"Free Wi-Fi" Scam In the Wild 332
DeadlyBattleRobot writes in with a story from Computerworld about a rather simple scam that has been observed in the wild in several US airports. Bad guys set up a computer-to-computer (ad hoc) network and name it "Free Wi-Fi." You join it and, if you have file sharing enabled, your computer becomes a zombie. The perp has set up Internet sharing so you actually get the connectivity you expected, and you are none the wiser. Of course no one reading this would fall for such an elementary con. The article gives detailed instructions on how to make sure your computer doesn't connect automatically to any offered network, and how to tell if an access point is really an ad hoc network (it's harder on Vista).
Whatever happened to free airport Wi-Fi? (Score:1, Interesting)
That's it, I'm sick of all this mother fucking nickel and dimeing in these motherfucking airports.
remote host (Score:3, Interesting)
Universal free wi-fi (Score:2, Interesting)
And when wi-fi becomes a universally available free commodity (who else is betting on it?) what trickery will we see then?
Re:Free is still free for me (Score:3, Interesting)
Article does not explain the zombification process (Score:5, Interesting)
Assumption #1. You run Windows XP, SP2, up to date with security patches
Assumption #2. You have Windows Firewall installed and configured for maximum security
Assumption #3. You are not sharing your folders on the network, or if you are, you're not allowing guest write access
(Now, I know how many Windows users do not follow #1,#2,#3 above..) but assuming they do, is a zero-day exploit required in order to zombify their PC?
Far easier to get good scam info... (Score:3, Interesting)
It runs it's own DNS and httpd.
you connect, it looks real. Log into your yahoo account with a legit looking cert, hmmm yahoo is having trouble, I'll try ebay. I logged in but it also has trouble, I'll try again.. oh it works!
Really easy, thwarts all the "this certificate does not match as you control everything the client side sees, then dump them off to your link to wifi or your cellular net connection.
you can probably get tons of real logins you are ready for collecting.
Moral of this? do not trust open accesspoints, they might not be legit.
Re:Relay? (Score:3, Interesting)
But even worse, he could emulate (and forward data to) popular sites like Gmail, Yahoo, Ebay and Paypal but without any SSL. Like, a site that looks and acts like Gmail and even has your messages but is in reality a non-encrypted site that acts as a proxy.
I never thought about that, but that's an excellent point. It's a good reason not to trust web based mail sites.
In fact, it calls into question the security of all websites, since they start out in unencrypted mode. How often do you check when logging into a secure website that it's really using https, and not http?
Re:Tosser... (Score:4, Interesting)
As noted, reporting to the police would be ineffectual.
I'm not looking for a "blow" against Microsoft as much as something that moves people to more secure systems, whatever those happen to be. And unfortunately it happens to be true that people only seem to care about things like that when bad things happen to them - as with backups.
So I feel empathetic, but not sympathetic, towards people affected by things like this - and while I don't condone the actions of those engaging in this behavior I do at least recognize that some good can come from even criminal activity such as this.
What I feel is really poor is your apologetic stance, basically playing whack-a-mole with security issues by trying to stomp down every security breach as it pops up without considering the broader picture and how to reduce the fundamental security problems instead of blaming only the people who take advantage of security flaws like this while doing nothing to advance a cure to the deeper problem. I think you need to reexamine what is zealotry and what is a healing approach for the industry as a whole.
Re:Portland (Score:3, Interesting)
1. Portland Airport Free WiFi, ssid "flypdx"
2. Personal Telco Underground WiFi Group, ssid "www.personaltelco.com".
3. Independant coffee shops, hotels, and internet cafes, various ssids
4. Metro-Fi, the new downtown and expanding out towards all of Metro area wifi cloud, ssid "MetroFi-Free". If you see "MetroFi-TestFree" this indicates an access point that isn't connected to the Internet yet but will be coming soon.
Re:Tosser... (Score:3, Interesting)
Unfortunately I can also say without a doubt that wireless connectivity is so convoluted that the average user would fall for this. Explaining to Joe Salesman to view wireless networks and trying to explain to him the different types of authentication he may run into while traveling from Iowa to Texas (I found 4 in my one way trip) is just horrible.
Easy Countermeasure (Score:3, Interesting)
Someone in the vicinity of my office (in a Chatsworth CA industrial park) was broadcasting a wireless network titled "Free Public WiFi" for the past couple of weeks, and since I'm using OS X, it appeared under my AirPort status menu as a peer-to-peer network. These come and go, and I routinely ignore them. That is -- until I saw this ComputerWorld article on Slashdot.
It could have been a coworker, or someone in an adjacent building, or someone parked on the street... the signal strength was 5 bars on a WinXP notebook one cubicle away. It could have been an intentional scammer, or a victim of a scammer's trojan, implanted via a public hotspot. So I forwarded the ComputerWorld URL to everyone in the office, summarized the scam and the risks, and asked folks to run their spyware/adware scrubbers if they had used a public hotspot recently.
And I created my own peer-to-peer network "Free Public WiFi is a CON!"
Within hours, the "Free Public WiFi" was gone. No telling who it was or what their intentions, but at least it's gone.