Cybersecurity and Mass Transportation

Lately I have been spending a lot of time in airports, train stations and other transportation centers. Though I often find myself at these locations for my work, recently I have been spending an inordinate amount of time just like everyone else, a traveller. Last week, while sitting at the gate waiting for my flight, I overheard a couple of businessmen talking about how they can never seem able to connect to the “free public WI-FI” networks that they always see while surfing in public places. I was a little shocked, these guys looked like polished professionals, as it turns out - they were doctors. It was then that it dawned on me, not everyone thinks the same way as someone who makes their living in the protection business.

You may be asking yourself, OK what gives? What is the deal with “free public WI-FI”? Well ask yourself this question: Does anything in life ever come for free?

I couldn’t help but lean over and begin talking to the gentlemen. I asked how many times he had tried to connect to the “free public WI-FI” networks to no avail? I think he could tell by the grin on my face that I was implying something. “Oh great,” he uttered, as he glanced at his colleague and then back in my direction. I mentioned that they should avoid connecting to anything ad-hoc, or anything labeled as “free public Wi-Fi,” as they were likely connecting to an unfriendly host. He shirked and said, “Well I’m smart enough to know that if I don’t connect there isn’t any risk.” My smile grew a bit wider, and his buddy gives him an elbow in the ribs, “Looks like there’s more to it than that.”

There is certainly more to it than that. Funny thing is, this is old hat. This has been happening for years, specifically in airports and transit centers. Why hasn’t anything been done to make the public aware of this threat? Before we try and answer that question, let me offer you a quick explanation on exactly what the threat is:

You click on the seemingly “free” WI-FI hotspot SSID, and are unable to connect. Maybe you do connect, but you are unable to get to the World Wide Web, and you soon disconnect. Everything in your computer seems OK, your virus alert hasn’t started buzzing at you, so, - no harm no foul … Right?

Well not exactly. You see, by clicking on the SSID you have given your system permission to access wireless connections through that SSID. Essentially it has been added to your wireless configuration list. Whether or not you have actually connected, you have given your system instructions that it is OK to connect to this SSID, and subsequently you have opened yourself up to attack. Once the SSID is in your list of preferred networks, a malicious “bot” (a bot is an application that automatically executes tasks through internet and other network connections) is able to connect to your machine using those permissions, and propagate itself.

Once your machine is infected, it then becomes a host. Essentially it means that you are now the person broadcasting the SSID for someone else to unwittingly connect to, and the cycle continues. It should start making more sense to you now. In most cases, there are no hackers stalking the airports, and broadcasting the malicious SSID’s. Though these cyber-criminals are ready to pounce on your data, they are likely relaxing at home, waiting for you to connect to their systems.

The hacker will then use the bots to create a botnet, a network of bots that operate synchronously and symbiotically to perform nefarious tasks such as simple data theft, distribution of spam, or the execution of a denial of service attack. Similar botnets have been used by hackers to take down high-profile websites and services, there is nothing stopping them from snagging your Facebook password and allowing the hacker to send messages to your friends, maybe even telling them you are trapped in a foreign land in need of a quick fix from Western Union to get you out of a jam. The cascading effects of these bots make them a desirable yet very simple tool for hackers. It doesn’t take long to realize why we see these SSID’s so often at airports and other mass transit centers.