Travel Technology - Warning? Fake wifi site PC EWR

I was at the EWR Presidents Club yesterday and registered three 'providers.'

PC Club and Concourse which seemed legit and a third one "Free Internet" which was a peer to peer network and I'm guessing was a trap for the unwary airport surfer.

I did not try to connect to 'Free Internet.'

Any comments?

Jim

We have a number of those here at work. I would guess they are all caused by people who don't understand the proper use of SSID and mistakenly set up their computer in peer-to-peer mode in a fumbled attempt to connect to a WiFi network.

I've never seen one of these that didn't reject all attempts to connect to it.

Nonetheless, configuring your machine to just not see peer-to-peer networks will make your life a little less complicated.

It's just somebody with peer to peer set up by mistake probably, we have some people here who manage to get their laptop into that mode.

It's probably niothing more then that, though of course, don't connect and try.

But why would they bother to name it 'free internet?'

Sounds fishy to me. Is connecting to an unknown peer to peer
network harmless?

Jim

Jim,

I've seen the same thing at many airports. I don't believe it is a phishing scheme but mistakenly set up peer-to-peer networks.

Jim,

I've seen the same thing at many airports. I don't believe it is a phishing scheme but mistakenly set up peer-to-peer networks.

I'm at a Marriott in the San Francisco area right now. One of the peer to peer networks my Laptop detects is called "O-Hare Airport Free Internet". Can you explain why that might not be a scam?

I'm at a Marriott in the San Francisco area right now. One of the peer to peer networks my Laptop detects is called "O-Hare Airport Free Internet". Can you explain why that might not be a scam?

I've seen computers that created a peer-to-peer network for the last access point they were on. I'm not sure why it happens, but it's entirely possible that someone connected to something called "Free Internet," and then their computer decided to create a peer-to-peer network by the same name when it could no longer find the real access point.

Next time you're on a decent sized plane, take a look at the available access points. There's a good chance there will be at least one peer-to-peer network called "concourse" or "linksys" or some other common AP name.

Thanks! My faith in humanity is restored!

But I'm still not clicking on any fishy looking networks.

Jim

But why would they bother to name it 'free internet?'
I'm going to have to say that it's a scam. Over at Bruce Schneier's site (www.schneier.com) I've read a number of comments from the computer geeks who post there who have uncovered free wireless scams like this. Airports are a great place to either do this or to set up a sniffer.

Sounds fishy to me. Is connecting to an unknown peer to peer
network harmless?
It can be dangerous. First, depending on your settings they may have access to files on your computer.

Second, if they're running a scam, they're probably connected to the Internet. So you'll connect to them, then have access to the Internet through their computer. Then while you're browsing without a care in the world, they'll be keeping a record of everything you do. Some stuff you do will probably be encrypted (which doesn't necessarily make it inaccessible). But most stuff you do is completely unencrypted; e-mail over POP and SMTP is generally unencrypted and thus freely readable.

Note that someone could also do the same thing by using a "sniffer" in your vicinity.

I'm going to have to say that it's a scam.

While I agree with Doppy that it is better to be cautious with peer-to-peer networks, I run a private WiFi network at my place of business. The SSID is not broadcast so perforce I have to give it to the individuals who will be accessing the network.

Over a few months time I would say that 4 out of 40 people ended up with a peer-to-peer connection advertised with my "private" SSID. These were not people remotely capable of sniffing packets or intercepting data.

The machines they were using did not automatically use the last connection SSID for peer-to-peer. They just magically set up peer-to-peer while floundering around trying to connect to a WEP-enabled private network.

That said, if someone -were- to set up a WiFi scam, an airport club would be a dandy place to do it. ^

I'm going to have to say that it's a scam.


Note that someone could also do the same thing by using a "sniffer" in your vicinity.

since most of the Airport WiFi are open(unencrypted), why would someone have to
setup a fake peer-to-peer network while they can simply sniff the open air?

Not questioning your comment.. but I'm looking for good reason....

since most of the Airport WiFi are open, why would someone have to
setup a fake peer-to-peer network while they can simply sniff the open air?

Not questioning your comment.. but I'm looking for good reason....
I suppose they wouldn't (though having the data go right through their computer would give them more and better access).

But what do you mean by wifi being "open"?

If you mean that it's unencrypted, then see my comments above. But if you mean free, then I'd have to say that's not my experience. I never seem to be able to find free wifi. If I were someone looking to set up a scam like this, airports without free wifi would be a good place to do so - it would increase the number of potential victims.

Actually, I think I know what is happening. XP caches all networks it's seen, so even though a network isn't around, XP will make you think it is. We had a long thread on this not so long ago. I've been in Tokyo picking up my home AP, and despite having "tweaked" my network I doubt it has that kind of range. Get yourself something like Netstumbler and scan for REAL networks. As said; my money is on cached network names you've scanned in the past. Stupid XP...

I suppose they wouldn't (though having the data go right through their computer would give them more and better access).

You have a point... but i'd be surprised if some one sitting there
physically would do this.
1 - either their MAC address/credit card/account info is logged
if they are accessing the internet via Airport based paid WiFi
2 - If they use their own CDMA/GSM/GPRS cards, their IPs are logged
on to the servers you access. (banks/CCs etc.)

unless its being done using some stolen identity.



If you mean that it's unencrypted, then see my comments above.
i was talking about unencrypted (i've made a note in my post)


I'm still think its the windows caching a state from a previous
free session. I've seen this happen before. Dont recall thre details though.

When I use an un-encrypted public WiFi, I do not use any services that use
clear text communication. Everything I use is SSL or SSH based. Someone
sniffing the network is not uncommon.. so its always good to be safe.

Actually, I think I know what is happening. XP caches all networks it's seen, so even though a network isn't around, XP will make you think it is. We had a long thread on this not so long ago. I've been in Tokyo picking up my home AP, and despite having "tweaked" my network I doubt it has that kind of range. Get yourself something like Netstumbler and scan for REAL networks. As said; my money is on cached network names you've scanned in the past. Stupid XP...

True, but it also correctly remembers them as being either ad-hoc or peer-to-peer.

From CNET - I don't believe anybody is running a scam, no more then the two people in our office who keep getting theirs set to HHONORS are trying to pretend they are a hilton

When a PC running Windows XP or Windows 2000 boots up, it will automatically try to connect to a wireless network. If the computer can't set up a wireless connection, it will establish an ad hoc connection to a local address. This is assigned with an IP address and Windows associates this address with the SSID of the last wireless network it connected to.

The machine will then broadcast this SSID, looking to connect with other computers in the immediate area.

The danger arises if an attacker listens for computers that are broadcasting in this way, and creates a network connection of their own with that same SSID. This would allow the two machines to associate together, potentially giving the attacker access to files on the victim's PC.

True, but it also correctly remembers them as being either ad-hoc or peer-to-peer.


but sometimes people just try different setting.. not knowing they
still have an SSID from aprevious connection.

There have been security warnings about people setting up fake wifi access points with "sign-up" screens that capture credit card numbers.

Other than that, I don't think there's much risk in connecting to a random SSID even if it's "fake"--as long as your computer has all the latest security updates. Just don't put your credit card in if you aren't familiar with the system being used.

but sometimes people just try different setting.. not knowing they
still have an SSID from aprevious connection.

Yes, but not just by clicking - you need to type in the SSID.

True, but it also correctly remembers them as being either ad-hoc or peer-to-peer.

Actually I have had mine change, from ad-hoc to peer-to-peer.
It may be a specific setting but it seems to happen with only a few of the many APs that I access. If I connect to one of those APs, then later when out of range, I get a pop up that says connected to "X SSID p2p network" (or something along those lines). Even when I am out of range of any network signal.

I would chalk it up to a mistake.


Otherwise, if you have all of your security updates updated and a firewall up and sharing disabled, why not connect and see if you can see THEIR files. :D

I tend to think that someone actually setting up a honeypot like this to scam people would tend to be very low, especially in an airport lounge... where, if I am not mistaken, there would normally be a record of who was there and at least when they arrived.
It would be better to setup something like this at a local Starbucks or some other public AP, like the library, etc.
I am just talking about this for research and informational purposes only of course.

You have a point... but i'd be surprised if some one sitting there
physically would do this.
1 - either their MAC address/credit card/account info is logged
if they are accessing the internet via Airport based paid WiFi
2 - If they use their own CDMA/GSM/GPRS cards, their IPs are logged
on to the servers you access. (banks/CCs etc.)
What if the person is just recording unencrypted POP3 e-mail? How likely is it that the victim is going to discover that this happened?

I agree that it's somewhat unlikely that you're going to be the victim of this.

I tend to think that someone actually setting up a honeypot like this to scam people would tend to be very low, especially in an airport lounge... where, if I am not mistaken, there would normally be a record of who was there and at least when they arrived.
An airport lounge is a better location depending on what you're trying to steal. Airport lounges are going to be filled with businesspeople. You could get good information from bankers and consultants e-mailing about deals or engagements. It doesn't have to be a 100% fulltime pro doing it either - it could be a guy who only does it while he's waiting for his flight.

The lounge visitor log would probably not be of too much help - what are the odds that you'll find out that someone was reading your e-mail?

This article and the comments posted below it are relevant here:

http://www.schneier.com/blog/archives/2005/11/sniffing_passwo.html

There have been security warnings about people setting up fake wifi access points with "sign-up" screens that capture credit card numbers.



A co-worker had this happen to him at EWR. Before he entered his credit card into, he got suspicious. The BA lounge rep stopped him just in time. ^ Who know what would have happened if he entered his credit card number.... :(