Slashdot Mirror
Drive-By Hacking in London
delibes writes "The BBC News website carries this story about hacking wireless networks in London's financial centre. " There isn't really much in the way of details, just saying that many businesses don't encrypt their networks. They talk about finding 12 networks while driving 1km... 8 of which had no encryption.
Hacking (er cracking) seems to get more and more low-tech, it's now been reduced to actually leaving your house. What is the world coming to?
I get ethernet connectivity once in a while in the Linux Car. There's some details in the news section of the page.
Enjoy.
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
For those who want to read more on this subject, check out this past slashdot article
Or just go here.
I have to believe that the network honchos at these companies are in the *testing* phase of their wireless implementation. I bet some of them just threw up the network, with some monitoring tools - just to see what would happen.
That's what I'd do.
Roger that, we have one network down on the corner of State and Madison!
This is definitely proof that times are changing.
"...and postin me too like some brain at AOL-er" -- Wierd Al
IEEE 802.11b Working Group
In geek speak, the IEEE 802.11b standard is the family of specifications created by the Institute of Electrical and Electronics Engineers Inc. for wireless, Ethernet local area networks in 2.4 gigahertz bandwidth space. The rest of us English-language users should think of IEEE 802.11b as a way to connect our computers and other gadgets to each other and to the Internet at very high speed without any cumbersome wiring--or a significant price tag. Providing as much wireless speed as it does at its modest price promises to have profound implications for a world bent of anytime/anywhere communication.
Without any cumbersome wiring, yeah, or pesky security or annoying encryption. What about the profounf implications of that. You really have to wonder what they were thinking.
from the article:
"From an attackers point of view you want back roads because there is less road traffic," said Codex, "and you might be able to park when you find a network."
Are they seriously suggesting that you can find a parking space in central London during office hours?
A pizza of radius z and thickness a has a volume of pi z z a
this is very interesting to me in particular - i've been considering a system for establishments that would in part run on a wireless scheme (ease of installation, basically), and encryption was honestly one thing i hadn't thought of.
this alerts us to something else, too: wireless networks, encrypted or not, can be sniffed easier than regular wire networks, since you don't have to be physically connected to the internet to be sniffed.
now, as we all know, encryption isn't the one-stop shop in terms of securing data. in a wireless environment where intruders can get at you with relative ease, what other forms of protection are there against having data stolen?
i'm amazed that i survived - an airbag saved my life.
- 801.1 outdoor range: approximately 100 to 300 metres.
- 12 open networks found within 1Km.
- In the financial district of London.
Is this industrial-espionage-by-numbers?There was a talk on this at Defcon this year. Pete Shipley was having success rates of 80 networks per hour in San Francisco.
See: http://www.sans.org/infosecFAQ/wireless/war.htm and http://www.theregister.co.uk/content/8/18285.html
I read this as saying that the network owners are leaving their networks open on purpose. And really, why not? This is the way I have mine configured... Wireless Freenets anyone? If my machines are secure, why shouldn't I let the neighbor piggyback?
Guvegrra?
Not to be all "been there, done that", but I know guys who were doing it in downtown NYC a year and a half ago. Amazing how many Wall Street corporations can be so freaking clueless about segmenting off the generically insecure portions of their network.
Sad to think that we'll have an entire generation of hackers growing up who have no idea what Tone Loc is just because wireless networks are so much of a sexier, easier target than open modem banks, isn't it?
Easy does it!
This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
It's illegal to do that? Not my problem, I liken this to a publicly accessable park.
I'm wondering if its possible to track down people who are illegally gaining access down to their physical locations, such as through triangulations and such.
In case of fire, do not use elevator. Use water!
Could the next great bank robbery movie's big scene be some guy driving by the bank in an old Cadillac with a laptop and 802.11b in his lap while hacking money into his account?
the byproduct of years of oppression by the white man
1. Individual companies knowingly installed these networks, and failed to encrypt and secure the access to them.
:-)
2. "Hackers" used their own legally obtained hardware and software to identify these networks.
3. They identified these networks while traveling on a public right of way.
From where I sit, the people who do this are not doing anything wrong UNTIL they begin to wreak havoc on the network(s), and start causing problems for the companies. The onus is on the people setting up the wireless nets to secure them. If individuals can ID these networks, use them, and not cause damage, more power to them.
If the network admins are dumb enough to setup these nets and NOT block unauthorized users, they deserve all the problems that they will inherit.
Finally, why does a brick and mortar office NEED wireless? Isn't cat5 already available to every desktop? Wired nets are invulnerable to wireless hacks, hence, 100% secure against wireless hackers. Well, unless the wireless hackers find a vulnerable wireless net, hack onto your network throught that one.......yadda.
At my company, we use WEP, but complete the connection you must log in using a VPN. We'll probably just switch to VPN only, but this makes me wonder how many of those networks simply did not have WEP enabled but DID require some other authorization to access network resources?
Just because it does not have WEP does not mean it is secure.
Actually, the European Commission has declared that the "Square Mile" will soon be known as the "Square Kilometre". Companies based in the existing square mile are fighting eachother off to move even closer to the centre, for fear that when the smaller kilometre is imposed, they will be left outside, in plain old Central London.
"Yeah, ten-roger, the data 's thicker 'n bugs on a bumper tonight! For shore!"
"Copy that, good buddy. Guess they'll never know why their stock price keeps droppin'!"
"A firm a tiv, pard. Just keep your ears on, and never tell 'em yer' 20!"
"Roger that. We gone, bye-bye."
-- With apologies to C.W. McCall
Point of my post, maybe when a couple financial firms get cracked via this method it will be the necessary wake up call to some folks that information security is not a tack on service.
- Cheers,
- RLJ
Its lucky that nothing like that would ever happen in the land of the free.
ps. I hate responding to so called trolls, but this one has been modded up twice
None are more hopelessly enslaved than those who falsely believe they are free. Johann Wolfgang von Goethe.
Actually, the biggest problem concerning wireless networks ist the sniffing. Using a Intersil Prism II - card in promiscuous mode, together with an USV in your car, you can even crack an 128 Bit - WEP - encrypted net in approx. 5 hours to 14 days. Thats why some firms went to shielding the buildings to keep the signal from reaching the street. Thats what a friend of mine and me found out asking some tech guys from alcatel at this year's systems in munich.
If you're interested you might also check out the radio show with two guys from the CCC(www.ccc.de). They talk - among other things - about how they got IBM WEP-keys through social engineering at a systems some while ago.
Since there isn't currently a widely-supported and secure wireless protocol, they say that you should put your wireless network behind a firewall and treat it as an untrusted link. But they didn't actually do anything to see if the networks they were finding were firewalled off that way. So the article doesn't really say anything about deployed security. Of course, their correspondants probably actually know that the security sucks, but didn't want to demonstrate that.
It does make an interesting example of how you can confuse people, though: they actually wrote an article in which they say they went looking for networks, found them, looked for security, didn't find it, and learned that the only good security wouldn't have shown up, and they didn't come to the conclusion that they weren't looking for the right things.
Presumably these companies have insecure internet connections, but nobody would write an article about it without finding out if they have firewalls on them.
I used to live in Brixton in South London. At first, I was against the cameras, but then I saw how they had a positive effect on reducing crime.
I now live in central Barcelona, where the pickpocketing and bag snatching is terrible. Frankly I wish they would install those cameras here.
And having walked around the streets of New York and San Francisco at night, I think they wouldn't go amiss there either.
It's not the cameras that you need to be afraid of, it's how they are used. As far as I can see they have had a good effect on reducing crime in many UK crimespots, without any infringements on anyones personal freedom (unless you're completely paranoid, in which case you'd better stay indoors with the lights out and your lead helmet on).
Um, Even guys like Peter Shipley (who thinks he's a vampire) know how to do this stuff, and that was reported about a year ago. Maybe we can post a story after Xmas about the world trade center?
-- http://www.criticalassets.com
Suggesting that a site might be secure and yet not have WEP is akin to suggesting that a host might be secure and yet not have enabled shadow passwords. Yes, it is possible, but it is higly unlikely.
Actually, your last line almost says something very important, just change a couple of words:
Remember, "Security is a process, not a product"
I do not deploy Linux. Ever.
The thing that you have to understand about the UK is that there really is a history of these things been put in place and then not used, through apathy, budget constraints, or good old fashioned incompetence.
The omnipresent cameras are useless for identifying individuals; all they are used for is to grab grainy, wobbly pictures of suspects that identify height, clothing (maybe) and gender (if you're lucky) which are then splashed all over tabloids and the TV as part of appeals for actual eye witnesses to come forward.
