"Free Wi-Fi" Scam In the Wild

DeadlyBattleRobot writes in with a story from Computerworld about a rather simple scam that has been observed in the wild in several US airports. Bad guys set up a computer-to-computer (ad hoc) network and name it "Free Wi-Fi." You join it and, if you have file sharing enabled, your computer becomes a zombie. The perp has set up Internet sharing so you actually get the connectivity you expected, and you are none the wiser. Of course no one reading this would fall for such an elementary con. The article gives detailed instructions on how to make sure your computer doesn't connect automatically to any offered network, and how to tell if an access point is really an ad hoc network (it's harder on Vista).

Whatever happened to free airport Wi-Fi?

[sokoban]

Does anyone in here remember when airports used to usually have free wireless internet access? In 2001, it seemed like most of the nice airports offered free wireless access as a courtesy to customers, but now the only one I see doing that is my local airport (bluegrass int'l). Now every other airport seems to have some silly $15 wireless internet access service. Even expensive hotels now are starting to charge for wireless access, though they usually still have free wired access.

That's it, I'm sick of all this mother fucking nickel and dimeing in these motherfucking airports.

remote host

[TheSHAD0W]

If you have a box that's permanently on the net, a machine at home that's always on, a web server, etc, set your laptop up to always tunnel its connections through it. That way, even if someone 0wnz the connection you're on, so long as your software firewall is good, you're set.

Universal free wi-fi

[adambha]

And when wi-fi becomes a universally available free commodity (who else is betting on it?) what trickery will we see then?

Re:Free is still free for me

[Austerity Empowers]

I agree, I use these all the time at airports (pay for WiFi in an airport with $2 waters and $1.50 small bags of chips? nfw). I know they're up to no good, but good luck trying.

Article does not explain the zombification process

[dudeman2]

Connecting to the "Free Wi-Fi" and having your passwords and data sniffed is one thing, but how easy is it for the attacker to turn a Windows XP system into a zombie, merely by connecting to an attacker's wireless network?

Assumption #1. You run Windows XP, SP2, up to date with security patches
Assumption #2. You have Windows Firewall installed and configured for maximum security
Assumption #3. You are not sharing your folders on the network, or if you are, you're not allowing guest write access

(Now, I know how many Windows users do not follow #1,#2,#3 above..) but assuming they do, is a zero-day exploit required in order to zombify their PC?

Far easier to get good scam info...

[Lumpy]

linux laptop advertising as a wifi hot spot.

It runs it's own DNS and httpd.

you connect, it looks real. Log into your yahoo account with a legit looking cert, hmmm yahoo is having trouble, I'll try ebay. I logged in but it also has trouble, I'll try again.. oh it works!

Really easy, thwarts all the "this certificate does not match as you control everything the client side sees, then dump them off to your link to wifi or your cellular net connection.

you can probably get tons of real logins you are ready for collecting.

Moral of this? do not trust open accesspoints, they might not be legit.

Re:Relay?

[Vellmont]

But even worse, he could emulate (and forward data to) popular sites like Gmail, Yahoo, Ebay and Paypal but without any SSL. Like, a site that looks and acts like Gmail and even has your messages but is in reality a non-encrypted site that acts as a proxy.

I never thought about that, but that's an excellent point. It's a good reason not to trust web based mail sites.

In fact, it calls into question the security of all websites, since they start out in unencrypted mode. How often do you check when logging into a secure website that it's really using https, and not http?

Re:Tosser...

[SuperKendall]

Personally, I'd try to gather evidence and report it to the police if I felt they'd do anything worthwhile. The fact that this person's behaviour happens to be driving people towards my OSs of choice is purely incidental. You probably realise this, and I doubt that you were serious about thanking the guy, but I bet that your f****d up zealotry, morality and ideology are genuine; you really would place a microscopic (and questionable) "blow" against Microsoft over thieving scum like this escaping justice.

As noted, reporting to the police would be ineffectual.

I'm not looking for a "blow" against Microsoft as much as something that moves people to more secure systems, whatever those happen to be. And unfortunately it happens to be true that people only seem to care about things like that when bad things happen to them - as with backups.

So I feel empathetic, but not sympathetic, towards people affected by things like this - and while I don't condone the actions of those engaging in this behavior I do at least recognize that some good can come from even criminal activity such as this.

What I feel is really poor is your apologetic stance, basically playing whack-a-mole with security issues by trying to stomp down every security breach as it pops up without considering the broader picture and how to reduce the fundamental security problems instead of blaming only the people who take advantage of security flaws like this while doing nothing to advance a cure to the deeper problem. I think you need to reexamine what is zealotry and what is a healing approach for the industry as a whole.

Re:Portland

[Marxist Hacker 42]

Yeah, but actually there are four legitimate free Wi-Fi groups in Portland:

1. Portland Airport Free WiFi, ssid "flypdx"
2. Personal Telco Underground WiFi Group, ssid "www.personaltelco.com".
3. Independant coffee shops, hotels, and internet cafes, various ssids
4. Metro-Fi, the new downtown and expanding out towards all of Metro area wifi cloud, ssid "MetroFi-Free". If you see "MetroFi-TestFree" this indicates an access point that isn't connected to the Internet yet but will be coming soon.

Re:Tosser...

[Zanthor]

What I find amusing is that you think most computer users have a "Choice" in which OS they run... my shop runs Windows XP, that means all 250 of my supported users run Windows XP, they don't get to choose.

Unfortunately I can also say without a doubt that wireless connectivity is so convoluted that the average user would fall for this. Explaining to Joe Salesman to view wireless networks and trying to explain to him the different types of authentication he may run into while traveling from Iowa to Texas (I found 4 in my one way trip) is just horrible.

Easy Countermeasure

[bughunter]

I'd try to gather evidence and report it to the police if I felt they'd do anything worthwhile.

Someone in the vicinity of my office (in a Chatsworth CA industrial park) was broadcasting a wireless network titled "Free Public WiFi" for the past couple of weeks, and since I'm using OS X, it appeared under my AirPort status menu as a peer-to-peer network. These come and go, and I routinely ignore them. That is -- until I saw this ComputerWorld article on Slashdot.

It could have been a coworker, or someone in an adjacent building, or someone parked on the street... the signal strength was 5 bars on a WinXP notebook one cubicle away. It could have been an intentional scammer, or a victim of a scammer's trojan, implanted via a public hotspot. So I forwarded the ComputerWorld URL to everyone in the office, summarized the scam and the risks, and asked folks to run their spyware/adware scrubbers if they had used a public hotspot recently.

And I created my own peer-to-peer network "Free Public WiFi is a CON!"

Within hours, the "Free Public WiFi" was gone. No telling who it was or what their intentions, but at least it's gone.