But the amazing thing is what Z/Yen and its client, RSA conclude: that the 25% of the people who deliberately associated with the network were ‘malicious,’ and that the 71% who sent email were sending spam. This is such a transparently, deliberately (heh) stupid conclusion, it boggles the mind: how can ‘deliberate’ equate to ‘malicious?’ How can ‘sending email’ equate to ‘sending spam?’
So in other words, there were 2 honeypot access points, left open for 2 weeks in the City of London.
25% of the people who connected to the APs, did so deliberately (whatever that means — see below).
Then, 71% of those people sent mail. Not spam: no ‘make money fast’, no ‘URGENT ASSISTANCE’ etc.; they just hit the ‘Send / Receive’ button in Outlook.
But obviously Z/Yen and RSA felt the need to spice things up a bit, so:
s/accessed WLAN deliberately/accessed WLAN maliciously/
s/sent mail/sent SPAM/
s/read slashdot/ate babies/
OK, I made that last one up. But I would not be surprised.
Some more digging reveals that the report in question is now up on the RSA UK website (it wasn’t yesterday), and can be downloaded here (PDF) . It’s 5 slim pages written by Phil Cracknell, of CISSP (Cracknell Information Systems Security Partnership), who has a history of spreading WiFUD, it seems. The report leads with
The many wireless security surveys … do not actually show how real the threat of wireless hacking is. Less dramatically, they do not show the threat of someone using your network for non-malicious use (theft of service).
Sheesh. He forgot to mention the bit about operating a wireless network without switching on any security features.
Also, there’s no explanation of what the difference is between a ‘deliberate’ and ‘accidental’ connection. As far as I can tell, an ‘accidental’ connection is one where the user disconnected reasonably quickly; there’s no indication that any of the connections were caused by anything other than Windows XP’s ability to associate with any network it can find within range.
It then goes on to scare-monger about the use of ‘exterior chalk markings’, noting that ‘you will be found and your networks will be used/attacked’.
So, in other words, the paper says:
if you run an open WiFi AP, people will use it to send/receive mail, and possibly surf the web.
this is Bad
people may draw nerdy things with chalk on the pavement outside, which will Make It Worse
And there’s two things to pick up from it:
this Phil Cracknell guy is really short of clients
It’s amazing how scare-mongering a 200-word report can become, when it’s bad to start with, and then filtered through 3 layers of PR gibbons and crappy journos who don’t have a clue what it’s on about
One good thing to come out of it: the term WiFUD, perfect for the next Phil Cracknell escapade.