While on a walk outside my office building I recently discovered several open wireless access points. My IPAQ equipped with a wireless PC card, picked up several available wireless networks. The networks are not any from my office (we dont use wireless just for security reasons like this).
With a little work (very little) i was able to access and view their entire network, use their internet gateway, and view available printers and shares.
My moral issue is... being an IT manager myself, i know if i had a security breach this obvious i would want it brought to my attention (if i ever had one this obvious i would lose my job). So, should i track down the offending network admins and let them know that they are broadcasting their access point and that i was able to "hack" them quite easily? In doing so losing my "free" wireless internet access, or should i look the other way and let them find out the hard way?
I think i know my answer, just wondering what others would do?

I think you do already know the answer considering your statement as to what would happen if you let such a security breach happen in your company.

I think the right thing to do is to make at least an effort to find out what company is doing it.

I also believe it's illegal to access and use their internet access - even though they have it broadcast.

There are many consulting companies that do this as part of their offered services. I can't remember what it's called exactly, but it's the WiFi equivalent to ethical hacking.

I'd let them know. If you're worried about their reaction, you could call from a public phone and just leave a "tip" with their main number. I'd like to think anyone would want to know, but this would cover you off just in case you get the exception.

Even though your intentions are completely honorable, I agree that you should try to contact this company as anonymously as possible. You never know when somebody might try to accuse you of doing something illegal (especially if s/he is faced with getting in trouble for leaving the access open).

Thanks for the advise... and yes i knew long before i wrote the message that i was going to tell them, but i am glad i did write it because each of you brought up a point that i didnt even consider... the ramification on ME... yeah i'd be losing an access point... but its about time i got my own wireless set up anyway... more-so the issue of them accusing me of "hacking"...

If i was in their shoes... i would be glad to know someone with morals was letting me know of problem, but the more i think of it, the more i think i would end up getting defensive if someone said i did something wrong, and yes i would probably end up accusing them.

Thanks again... I know exactly the companies involved and will drop them at "tip".

Actually this brings me to another point... wireless is so common, yet it seems that people just plug it in and forget to lock it down. Are most wireless access points open by default... shouldnt it be locked by default?

I have setup our access points at multiple company sites and only MAC addresses registered to the access point can gain access to our network. We use 128 Bit WEP Encryption on top of that. Additionally, access to a network directory would require a login and password.

It's a bit of a pain keeping track of the MAC addresses, but it is very secure.

just make a printout on one of their shared printers saying "I have h4x0red j00"

My thoughts? Don't tell them unless it's extremely anonymously... too much liability on your part, or don't tell them at ALL. If companies are dumb enough to leave themselves exposed, that's their problem, not yours. Oh yeah, and I wouldn't use their access any more, either.

I do kind of like the idea of printing stuff on their printers, though. :wink:

Well, you could print "BTW - your wireless network is unsecured. Thought I'd let you know. -- A friend" on all the printers....

...and address it to "Director of I.T." :)

...or address it to "CEO", and then they'd have a new Director of I.T.! :lol:

just make a printout on one of their shared printers saying "I have h4x0red j00"

Or better yet, every single printer they have!

To be honest with you, I think if you went in and asked for the person in charge of the company's network, and explained that you stumbled onto his wide open network, he/she would be greatful for the info (and I doubt would come after you for anything in a courtroom). And who knows, sometime down the road the person on the other side of the desk for your next interview could be that very person...

You never know!!! :wink:

Steve

You can definately get arrested (http://www.theregister.co.uk/content/55/26397.html).

I believe he was aquitted.

It's not your problem if someone's idiot enough to create a Wifi lan and not secure it. But it will become your problem if the sys admin is also idiot enough to claim that you "hacked" into the network and refer your friendly notification to the company's legal rep. In Mr. Idiot's case, he may even be bound to take action, either to cover his ###, or by direct instructions. Regardless of the ethics, you're dependent on the honorable ethics of someone you haven't met. Also: what if someone else goes in and deletes a share, messes with a printer, causes trouble ... and your friendly notification follows on the heels of this mischief, out of coincidence.

OTOH. If you suspect that it's an accidental opening, not a "sharing is caring" situation, you would be on solid ethical ground NOT to use it. Not to poke around. Leave it alone.

IMHO, the DMCA and recent court actions are making it a really questionable endeavor to innocently investigate how to do something, or (as in your case) simply investigate to see whose network you stumbled upon. If I were in your shoes, I'd let it be.

Perhaps I am just being a bit naive, but I would think that anyone that would make the effort to help a company and go in and tell the powers that be that they are broadcasting corporate info unprotected, would be thanked, especially if you are not asking for anything. I guess it must be the ex-boyscout in me :mrgreen:

Do unto to others as you would have done unto to you.

I believe a more apt quote would be:

No good deed goes unpunished.

Personally, i think the shared printers are the safest option. It will alarm the people in the building, and you can't be tracked down that easily, in case the other side is less friendly. I can think of situations (just after they have been attacked for example) that people might react allergic to friendly people telling them they've been on your network.

I must say, i've seen some documentaries in the Netherlands about this. 90% of the hacked companies were not aware of the situation, but were endangered by idiotic employees having a WiFi card inserted in their laptop. If i was an IT-manager, i would like to know that...

I would keep a list though, and repeat the message after a few days if they havent resolved it. If you are really friendly, you can even leave some guidelines for how to resolve the problem....

