Don’t trust that Wifi
This story begins with a warning. Wifi hotspots are everywhere, at the donut shop, at the mall, in your neighbourhood. But you should not connect to them and here’s why.
The back yard of my home is adjacent to a golf course. I often see golfers tinkering with their smartphones while on the Tee.
For fun, I decided to deploy a Wifi Access with good antennas, created an SSID called “Free Golf Wifi” without any access keys or encryption, then connected this AP to a hub, and then connected the hub to my firewall DMZ. I created firewall policies to allow only certain unencrypted protocols: DHCP, DNS, HTTP, FTP, POP3…etc.
On the Hub, I connected a laptop equipped with a packet sniffer, Wireshark, and created filtering policies to look for usernames and passwords.
You can probably see now what I was attempting to do and you are correct if you did. I was attempting to trick golfers to have their smart phones connect to my hotspot and check their emails. And they did…. loads of them.
I had no bad intentions, I didn’t want to exploit the security trap I just created, I just wanted to see how easy it was to do, and I was amazed by the amount of email accounts I gain information of.
This golf course is also a private club course and only wealthy and influential people golf there. This made their email account information even more valuable.
On the very the first day, I captured dozens of email accounts belonging to various people, two of them, I knew from being a well known lawyer in town and the actual mayor of the city. There must of been a golf tournament that day because many captured email account credentials were from big wigs in town. If I was a hacker with nefarious intentions or worked for an alphabet agencies, this would be easy picking from a fish barrel.
After running this trap for a week, I decided to tear it down, for obvious ethical reasons. In that week, I managed to capture hundreds individual email accounts username and their password. Some of the passwords used were ridiculously easy to guess. Example: “ferrari”. But capturing has nothing to do with guessing. Their password may have been 50 characters long, I would of captured it regardless.
Someone with nefarious intentions could easily exploit access to the email account to have other accounts password changed, on various websites and slowly gain control of that person’s life and finance. Fortunately, that’s not what. I joined the good side of the force many moons ago. Also, I built this Wifi trap 15 years ago, when people had their guards down and Free Wifi spots were a novelty.
Question of ethics
As I mentioned, I didn’t keep or exploit what I captured. One might say that I “hacked” into something, but they would be wrong. Each users, knowingly or not, connected to my device and I have the right to look at what kind of traffic flows on my network. But then again, I did built this to route external users into my trap. Where is the ethical line? As an ethical hack, I think this trap qualified. If I would have used the captured information to perform login attempts into the users accounts, I would have breached my own code of ethics.
The train to breach
Here’s another little story. My boss didn’t like to drive so he decided to go visit a client in another city using the train. He dragged me along for this meeting. While on the train, there was “free wifi” being offered. So, I connected my laptop to this free access point and started sniffing around the network.
To my amazement, security on this WIFI network was low and I could see the laptops of every other passengers on the train, many of them had enabled file sharing on their devices with absolutely no security. In other words, I had access to their hard disk.
So, as a gesture of good faith, I created a text file with a warning message, letting these people know that their laptop could be easily breached, and I uploaded this message and a .MP4 file of the movie “It’s a Wonderfull life” to the hard disk’s auto-startup directory of half a dozen people.
Next time they booted their laptop, the movie would begin and the warning message would pop-up, hopefully scaring them into disabling all the shares without privilege controls. I don’t want to label these people as idiot simply because they purchased technology and trust the manufacturer to provide adequate security. The manufacturer didn’t share their HardDisk on the network, they did!
What if one of these person was an important government employee, or a military officer, or a banker. Imagine the damage someone with bad intensions could easily do to their laptops: copy sensitive data, upload key logger, spread backdoor trojans…etc. This shows how easy hacking into someone’s device is when the owner of that device is illiterate when it comes to security. They blindly trust all of the device’s functionality without thinking twice about using them.
Every one think that they are protected against bad things. They pay their taxes, they have insurance, therefor, they should be ok. Wrong. You can easily turn someone’s life upside down and inside out by breaking into their little secrets stored on their laptop. Since cyber-crime has become a lucrative business, with big rewards and little to no consequences to the hacker, I can see why criminal hackers are so attracted to cyber criminality.
Conclusion
The two examples above happened a long time ago and had no consequences to the users because the integrity of their data was left intact. After a while, I gained enough knowledge and experience that today, I don’t have to break in devices to find out if it will work or not.
If you are using a network you don’t own or know, especially a WIFI network, someone will be looking at your data one way or another and just hope that person doesn’t have nefarious intention. Don’t use public wifi HotPots. Period.
This was my view.
Cheers and Beers.
