Computer Crime Research Center

Heard of drive-by hacking? Meet drive-by spamming

'Warspammers' are taking advantage of unprotected wireless LANs to send out millions of junk emails The proliferation of insecure corporate wireless networks is fuelling the growth of drive-by spamming, a security expert warned on Thursday.

Speaking at the First International Security Users Conference in London, Adrian Wright, managing director of Secoda Risk Management, warned that junk emailers are taking advantage of unprotected wireless local area networks to bombard email users with unsolicited and unwelcome messages.

"These people simply drive up to a building armed with their pornographic email, log into the insecure wireless network, send the message to 10 million email addresses and then just drive away," said Wright.

A drive-by spammer would send spam by finding an unprotected SMTP port on a company's server and then sending email as if they were a legitimate user of the company's network. The mail server wouldn't be able to tell otherwise.

The ability to send spam through a company's network without its knowledge could allow the spammer to avoid bandwidth costs -- which can be substantial for tens or hundreds of thousands of emails. It also make sit much more difficult to trace the spam back to the spammer -- a useful tactic for those who send spam as a service for other companies and who may have been in trouble with the law. In April, the US Federal Trade Commission said Tuesday said it had busted dozens of alleged Web scammers in conjunction with law enforcement from six US states and Canada. And in July, six Korean Web sites were fined for bombarding Internet users with spam email. In Europe, a new directive that bans the sending of unsolicited commercial email should be in place some time next year.

What's more, many ISPs have no-spamming rules, which the drive-by spammer will be trying to avoid. A company that falls victim to a drive-by spammer could find itself cut off -- any messages sent by the spammer will appear to come from within the company's network, and the ISP will have no compunction closing down the connection until the problem is resolved.

Between 60 and 80 percent of corporate wireless networks are insecure, Wright warned, often because IT managers fail to change default settings when they install a wireless LAN. This has already led to the practice of wardriving, where people drive around cities looking for insecure wireless LANs, and warchalking, where hackers drawing a chalk symbol on a wall or pavement to indicate the presence of a wireless networking node.

Warchalking signals have been springing up in areas such as London and Silicon Valley over recent months. Opinion is split over how ethical the practice is.

Matt Jones, who invented warchalking, told ZDNet UK News recently that one advantage is that it alerts sysadmins to the fact their wireless network is insecure. "I have already had emails from some sysadmins who said they love the idea. Several even said they will print the symbols on a card and put it in their office windows," Jones said.

Detractors, though, have warned that warchalking could encourage malicious hackers to break into a company's wireless LAN with the intention of stealing or damaging corporate data. Wright's revelation about the existence of drive-by spammers has flagged up a new downside to warchalking.

Wright illustrated that warchalking is alive in remote locations as well as cities by producing a photo of a warchalking signal drawn on a buoy floating at sea. Wright explained that it is possible to get access to a wireless network at that point, because an ISP's point-to-point transmitter onshore is transmitting a high-speed wireless connection overhead.

Several wardriving exponents have been pictured using a Pringles carton to detect Wireless LANs. Wright told his audience that a recent competition to find the best wardriving antenna had been won by a can of meat stew.


Source: news.zdnet.co.uk

Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at 380-612-735-907
contacts@crime-research.org