Jaap

Personally, i think the shared printers are the safest option. It will alarm the people in the building, and you can't be tracked down that easily, in case the other side is less friendly.

I would tend to think that this approach would alarm them to the point that they would try to track the person and go after him/her...

If you can't just talk to them, send an anonymous snail mail message to the LAN/WAN manager and tell them what is going on. Unauthorized use of their network to tell them they are hacked will only lead to trouble (IMHO)...

Steve

I have setup our access points at multiple company sites and only MAC addresses registered to the access point can gain access to our network. We use 128 Bit WEP Encryption on top of that. Additionally, access to a network directory would require a login and password.

It's a bit of a pain keeping track of the MAC addresses, but it is very secure.

I don't want to get too far afield into wireless security, but these provide little or no real security beyond a false peace of mind. The flaws in WEP are in the key management and IV exchange, not the length of the key. 128bit WEP is no more secure than 40bit WEP. Freely available software such as *** or *** can brute-force a WEP key.

Tools like *** allow an attacker to forge a valid MAC address to the access point, or insert themselves between a valid user and the access point. The PowerPoint slides on that site show how truly insecure wireless networks can be.

Real wireless security involves the client and the access point authenticating each other, using a protocol such as EAP-TLS. Once the client is authenticated, some type of strongly encrypted tunnel such as IPSEC should be used to provide data privacy,

False wireless security is easy. Real wireless security is difficult.

***URL's removed by moderator 3/8/03 20:37 EDT

Should we really be posting links to hacker software here?

Anyway yeah anyone who's really determined and knowledgable can hack in anywhere; but that doesn't mean that we have to make it easy for them. And the VAST majority of people out there are NOT that knowledgable or determined, so you will be safe from Joe Ipaq with a sniffer looking for a free connection.

BTW anyone see Angel last night? With the PALM that could hack into any wireless device within 100 feet? Damn!

I agree. You can't protect your house against a very determined hacker. However, i am able to protect my network against the boy next door, just trying to free himself from the restrictions his father set on their router..... I think you can determine the effort needed to break in, and in my opinion, simple measures (like MAC-level adressing and WEP) are simple to implement, and create a good first line of defence.

Jaap

Should we really be posting links to hacker software here?

Anyway yeah anyone who's really determined and knowledgable can hack in anywhere; but that doesn't mean that we have to make it easy for them.

links removed...

Steven Cedrone
Community Moderator

Should we really be posting links to hacker software here?

Anyway yeah anyone who's really determined and knowledgable can hack in anywhere; but that doesn't mean that we have to make it easy for them. And the VAST majority of people out there are NOT that knowledgable or determined, so you will be safe from Joe Ipaq with a sniffer looking for a free connection.


Then would commercial software that performs the same function be acceptable? Network Associates Sniffer (http://www.sniffer.com/products/sniffer-wireless/default.asp?A=3) andSniffer PDA (http://www.sniffer.com/products/sniffer-wireless-pda/default.asp?A=3) (which runs on an iPAQ) perform the same functions. ISS (Internet Security Solutions) offers a wireless scanner (http://www.iss.net/products_services/enterprise_protection/vulnerability_assessment/scanner_wireless.php) also, as do numerous other companies (@stake, counterpane. A quick google turned up another 15 commerical tools and services of one form or another. Airjack, mentioned in my previous post, was released at BlackHat, a top-ranking security conference. Airsnort was derived from cryptographic research performed by 3 experts (including Adi Shamir, the 'S' in 'RSA'), and presented to the IEEE.

These are not hacker tools. They are tools that anyone with an interest in wireless security needs to be aware of and familiar with.

Protecting your wireless network is not just as simple as keeping your neighbors kid off (altho $5 says the kid knows these tools asl well). If you run wireless at work, there are data privacy issues involved (such as my industry, financial services), protection from disgruntled or terminated employees. At home, your wireless network could be used for spamming, as a jump-off point for DDOS attacks, or even be against your ISP's Acceptable Use Policy.

I'm sorry if this post sounds heated, but as a security researcher, this topic is one I am passionate about. I'll refrain in the future from posting URLs to any software not hosted at a .com from now on.

My moral issue is... being an IT manager myself, i know if i had a security breach this obvious i would want it brought to my attention (if i ever had one this obvious i would lose my job). So, should i track down the offending network admins and let them know that they are broadcasting their access point and that i was able to "hack" them quite easily? In doing so losing my "free" wireless internet access, or should i look the other way and let them find out the hard way?
I think i know my answer, just wondering what others would do?


I saw you should track those guys down and let them know what is going on. If it were you, im sure you would be very greatful if some one came to you and helped you out. You never know...maybe they can cut you a slice of bandwidth for saving their job :)

I totally cannot believe that the links were taken down to "hacker" software when just last week a free sniffing tool was on the front page. That is some ridiculous crap.

That is some ridiculous crap.

Whatever... :roll:

Legitimate software used by networking professionals, feel free to post...

Software used to crack WEP, Spoof MAC addresses, etc: while we all know it's available, don't post links to them here...

If you want to continue this conversation, PM me...

Steve

I dunno, I thought there was probably a difference between something that's used to sniff a signal and something that's used to "brute-force a WEP key". Course that's just me though.

I would hope that most people are resonable and if you contacted the IT admin and let them know of the problem they would be greatful.

Then maybe you could ask for a password to do your lunch time surfing. :lol: :lol: