| As Los Angeles and hundreds of other
| |
| | it's pretty much game over," Bickers
|
| communities push to turn themselves into
| |
| | said.
|
| massive wireless hotspots, unsuspecting
| |
| | Most laptops are configured to search for
|
| Internet users are stumbling onto hacker
| |
| | open wireless points and common wireless
|
| turf, giving computer thieves nearly
| |
| | names, whether or not the user is trying
|
| effortless access to their laptops and
| |
| | to get online. That leaves people open to
|
| private information, authorities and
| |
| | hacking.
|
| high-tech security experts say.
| |
| | In two new attacks, called "evil twin"
|
| It's an invasion with a twist: People who
| |
| | and "man in the middle," hackers create
|
| think they are signing on to the Internet
| |
| | Wi-Fi access points titled whatever they
|
| through a wireless hotspot might actually
| |
| | like, such as "Free Airport Wireless" or
|
| be connecting to a look-alike network,
| |
| | an established, commercial name.
|
| created by a malicious user who can steal
| |
| | In the "evil twin" attack, the user turns
|
| sensitive information, said Geoff
| |
| | on a laptop, which may automatically try
|
| Bickers, a special agent for the FBI's
| |
| | to connect. When it does, it is
|
| Los Angeles cyber squad.
| |
| | connecting to a fake access point, or
|
| It is not clear how many people have been
| |
| | "evil twin," and the hacker gets into
|
| victimized, and few suspects have been
| |
| | personal files, steals passwords or
|
| charged with Wi-Fi hacking. But Bickers
| |
| | plants a virus.
|
| said that over the last couple of years,
| |
| | The hacker can become a "man in the
|
| these hacking techniques have become
| |
| | middle" when he funnels the user's
|
| increasingly common, and are often
| |
| | Internet connection through this false
|
| undetectable. The risk is especially high
| |
| | access point to a true wireless
|
| at cafes, hotels and airports, busy
| |
| | connection. The unsuspecting Wi-Fi surfer
|
| places with heavy turnover of laptop
| |
| | may then proceed to enter credit card
|
| users, authorities said.
| |
| | information, access e-mail or reveal
|
| "Wireless is a convenience, that's why
| |
| | other sensitive data that can be tracked
|
| people use it," Bickers said. "There's an
| |
| | by the hacker. Meanwhile, the session
|
| axiom in the computer world that
| |
| | appears ordinary to the user.
|
| convenience is the enemy of security.
| |
| | Although the FBI has been aware of this
|
| People don't use wireless because they
| |
| | kind of attack for about five years, its
|
| want to be secure. They use wireless
| |
| | use has increased in the last couple of
|
| because it's easy."
| |
| | years and is being seen as a "huge
|
| For Mark Loveless, just one letter
| |
| | threat," Bickers said.
|
| separated security from scam.
| |
| | "The actual tools you need, the software,
|
| Logging on to his hotel's free wireless
| |
| | the hardware, etc., to mount this sort of
|
| Internet in San Francisco last month,
| |
| | attack has become insanely easy to
|
| Loveless had two networks to choose
| |
| | acquire," Bickers said. "You need a
|
| between on his laptop screen - same name,
| |
| | laptop, wireless radio and the ability to
|
| one beginning with a lowercase letter,
| |
| | download a free tool and run it. It
|
| one with a capital. He chose the latter
| |
| | literally is child's play."
|
| and, as he had done earlier that day,
| |
| | The creation of the access point itself
|
| connected. But this time, a screen popped
| |
| | is not generally considered criminal;
|
| up asking for his log-in and password.
| |
| | it's what happens next - tracking
|
| Loveless, a 46-year-old security analyst
| |
| | people's Internet use - that can cross
|
| from Texas, immediately disconnected. A
| |
| | the line.
|
| former hacker, he knew an attack when he
| |
| | These hacking techniques are considered
|
| saw one, he said.
| |
| | to be "tantamount to a computer intrusion
|
| Most Internet users do not.
| |
| | and illegal interception of wireless
|
| About 14.3 million American households
| |
| | communication that can be prosecuted
|
| use wireless Internet, and this figure is
| |
| | under federal law," Bickers said.
|
| projected to grow to nearly 49 million
| |
| | But computer evidence and statistics are
|
| households by 2010, according to
| |
| | hard to come by, said Arif Alikhan, a
|
| JupiterResearch, which specializes in
| |
| | former federal prosecutor and former
|
| business and technology market research.
| |
| | chief of the cyber and intellectual
|
| "There's literally probably millions of
| |
| | property crimes section for the U.S.
|
| laptops in the U.S. that are configured
| |
| | attorney's office in Los Angeles. People
|
| to join networks named Linksys or D-Link
| |
| | can unwittingly compromise their
|
| when they are available," said Corey
| |
| | computers in a multitude of ways, and
|
| O'Donnell, vice president of marketing
| |
| | often there's no trace.
