[ISN] Heard of drive-by hacking? Meet drive-by spamming

From: InfoSec News (isnat_private)
Date: Thu Sep 05 2002 - 23:24:15 PDT

  • Next message: InfoSec News: "[ISN] Are hackers accessing your company via your PBX?"

    Forwarded from: "eric wolbrom, CISSP" <ericat_private>
    5th September 2002 
    Graeme Wearden
    'Warspammers' are taking advantage of unprotected wireless LANs to
    send out millions of junk emails
    The proliferation of insecure corporate wireless networks is fuelling
    the growth of drive-by spamming, a security expert warned on Thursday.
    Speaking at the First International Security Users Conference in
    London, Adrian Wright, managing director of Secoda Risk Management,
    warned that junk emailers are taking advantage of unprotected wireless
    local area networks to bombard email users with unsolicited and
    unwelcome messages.
    "These people simply drive up to a building armed with their
    pornographic email, log into the insecure wireless network, send the
    message to 10 million email addresses and then just drive away," said
    A drive-by spammer would send spam by finding an unprotected SMTP port
    on a company's server and then sending email as if they were a
    legitimate user of the company's network. The mail server wouldn't be
    able to tell otherwise.
    The ability to send spam through a company's network without its
    knowledge could allow the spammer to avoid bandwidth costs -- which
    can be substantial for tens or hundreds of thousands of emails. It
    also make sit much more difficult to trace the spam back to the
    spammer -- a useful tactic for those who send spam as a service for
    other companies and who may have been in trouble with the law.
    In April, the US Federal Trade Commission said Tuesday said it had
    busted dozens of alleged Web scammers in conjunction with law
    enforcement from six US states and Canada. And in July, six Korean Web
    sites were fined for bombarding Internet users with spam email. In
    Europe, a new directive that bans the sending of unsolicited
    commercial email should be in place some time next year.
    What's more, many ISPs have no-spamming rules, which the drive-by
    spammer will be trying to avoid. A company that falls victim to a
    drive-by spammer could find itself cut off -- any messages sent by the
    spammer will appear to come from within the company's network, and the
    ISP will have no compunction closing down the connection until the
    problem is resolved.
    Between 60 and 80 percent of corporate wireless networks are insecure,
    Wright warned, often because IT managers fail to change default
    settings when they install a wireless LAN. This has already led to the
    practice of wardriving, where people drive around cities looking for
    insecure wireless LANs, and warchalking, where hackers drawing a chalk
    symbol on a wall or pavement to indicate the presence of a wireless
    networking node.
    Warchalking signals have been springing up in areas such as London and
    Silicon Valley over recent months. Opinion is split over how ethical
    the practice is.
    Matt Jones, who invented warchalking, told ZDNet UK News recently that
    one advantage is that it alerts sysadmins to the fact their wireless
    network is insecure. "I have already had emails from some sysadmins
    who said they love the idea. Several even said they will print the
    symbols on a card and put it in their office windows," Jones said.
    Detractors, though, have warned that warchalking could encourage
    malicious hackers to break into a company's wireless LAN with the
    intention of stealing or damaging corporate data. Wright's revelation
    about the existence of drive-by spammers has flagged up a new downside
    to warchalking.
    Wright illustrated that warchalking is alive in remote locations as
    well as cities by producing a photo of a warchalking signal drawn on a
    buoy floating at sea. Wright explained that it is possible to get
    access to a wireless network at that point, because an ISP's
    point-to-point transmitter onshore is transmitting a high-speed
    wireless connection overhead.
    Several wardriving exponents have been pictured using a Pringles
    carton to detect Wireless LANs. Wright told his audience that a recent
    competition to find the best wardriving antenna had been won by a can
    of meat stew.
    eric wolbrom, CISSP			Safe Harbor Technologies
    President & CIO				190 Goldens Bridge Ct.
    Voice 914.767.9090 ext. 6000		Katonah, NY 10536
    Fax   914.767.3911				http://www.shtech.net
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Sep 06 2002 - 02:31:08 PDT