"Free Wi-Fi" Scam In the Wild

DeadlyBattleRobot writes in with a story from Computerworld about a rather simple scam that has been observed in the wild in several US airports. Bad guys set up a computer-to-computer (ad hoc) network and name it "Free Wi-Fi." You join it and, if you have file sharing enabled, your computer becomes a zombie. The perp has set up Internet sharing so you actually get the connectivity you expected, and you are none the wiser. Of course no one reading this would fall for such an elementary con. The article gives detailed instructions on how to make sure your computer doesn't connect automatically to any offered network, and how to tell if an access point is really an ad hoc network (it's harder on Vista).

P. T. Barnum...

[eviloverlordx]

said it best: "A sucker is born every minute".

Re:Free is still free for me

[SuperKendall]

Well, they would have a really difficult time turning my linux based portable into a zombie.

No kidding - is this article really an ad for Linix and/or MacOS X?

The next time I see a "FreeWiFi" I'll jump on and thank them hardily for moving yet another Windows user even closer to an alternate choice.

Relay?

[zlogic]

Or the bad guy could set a relay with the real internet and get all your passwords, that's why I use SSL in public APs. But even worse, he could emulate (and forward data to) popular sites like Gmail, Yahoo, Ebay and Paypal but without any SSL. Like, a site that looks and acts like Gmail and even has your messages but is in reality a non-encrypted site that acts as a proxy.

Tosser...

[Dogtanian]

The next time I see a "FreeWiFi" I'll jump on and thank them hardily for moving yet another Windows user even closer to an alternate choice.

And people wonder why some Linux and Apple supporters have a bad reputation for being fanatical.

Personally, I'd try to gather evidence and report it to the police if I felt they'd do anything worthwhile. The fact that this person's behaviour happens to be driving people towards my OSs of choice is purely incidental. You probably realise this, and I doubt that you were serious about thanking the guy, but I bet that your f****d up zealotry, morality and ideology are genuine; you really would place a microscopic (and questionable) "blow" against Microsoft over thieving scum like this escaping justice. You really think that MS-enabled crime (let alone this particular scam) is the only crime they're going to commit?

Re:Tosser...

[El Torico]

Personally, I'd try to gather evidence and report it to the police if I felt they'd do anything worthwhile.

Right. Call me cynical, but I don't think that the police would be interested or even capable of doing anything.

Stupid idea

[Dogtanian]

Help other folks out. Set yourself up as a proxy, advertise yourself as "Free Wi-Fi" too, and let everyone else (at least, everyone who connects through you) safely use the scumbag's paid wi-fi connection for free.

That's the kind of geeky too-clever-for-your-own-good thing that will get you into trouble if the real criminal ever gets caught... or even if he doesn't. Suppose the police (or whoever) at the airport know about this scam and are investigating, and pick up *your* connection. Now you're messed up with this thing; you might know that you're innocent, but they don't, and explanations like "But... but... I was just having some fun at the guy's expense and making it safe for everyone" won't go down well.

How sure are you that you can prove that you're not involved, especially when you've been arrested and subject to police questioning? Under ideal circumstances If you were in control of things, you could probably put together a good case, but fancy playing against a prosecutor and police who genuinely believe that you were involved and want to make you look bad?

And (so the police will want to know) since you obviously knew this guy was up to no good, why didn't you report it?

Doesn't sound such a good idea now.

Re:Far easier to get good scam info...

[fizbin]

Okay, but tell me - how often do you regularly see firefox warnings about certificates signed by random CAs? I see at least one or two a week. How likely do you think it is that someone's going to notice this?

When even Google AdSense [google.com] can't get the whole "do https properly so that people don't get trained to click past error messages" thing right (granted, it's a different error in google's case), how closely are people really going to look? Granted, they might get slightly suspicious the third of fourth time this happened, but for people just trying to check some news sites and their corporate email before boarding they might only see one such error message.

Re:Whatever happened to free airport Wi-Fi?

[paeanblack]

Situation's a bit different in Europe. The airports in Budapest and Vienna have free wi-fi, and it's blazingly fast. In fact, when I recently had to fly out from Vienna, I got to the airport 36 hours early so I could get several films through Bittorrent.

It's that kind of juvenile behavior that kills off free wi-fi services. They are there for people to check itineraries, keep in touch with their friends/family/colleagues, and other minor conveniences. They don't exist for jackasses to park on for days to download movies.

"Free to use" does not mean "Free to abuse". If you want more bandwidth, pay for it yourself.

Re:Article does not explain the zombification proc

[philipgar]

This still doesn't explain about the zombification process. First of all, most file sharing is read only unless you have a password used, most home users don't really do much filesharing, but generally it's a read only thing, but second of all even if you have your entire folders mounted as read/write, how exactly does that allow this machine to turn you into a zombie? Last I heard writing files to your my documents folder (it's really difficult to share other folders than this) can not actually execute code.

