. By the way, the typical PC has some
65,000 ports. Hackers use a tool called a "port scanner" to see which
wildebeest is day dreaming.
Here's where my tour companion got an eye-opening experience: When it
comes to computers, mobile business people often have an open-door
Many Windows-based laptops are sold with the vulnerable file-sharing
option turned on by default. Even virtual private networks (VPNs),
which create secure and encrypted tunnels to a corporate network over
the Internet, are vulnerable to hackers. Though a VPN encrypts data
traffic, underneath in the operating system layer there is still
traffic that the predator can and will exploit.
My tour companion came away with a new outlook of how well people
secure - or should we say don't secure - their PCs. Oh, did I mention
that the coffee shop was right around the corner from his corporate
offices and many of the laptops we successfully exploited were from
his own company?
The take away from this tour is a set of simple rules we all know and
practice in our day-to-day lives but seem to forget when we use those
oh-so-convenient public wireless networks. Just lock your doors, don't
talk to strangers and don't leave your wallet out in the open.
However, when it comes to your laptop, forget about playing well with
others and never share your toys.
Ben Apple is CEO of Chicago-based Management Solution Strategies. He
has his CISSP certification and is a recognized instructor in IT
security governance and IT security best practices. Apple can be
reached at bapplemgmtsolutions.biz.
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.