|
| for Authentium, a company that provides
| |
| | "You can tell how many burglaries occur
|
| security software. "So if I'm a hacker,
| |
| | because you're victimized, and someone
|
| it's as easy as setting up a network with
| |
| | knows they're victimized," Alikhan said.
|
| one of those names and waiting for the
| |
| | "People don't always know if someone is
|
| fish to come."
| |
| | using their wireless network, and it's
|
| Linksys and D-Link are two of the many
| |
| | very difficult to tell unless you trace
|
| commercial brands of wireless routers,
| |
| | back every single connection.... It
|
| products that allow a user to connect to
| |
| | happens more than I think we all
|
| the Internet using radio frequency.
| |
| | realize."
|
| As the field of wireless connectivity
| |
| | The U.S. attorney's office will not
|
| expands, so too does a hacker's
| |
| | comment on pending investigations;
|
| playground. More than 300 municipalities
| |
| | however, wireless hacking cases are
|
| across the country are planning or
| |
| | relatively new, and few if any current
|
| already operating Wi-Fi service.
| |
| | cases involve "evil twin" or "man in the
|
| Los Angeles Mayor Antonio Villaraigosa
| |
| | middle" attacks, law enforcement
|
| last month announced plans for citywide
| |
| | authorities said.
|
| Wi-Fi in 2009. USC already offers free
| |
| | "This is a classic case of law and law
|
| wireless, and by the end of March, Los
| |
| | enforcement being a little behind the
|
| Angeles International Airport will
| |
| | technological curve," Bickers said.
|
| officially offer wireless at all its
| |
| | Other types of wireless-related Internet
|
| terminals under a new contract with
| |
| | hacking cases have recently popped up
|
| T-Mobile.
| |
| | across the country.
|
| Some airlines already offer Wi-Fi at LAX.
| |
| | Nicholas Tombros was found guilty in
|
| "There are no signs for any service at
| |
| | 2004, under the federal Can-Spam Act, of
|
| all, so if any passenger is accessing a
| |
| | "war-spamming." He drove around the
|
| free wireless service ... they should be
| |
| | Venice Beach area with his laptop and
|
| cautious," said Nancy Castles, an airport
| |
| | used unprotected wireless access points
|
| spokeswoman.
| |
| | to send spam. He could receive up to
|
| A survey at Chicago's O'Hare Airport by
| |
| | three years in federal prison at his
|
| Authentium revealed 76 peer-to-peer
| |
| | sentencing next month.
|
| networks, or access points that are
| |
| | He is the only defendant who has been
|
| connected to via another user's computer,
| |
| | charged in a case involving wireless
|
| with 27 of them advertising access to
| |
| | hacking by the Greater Los Angeles
|
| free Wi-Fi - a trademarked term for the
| |
| | section of the U.S. Department of
|
| technical specifications of wireless
| |
| | Justice's cyber and intellectual property
|
| local area network operation. The company
| |
| | crimes division since it was established
|
| also found that three of the networks had
| |
| | in October 2001, according to Assistant
|
| fake or misleading addresses, one sign
| |
| | U.S. Atty. Wesley L. Hsu, deputy chief of
|
| the hotspots could be hackers.
| |
| | the section.
|
| "At a busy place like O'Hare, in one hour
| |
| | "They are technically difficult cases....
|
| a bad guy could get 20 laptops to connect
| |
| | They're difficult cases to put together,
|
| to his network and steal the users'
| |
| | so law enforcement is having to sort of
|
| account information," said Ray Dickenson,
| |
| | catch up," Hsu said.
|
| vice president of product management at
| |
| | On Sept. 30, Gov. Arnold Schwarzenegger
|
| Authentium, who conducted the survey last
| |
| | signed into law the Wi-Fi User Protection
|
| September.
| |
| | Bill, which aims to block unauthorized
|
| Corporate networks are sometimes the most
| |
| | sharing of open Wi-Fi networks and inform
|
| vulnerable, as employers push for a more
| |
| | users of the dangers of unsecured
|
| mobile workforce without always educating
| |
| | networks. Starting in October, warnings
|
| its users on the security risks of
| |
| | and tips will be required on all wireless
|
| wireless Internet.
| |
| | home-networking equipment sold in
|
| Many workers rely on corporate firewalls
| |
| | California.
|
| in the office and an automatic default
| |
| | The law specifically addresses
|
| network setting that links them to their
| |
| | "piggybacking" - or the use of another
|
| corporate networks. Outside the office,
| |
| | person's wireless network to access the
|
| the firewall is no longer in place. That
| |
| | Internet - a problem that security
|
| means the computer is unprotected. Once
| |
| | experts say has been a concern for years.
|
| hackers have "got a toehold in a network,
| |
| |
|