One Mans Blog
Specialization is for Insects.
Posted on Oct 23, 2007 - 12:28am by John P. in Security, Travel
Folks, I was at the airport and I popped open my laptop to hop on the net and upon doing so I encountered a seriously sneaky bastard. Do you see anything wrong with the image below?
Well, hopefully you notice the little icon of a laptop beside the network entitled “Free Public WiFi”. This is NOT a free wireless access point, but instead a laptop computer that someone has configured to capture your personal data and rob you blind.
The way this scam works is that a criminal entices unwitting suspects to connect to the Internet through their computer. Meanwhile, they are running packet sniffing software to read every bit of unencrypted data passing through it. This includes every web page you visit, the e-mails you write, and even the instant messages you send.
Why would someone want to do this? Because if they listen to what you say long enough they are eventually going to capture a password or some personally identifying information that could prove useful to them.
Oh, and if that isn’t bad enough, once your laptop is connected to theirs, you have opened the door for them to scan all of the ports on your machine in the hopes of finding a security loophole. If they do find one, they could install a rootkit or some other malware on your machine, turning it into a mindless zombie under their control from now on.
So, the bottom line here is, don’t be randomly connecting to just any old network you see. You need to ensure that you are actually connecting to a wireless access point (you can even tell Windows to ONLY show WAPs), and that you have a software firewall installed (see my list of Top 50 Favorite Freeware for recommendations).
Edit: Thanks to Kim for pointing out that there were YouTube videos on this topic. I found these two which share a little more info. The first is from Chris Pirillo:
Next is from a local news channel:
 |
Get OMB via e-mail:
|
I use the "No Adverts for Friends" plugin by Donncha O Caoimh
Oh good little tip. I know about computer security a small amount, but it’s always good to remember simple tips like this. I like that I never know what to expect from your blog.
Yeah Derek, I like to keep you guys on your toes!
Yeah, thanks! This whole WiFi thing is a mystery for most of us, so were not savvy enough to know a scam from a freebie…. I guess we should subscribe to the notion that if it’s too good to be true (free internet), it’s not true!
I had actually been wondering about this for a while. A ‘free public wifi’ type thing appeared for me in my old apartment, and I (being clueless) assumed it was what it claimed to be. Fortunately I was never able to actually connect to it
It’s funny because in many cases the Free WiFi scammers are targeting the people who have the least money. Business travelers probably have a paid subscription to T-Mobile or something like that, so they don’t care about and wouldn’t use a free access point.
John
Scary thought that someone would do that, I read another article about this a while back about a guy who had this happen to him ina hotel lobby. There are also some Youtube videos out there where they demonstrate this so you know what to look for.
Kim:)
Thanks for that pointer. I added a couple of videos to give folks more information.
John
As far as I know, my Nintendo DS doesn’t support Adhock, and even if it would, I’d like to see the face of the guy who sniff my gaming packets :).
This is a classic man in the middle attack, it has been done for years, both on wireless and wired network. It is hard to detect those if you are not careful.
S.
Wow, I should have known this but didn’t.. thanks for the heads up John. I’d seen that option in the settings and ignored it until now.. There are several neighbors with unsecured and you never do know who you’re connecting to, that’s for sure!
I liked the first video, the funny thing was that AspiringGeek was in the chat. I own aspiringgeek.com….did he steal my name?!?!
Freaky, scary, technical, complicated stuff! Yikes! I think I’ve mentioned before, my dad just gifted me with a ThinkPad, and so this stuff has been on my mind a lot. So far, though - I’ve only used it for accessing the internet while in the office, with the router! Ha! Weak old router won’t let me leave the room! Ha! And I’ve thought of going to the town square coffee shop, but, haven’t made it yet. Kind of glad, though - because, it makes me so nervous.
(Second video no longer available.)
Ok, off to tell Windows to only show WAP’s.
Oh yeah! And the Nintendo DS can access the internet? Seriously? I didn’t know that….I’m sure my kids know, but, I guess you’d have to pay for it, so they haven’t even brought it up to me.
Although they continuously beg for Xbox Live access! NO! Not yet - I’m just not ready to go there with them yet.
Off topic again…sheesh! Some commenters!
Lisa,
Can you check the second video again? I’m able to see it, though it takes a couple of seconds for the video to start. Let me know if you are still having trouble accessing it!
John
Excellent for those of us not super familiar with wifi….I’ll remember to watch out for that little laptop icon, thanks John!
Good advices, like always. As new quite new to this I am happy to get all that information by The Man and the other geeks here. Thank you all to help me and getting way faster into the topics
Rhoody
This is likely part of an innocent virus or a “feature of Windows XP” depending on who you talk to. Essentially, a person affected has a beacon set to broadcast a peer to peer network called “Free Public WiFi”. Once a careless person tries to connect it then infects that system and they start broadcasting the same thing. The alternate explanation is that when XP (older version but guess what most people don’t patch their OS) connects to a network it retains that SSID and broadcasts it as a ad hoc network. And from there it spreads. A more detailed explanation is here.
This feature is yet another great reason to switch to a mac.
Thanks for the awesome advice! You most likely saved me some big bucks, I would have never picked up on that.
The safest way to work on computers is offline! When you unplug the cable, you are safe!
If you connect to the internet, I only trust a wired connection…. Yeah, I know it’s old fashioned, but I want to keep my data safe.
Video is fine now, John! Sorry I’m just now getting back in here!
sneaky, I was just at 2 airports this last week. I figured for sure there would be free wifi at the airports, guess I was wrong
hey john,
Amazing peice of advice. Seriously there r some people who can do anything just for the heck of it. Actually need to thank u for spreading the word & creating awareness .