Upload
randolph-bradley
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
Hacking, Tracking, and BaitingSurveillance, Wardriving and Honeypot
Technologies
Larry KorbaInstitute for Information Technology
National Research Council of Canada
PST 2005 Workshop, October 12, 2005
Overview
• Goal
• Wardriving
• Honeypots
• Other Surveillance Techniques– Surreptitious– Organization
• Conclusions
GOAL
• Describe some “interesting” technologies related to surveillance,– and what to expect next
• Raise privacy, responsibility, legal questions
Wardriving
• In the News
Florida man charged with stealing WiFi signal
July, 2005
How vulnerable is Wi-Fi Authentication?
November, 2004
Wardriving around town
February, 2005
Wi-Fi Security Wakes Up to Reality
June, 2005
Wardriving - Background
• Wi-Fi: Wireless Fidelity– Wireless network communication (GHz range)– Wireless Access points provide bridge to
Internet
• Problems:– Network access through thin air– Wireless networks often configured without any
security– Commonly used Wi-Fi security protocols broken– Looking for wireless access points is fun!– Using them is… illegal? Immoral?
Wardriving – Technologies
• WEP 40 and 104 bit (+24 bit initialization vector = 64 bit/128 bit)
• Poor implementation (2001), capture 5 million packets, attach IV in clear
• Firmware improvements, then Korek 2004: WEP statistical cryptanalysis about 2 million packets required to break WEP
• WPA Personal (WPA-PSK) Attack found in 2003, Tools appeared in 2004, WPA Cracker, WPAtty (Brute force, dictionary attacks on WPA-PSK four-way handshake (works on weak pass phrases)
• Aircrack, WepLab, Airsnort, Kismet, Decrypt, among others (MAC address spoofing)
# decrypt -f /usr/dict/words -m 00:02:2D:27:D9:22 -e encrypted.dump -d [RETURN] out.dump Found key: Hex - 61:6c:6f:68:61, ASCII - "aloha"
Wardriving – Remedies
• Security Enabled, WEP, WPA (Choose strong key) Change it regularly
• Ensure admin password is enabled• Enable MAC address authentication• Use VPN access
Wardriving – Other Remedies
• Conventional– Radius server– Security audit: Wireless AP detection, WEP/WPA strength
testing, coverage mapping• Others
– Antenna design– Shielding
• Windows, Walls• Paint? Forcefieldwireless.com
• Future– Better AP configuration (secure out of the box)– Intel range determination 1’ over 231’
• Mapping wireless: alternative to GPS (Microsoft)– WPA2 improvements?
• Responsibility? Laws? Morality?
Honeypots
• News Items…
‘Honeymonkeys’ find web threats
Skype Honeypot sn
ares dirt
y IMers
New Gatesweeper firewall collects
information about attackers
Cops tempt crook with technology
Avoiding Sticky Legal Traps:
Hackers have rights too! How can you
deploy honeypots without running afoul
of the law.
Wi-Fi ‘WarTrappers’nab drive-by hackers
Honeypots – Background
• Definition/Description/Origin– “An evening with Bereford: In which a cracker is lured, endured
and studied” Bill Cheswick, 1991– Any system resource whose value lies: in being probed, attacked,
or compromised ; in unauthorized or illicit use of that resource– Don’t solve a particular problem, but contribute to Sec. Arch.
• Not for prevention
• Ineffective against automated attacks
– Provide early warning, prediction– Discover new tools/tactics– Track behavior patterns– Develop forensic analysis skills– Low and High interaction types
Honeypots- Application
• Capture low-hanging fruit
• Network configurations• Emulation• OS with bugs• Open ports…
Honeypots – Spin-offs/Future
• Further Honeypot/Honeynet development– Integrated, proactive 0-day security response– GHH: Google Hack Honeypot
• Honeymonkey– Web spider (client) (unpatched XP)– Gathers malicious code hosted by web servers
• Technology “traps”– Automobiles (Black Box and Bait)
Other Surveillance Techniques
• Keystroke monitoring (Historical and present day (surreptitious screen shots, keystroke monitoring)
• Trojans, rootkits, backdoors via web and email• Email monitoring
– Metalincs– Smarsh– SpectorSoft
• Instant Messaging– IMbrella– Global Relay
• File usage• Network monitoring• Government Surveillance• Google!
• Legal Issues remain!
The Bottom Line
• Surreptitious monitoring and network access– There are many ways, There will be more
• Who is responsible? What is the law?– Privacy protection?
• Is there a “Reasonable Expectation for Privacy” in network related activities?
– Entrapment?• Do possible network intruders have rights?
– If you operate an open wireless access point are you offering a service?
– Jurisdictional issues