A few more examples. The UK has had a DMCA since 1988, but few people know about it, because it's never been used. The RIP act, that mandates prison sentences if you fail to hand over encryption keys, is again a paper tiger because the Home Office doesn't have the budget to train anyone in its use. In fact, the police already suffer from having a surfeit of powers.
There was a case last year of a young student who went missing, sparking a nationwide hunt for her. She (or someone purporting to be her) sent an email from an internet cafe claiming that she was all right. The police eventually found her not by tracking back the message through the headers to find the cafe (a 30 second process), or through cameras, or through any technological procedure. Instead, they guessed where she was by looking at her past history, then blanketed the area with police handing out leaflets to cybercafes, until they got a response from an owner, then they staked it out until she turned up again.
So, sure, the UK has Draconian laws (but I'm sure the US will catch up), and sure, open networks and all that, but on the other hand, blurgh, it's a typical wet and windy British night tonight, and the Evil Things will be tucked up all warm and cosy in bed, not prowling the land looking for innocents to molest. ;-)
If you were blocking sigs, you wouldn't have to read this.
Since 802.11b uses a flawed encryption scheme there is no way to make the over-the-air protocol truy secure.
This does not mean that the networks are compromised. One way to set this up would be to leave the 802.11b interface wide open (thus making it easier for laptop-users to roam onto the network), but to place the wireless access point outside the firewall. Legitimate users VPN into the network (with VPN encryption of course). The exposure is no worse than any other point at which a private network is exposed to the public internet through a firewall.
One problem is that "anyone" can set up a wireless access point for their personal use -- without realizing that they are exposing their company's LAN (Apple Airport anyone). A contributing factor is a false sense of security because most notebook 802.11b cards have a far shorter range than the access point broadcasts. Your notebook may not be able to pick up the signal outside the office but someone with an external antenna can pick it up at much greater range.
No, I don't want to explore the Recycle Bin.
IANAL. I have been consulting with laywers, and this is a paraphrase of what they say (in the state of Illinois):
Wireless networks are not only much less secure than wired, they are also considerably slower and less reliable. I have difficulty getting a reliable wireless connection more than fifty feet away from the AP. I have ethernet cables longer than that!
I do not deploy Linux. Ever.
It's hardly a secret that your laptop will see something when you're standing out in the parking lot near any company with an 802.11 network. That doesn't mean it's insecure. A company with even a smidgen of security sense will put the wireless network outside their firewall, and require employees to use VPN to access internal stuff. People on the outside may be able to get a little free internet access, but that's it.
The article is very light on details, gives no information as to what "wide open" means (just because you can see the network, that does not mean it is insecure). There is only one mention of the word "firewall" in the whole thing, and even then it's very vague.
I think this reporter has been duped by a couple of script kiddies. The supposed terms "war driving", "war pedalling", and "war walking" sound like something the kiddies made up on the spot, and later snickered at the reporter for believing.
Free Hans!
It's amazing how Americans complain about the cameras in the UK, they entrust their officers with guns which could lead you being shot dead either intentionally or otherwise, now that is potentially a pretty big infringement of your liberties (right to life), yet when people talk about cameras and the worse case senario it doesn't even come close to killing people.
British police don't have guns yet have access to cameras, US police could kill you in the spot yet don't have access to cameras. By having a polcie force you inevitably give up some of your liberties and expose yourself potential abuses of those rights, which has more potential for abuse... side arms or cameras?
This is why when people start bleating on about the cameras here, the contradictions really make me laugh, oh the hypocrisy.
you guys are so slow. everyone knows that for that last few years, to break into any major computer system, you just hold down control and double click on the pi sign on the bottom right hand corner of your screen.
The world moves for love. It kneels before it in awe.
You can always watch them doing it too. :-)
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
Where I work, we have a network segement that requires no log in. Assuming you have a laptop, you can connect and get internet access - you need no special software on your machine. You are firewalled (properly) from everything else. Activity is monitored by the IP address you are assigned: if you are doing something silly, you would be booted off. ( I think the monitoring is automatic, and based on bandwidth consumed - not sure)
The whole point of this is that when people come in to do a presentation, they can get internet access without bothering the support team. Mucking around with VPN software etc on someone elses laptop always ends in tears.
How many of these wireless networks are the same sort of thing? If people started to leech in earnest then more security would be applied.
