September 6, 2002 10:14 AM PDT
Drive-by spam hits wireless LANs
Speaking at the First International Security Users Conference here, Adrian Wright, managing director of Secoda Risk Management, warned that junk e-mailers are taking advantage of unprotected wireless LAN (local area network) to bombard e-mail users with unsolicited and unwelcome messages.
"These people simply drive up to a building armed with their pornographic e-mail, log into the insecure wireless network, send the message to 10 million e-mail addresses and then just drive away," Wright said.
A drive-by spammer would send e-mail by finding an unprotected SMTP (simple mail transfer protocol) port on a company's server and then sending e-mail as if the person were a legitimate user of the company's network. The mail server wouldn't be able to tell otherwise.
The ability to send spam through a company's network without the company's knowledge could allow the spammer to avoid bandwidth costs, which can be substantial for tens or hundreds of thousands of e-mails. That method also makes it much more difficult to trace the spam back to the spammer--a useful tactic for those who send spam as a service for other companies and who may have been in trouble with the law.
In April, the U.S. Federal Trade Commission said it had busted dozens of alleged Web scammers with law enforcement from Canada and six U.S. states. And in July, six Korean Web sites were fined for bombarding Internet users with spam e-mail. In Europe, a new directive that bans the sending of unsolicited commercial e-mail should be in place some time next year.
What's more, many Internet service providers (ISPs) have no-spamming rules, which the drive-by spammer will be trying to avoid. A company that falls victim to a drive-by spammer could find itself cut off--any messages sent by the spammer would appear to come from within the company's network, and the ISP would have no compunction closing down the connection until the problem is resolved.
Between 60 percent and 80 percent of corporate wireless networks are insecure, Wright warned, often because IT managers fail to change default settings when they install a wireless LAN. This has already led to the practice of "wardriving," in which people drive around cities looking for insecure wireless LANs, and "warchalking," in which hackers draw a symbol in chalk on a wall or pavement to indicate the presence of a wireless networking node.
Warchalking signals have been springing up in areas such as London and Silicon Valley over recent months. Opinion is split over how ethical the practice is.
Matt Jones, who invented warchalking, told ZDNet UK recently that one advantage is that it alerts system administrators to the fact their wireless network is insecure. "I have already had e-mails from some (systems administrators) who said they love the idea. Several even said they will print the symbols on a card and put it in their office windows," Jones said.
Detractors, though, have warned that warchalking could encourage malicious hackers to break into a company's wireless LAN with the intention of stealing or damaging corporate data. Wright's revelation about the existence of drive-by spammers has flagged up a new downside to warchalking.
Wright illustrated that warchalking is alive in remote locations, as well as in cities, by producing a photo of a warchalking signal drawn on a buoy floating at sea. He explained that it is possible to get access to a wireless network at that point, because an ISP's point-to-point transmitter onshore is transmitting a high-speed wireless connection overhead.
Several wardriving exponents have been pictured using a Pringles carton to detect wireless LANs. Wright told his audience that a recent competition to find the best wardriving antenna had been won by a can of meat stew.
ZDNet UK's Graeme Wearden reported from London.