Feeds

Wi-Fi honeypots a new hacker trap

War drivers beware

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

Hackers searching for wireless access points in the nation's capital may soon war drive right into a trap. Last month researchers at the government contractor Science Applications International Corporation (SAIC) launched what might be the first organized wireless honeypot, designed to tempt unwary Wi-Fi hackers and bandwidth borrowers and gather data on their techniques and tools of choice.

That the average wireless network is horribly insecure is common knowledge today; surveys of populous metropolitan areas consistently turn up hundreds or thousands of 802.11b access points inadvertently left unprotected from unauthorized use or eavesdropping by anyone within range. (This in addition to many that are deliberately open to the public, either commercially or by the generosity of their owners). But while conventional wisdom holds that hackers are enjoying a golden era of untraceable ingress into corporate networks across the country, nobody claims to know exactly how prevalent wireless hacking really has become.

That's where the Wireless Information Security Experiment, or WISE, comes in. Headed by former Air Force computer security investigator Rob Lee, now an SAIC chief of information security operations, WISE hinges on an 802.11b network based at a secret location in Washington D.C. and dedicated to no other purpose than being hacked from nearby.

The network has five Cisco access points, a handful of deliberately vulnerable computers as bait, and two omni directional high-gain antennas for added reach to the nearby streets and alleys. On the back-end, a logging host gathers detailed connection data from the access points, while a passive 802.11b sniffer with a customized intrusion detection system acts as a hypersensitive trip wire. Like conventional honeypots, the WISE network has no legitimate users, so anything that crosses it is closely scrutinized.

The goal, says Lee, isn't to set up D.C. hackers for prosecution, but to research the state of real life wireless hacking in a city considered by many to be a hot spot for laptop-toting cyberpunks. Lee hopes to learn who's conducting 802.11b attacks, how many hackers use wireless access to anonymize attacks on other Internet-connected systems, and what the ratio is between intruders, and those who simply drop onto nearby networks for convenient Internet access, sometimes unknowingly. Ultimately, Lee would like to be able to passively identify the various scanning tools hackers and others use to find vulnerable wireless networks. "There may be signatures that they give off that could be incorporated into a wireless intrusion detection device looking for these active signals," says Lee.

Determining Intent a Challenge

The SAIC honeypot went operational on June 15th, and so far hasn't pulled in anything particularly nefarious: a single ping sweep of the bait machines, and a few people trying unsuccessfully to surf the Web. The WISE network doesn't yet have an Internet connection, but Lee plans to hook one up through a Web proxy that will intercept outgoing connection attempts and present a consent-to-monitor banner, so he can legally watch how the Internet link is used.

Despite the tepid findings so far, the hacker trap is generating enthusiasm in the honeypot community, and may spawn similar projects in other cities.

"He's taken an idea and really run with it like hell," says Lance Spitzner, founder of the Honeynet Project. "He's gotten a lot of high-end gear so he could cover a wider area, and he's come up with a lot of really neat ideas... And he's basically operating in one of the best cities to put up a wireless honeynet."

Peter Shipley, the security researcher who coined the term "war driving" over a year ago to describe the practice of cruising city streets in search of wireless networks, says he thinks wireless honeypots can produce interesting results, but that it could prove impossible to accurately differentiate between deliberate intruders and ordinary users accidentally dropping into the network. "The statistics are not going to be black and white" says Shipley. "They're going to be iffy and there's going to be a lot of speculation involved."

Of course, unlike Internet-based honeypots, anyone detected on the WISE network will be located within a few blocks of the trap, perhaps parked in a car or sitting on a bus bench. Despite the opportunity, Lee says he doesn't plan to train video cameras on the street, or to physically confront hackers. But he may add other wireless technologies to the system, like 802.11a or Bluetooth, to widen the net. "Right now we're focusing on 802.11b," he says. "This might expand."

© 2002 SecurityFocus.com, all rights reserved.

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.