You paint a quite sad picture of the UK - in fact it is funny to compare how negative UK citizens are about their country compaired to a typical American's blind patriotism for his!
One thing that I think makes the UK a great place is the very high level of integrity of its people. Generally speaking, the Brits are a very decent lot who usually "do the right thing". Even those in positions of power, which believe me is not true in many countries. This might explain
why Brits feel safe with government controlled cameras in the streets, but many Americans would be unhappy with the situation.
Let them truckers roll, 10-4!
And having walked around the streets of New York and San Francisco at night, I think [cameras] wouldn't go amiss there either.
The Mob would never stand for it.
Although it's quite off-topic, I had a really interesting experience one night while walking around the streets of NY. On my way back to the hotel I noticed that the street I was on was rather deserted and although I was a little uncomfortable about that I didn't know which streets might be better (or worse!), so I forged on.
At one intersection a man intercepted me. He was well-dressed, expensive coat over an expensive suit, nice shoes, perfect hair, etc. He very politely asked me where I was going and if he could help me find my way. I told him which hotel I was going to and he gave me precise and easy to follow directions.
I noticed, however, that his directions seemed to take me a couple of blocks out of my way, and that it would be shorter if I just continued the direction I was going. When I mentioned that it seemed better to go straight he politely but very firmly told me that it would be better to follow his directions, because this wasn't a good street to be on late at night.
At that point (I'm a little slow) I put things together and decided that if a very nicely dressed man of Italian ethnicity, standing all alone in the shadows on a dark and empty NY street late at night, tells me that particular street is a bad place for me to be, I should listen!
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Actually, there aren't any more cameras in Britain than there are in the US. The only real difference is that in the US there are a lot more malls, while in Britain most shopping happens on streets.
I was surprised to find 802.11 access points not at one, but TWO neighboring car dealerships. The range was poor, but it made me ponder why they'd even have 802.11 in the first place.
I've been thinking about getting a 802.11b network going on my lan, and thinking about how to make it somewhat secure.
My idea is to add a third NIC to my firewall/masq/server machine, which the wireless hub hanging exclusively off this NIC. That way I could add some ipchains rules that only apply to the wireless network.
The question is, what sort of ipchains rules? One idea I had was to only allow the MAC address of known/authorized cards (this would require iptables/kernel 2.4 -- ipchains doesn't look at MAC AFAIK). Even though MAC address could be spoofed, it would probably be enough for my home lan.
Is this similar to what other people have tried? What do other people do for this?
> The Computer Misuse Act 1990 makes it an offence to read a computer file that you do not have authorisation to read.
slightly, (but crucially) wrong.
It is an offence to make unauthorised access to a computer sniffing the data out of the ether without actually accessing a computer would seem to be legal loop hole.
It doesn't take a lead-helmet-wearing-paranoid to see that it's bad to have a computer database that knows where everyone is all the time. Do you really trust your government that much?
Well, yes, actually I would trust the UK government that much. Democracy is very strong in the UK - people are very aware of what is going on (it has the highest newspaper readership of any country in the world) and they let it be known when are not happy. Remember Margret Thatcher had to step down as Prime Minister mid-term because she had overstepped the mark.
Is it heresy to suggest that demoncracy is stronger in the UK than the US? I am afraid that's the impression I get with Bush apparently so easily swayed by the moneymen and the people of the USA apparently so apathetic about it. I'm not trying to be a troll, that's just the impression I get.
I'll concede it's a little light on the technical details, but don't forget that this article is targetted at Joe Public.
I think you missed the most revealing fact in the article: 8 out of 12 networks detected were not even using 802.11 encryption at all. Yes, we all know that 802.11 encryption is not secure, but the fact that people are broadcasting unencrypted packets does mean that the networks are incredibly insecure. I'm thinking of SMB, POP3, TELNET, FTP, or any other number of services that transmit either plaintext or weakly encrypted passwords.
Yes, people should use VPNs, but the point of the article was that they're not.
Also, "war driving" and "war pedalling" are actual, legitimate terms - I've seen them used on many occasions before, as would you, had you researched this at all before spouting off.