I guess if your entire hard drive was shared, there is a possibility that they could write the file to a startup directory on it that automatically launches it on your next reboot . . .

This article really read as a lot of FUD to me. Possibly unpatched machines are affected, but they give a solution of disconnecting from the net. I just don't get it, the solution, it appears to me would be to oh, I don't know, patch your computer and use sane practices (like not sharing your whole hard drive as read/write/execute (apparently) with anonymous access).

Now the problem of them being able to steal credit card numbers and such is an issue. This is an issue that effects all OSes, so everyone should think bout it. however, if you check that the ssl keys you accept are valid for the site in question, then you should be alright. While they can perform a man-in-the-middle attack, that does require changing what keys a website uses (or possibly disabling encryption). As far as aim passwords and such go, well if you don't use it for important stuff, what are they going to do with it?

I read this entire article and really just want to read something from someone who knows anything about security, and not some idiot who read about something like this and proposes an even more idiotic solution. There is truth that you must be careful connecting to any wireless network that you don't know, also your machine needs to be patched etc. a little common sense goes a long way in this matter.

Phil

Re:Tosser... (said the Tosser)

[node 3]

your f****d up zealotry, morality and ideology are genuine

Windows has had serious architectural and procedural flaws for over a decade now, which Microsoft is fully aware of, yet has done very little to address, and it's "fucked up zealotry, morality and ideology" to hope that people will wise up and switch?

I'd highly prefer MS wise up and fix their OS, but they won't. Ever. They're just not that kind of company, never have been, never will be. On this, I would *love* to be proven wrong by MS's future actions.

I don't see how it's "fucked up zealotry, morality and ideology" to hope people will switch away from such a dreadful and dangerous product. I hope people will stop eating products with high fructose corn syrup and trans-fats. How is there anything wrong with such a position, *whatsoever*?

Re:Article does not explain the zombification proc

[node 3]

The whole thing boils down to:

1) Clueless user connects to "Free Wifi" and has filesharing enabled with guest write access
2) Attacker uses file sharing to put malware on PC
3) Clueless user proceeds to run the malware and gets zombified.

1) "Clueless" implies fault of the user. It's unreasonable to expect your average user to have the technical acumen of your average geek. Given that other OSs do not have these issues, I am more inclined to blame Windows for being so easily made insecure by a "clueless" (read: average) user than I am the user.
2) Yes.
3) The user need do nothing. If you have read/write access to C:, you can install anything you want and have it run automatically.

Re:Whatever happened to free airport Wi-Fi?

[anagama]

Aside from the jackass component, how about the idiocy? Personally, I'd much rather pay for a few dvds than sit in an airport for 36 hours to get them "free".

Re:Free is still free for me

[Intron]

This isn't a Win vs. Lin issue. Stunnel is available for Windows, too. What happens when you think you are on a free network, you try to Stunnel to your server, and you get the error:

WARNING: DSA key found for host ftp.initech.org
in /home/intron/.ssh/known_hosts:35
DSA key fingerprint 67:12:6f:2c:cd:a1:67:8b:ea:86:c8:b8:8b:c3:9d:34.
    The authenticity of host 'ftp.initech.org (206.246.226.45)' can't be established,
but keys of different type are already known for this host.
RSA key fingerprint is 02:a9:63:fe:6f:2e:ae:f4:53:4c:9c:8b:8b:7d:5c:8e.
    Are you sure you want to continue connecting (yes/no)?

Do you say "I must be the victim of a man-in-the-middle attack?" or do you say "Someone must have updated the key on the server"

Lots of people will hit yes and continue, cause they really need to log in and download that confidential financial report with all of the account numbers and passwords in it. Then they're hosed.

Re:"hide known extensions"

[node 3]

People who willingly hide the file extensions from their display deserve what they get! :)

Windows XP does this by default.

And no, they *don't* deserve it. If there was a warning dialog which said, "Doing this might cause you to get pwn3d", you might have a point. The problem is that there's no reason to expect your average user to understand the implications involved.

Every so often, bad weather during the winter leads to a few deaths due to people using charcoal barbecues in the house. It's not reasonable to suggest those people deserve what happened to them. If they didn't understand the risk (and many people don't) they are victims of their own, reasonable ignorance. If the heat is out, your stranded at home in a blizzard, and all you have is a barbecue, what do you think your average person is going to think?

It's the same with many Windows exploits. People use the OS the way its design promotes, and develop habits accordingly (such as blindly clicking "next, next, next" during software installation). Yes, education and vigilance would stop many of the problems, but the level of education and vigilance is above and beyond what is reasonable to expect.

Blaming the user is foolish. Why not fix the OS?