Slashdot Mirror
Democratic Convention Computer Security Threat?
Hiawatha writes "Excuse me for tooting my own horn, but check out my story in today's Boston Globe about a possible security problem at the Democratic convention next week. If visitors plug insecure laptops with wireless connections into the convention's wired network, there could be trouble..."
Hm. Taking over the Jumbotron is probably the ultimate "Capture the Flag" contest.
---- join dshield.org Distributed Intrusion Detec
From what I have heard, they are not allowing wi-fi of any kind. Not because its a security risk but because it can interfer with the equipment they really care about. the mic's and cameras and radios used to make sure everything goes smoothely.
I don't think there will be too much trouble with this. Just another company spreading the FUD trying to make a buck.
ummmmmmm... is that your real name?
Your hybrid is not saving the environment. Its purpose is to make you feel good about buying something.
Well at least it would, but I wound up disabling all that so the CEO could get on E-Bay.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Who in their right mind would want to hack into the democratic convention? The only ones I can think of are Republicans, and we all know they never do anything illegal like that...
+1 Insightful, -1 Troll. What can I say, I'm an Insightful Troll.
the article doesn't contain any new info. Everyone know how unsecure network connections can be at conventions. everyone know they can cause havoc.
Even the SANS conference, with all the security gurus, had issues with providing network connectivity. That is why they longer provide network connectivity, WiFi or otherwise, in classrooms.
Consensus is good, but informed dictatorship is better
The Democratic convention will use a standard wired network rather than WiFi. But according to Maggio, this won't provide any extra security. That's because many visitors who'll plug into the network will have computers with built-in WiFi capability. The WiFi feature is automatically switched on when the computer is running. In effect, the laptop can connect to a wired and a wireless network at the same time.
So... let me get this straight... they are going to connect to my laptop's wireless NIC, and then piggyback onto the wired connection? Riiiiight... This would be tough to accomplish... even in Windows.
Maggio said that an attacker with a high-powered WiFi access point could set up shop outside the FleetCenter, and communicate with WiFi laptops on the inside. If these laptops haven't been protected with the latest security patches, a skilled intruder will be able to gain access to the laptop. He could then leapfrog onto the Democrats' network, allowing him to steal information or vandalize computers. ''By being on both networks at the same time," said Maggio, ''that can compromise the entire network security."
Odds are, these laptops have already been 0wn3d..
From the article:
But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp. ''People can rest assured that we are aware of the need for a strong security system for our technology infrastructure," said Garcia, reading from a prepared statement, ''and we are working with our partners, Cisco and Microsoft, to ensure that our systems remain secure."
Let the oxymoron jokes commence!
SteveM
Ah the consumer Internet appliances. Trying to make network engineers out of people that can't program their VCRs.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
How can they get hacked when it was AL Gore who invented the internet...
Don't all democrats run linux?
[checks percentage of laptop users who run Linux]
If so, prepare for a landslide Republican victory the likes of which has never been seen...
Repeat after me: "I am not a party. I am a person. I will cast my vote for the person who is most likely to represent me even though it may NOT be the choice of my employer, my friends, nor my family's historical voting record, nor anyone else's interest. I will vote for myself. It's why I walk into the voting booth alone instead of sending someone else to vote on my behalf."
If you have the priviledge to vote, don't just throw it away on the lesser of two evils when other choices are available.
Maybe somebody at the DNC has compromising pictures of George Bush getting wads of money stuffed up... oh wait, that wouldn't be news. (Same applies to Mr. Kerry) Just what sort of top secret information does anybody expect to snag? This is a planned media circus, not a cigar smoke-filled warroom meeting.
I don't see how the security vulnerabilities at the DNC are any different than any business, convention, or hotel on any day in any city.
Unless, of course, there would actually be a AP inside this huge faraday cage.
"For years, I struggled with reality... but I'm happy to say I finally won out over it." -- Elwood P. Dowd
They don't allow it on the same network (I hope), but idiot XP users' boxen automatically come up in ad hoc mode, and will ASSociate with the naughty hax0rs box outside the perimeter. Probably will be dumb enough to forward packets between interfaces too! Yeeeeeehaaaa!
Don't bash on the democrats. This has been a problem ever since wireless networking has become ubiquitous in every convention, company, and private network. The democrats are no more or less susceptible than anyone else...
I am disrespectful to dirt! Can you see that I am serious?!
As long as Globe writers are reading Slashdot, perhaps someone could clarify this mystery:
- Yesterday's paper claimed that "11% of Boston businesses" believe they'll make more money as a result of the DNC, with 78% expecting the same or less>
- Today's paper featured the Causeway Street pizzeria owner who put up a pro-Bush banner and is closing his store for the week and going to Canada, expecting more trouble than business if he stays open.
Excuse me? If a guy who owns a freaking pizzeria across the freaking street from the Fleet Center doesn't think the convention is worth any money, who the hell are those 11% of business owners who think they'll benefit?What I'm listening to now on Pandora...
In a similar light, I was wondering what kind of mayhem will ensue at Quakecon. I'm sure there will be a ton of virus/worm spewing boxes plugged into the byoc lan.
