Criminals Love Wireless Networking

1
Criminals Love Wireless Networking
2
Review Topics

• New technologies spawn criminal activity
• How files travel the Internet
• Bandwidth
• MAC addresses

3
New Topics

• Wireless networking
• Federal CAN Spam Act
• Encryption

4
Wireless LANs (WLANs)

• Wireless Local Area Networks
• Also known as Wi-Fi networks
• Send data through the air using radio waves

5
WLANs Advantages and Disadvantages

• Advantages
• Roaming capability
• No wire mess
• Disadvantages
• Low bandwidth (that is changing)
• Short distances
• Security concerns

6
Wireless NICs

• A PC needs a wireless network interface card
  (NIC) to use a WLAN.
• Each WLAN NIC has a unique MAC address, just like
  an Ethernet NIC.

7
Wireless Access Points

• An access point (AP) acts as a central hub for
  the WLAN infrastructure.
• The AP is wired to the cabled LAN.
• APs have antennae that provide wireless
  connectivity over a limited area.

8
Case Study Intruder Alert!

• In Spring 2003, network administrators at Lowe's
  Home Improvement detected intrusions into their
  network.
• They monitored the intrusions and gathered data.
• Then they called in the FBI.
• An FBI surveillance team staked out a Lowe's
  parking lot in Southfield, MI

9
Busted!

• In the parking lot, the FBI team spotted a white
  Grand Prix with suspicious antennas and two young
  men sitting inside.
• The car was registered to Mr. Botbyl, age 22.
• The 20 year old passenger, Mr. Timmins, was
  typing on a laptop.

10
Pizza and Movie, Anyone?

• Mr. Timmins checked his e-mail.
• After 20 minutes, the pair left.
• The FBI followed them to Little Caesar's, then to
  a local multiplex.
• While the young men took in a movie, Lowe's
  network security team poured over log files.

11
A Little Help From a Practiced Hacker

• Several months later, Mr. Botbyl returned to the
  Lowe's store with a new friend, Brian Salcedo,
  now 21.
• Mr. Salcedo was in the final weeks of a
  three-year probation for an earlier computer
  crime.

12
The Plot Thickens

• Lowes network admins determined the intruders
  had installed a virtual wiretap in a program
  that handles credit card transactions.
• Luckily the perpetrators were not able to access
  nationwide credit card files or get into
  corporate systems, although they did access six
  credit card transactions from one store.

13
Boys Will Be Boys

• Federal officials charged Timmins, Botbyl, and
  Salcedo with illegally penetrating and
  intentionally damaging Lowe's network system.

14
Plea Agreements

• Salcedo pleaded guilty to four counts
• Conspiracy
• Transmitting computer code to cause damage to a
  computer
• Unauthorized computer access
• Computer fraud.
• Maximum penalty of 25 years in prison.
• Prosecutors will recommend Salcedo serve about
  half that time.

15
Plea Agreements

• Botbyl pleaded guilty to one count, conspiracy,
  with a recommendation that he serve three years,
  five months.
• Charges against Timmins were dropped, and he
  pleaded guilty to a new charge of unauthorized
  access to a protected computer.

16
Case Study 2

• In September 2004, a Southern California man
  pleaded guilty

• To sending e-mail spam through unprotected
  networks

17
War Driving

• Nicholas Tombros admitted driving around Venice,
  California, searching for unprotected wireless
  networks -- an activity called war driving.
• He was using the networks to distribute
  unsolicited e-mail (spam) that advertised
  pornographic Web sites.

18
Jail Time?

• Tombros pleaded guilty to unauthorized access to
  a computer to distribute multiple commercial spam
  messages.
• He will be sentenced Dec. 6 and faces three years
  in prison.

19
CAN Spam Act of 2003

• Tombros was the first person convicted under the
  Federal CAN Spam Act.
• CAN Spam??

20
Cannot Spam!

• The word CAN in the so-called CAN Spam Act
  stands for Controlling the Assault of
  Non-Solicited Pornography and Marketing.

21
Who, me?

• Arguments that wireless hackers use
• How is this any different from using your porch
  light to read my newspaper?
• If you didnt lock down your network, youre
  inviting me to hack into it.
• Im barely using any of your bandwidth why do
  you care?

22
Wireless Security Concerns

• Confidentiality of data transmitted
• anyone can eavesdrop on airwaves!
• Integrity of data transmitted
• Theft of bandwidth
• Obnoxious uses of stolen bandwidth (e.g. for
  sending spam)
• Denial-of-service attacks

23
A Wireless Security Standard

• Wired Equivalent Privacy (WEP)
• Defined by IEEE 802.11
• WEP encrypts all data transmitted
• Users must possess the correct WEP encryption key
  that is also configured on the access point
• WEP is infamous for being crackable

24
Encryption

• The translation of data into a secret code using
  advanced mathematical techniques
• To read encrypted data, you must have access to
  the secret key that will let you decrypt it.
• Unencrypted data is called plain text.
• Encrypted data is called cipher text.

25
Encrypting Messages
26
Other Ways to Protect a WLAN

• Disable beacons which announce the name of the
  WLAN
• Users have to know the name
• Configure the access point to only allow certain
  MAC addresses
• Only allow NICs that you know about
• Works for corporations (though not Internet
  coffee shops)