There have been both national and local (Indianapolis) television news
exposes on the subject. One Indianapolis TV news crew accessed over a
dozen home wireless accounts over a couple hours simply cruising slowly
through several residential blocks in a "yuppieville" area of the
city. This included getting into a good number of computers that were left
on . . . at least to their "desktop" to show they had access to it
(identifying information was blotted out). Yet another example of a rush
to technology implementation with [nearly] zero forethought about how it
could be misused.
This was in response to individuals having found their network connection
and/or computer hacked although the specifics beyond that were not
revealed. I haven't seen specific cases of this method being used for
spewing SPAM, but have seen it listed as *one* of several things that can
be done when the system has been hacked . . . and it is *one* of the things
that someone could do that wouldn't be detected until later . . . after the
SPAM is tracked back to its source . . . as it leaves no permanent trace
behind on the user's machine (only network access through the user's router
is required).
I also mentioned recent worms being used to relay SPAM for entry into an
SMTP server accessed by a remote machine (the one infected with the
worm). One of the most recent worms that installs a backdoor and TCP relay
that can be used remotely to send SPAM (along with any other email anyone
who can access the backdoor wants to send) is the notorious W32/MyDoom.
One of my ASI's from many years in the Signal Corps was Electronic
Warfare. Most computer users have no concept of true communications
security. With the sophisticated gear employed for real electronic
warfare, someone could be monitored from the street on a hard-wired dial-up
or cable/DSL; no RF link required. It's not likely very many private
citizens would have this kind of exotic stuff though. I wouldn't be using
anything wireless without very strong encryption of **everything** passing
over the RF link with enough separation/wall with the Red/Black that the
"plain-text" would be so far down on the RF compared to the encrypted to
make it exceedingly difficult to pluck it out. Passwords wouldn't be my
kids or pets names either (spelled forwards, backwards or munged). I
estimate I could access about half the passworded computers in a corporate
environment with a half-hour or less (likely a few minutes) at the user's
desk . . . and accuse me of misogyny if you wish . . . the easiest to hack
are women's machines.
I now work for a large corporation. A very recent joint memorandum from
the IT and Security Departments prohibits the use of any wireless devices
to link to any corporate computer or the corporate network. This includes
temporarily accessing it from home or while on business travel. Came out
shortly after the unequivocal and complete ban on cell phones, PDA's or
anything else with a digicam in it.
-- John Lind
At 08:03 PM 5/2/04, Daniel Tan wrote:
>A good firewall including authentication is probably the best way here. I
>like your idea of dialing down the signal strength too.
>
>Have there been any documented cases of spammers using techniques such as
>this?
>
>Daniel Tan
The olympus mailinglist olympus@xxxxxxxxxx
To unsubscribe: mailto:olympus-request@xxxxxxxxxx?subject=unsubscribe
To contact the list admins: mailto:olympusadmin@xxxxxxxxxx?subject="Olympus
List Problem"
|