JetBlue TrueBlue - Suspicious wi-fi at Long Beach

Long Beach has a free wi-fi access point labeled "ColorBroadband_South". It works fine.

However I also saw a "computer to computer network" labeled "Jet Blue hot spot". Note the space: not "JetBlue hot spot".

I suspect that someone with criminal intent has set up a laptop and labeled it "Jet Blue hot spot" in order to lure unsuspecting passengers to connect and then capture their user account and password information. Are my suspicions well founded or not?

Long Beach has a free wi-fi access point labeled "ColorBroadband_South". It works fine.

However I also saw a "computer to computer network" labeled "Jet Blue hot spot". Note the space: not "JetBlue hot spot".

I suspect that someone with criminal intent has set up a laptop and labeled it "Jet Blue hot spot" in order to lure unsuspecting passengers to connect and then capture their user account and password information. Are my suspicions well founded or not?

Sounds very suspicious to me. What you described is definitely doable.

There have been news reports of these. You might consider informing authorities at LGB.

Definitely report it...if you see something, say something. JetBlue would make sure their IT people did not use a space on their company name!

Report it! B6 has NO Wi-Fi at LGB.. THe person who made this Rogue AP, didn't even consider making it appear semi-legitimate, or cloning a real AP.. geesh (rolls eyes)

Give someone a call if you can.

This is also a good time to remind people to be very careful on every Wi-Fi network to closely guard personal information.

This is also a good time to remind people to be very careful on every Wi-Fi network to closely guard personal information.


There are several measure to take. Most importantly, anytime you transmit private information, make sure it is via SSL. Login only using SSL. If you work for a smaller business, insist on a VPN or Secured access where communication is encrypted on your laptop before reaching the net.

I just flew through JFK on May 4th and there were 2 of these "rogue networks" operating in the terminal ... "Jet Blue hot spot" and "Free Internet Access". I put in a "Speak Up" for it, maybe one of the JetBlue IT Guys can track them down.

I considered turning on Netstumbler and tracking them down to at least see who and/or where they were operating, but figured it might look a little fishy for me to be walking around the terminal in circles with an open laptop.

Interestingly, I got to work this morning and one of my users (I'm an IT Guy) had one of these networks configured on his PC ("Free Public Wi-Fi" was the network name)... he said he used it flying a legacy over the weekend ... thankfully the firewalls and VPN prevented anything back from happening to his PC or his information.

If interesting in the "Free Wifi Scam" there is a pretty good article here: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9008399

Also consider that when people attempt to manually set up wireless access connections they sometimes manually enter the SSID instead of having it auto-connect, which may explain the appearance of the extra network.

And if you're an IT guy you should disable the ability to connect to a peer-to-peer wireless network. That will give you infinitely better protection than hoping you can find the guys planning on stealing your data. Otherwise, connecting to any public wireless network is about the same level of (non-)security.

Also consider that when people attempt to manually set up wireless access connections they sometimes manually enter the SSID instead of having it auto-connect, which may explain the appearance of the extra network.

True ... anything is possible ... didnt think of that aspect.

And if you're an IT guy you should disable the ability to connect to a peer-to-peer wireless network. That will give you infinitely better protection than hoping you can find the guys planning on stealing your data. Otherwise, connecting to any public wireless network is about the same level of (non-)security.

Theres alot of things I would love to be able to do to lock down my users PCs but management refuses to allow it ... frustrating for sure ... every step towards locking them down is met with three steps back of "you cant do that". No matter how many times the security side of things is explained it gets repealed. I spent almost 2 years arguing to get approval to make users "standard users" on their PCs ... But I digress ...

I just flew through JFK on May 4th and there were 2 of these "rogue networks" operating in the terminal ... "Jet Blue hot spot" and "Free Internet Access". I put in a "Speak Up" for it, maybe one of the JetBlue IT Guys can track them down.

