“Information is power” has remained a common phrase in the professional world for many decades, and this holds true in the field Computer Science and its safety protocols known as Wireless Security. Wireless Networking aims to connect devices and people in order to create a network where information can be transmitted and traded at high speeds. This networks, often called communities, in turn develop into: commerce, self-help, sharing, and many other possibilities wireless networking provides. However, nothing in life is free, and so the use of these tools come at a price. While the purpose behind networking is to promote the use of high-speed transmissions of information, some people take advantage of this and use it for negative purposes. This freedom provides users with networks where they can trade or share illegal and immoral information, and sometimes even worse when information is stolen from an unknowing user for extended periods of time. This is what is most commonly referred to as hacking. The purpose of this paper regarding wireless security is to present the different sides of hacking, and to show the vulnerability that regular civilians face when using wireless security protocols with little information. To prove so, this paper will address the multiple possibilities of a single type of hacking: A Man in the Middle Attack with Pineapples.
Recently, hacking has become more popular for the public, even more so after news outlets started signaling the possibility of Russian hacking in the recent United States elections. Before believing at face value every headline between the political atmospheres, it is necessary to first describe and understand what hacking is exactly and how it works. According to Merriam-Webster Dictionary , hacking is defined as “ a person who illegally gains access to and sometimes tampers with information in a computer system.” (citation https://www.merriam-webster.com/dictionary/hacker ) But has anyone read an article on a major newspaper describing the process behind hacking and what hackers do with information? Well, this paper aims to describe the process in the most simplest term in order to provide a way to be understood by any person. However, before describing the negative uses of hacking, one cannot do so before stating that there are many reasons behind hacking. And not all of them are related to theft or immoral activities. As we experience developments in the software field, this generation has become witness to a rise of rogue activist groups that support their humanitarian causes through a display of great hacking skills and leakage of confidential information to the public. Unlike the stereotypical perception of hacking, this hacking is done in order to support causes for the greater good of society such as: against governmental regulations for the internet, against pedophile rings, and to alleviate the grasp for control over the internet and public media outlets. One of the most popular groups to have public support is the group called Anonymous. They have made their presence known to many of their foes by taking down their websites, and recently they took aim at the dark web. The dark web is a barely regulated network where you can find anything from drugs, weapons, and basically any services money can purchase. Anonymous latest attack in the dark web was focused on taking down 20% of the dark web (10,000 pages) after finding more than 50% of the server contained child pornography. (Citation http://www.telegraph.co.uk/technology/2017/02/06/anonymous-knocks-20pc-dark-web-offline-campaign-against-child/ ) This type of crusades have earned Anonymous with support and admiration, but the potential behind their tools should be considered a neutral threat. The internet is a tool that provides the user with an infinity of possibilities, but the use of the tool relies on the person. This means that ultimately, whatever the purpose behind the creation of a tool, it is up to the person to decide if his use of the tools is harmful or not. Now that we have provided an example that shows one of the positive reasons behind hacking, it is proper to discuss the negative side of hacking, how it works and describe the type of motives behind this.
There are many types of hacking protocols, and different ways to obtain information from another person of computer. This paper will promptly address the most common forms of hacking and how they affect regular people. One of the first social viruses to spread and steal information was spread through the use of emails. This virus, called Win 32.5 by Matt Larose first downloaded its malware into your computer, obtained personal information from your files that was transmitted to the hacker, and later spreads through other email contacts. The information that hackers target varies from: passwords, credit card information, browser history and other personal information (citation http://cse180c1.wikispaces.com).
If history serves as evidence, the latest prefered form of hacking is done through DDoS attacks. DDoS stands for Distributed Denial of Service, and it works through the weight of multiple devices connected focused on a single network or infrastructure. Usually, hackers create this network by connecting small-insecure devices such as cell phones, toys or other electronic devices, called netbots that function as a zombie army. This devices are then redirected into flooding the server traffic. After being unable to handle the heavy load of connections, the infrastructure of the network crashes. While sometimes attacks are directed at a single website, sometimes hackers address companies that provide server/network services to multiple companies, thereby harming multiple organizations with a single attack. One of the latest attacks to be discovered was the WannaCry ransomware outbreak that occurred in May 2017. This attack affected 150 different countries in areas ranging from hospital care to daily activities. While most of the controversial hacks commonly have a goal in mind, such as stealing credit card information, this attack is different in this regard.
What makes this attack even worse is best explained by Hutchins on Wired magazine as he states “They’ve obviously got no financial incentive. They’re not the ransomware developers. They’re just doing it to cause pain.” (citation https://www.wired.com/2017/05/wannacry-ransomware-ddos-attack/ ) . This means that hacking has evolved into a different arena and become a source to show off tech skills, or to hack a person/institution for the thrill of it. While hackers might consider hacking a fun hobby, it is a hobby with potential for danger. A clear example of this is the 1994 attack to the Pentagon by Matthew Bevan and Richard Pryce displayed at (citation http://www.complex.com/pop-culture/2015/02/the-most-dangerous-hackers-and-groups/bevan-and-pryce) . While the 16 year old Pryce received tutoring from Bevan, who was 21 at the time. Their hacking activities in a nuclear facility led to government officials to suspect nuclear activity from Korea. The officials succeed in identifying the threat and arrested the duo while avoiding an international conflict. Wireless networking provides tools for communication, however it also sets privacy in perspective as the inherent vulnerability of networking is evident. In the future, it is a real possibility that hacking could become a matter of warfare in on itself. Naturally, one attack to a nation would incite retaliation.
