Slashdot Mirror

← Back to Stories (view on slashdot.org)

Drive-By Hacking in London

Posted by CmdrTaco on from the only-a-matter-of-time dept.

delibes writes "The BBC News website carries this story about hacking wireless networks in London's financial centre. " There isn't really much in the way of details, just saying that many businesses don't encrypt their networks. They talk about finding 12 networks while driving 1km... 8 of which had no encryption.

14 of 213 comments (clear)

  1. More info by Da+J+Rob · · Score: 5, Informative

    For those who want to read more on this subject, check out this past slashdot article

    Or just go here.

    1. Re:More info by crumley · · Score: 3, Informative

      Here's another similar one.

      --
      Preventive War is like committing suicide for fear of death. - Otto Von Bismarck
  2. From the IEEE web site by FrankBough · · Score: 2, Informative

    IEEE 802.11b Working Group

    In geek speak, the IEEE 802.11b standard is the family of specifications created by the Institute of Electrical and Electronics Engineers Inc. for wireless, Ethernet local area networks in 2.4 gigahertz bandwidth space. The rest of us English-language users should think of IEEE 802.11b as a way to connect our computers and other gadgets to each other and to the Internet at very high speed without any cumbersome wiring--or a significant price tag. Providing as much wireless speed as it does at its modest price promises to have profound implications for a world bent of anytime/anywhere communication.

    Without any cumbersome wiring, yeah, or pesky security or annoying encryption. What about the profounf implications of that. You really have to wonder what they were thinking.

  3. California War Driving by Anonymous Coward · · Score: 3, Informative

    There was a talk on this at Defcon this year. Pete Shipley was having success rates of 80 networks per hour in San Francisco.
    See: http://www.sans.org/infosecFAQ/wireless/war.htm and http://www.theregister.co.uk/content/8/18285.html

  4. What's so new about war driving? by dave-fu · · Score: 3, Informative

    Not to be all "been there, done that", but I know guys who were doing it in downtown NYC a year and a half ago. Amazing how many Wall Street corporations can be so freaking clueless about segmenting off the generically insecure portions of their network.
    Sad to think that we'll have an entire generation of hackers growing up who have no idea what Tone Loc is just because wireless networks are so much of a sexier, easier target than open modem banks, isn't it?

    --
    Easy does it!
    This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
  5. Encryption not as important as VPN by Chairboy · · Score: 4, Informative

    At my company, we use WEP, but complete the connection you must log in using a VPN. We'll probably just switch to VPN only, but this makes me wonder how many of those networks simply did not have WEP enabled but DID require some other authorization to access network resources?

    Just because it does not have WEP does not mean it is secure.

  6. Re:Well, by friscolr · · Score: 4, Informative
    If that was the case then it wouldn't be possible to so fully exploit these networks.

    walk around town with laptop in backpack then go somewhere to see what's been found - like an internet cafe, which is also useful for probing the network in question (like probing their network from the outside to find what router to spoof - determine this based off the ips in the tcpdumps from the walk) - here's what i've found

    most of the unencrypted networks found will have nice tcpdumps chock full of arp requests, novell and nt broadcast messages. can tell you a lot about the network in question.

    if you can find a discrete location close to the building in question then you have your entry point. of course cops dont really know what you're doing anyways (though they give some real wierd stares at 3am) so you might be safe. spoofing the router is generally wasy, gaining external access should be fine, sometimes they're real kind and leave a dhcp server accessible for you. but either all these places have taken the time to setup some real nice honeypost or they're real.

    i'm giving a talk about this at rubi-con, plus my webstie has more info, not that i've done anything like this, of course.

    --

    -f
    www.blackant.net

  7. Shielding by Anonymous Coward · · Score: 3, Informative

    Actually, the biggest problem concerning wireless networks ist the sniffing. Using a Intersil Prism II - card in promiscuous mode, together with an USV in your car, you can even crack an 128 Bit - WEP - encrypted net in approx. 5 hours to 14 days. Thats why some firms went to shielding the buildings to keep the signal from reaching the street. Thats what a friend of mine and me found out asking some tech guys from alcatel at this year's systems in munich.
    If you're interested you might also check out the radio show with two guys from the CCC(www.ccc.de). They talk - among other things - about how they got IBM WEP-keys through social engineering at a systems some while ago.

  8. Re:Is this ethical/legal or not? Is WLAN worth it? by Nonesuch · · Score: 5, Informative
    In general, 'wardriving' aka Netstumbling, refers to the basic act of wandering around and logging the GPS coordinates and response of 802.11b wireless networks to broadcast 'beacon' requests.