If interesting in the "Free Wifi Scam" there is a pretty good article here: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9008399

Just had a layover at JFK on Tuesday and could see the rogue networks, "Jet Blue hotspot" and "Free Public WiFi, on my Powerbook" (Both under Computer to Computer networks) The real hotspot name was "default", but the familiar WiFi hotspot acceptance screen came up and after accepting, it forwarded to JetBlue.com

I have had trouble accessing the hotspot on previous trips through JFK and CMH. (Although I think the CMH hotspot is their own and not JetBlue's)

http://blogs.techrepublic.com.com/hiner/?p=602 explains everything. This is a viral attack, not an on-site hacker. Click on the peer-to-peer network once and your PC is infected too. Check your list of preferred networks and delete Jet Blue hot spot if you find it there. The full list of these bogus network SSIDs includes:

* Free public Wi-Fi
* Free Internet!
* US Airways Free WiFi
* Thrifty
* Verizon Wi-Fi
* Megahoc.21
* Megahoc.v22
* Megahoc.v24
* hpsetup
* WIRELESS
* ETWireless
* ConnectionPoint
* Jet Blue hot spot
* Raisinet
* Wireless
* WIFI
* Wireless Canes
* Annies
* Ramada
* Default

http://blogs.techrepublic.com.com/hiner/?p=602 explains everything. This is a viral attack, not an on-site hacker.

This is hardly definitive and certainly doesn't explain everything. They skip over the part about where there is no evidence of anyone actually using the "viral" networks to actually pilfer data. Certainly having your system configured to connect automatically to unknown hotspots is bad and all that much more so for peer-to-peer networks. But that doesn't make it a virus. And to suggest that it is going to become a botnet is just ridiculous. How do they plan to harvest those many, many computers that have an SSID set in them? It isn't like a hacker can spontaneously establish a "Free Public Wi-Fi" access point in range of thousands of "compromised" laptops.

The only useful thing in that article is the link at the end for how to disable ad hoc networking (http://blogs.techrepublic.com.com/wireless/?p=210). The rest of it is ridiculous conjecture, but it makes for fun reading and I'm sure that the folks who published it will be having a good time at the Gartner conference selling their services to companies that could avoid the problem with a simple Group Policy setting to disable ad hoc networks.

I saw the same thing at JFK recently. I know to NEVER click on an Ad Hoc SSID. There was another AP SSID (default) that I clicked on and the browser brought up a welcome to Jet Blue WiFi screen. In any case I always use end-to-end layer 3 encryption.

Why the heck don't they give the name of the wifi connections names that can tell me if they are legit are not? JFK calls it default? As the OP mentioned I think LGB had something called ColorBroadband_South. I have gotten in the habit of either firing up my VPN or using my broadband modem when in public areas because you just don't know. They should put up signs or something.

Seriously, having a list of suspect SSIDs is having a list of terrorist's names.

You should be careful with any SSID.
Additionally, I wouldn't feel much safer with an SSID pointing to an access point instead of an ad-hoc (computer to computer) network. After all, the cost of an access point is cheap.

Additionally, when using WIFI, the server generally send you a DNS server address. This means they can send request to their server, rather than one you wanted, so you need to be careful the SSL certificate received is valid for the site you are trying to go to.

This is hardly definitive and certainly doesn't explain everything. They skip over the part about where there is no evidence of anyone actually using the "viral" networks to actually pilfer data. Certainly having your system configured to connect automatically to unknown hotspots is bad and all that much more so for peer-to-peer networks. But that doesn't make it a virus. And to suggest that it is going to become a botnet is just ridiculous. How do they plan to harvest those many, many computers that have an SSID set in them? It isn't like a hacker can spontaneously establish a "Free Public Wi-Fi" access point in range of thousands of "compromised" laptops.

The only useful thing in that article is the link at the end for how to disable ad hoc networking (http://blogs.techrepublic.com.com/wireless/?p=210). The rest of it is ridiculous conjecture, but it makes for fun reading and I'm sure that the folks who published it will be having a good time at the Gartner conference selling their services to companies that could avoid the problem with a simple Group Policy setting to disable ad hoc networks.

Umm Yea this does explain that attack. Are you saying its not true or are you saying that it just doesnt explain all of it.
-Butters

This is hardly definitive and certainly doesn't explain everything. They skip over the part about where there is no evidence of anyone actually using the "viral" networks to actually pilfer data. Certainly having your system configured to connect automatically to unknown hotspots is bad and all that much more so for peer-to-peer networks. But that doesn't make it a virus. And to suggest that it is going to become a botnet is just ridiculous. How do they plan to harvest those many, many computers that have an SSID set in them? It isn't like a hacker can spontaneously establish a "Free Public Wi-Fi" access point in range of thousands of "compromised" laptops.

The only useful thing in that article is the link at the end for how to disable ad hoc networking (http://blogs.techrepublic.com.com/wireless/?p=210). The rest of it is ridiculous conjecture, but it makes for fun reading and I'm sure that the folks who published it will be having a good time at the Gartner conference selling their services to companies that could avoid the problem with a simple Group Policy setting to disable ad hoc networks.

YES this does explain it. This is the attack. IDK what your reading....