http://www.latimes.com/news/local/la-me-wifihack16mar16,1,2998636.story
Ensnared on the wireless Web
Hackers' latest tactic to steal information is setting up fake
hotspots that users unwittingly use to access Internet.
By Tami Abdollah
Times Staff Writer
March 16, 2007
As Los Angeles and hundreds of other communities push to turn
themselves into massive wireless hotspots, unsuspecting Internet users
are stumbling onto hacker turf, giving computer thieves nearly
effortless access to their laptops and private information,
authorities and high-tech security experts say.
It's an invasion with a twist: People who think they are signing on to
the Internet through a wireless hotspot might actually be connecting
to a look-alike network, created by a malicious user who can steal
sensitive information, said Geoff Bickers, a special agent for the
FBI's Los Angeles cyber squad.
It is not clear how many people have been victimized, and few suspects
have been charged with Wi-Fi hacking. But Bickers said that over the
last couple of years, these hacking techniques have become
increasingly common, and are often undetectable. The risk is
especially high at cafes, hotels and airports, busy places with heavy
turnover of laptop users, authorities said.
"Wireless is a convenience, that's why people use it," Bickers said.
"There's an axiom in the computer world that convenience is the enemy
of security. People don't use wireless because they want to be secure.
They use wireless because it's easy."
For Mark Loveless, just one letter separated security from scam.
Logging on to his hotel's free wireless Internet in San Francisco last
month, Loveless had two networks to choose between on his laptop
screen — same name, one beginning with a lowercase letter, one with a
capital. He chose the latter and, as he had done earlier that day,
connected. But this time, a screen popped up asking for his log-in and
password.
Loveless, a 46-year-old security analyst from Texas, immediately
disconnected. A former hacker, he knew an attack when he saw one, he
said.
Most Internet users do not.
About 14.3 million American households use wireless Internet, and this
figure is projected to grow to nearly 49 million households by 2010,
according to JupiterResearch, which specializes in business and
technology market research.
"There's literally probably millions of laptops in the U.S. that are
configured to join networks named Linksys or D-Link when they are
available," said Corey O'Donnell, vice president of marketing for
Authentium, a company that provides security software. "So if I'm a
hacker, it's as easy as setting up a network with one of those names
and waiting for the fish to come."
Linksys and D-Link are two of the many commercial brands of wireless
routers, products that allow a user to connect to the Internet using
radio frequency.
As the field of wireless connectivity expands, so too does a hacker's
playground. More than 300 municipalities across the country are
planning or already operating Wi-Fi service.
Los Angeles Mayor Antonio Villaraigosa last month announced plans for
citywide Wi-Fi in 2009. USC already offers free wireless, and by the
end of March, Los Angeles International Airport will officially offer
wireless at all its terminals under a new contract with T-Mobile.
Some airlines already offer Wi-Fi at LAX. "There are no signs for any
service at all, so if any passenger is accessing a free wireless
service … they should be cautious," said Nancy Castles, an airport
spokeswoman.
A survey at Chicago's O'Hare Airport by Authentium revealed 76
peer-to-peer networks, or access points that are connected to via
another user's computer, with 27 of them advertising access to free
Wi-Fi — a trademarked term for the technical specifications of
wireless local area network operation. The company also found that
three of the networks had fake or misleading addresses, one sign the
hotspots could be hackers.
"At a busy place like O'Hare, in one hour a bad guy could get 20
laptops to connect to his network and steal the users' account
information," said Ray Dickenson, vice president of product management
at Authentium, who conducted the survey last September.
Corporate networks are sometimes the most vulnerable, as employers
push for a more mobile workforce without always educating its users on
the security risks of wireless Internet.
Many workers rely on corporate firewalls in the office and an
automatic default network setting that links them to their corporate
networks. Outside the office, the firewall is no longer in place. That
means the computer is unprotected. Once hackers have "got a toehold in
a network, it's pretty much game over," Bickers said.
Most laptops are configured to search for open wireless points and
common wireless names, whether or not the user is trying to get
online. That leaves people open to hacking.
In two new attacks, called "evil twin" and "man in the middle,"
hackers create Wi-Fi access points titled whatever they like, such as
"Free Airport Wireless" or an established, commercial name.
In the "evil twin" attack, the user turns on a laptop, which may
automatically try to connect. When it does, it is connecting to a fake
access point, or "evil twin," and the hacker gets into personal files,
steals passwords or plants a virus.
The hacker can become a "man in the middle" when he funnels the user's
Internet connection through this false access point to a true wireless
connection. The unsuspecting Wi-Fi surfer may then proceed to enter
credit card information, access e-mail or reveal other sensitive data
that can be tracked by the hacker. Meanwhile, the session appears
ordinary to the user.
Although the FBI has been aware of this kind of attack for about five
years, its use has increased in the last couple of years and is being
seen as a "huge threat," Bickers said.
"The actual tools you need, the software, the hardware, etc., to mount
this sort of attack has become insanely easy to acquire," Bickers
said. "You need a laptop, wireless radio and the ability to download a
free tool and run it. It literally is child's play."
The creation of the access point itself is not generally considered
criminal; it's what happens next — tracking people's Internet use —
that can cross the line.
These hacking techniques are considered to be "tantamount to a
computer intrusion and illegal interception of wireless communication
that can be prosecuted under federal law," Bickers said.
But computer evidence and statistics are hard to come by, said Arif
Alikhan, a former federal prosecutor and former chief of the cyber and
intellectual property crimes section for the U.S. attorney's office in
Los Angeles. People can unwittingly compromise their computers in a
multitude of ways, and often there's no trace.
"You can tell how many burglaries occur because you're victimized, and
someone knows they're victimized," Alikhan said. "People don't always
know if someone is using their wireless network, and it's very
difficult to tell unless you trace back every single connection…. It
happens more than I think we all realize."
The U.S. attorney's office will not comment on pending investigations;
however, wireless hacking cases are relatively new, and few if any
current cases involve "evil twin" or "man in the middle" attacks, law
enforcement authorities said.
"This is a classic case of law and law enforcement being a little
behind the technological curve," Bickers said.
Other types of wireless-related Internet hacking cases have recently
popped up across the country.
Nicholas Tombros was found guilty in 2004, under the federal Can-Spam
Act, of "war-spamming." He drove around the Venice Beach area with his
laptop and used unprotected wireless access points to send spam. He
could receive up to three years in federal prison at his sentencing
next month.
He is the only defendant who has been charged in a case involving
wireless hacking by the Greater Los Angeles section of the U.S.
Department of Justice's cyber and intellectual property crimes
division since it was established in October 2001, according to
Assistant U.S. Atty. Wesley L. Hsu, deputy chief of the section.
"They are technically difficult cases…. They're difficult cases to put
together, so law enforcement is having to sort of catch up," Hsu said.
On Sept. 30, Gov. Arnold Schwarzenegger signed into law the Wi-Fi User
Protection Bill, which aims to block unauthorized sharing of open
Wi-Fi networks and inform users of the dangers of unsecured networks.
Starting in October, warnings and tips will be required on all
wireless home-networking equipment sold in California.
The law specifically addresses "piggybacking" — or the use of another
person's wireless network to access the Internet — a problem that
security experts say has been a concern for years.
*
[EMAIL PROTECTED]
Copyright 2007 Los Angeles Times