    IANAL. I have been consulting with laywers, and this is a paraphrase of what they say (in the state of Illinois):

    The basic act of identifying a wireless network while on the 'public way' is ethical, and usually legal. The moment you connect to a network and begin to access their machines or use their resources, you are on very shaky ground ethically, and, while unlikely to be prosecuted, are committing a criminal act.

    Wireless networks are not only much less secure than wired, they are also considerably slower and less reliable. I have difficulty getting a reliable wireless connection more than fifty feet away from the AP. I have ethernet cables longer than that!

    --

    I do not deploy Linux. Ever.
  9. Re:2600 by xanadu-xtroot.com · · Score: 4, Informative

    You can always watch them doing it too. :-)

    --
    I'm not a prophet or a stone-age man,
    I'm just a mortal with potential of a super man.
  10. Re:interesting... by swillden · · Score: 5, Informative

    now, as we all know, encryption isn't the one-stop shop in terms of securing data. in a wireless environment where intruders can get at you with relative ease, what other forms of protection are there against having data stolen?

    In a wireless network encryption is your only defense. Remember, though, that the encryption built into 802.11b cards and access points is lousy and trivially easy to break, even with the larger key size.

    If security matters to you, you need to:

    • Put a VPN-equipped firewall between your wireless access point and the rest of your network. Configure the firewall so that it only allows VPN connections, rejecting everything else.
    • Run VPN client software and firewalls on all of the machines you connect to the wireless network. Make sure the firewalls are configured to reject all incoming connections and permit only VPN outgoing connections.
    • It's probably also a good idea to install intrusion detection systems on the wirelessly connected hosts. Whether you take that step or not, it's important to maintain those hosts carefully, keeping up to date on all security patches (particularly the patches for the firewall and VPN software). Other actions may be a good idea as well, just remeber that every one of those wirelessly connected machines has to be able to withstand hacking on its own; there are no firewalls or barriers between those machines and the world, they are truly "bastion" hosts.
    • Put a "honeypot" wireless host or two out. Run a DHCP server on and put some other interesting stuff up (SMB is juicy). If it sees DHCP requests or other traffic, inform security and have them watch anyone who might be hanging around in publicly accessible halls or outside. If possible track down and silence the offending machine. A laptop equipped with a directional antenna and some 802.11b sniffing software that can be configured to look for a particular MAC address might be helpful.
    • Run your honeypots on the "default" 802.11b channel (6?), and run the real stuff on other channels. This isn't a barrier at all, but it does make naive attackers more likely to get caught by the honeypot.

    If all of that is too much effort, and security is important to you, then don't do wireless. When the built-in encryption is fixed you can look at wireless again; it still won't be quite the same as wired but the effort required to secure it will be lower and more related to how you manage your keys.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  11. Re:Fluff by Old+Wolf · · Score: 3, Informative

    My flatmate works for a wireless company here (not in America).

    You can walk down a main street here and plug into dozens of wireless networks who haven't enabled their security (it's disabled by default -- or enabled with a default password), and just get free 12Mbit internet to your laptop, as well as full access to the company's PCs (none of them do this VPN thing that some of you have mentioned).

  12. Re:how to authenticate wireless? by Anonymous Coward · · Score: 1, Informative

    Here's what I'm planning to do. Feel free to copy this and improve upon it.

    All APs will be on a VLAN inside the building (public school district facilities) with a Linux box sitting between that VLAN and the usual normal wired network. Clients will pick up a DHCP address from the Linux box, and negotiate PPTP logins with strong encryption to that same system. It will then masquerade or route (haven't decided yet) them out to the wired network.

    To get into the network, you will have to be in range, have the right networking parameters, have the right point to point tunneling stuff setup, AND get a login/password for my network.

    It's not totally secure (nothing is) but it's a lot better than just leaving it to WEP. It's also accountable - you can associate activity with specific users.

  13. There is nothing saying the networks are insecure by Anonymous Coward · · Score: 1, Informative

    OK, it doesn't say anywhere that these networks are insecure, it mearly states that they use 802.11.

    So outta the whole of Bank (thats what the financial area is called) these guys found 12 wireless networks, which is acually quite a small amount cosidering the money in the area.
    BIG DEAL
    this ain't news, its technology
    Saying these networks are insecure is a bit like saying web servers are insecure, just because they are on the internet. not using wep is not really an issue as it has been cracked, all it does is slow you down and create administrative overhead. These may be designed to be public, for visitors etc. Most bank don't tend to employ crap network admins, if anything these teams are the most critical for international banks.
    that said, i'm sure soho would be a bit more interesting...