170 likes | 322 Views
Hacking, Tracking, and Baiting Surveillance, Wardriving and Honeypot Technologies. Larry Korba Institute for Information Technology National Research Council of Canada. PST 2005 Workshop, October 12, 2005. Overview. Goal Wardriving Honeypots Other Surveillance Techniques Surreptitious
E N D
Hacking, Tracking, and BaitingSurveillance, Wardriving and Honeypot Technologies Larry Korba Institute for Information Technology National Research Council of Canada PST 2005 Workshop, October 12, 2005
Overview • Goal • Wardriving • Honeypots • Other Surveillance Techniques • Surreptitious • Organization • Conclusions
GOAL • Describe some “interesting” technologies related to surveillance, • and what to expect next • Raise privacy, responsibility, legal questions
Wardriving • In the News Wi-Fi Security Wakes Up to Reality June, 2005 Wardriving around town February, 2005 How vulnerable is Wi-Fi Authentication? November, 2004 Florida man charged with stealing WiFi signal July, 2005
Wardriving - Background • Wi-Fi: Wireless Fidelity • Wireless network communication (GHz range) • Wireless Access points provide bridge to Internet • Problems: • Network access through thin air • Wireless networks often configured without any security • Commonly used Wi-Fi security protocols broken • Looking for wireless access points is fun! • Using them is… illegal? Immoral?
Wardriving – Technologies • Antenna • PowerfulSensitiveWi-FiCards
Wardriving – Technologies • WEP 40 and 104 bit (+24 bit initialization vector = 64 bit/128 bit) • Poor implementation (2001), capture 5 million packets, attach IV in clear • Firmware improvements, then Korek 2004: WEP statistical cryptanalysis about 2 million packets required to break WEP • WPA Personal (WPA-PSK) Attack found in 2003, Tools appeared in 2004, WPA Cracker, WPAtty (Brute force, dictionary attacks on WPA-PSK four-way handshake (works on weak pass phrases) • Aircrack, WepLab, Airsnort, Kismet, Decrypt, among others (MAC address spoofing) # decrypt -f /usr/dict/words -m 00:02:2D:27:D9:22 -e encrypted.dump -d [RETURN] out.dump Found key: Hex - 61:6c:6f:68:61, ASCII - "aloha"
Wardriving: Results? • Coverage maps
Wardriving – Remedies • Security Enabled, WEP, WPA (Choose strong key) Change it regularly • Ensure admin password is enabled • Enable MAC address authentication • Use VPN access
Wardriving – Other Remedies • Conventional • Radius server • Security audit: Wireless AP detection, WEP/WPA strength testing, coverage mapping • Others • Antenna design • Shielding • Windows, Walls • Paint? Forcefieldwireless.com • Future • Better AP configuration (secure out of the box) • Intel range determination 1’ over 231’ • Mapping wireless: alternative to GPS (Microsoft) • WPA2 improvements? • Responsibility? Laws? Morality?
Honeypots New Gatesweeper firewall collects information about attackers • News Items… Skype Honeypot snares dirty IMers Wi-Fi ‘WarTrappers’ nab drive-by hackers Cops tempt crook with technology ‘Honeymonkeys’ find web threats Avoiding Sticky Legal Traps: Hackers have rights too! How can you deploy honeypots without running afoul of the law.
Honeypots – Background • Definition/Description/Origin • “An evening with Bereford: In which a cracker is lured, endured and studied” Bill Cheswick, 1991 • Any system resource whose value lies: in being probed, attacked, or compromised ; in unauthorized or illicit use of that resource • Don’t solve a particular problem, but contribute to Sec. Arch. • Not for prevention • Ineffective against automated attacks • Provide early warning, prediction • Discover new tools/tactics • Track behavior patterns • Develop forensic analysis skills • Low and High interaction types
Honeypots- Application • Capture low-hanging fruit • Network configurations • Emulation • OS with bugs • Open ports…
Honeypots – Spin-offs/Future • Further Honeypot/Honeynet development • Integrated, proactive 0-day security response • GHH: Google Hack Honeypot • Honeymonkey • Web spider (client) (unpatched XP) • Gathers malicious code hosted by web servers • Technology “traps” • Automobiles (Black Box and Bait)
Other Surveillance Techniques • Keystroke monitoring (Historical and present day (surreptitious screen shots, keystroke monitoring) • Trojans, rootkits, backdoors via web and email • Email monitoring • Metalincs • Smarsh • SpectorSoft • Instant Messaging • IMbrella • Global Relay • File usage • Network monitoring • Government Surveillance • Google! • Legal Issues remain!
The Bottom Line • Surreptitious monitoring and network access • There are many ways, There will be more • Who is responsible? What is the law? • Privacy protection? • Is there a “Reasonable Expectation for Privacy” in network related activities? • Entrapment? • Do possible network intruders have rights? • If you operate an open wireless access point are you offering a service? • Jurisdictional issues