I want to move: I thought Canada, but they're backing their ass up for the US too much for my liking, so now I'm thinking New Zealand. But it might be too late for me; I think the national apathy has soaked through to the bone. :-(
Of the people, yes, but we're (in general) as badly informed and easily manipulated as the rest of the world. I actually think that the US people are the best and greatest in the world. You still have recent memories of your reach exceeding your grasp ("We choose to go to the moon [..] not because it is easy, but because it is hard."). Unfortunately, we have both relapsed into having governments composed of a professional political class (an hereditary one at the executive level in both cases) who are alike in tolerating among their ranks liars, cheats, frauds, and manipulative and hypocrital mass murdering bastards of the highest calibre. I look at what we (Britain) are contributing to in Afghanistan and elsewhere, and I think "My god, viewed from their point of view, with their professional liars spinning it the other way, how can they not hate us?", and I want to get out, and soon.
On the bright side, as I said, at least the British government are largely too apathetic to abuse their powers, unless there's a media circus to play to. Hey ho, small blessings.
(Moderators: this is like 4 levels down. I know it's off topic, but there are better areas to vent your ire.)
If you were blocking sigs, you wouldn't have to read this.
Police say the weapons included a stun gun, mace spray, five sets of knuckle-dusters, and two combat knives. None of the items had been carried on as hand-luggage.
yeah if these guys had made it to the baggage compartment and back up to the cabin things could have gotten nasty. that is if they didnt loose consciousness in the depressurized portion of the plane.
none of these items are of any concern with respect to hijacking... whats so ironic?
-- john
Tin Foil helmet. TIN FOIL. The lead ones don't do any good, and they're heavy.
Ha ha! Good try. Do you think I'm that stupid? I know how frustrating it must be for you - I've seen you sitting outside in your car at night trying to scan me. The lead helmet stays!
Actually C.W. McCall was first, 1980 was when "Good Ol' Boys" hit the charts, while "Convoy" was 1975.
I have a real problem with laws that are never enforced.
They lead to a situation where anybody that the government is particuarly irritated by can be locked up easily because they are bound to be breaking a few laws. Lots of other people may be breaking those laws too, but since they're not doing anything that irritates those in power, they are ignored.
This is not a theoretical problem, it happens all the time. For instance, there is very selective prosecution of people breaking the official secrets act. AFAICT, the law is - if you say something that causes embarresment to active politicians or any senior member of the intelligence services, then you go to jail.
In fact, if you think about it for a moment, you'll realise that this is the entire *point* of these laws. You'll be very comfortable as long as you keep to prescribed boundaries. Stray outside, and you'll see a different side to things.
http://rareformnewmedia.com/
(Moderators: this is like 4 levels down. I know it's off topic, but there are better areas to vent your ire.)
It's hopeless. I've marked stuff "OT" in the title and still been modded down for off-topic. There are some very slow folks getting mod points these days.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
Setting up a rogue access point in your office is simple and cheap. It will cost about $200 and setting it up is as easy as plugging it in to a spare network drop. Click. You no longer have to fight for a port on the conference room's hub. Of course, these access points tend to default in a highly functional but minimally secure configuration. So anyone within range of that access point doesn't have to fight for a port on the hub, or any physical connection, for access to the internal network either.
One has to wonder how many of these discovered networks are found via rogue access points.
This presents a serious problem for any company's network security. Rogue AP's can spring up like mushrooms. They're difficult to detect. And even if you do find one, its a game of whack-a-mole as you disable one while others pop up.
So what to do? First thing to do is remove the motivation behind rogue access points. Make the darned things available. IT should be considering an appropriate roll-out of this technology now. If the demand isn't there yet, it will be later. And if you don't provide it, your end users will provide it themselves.
Still need to hunt down rogue access points? Kirby Kuehl has a neat little project called aptools to help.
Heh. Yeah, like "The Sun" counts as a paper. People only read it for the pretty pictures on page 3 and the sport.
This is a common opinion amongst the privilaged classes. However, you and me are from educated backgrounds. The Sun is widely read in the UK because there are a lot of people who are not from such privilaged backgrounds and who require a different type of paper.
My grandfather used to read the 'redtops', not because he was stupid or was only interested in tits and sport, but because it spoke in his language. If you take a look at the Sun you'll find that actually a lot of their political coverage isn't that bad, and they do go out of their way to explain complex issues, such as changes in the economy, in everyday terms.
I think it is much preferable to have a population that is informed, by whatever means, than one that is ignorant or apathetic. Not everyone has the appropriate background to read the Times or Guardian. Don't assume that means they are all stupid or disinterested.