Hookey Wi-Fi - Luton Airport

Andy_L

There is currently an unsecured very low strength wi-fi connection in the small cafe bar near gate 10 at Luton Airport.

Conor_3

I wonder if it's a honeypot. It's in the right place to be. Regardless of it being unsecured, without permission from the owner you have no right to use it and to do so is illegal under the Computer Misuse Act.

Andy_L

Me, break the law? Never
I thought under the Misuse Act you had to be accessing/changing/copying data that was unauthorised

Probably not a honeypot as there's a couple of BTopenzones about so pleading technical incompetance might fly as a defence. Plus isn't entrapment still illegal?

Conor_3

No, accessing a Wifi network you have no permission to use is illegal under the CMA and a case was reported in the national press. Technical incompetence was used as a defence in that yet the guy still got convicted.

Do you actually know what a honeypot is?

Zahc

Do you actually know what a honeypot is?

I do

Mr WP Bear :A

KeithP

Conor, I don't know what a honeypot is (in this context). Please enlighten me. Thanks.

Conor_3

In this context it's a Wifi connection set to attract people to connect to it. Data is logged and from this, it's possible to glean passwords and banking log in details etc as well as copies of any e-mails or files sent/received. Sometimes it can be someone merely sat at a table with a wireless laptop and a mobile broadband connection that sets up as a fake access point and acts as piggy in the middle.

Just because a Wifi connection is unsecured, don't assume that the person who owns it doesn't know what they're doing - they might actually have done it for the reasons I said. Certainly if you were to log onto my wifi with a XP computer, it'd take me all of next to no time to have a look around it all without your knowledge and even though you'd not shared anything as Windows has hidden shares it broadcasts despite File and Printer Sharing not being used.

superscaper

Conor wrote: »

No, accessing a Wifi network you have no permission to use is illegal under the CMA and a case was reported in the national press. Technical incompetence was used as a defence in that yet the guy still got convicted.

In fact I think there's been at least three cases in the UK I've seen. So looks like they may be getting more and more serious about it.

sleep2much

I love this site, the slightest thought of anything "hookey" people jump in with the legality, or you can't do that, etc........... Cheers Mate, next time I'm in Luton I'll know where I can check and send emails, thanks. Ooh, did I say something wrong? read below and find out?

superscaper

sleep2much wrote: »

I love this site, the slightest thought of anything "hookey" people jump in with the legality, or you can't do that, etc........... Cheers Mate, next time I'm in Luton I'll know where I can check and send emails, thanks. Ooh, did I say something wrong? read below and find out?

I think you missed the point of "hookey". As in not the legality but the danger you're putting yourself in if it's a honeypot. As in next time you're in Luton you know where to compromise your email account. Unless you can be sure of the wireless hotspot (i.e. know it's an "official" one) then you're putting yourself at risk and it'd be irresponsible to recommend people do that, especially with the prevalence of fraud nowadays.

gazzak_2

sleep2much wrote: »

I love this site, the slightest thought of anything "hookey" people jump in with the legality, or you can't do that, etc........... Cheers Mate, next time I'm in Luton I'll know where I can check and send emails, thanks. Ooh, did I say something wrong? read below and find out?

I know where you're coming from sleep2much but this is a nasty one, a guy at our office got badly caught out with it. This cut and pasted from http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9008399


The next time you're at an airport looking for a wireless hot spot, and you see one called "Free Wi-Fi" or a similar name, beware -- you may end up being victimized by the latest hot-spot scam hitting airports across the country.
You could end up being the target of a "man in the middle" attack, in which a hacker is able to steal the information you send over the Internet, including usernames and passwords. And you could also have your files and identity stolen, end up with a spyware-infested PC and have your PC turned into a spam-spewing zombie. The attack could even leave your laptop open to hackers every time you turn it on, by allowing anyone to connect to it without your knowledge.
If you're a Windows Vista user, you're especially susceptible to this attack because of the difficulty in identifying it when using Vista. In this article, you'll learn how the attack works and how to keep yourself safe from it if you use Windows XP or Vista.
How the attack works
First, let's take a look at how the attack works. You go to an airport or other hot spot and fire up your PC, hoping to find a free hot spot. You see one that calls itself "Free Wi-Fi" or a similar name. You connect. Bingo -- you've been had!
The problem is that it's not really a hot spot. Instead, it's an ad hoc, peer-to-peer network, possibly set up as a trap by someone with a laptop nearby. You can use the Internet, because the attacker has set up his PC to let you browse the Internet via his connection. But because you're using his connection, all your traffic goes through his PC, so he can see everything you do online, including all the usernames and passwords you enter for financial and other Web sites.
In addition, because you've directly connected to the attack PC on a peer-to-peer basis, if you've set up your PC to allow file sharing, the attacker can have complete run of your PC, stealing files and data and planting malware on it.
You can't actually see any of this happening, so you'd be none the wiser. The hacker steals what he wants to or plants malware, such as zombie software, then leaves, and you have no way of tracking him down.
All that is bad enough, but it might not be the end of the attack. Depending on how you've connected to that ad hoc network, the next time you turn on your PC, it may automatically broadcast the new "Free Wi-Fi" network ID to the world, and anyone nearby can connect to it in ad hoc peer-to-peer mode without your knowledge -- and can do damage if you've allowed file sharing.
While some of these ad hoc networks advertising themselves as available for connection may be attributable to Windows behavior that the PC's user is unaware of, wireless ad hoc attacks may be more common that you think. Security company Authentium Inc. has found dozens of ad hoc networks in Atlanta's airport, New York's LaGuardia, the West Palm Beach, Fla., airport and Chicago's O'Hare. Internet users have reported finding them at LAX airport in Los Angeles.
Authentium did an in-depth survey of the ad hoc networks found at O'Hare, visiting on three different occasions. It found more than 20 ad hoc networks each time, with 80% of them advertising free Wi-Fi access. The company also found that many of the networks were displaying fake or misleading MAC addresses, a clear sign that they were bent on mischief.
"You connect to one of these networks at your own peril," says Corey O'Donnell, vice president of marketing at Authentium. "And you would have no way of tracking down how you were attacked, because you would have thought you were at an ordinary hot spot connection. Enterprises are also at risk, because if someone uses a corporate laptop to connect to one of these networks and gets infected, when he plugs back in to the enterprise network, the whole network is put at risk."