"He's lost in a 'floyd hole"
Somewhere Karl Rove is twirling his mustache and recruiting neocon script kiddies.
If you think
Red Hat Linux to be precise. You can apply as an admin if you want...
That way, sure someone can hijack a laptop, but all they get to do is piggy back on the Democrat's internet connection or target other machines on the untrusted network.
Sure it's possible they haven't thought of this, but it's such a basic precaution I find it hard to believe. If they're letting any untrusted computers on to their network they have to treat the physical network like the internet - untrusted jsut like the guest PCs.
I don't give a hoot about their wireless network. What I care about are the massive road closures. Virtually every major route in and out of Boston, and several arteries, will be either completely or effectively closed down, starting as early as 3pm.
I-93 is being completely shut down through Boston, despite being a major interstate. The secret service is to blame for inventing imaginary truck bombs and placing the possible risks to security of the privileged few over the livelihoods of hundreds of thousands, if not millions, of people- workers in Boston were essentially told to fuck off and take a vacation during the convention. Menino and the DNC are to blame for ignoring obvious potential "security considerations" inherent in the Fleet Center; the new convention center would have done nicely, except it wouldn't have gotten the delegates their precious stadium seating, nor would it have given the press their precious skyboxes. Oh, and it would have meant a longer cab drive to the hotel. Boo hoo, poor rich politicians.
I can't see Kerry doing very well at all in working-class neighborhoods in eastern MA. In fact, I'd be willing to bet he'll loose them in a landslide. Virtually everyone I've met who has to commute into boston is unbelievably -PISSED- at the convention.
Oh, and then there are the random package searches on the MBTA, the closing of North Station (which is IN the Fleet Center), the mandatory searches on the Orange Line...what else? Oh, the Boston Patrollman's Association is going to be picketing ALL the DNC parties, which has hurt the few local businesses which were lucky enough to get some DNC business; losses were estimated at $80M statewide, but will most likely be higher thanks to BPA.
Let's see, what else? Ah, yes. The "internment camp", oops, I mean, "free speech zone", which is a fenced-in pen topped with barbed wire. Yeah, great idea- let's put right-wing nutjobs(Christian Coalition) in with extreme left fruitcakes into a TINY little box, with ONE entrance and ONE exit. Nah, they won't fight with each other!
Please help metamoderate.
Granite Island Group has already one-upped this story. Fuck wireless security, we're talking about actual bona fide security problems here.
[o]_O
Har. Har.
It was Republicans who invented that claim. What Gore actually said was "I took the initiative in creating the Internet". Robert Kahn and Vinton Cerf -- two of the people who did "invent the internet" have publicly stated that "Al Gore was the first political leader to recognize the importance of the Internet and to promote and support its development." Repub spinmasters pushed the reworded version hard as part of their successful effort to exaggerate Gore's supposed exaggerations.
(The Repub spin this time around is that Kerry always "flip-flops". That's the script, and they're pushing it hard. I guess this is to distinguish him from Bush, who sometimes flip-flops and sometimes sticks to his opinions ... regardless of the facts.)
The DNC might want to invest in several of these little goodies. Power them up and problem solved.
Wanted: witty unique signature. Must be willing to relocate.
When it seems technology moves too slow, consider that 4 years is a very long time in the computer world.
1981 - start of Reagan 1st term. IBM PC barely exists.
1985 - Reagan 2nd term. Amiga still months from introduction.
1989 - Bush Sr. 1st term. Gopher looks like it's going to be a real winner.
1993 - Bill Clinton 1st term. Most people are stil l having trouble accessing more than 1 Megabyte of memory. Microsoft offers users "himem.sys" as a solution. Linux begins to change all that.
1997 - Bill clinton 2nd term. Everybody's reading about who poked who in the Oval Office - on a computer network that spans the globe
2001 - GWBush 1st term. Cheap computers perform at a more than a billion FLOPS. Hard drive prices crash through the floor. Wireless networking barely alive.
2005 - Wireless networking causes massive chaos in the government, allowing robotic overlords to storm the Democratic Convention. Scene is repeated three weeks later at the Republican Convention. Robots declare martial law, and institute an omnipotent supercomputer and the emperor of the world. Declares Sunday to be free ice cream day. Jaded citizens eat it up.
When you look at the state of the art at 4 year intervals, it seems like a lifetime. When GW Bush was first elected, a nice computer would have been 1 GHZ or less, with 64 megs of RAM. And before that, it would have been a little Celeron 300A, or maybe a Pentium MMX.
Can anyone predict the state of the art in 2009?
No weapon in the arsenals of the world is so formidable as the will and moral courage of free men.-Ronald Reagan
"Who in their right mind would want to hack into the democratic convention? The only ones I can think of are Republicans, and we all know they never do anything illegal like that..."
They only need to say that it's part of a terrorism investigation, and then the carrier is required to let them snoop the wired network, and the carrier is prohibited from revealing the snooping -- EVER, even long after the fact -- and, oh yeah, I forgot to mention, no judge or warrant required.
They don't have to do it illegally, just invisibly.
