Wednesday, September 17, 2008

Misuse of wireless network to send terror email

Terrorists had allegedly used unsecured wi-fi networks to send terror emails to media and remained anonymous till date. Earlier terrorists were using cyber cafes to send terror emails but now they are exploiting wi-fi and tomorrow some other technology. Similar trend is being witnessed in other areas of information security. As the world catches on to the dangers of opening unknown e-mail attachments and better spam filters are created, the focus of attacks is turning to the web itself.[1] Trend Micro Incorporated, a global leader in Internet content security, reported that cybercriminals are not only leveraging new technologies to propagate cybercrime, but are also reinventing forms of social engineering to cleverly ensnare both consumers and businesses, according to the "Trend Micro Threat Roundup and Forecast 1H 2008" report.[2]

Is wi-fi technology is safe?

“The vulnerability is more in the negligence of the users of wi-fi rather than the technology itself” says Na.Vijayashankar, better known as Naavi, the well known Cyber Law Consultant in India. He was the author of the first book on Cyber Laws in India and a pioneer in the spreading of Cyber Law Education in the country.

The users are not taking sufficient measures to secure their wi-fi nor the service providers are take necessary steps to educate them on same. It is easier for users to secure its wired network because it is visible to them. This advantage is not available to wi-fi users. Naavi says, “The invisibility of the network users induces complacency. Psychologically, it is difficult for ordinary users to visualize that a person from out of our physical boundary may also have access to the device.” If this vulnerability of wi-fi is not plugged then the same can be misused by terrorists to send terror emails and remain anonymous as reported in the above mentioned two incidences.

How wi-fi works?

Wi-fi uses radio signals to connect and communicate with a hotspot and a PC or a laptop situated in a short distance of 100 to 200 feet in an office building, a university or even at homes. You can move around in a campus of university or an office without losing net connectivity.

When the hotspot is in open mode, it sends broadcast a message “I am available” in a vicinity of 100 to 200 feet and a laptop or a PC equipped with a wireless network receiver in this vicinity able to connected to the particular wi-fi and connect to net. One can access wi-fi network even from 800 feet by using an antenna. So if your wi-fi network is not secured then it can be misused by not only by your neighbours residing in your and nearby buildings but also by a stranger few streets away from your office or home.

Whereas in closed mode, the user sends a message “I want to connect with XYZ wi-fi hotspot”, which is responded by the hotspot “I am XYZ”. You can have additional security login id and password for connecting to wi-fi.

Wi-fi software faults make interception easier. Security Consultant Chris O’Ferrell has been able to connect to wireless networks in Washington D. C. from outside a Senate office building, as reported in “High Wireless Acts” by Noguchi. Y in Washington Post dated 28 April, 2002. Back home. Asian School of Cyber Laws recently conducted experiments near several software parks. The finding of the same was very shocking and reveals lack of cyber security. “The wireless networks of a whopping 90% of the software companies were leaking out sensitive information. A malicious hacker could easily sit in a parked car with a laptop; run some sniffing software and access huge mounts of sensitive data including source codes!” For more details refer Cyber Crimes Hit List – 2006 issued by Asian School of Cyber Laws and available on their website www.asianlaws.org.

Precautions to be taken by users to secure their wi-fi:

Keep wi-fi in closed mode rather than open mode.
Use a log-in id and password to access wi-fi and periodically change your password.
Use wi-fi protected access2 (WPA2), which more secured than wired equivalent privacy (WEP)
When you are not using wi-fi, switch off the same.
Check the audit trails of net sessions to ensure that all logs are properly recorded and not misused by unauthorized user.

Naavi warns all wi-fi users, including potential users, to avoid wi-fi if you cannot adopt the requisite security.


Footnotes

[1] For more details read article on “The new multiple face of Internet threats” available at http://www.canada.com/calgaryherald/news/story.html?id=1e082603-ec50-4b79-af5d-9996d1d39732
[2] Source: Trend Micro Incorporated


*********

Today(17-09-2008), I had secured a wi-fi network of my business associate…I feel great…although it is a drop in the ocean (an initiative to secure wi-fi networks in Mumbai)
Perils of wireless Internet

Recent blasts expose the safety gaps in cyberspace and underscore the need for smart vigilance.

R.K.Raghavan

It is the same old story again. As in the case of a few past blasts, such as the series of UP explosions (November 2007) and Ahmedabad (August 2008), terrorists involved in the five explosions of Delhi on September 13 sent e-mails to the media just a few minutes before the bombs took off, warning the authorities of their action. There are, however, several unexplained issues here. Published in The Hindu Businessline

Centre to issue guidelines to internet service providers (Article published in Hindu)


No comments: