Drive-by Spamming
Vulnerable Wireless Systems and Spam
War spammers are taking advantage of unprotected wireless LANs to send out millions of junk emails...possibly involving You!The proliferation of insecure corporate wireless networks is fuelling the growth of drive-by spamming, a security expert warned on Thursday.
At the First International Security Users Conference in London, they warned that junk emailers are taking advantage of unprotected wireless local area networks to bombard email users with unsolicited and unwelcome messages.
These people simply drive up to a building armed with their pornographic or other email, log into the insecure wireless network, send the message to 10 million email addresses and then just drive away.
A drive-by spammer would send spam by finding an unprotected SMTP port on a company's server and then sending email as if they were a legitimate user of the company's network. The mail server wouldn't be able to tell otherwise.
The ability to send spam through a company's network without its knowledge could allow the spammer to avoid bandwidth costs - which can be substantial for tens or hundreds of thousands of emails. It also makes it much more difficult to trace this spammer. A useful tactic for those who send spam as a service for other companies and who may have been in trouble with the law.
In April, the US Federal Trade Commission said it had busted dozens of alleged Web scammers in conjunction with law enforcement from six US states and Canada. And in July, six Korean Web sites were fined for bombarding Internet users with spam email. In Europe, a new directive that bans the sending of unsolicited commercial email should be in place some time next year.
Many ISPs have no-spamming rules, which the drive-by spammer will be trying to avoid. A company that falls victim to a drive-by spammer could find itself cut off at no fault of their own! Messages sent by the spammer will appear to come from within the company's network, and the ISP will have no compunction closing down the connection until the problem is resolved.
Between 60 and 80 percent of corporate wireless networks are still possibly insecure, often because IT managers fail to change default settings when they install a wireless LAN. This has already led to the practice of wardriving, where people drive around cities looking for insecure wireless LANs, and warchalking, where hackers drawing a chalk symbol on a wall or pavement to indicate the presence of a wireless networking node.(You might want to Check Your Building!)
Warchalking signals have been springing up in areas such as London and Silicon Valley over recent months. Opinion is split over how ethical this practice is.
The inventor warchalking said that one advantage is that it alerts system administrators to the fact their wireless network is insecure. Some security administrators love the idea, and consider the knowledge helpful.
Detractors, however, warned that warchalking could encourage malicious hackers to break into a company's wireless LAN with the intention of stealing or damaging corporate data.
This 'warchalking' is indeed alive in remote locations as well as cities by producing a photo of a warchalking signal drawn on a buoy floating at sea. It is indeed possible to get access to a wireless network at that point, because an ISP's point-to-point transmitter onshore is transmitting a high-speed wireless connection overhead.
Several wardriving exponents have been pictured using a Pringles carton to detect Wireless LANs. Apparently, "the best wardriving antenna" had been won by a can of meat stew.
You will find much more on this topic at WorldsLargestNetwork.com
| |||||||
 | |||||||
| |||||||
| |||||||
| |||||||
|
WorldsLargestNetwork.com