Look, you vote republican because of a lot of issues I would assume. So don't let one issue derail you from voting republican again. When you turn yourself into a one issue voter, you become a tool for the other side. Vote for the guy who will overall be better for the country. I'm pretty sure you wil stick with Bush.
Ah yes, are you suggesting that the post use that pinnacle of journalistic integrity, FOX NEWS? Besides, most of the things he listed were not a matter of news sourcing or opinion, but a matter of public record. Are you saying that the existence of the patriot act is actually some democrat fabrication?
So WiFi security is not something the Convention IT staff can control, with or without WEP
Nearly a 100% of all notebook computers brought to the convention will have WiFi built-in to them. A few sensible folks will have their notebooks configured to only latch onto "known" access points using wep. The rest will have their WiFi settings set to allow both ad-hoc and infrastructure mode and to connect automatically. These people, while probably smart and successful in other ways, are likely to be morons who are network-retarded.
As a result they are unlikely to realise that while they are busy and connected to the wired network, their computers have also connected automatically to the blackHatAP that has been setup in the closed-for-the weekend in the Pizzeria across the street. A convenient and cheap SEP field will prevent them from seeing small message dialogs that inform them of these events.
Some of these notebooks, as a result of belonging to irresponible morons, will already be 0wn3d. They are twice as likely to not be updated using windos update..
In short these computers will behave pretty much the same as the drunk chick flahing her tits at Dayton Beach on spring break (altho why we only see photos of them on the internet and never meet any of these tipsy goddesses IRL is beyond me. Oh wait, that probably cuz I'm here instead of there.!)
I would lay a wager of 10 bucks at odds of 5-1 that at least 5% of the notebooks on-site will automatically latch onto the first available AP AND be unpatched enough to allow arbitrary code execution using a buffer overflow vulnerability on some port OR have a trojan installed which can be leveraged to execute said code
What is the hapless IT support guy to do? Here are a few ideas -
1. Ban all notebooks since you cant physically inspect the WiFi settings for the visitors. This idea will probably get you fired though. The morons are rich and powerful and will get their way in penetrating your network with their toys. Being a BOFH is only going to get you shafted.
2. Set up your own AP with repeaters all over the place and hope the ho-ing notebooks latch on to your WiFi network first. I am sure this is not foolproof, but will probably bring down your risk by 70%. The boundary cases here are truly that - the notebooks on the wifi edge might see a better signal from blackHatAP and kiss up to it.
3. This may not be legal in your Locale/state/country. Adherence to local laws is your responsibility. Disclaimer made, heres the option - Install a jammer for WiFi frequencies. Better yet, if you have the Secret servce on hand, get them to do it. Simple and efficient. Unintended Interference is a bizatch though.
I thought about the option of setting up a WiFi farm that would create its own /. effect on the BlackHatAP but that wouldn't scale well if the BlackHat set up more than one AP....
See that long UID - that's what you get for lurking too long
At a technical conference earlier this year, I noticed something going between a few machines that looked a lot like a wireless virus, but was unable to capture it properly (they weren't my machines, I was just trying to shut down rouge APs).
The trick is being able to turn a normal laptop into an access point, then spreading the virus to other machines as they "automagically" try to connect to whatever AP they can find. Then those infected computers turn into APs, etc.
"...but voting third party is just going to help the guy I don't want to get (re-)elected"
A friend of mine said the same thing. He of course wants Kerry to win. I then reminded him that in California, there is no chance at all that Bush will take the electoral votes. Since I normally vote Republican or Libertarian, I would actually be taking away a vote for the Elephants by voting Libertarian.
If you live in California, you too can vote your conscience, whatever it may be, and not worry about Kerry not winning the State. On the other hand, if you vote Republican, and you want to vote different, you can since Bush wasn't going to win in California anyways.
This type of thing has happened before, but in this case we did have a 802.11A/B/G network running as well as wired. There is no solution to prevent it from happening (short of forcing people not to bridge their connections), but there are ways to detect and contain it. The netadmins just need to setup something that will also talk to these bridged 802.11A/B/G cards. Once they detect a bridge, find out what hardwired port they are coming through, find the Mac address, penalty box the mac address, and you've then forced them to go seek help hopefully from a helpdesk that knows what you are doing to people to cause them to go to the helpdesk.
Cheers!
--Brett
The republicans already have hacked some democrat computers.
Have someone (or several someones) walking the convention hall floor with sniffers. Any machine found to be transmitting packets via WiFi gets the plug pulled on the wired network. Since every location in the hall is numbered, a simple call back to the network center can get them switched off without having to physically confront them. However, I just like the idea of a guy walking up with scissors and SNIPPING them.
Maybe they should hire Nigerian guards.
Signs would be posted all over -- "TURN OFF YOUR WIFI OR YOUR NETWORK CONNECTION WILL BE TURNED OFF. If you do not know how to do this, please call 1-900-xxx-xxxx ($3.95/minute) for assistance." Using the number of a phone sex line would not be funny. (OK, yes it would, but it's still not a very good idea.)
Mal-2
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
No doubt many viruses will be transfered at the convention, but it really is a private matter between the senator and... oh, did you say computer viruses?