As an example of said vulnerability, this paper will use a Man in the Middle Attack with Pineapples to show an easy but effective hacking method. A MiTM Attack by setting up fake wireless network access points (pineapples) between the user and the receiving websites. Once the users are connected into the access point, website encryption is changed by the use of techniques such as SSL Strip and SSL Split. While users are correct on believing that an HTTP protected website is secure, hackers change the encryption so as to allow the personal information inputted from the user to be stored and ready to use by the hacker at will. The hacker is even able to manipulate the traffic and content that is displayed to the user. A MiTM called Man-in-the-Browser works by targeting banking information. The hacker is able to obtain banking information, and then later to choose what transactions are displayed on the user’s banking websites. Needless to say, users and institution could spend months and years before realizing their information has been stolen.
Even more surprising, is the fact that pineapple devices are available for $99.00 on https://www.wifipineapple.com/pages/nano . In an era where people can finish their daily tasks from their cellphones, setting a pineapple device on a public place such as a Starbucks for a couple of minutes could grant a hacker with substantial amounts of traffic and information. In the images bellow , the pocket-size Nano Pineapple is displayed.
Even if it sounds contradictory, financial data is not the most expensive type of stolen information. Amongst the dark web, transactions are made from the sell of social security numbers to passports, and other valuable information. In some cases, medical records are worth more than credit card information. And if people believe they are safe within the confines of their own home, they are mistaken. Another MiTM Attack technique described at Huffingtonpost (citation http://www.huffingtonpost.com/michael-gregg/six-ways-you-could-become_b_8545674.html) is called WiFi Eavesdropping. While it is true that most of these attacks occur on public places such as hotels, direct attacks on private homes have occurred in the past. There are multiple angles for the execution of this particular method. A user can be hacked through the information stored on different websites, or through hijacking the user’s wifi directly.
This paper has now addressed hacking, shown examples of hacking techniques and given examples that prove how dangerous hacking can be. The internet is a tool, and as such should be used for the greater improvement of humanity and not as another tool against the war between each other. Seemingly hacking displays could lead to tension between countries, development of hacking tools that violate human rights, and other negative consequences that are taken as security measures. Networking allows people to connect between each other, but this is not any guarantee on the type of people that will use the network or their purposes. People should bear in mind that privacy is a valuable gift and should be guarded as such, because there are people that actually put a price on this information.
In conclusion, wireless networking is a great tool that allows humans to communicate, accelerate processes, learn and many other possibilities for improvement. But every user should bear in mind before storing information, that hacking is also a real possibility and a common occurrence that could happen to anybody. Most importantly, institutions are liable to this attacks as well and even though they will respond to them as best as they can, any banking information is liable to be stolen as well. Like a MiTM Attack can obtain and manipulate data at high volumes with a cheap device, public networks and communities are subject to vulnerability. I emphasize on this, because users believe that connecting to a public network from what they consider is a “Secure Facility” is a common mistake. Users should rely on public networks as little as possible, and should refrain from storing public information only on secure websites.
Any anomaly on the systems should be considered, as attacks could go by unnoticed for long periods of time. Especially when malware attacks and spreads rapidly, so dealing with an attack as quickly as possible is the best alternative. Another example of the dangers of hacking was shown on a recent article by Vice News where they displayed how easy it is to take control over the systems of a vehicle. What type of harm could be done if a person were able to connect pineapple devices, and hijack an entire fleet of cars simultaneously? It is best to never have to find out.
Another point that deserves emphasis is the different motives behind hacking. Some attacks result in terrible financial and personal losses, but it also true that some attacks have been the result of a stance against oppression and deliberate misinformation to society. Finally, according to Professor Schmitz, cyber security is often an under prioritized issue for most companies as they believe an attack to be improbable or believe their defences will endure. This means companies should invest more in setting up secure parameters, or even better, hire security companies that can handle DDOS attacks or intrusions 24/7, all of the 365 days of the year. In the case of humans, it is due to the user neglecting his privacy/security protocols or over confidence in a network by a foreign institution. In an era where information is power, humans become vulnerable when they do not appropriately protect their personal information. This becomes even more true as software progresses and is integrating many parts of daily activities into one central place in the network. Hopefully, wireless security will develop at a faster rate than hacking tools. At the end of the day, it is up to the user what type of information he is willing to submit online and to what platforms, and the user would do well by bearing this in mind while using wireless networks.
Citations:
- http://www.complex.com/pop-culture/2015/02/the-most-dangerous-hackers-and-groups/bevan-and-pryce
- http://cse180c1.wikispaces.com
- http://www.huffingtonpost.com/michael-gregg/six-ways-you-could-become_b_8545674.html
- https://www.merriam-webster.com/dictionary/hacker
- http://www.telegraph.co.uk/technology/2017/02/06/anonymous-knocks-20pc-dark-web-offline-campaign-against-child/
- WiFi Pineapple