Internet Eavesdropping

Thu, Jan 15, 2009, by TechDoc

Security

With the recent proliferation of network capable devices, we are seeing a parallel explosion in the variety and instances of Internet eavesdropping and the subsequent increase in criminal activity arising out of it. Here are some or the options that are readily available and free of charge that you can take advantage of to ensure that you don’t become the next victim.

As with most things in life and the world of; computers, networking and communications in general, intrusions and disruptions of all manner and form are pretty much a well an accepted fact of life.

The exponential growth of shared and publicly accessible wireless networks such as Wi-Fi networks, wireless WANs, wireless LANs along with the numerous other types of wireless computer networks have markedly increased the risk potential and likelihood of eavesdropping on Internet communications.

Wireless LANs for example include both an organization’s internally accessible wireless network segments which may become accessible only after passing the relevant user authentication processes as well as an organization’s locally accessible internal anonymous and general public accessible segments.

With or without specialty security technologies these networks/systems are still exposed to a multitude of attack scenarios. Man-in-the-Middle attacks are but one of the many ways by which an attacker can ply their trade. Because they are so simple to instigate Man-in-the-Middle attacks tend to be quite prevalent on the Internet more or less perpetually.

Man-in-the-Middle Attacks

Man-in-the-Middle Attacks occur when an attacker tricks a computer user into believing that the user has established a secure link with a target site, such as a bank. In actuality, the computer user is communicating with the attacker’s computer, which can eavesdrop as it relays communications between the user and the target site.

For example: A user who thinks he is linked to an airport or coffee shop “hot spot,” might actually be linked to a laptop of someone just a few seats away. Most users are totally oblivious to the fact that they have been attacked.

Inherently Unsecure Protocol

The vast majority of Internet communications are unsecured. This includes all conversations between private and business parties as well as websites that use only the standard Hypertext Transfer Protocol (HTTP) fall into this category. Note that sites using bi-lateral encryption (e.g. HTTPS) are considerably more secure.

Unfortunately this alone does not mean that your conversation is confidential. Hijackers can implement a Man in the Middle type of attack whereby they the attacker intercepts your communication and stores it for later use. They also pass on the captured data to its intended destination. This makes it very hard for users to get any form of inkling that they have been attacked.

Securing Conversations

Using encryption over a Secured Socket Layer (SSL) and/or Secure Shell technologies that require user login authentication credentials and requires the website to which you are connecting to authenticate itself with a digital certificate that contains a public key, which is used for encryption.

It is important to note that the exchange of this security information typically occurs transparently (without the computer user being aware of it). Only when suspicious activity is detected the user is notified by a popup notice that says something like “Unable to verify the identity of anysite.com as a trusted site” This notice is generally displayed within the web browser.

Finding Solutions

The truth however; is that this sorry state of affairs need not be totally unavoidable. Growth sectors and industries have always been a favorite target with wrong doers and the Internet is no different. Nor does it come with a built-in remedy by default.

It is up to us; the users, that the responsibility for attending to this matter falls. We users need to be aware of the dangers that exist out there on the Internet and to seek out the possibilities and implement our own immunization programs.

Possible solutions might include antivirus software, firewalls of varying types, capabilities and placement as well as intrusion detection and prevention systems. Don’t forget countermeasures to combat spam, spyware, adware, hacking/cracking and a host of numerous additional threats, threat sources and thread types.

Due to the expansive nature of this component of Information Technology most of us opt to install our defenses as a suite of software modules and generally all are from the same vendor.

A free to download program that addresses these issues can be obtained from the Carnegie Mellon University’s School of Computer Science and College of Engineering. This software has been named “Perspectives” and can be deployed as an extension for the popular Mozilla Firefox v3and above browser.

Here is where you can get your own free copy of the “Perspectives” software: www.cs.cmu.edu/~perspectives/firefox.html

Perspectives

Carnegie Mellon’s Perspectives system employs a set of friendly sites, or “notaries,” that aid in Website authentication and focuses on website transactions that typically require secure communications channels such as: financial services, online retailers, ecommerce, banks and other financial institutions, medical facilities as well as any site that asks for your personal information for whatever reason.

Perspectives works by independently querying the desired target site, the notaries can check whether each is receiving the same authentication information, called a digital certificate, in response. Whenever any of the notaries report authentication information that is different to that received by the browser or other notaries, it is fairly safe to assume that the particular connection in question has become compromised.

In fact Perspectives can detect when other websites and ISPs have fallen victim to an attack. This is because even if a client’s ISP has fallen victim to the attack, the client will be able to detect that the public key received from the fake site is inconsistent with the results returned from the notaries.

By compromising an ISP an attacker can cause the ISP to connect unwitting users to a malicious site instead of the intended legitimate site. The attacker may also use these compromised machines to initiate a Denial of Service (DoS) upon another party.

Certification Authority Generated Certificates

The Perspectives system provides an extra measure of security in those cases where a website is already using a digital certificate provided by approved certification authorities such as: Thwart, VeriSign, Comodo and GoDaddy.

Self-Signed Certificates

It is when we get to websites that do not use a signed digital certificate produced by a recognized certification authority that the “Perspective” system really comes into its own. “Perspective” allows the website in question to use the much less expensive “self-signed” certificates alternative instead.

11
Liked it
5 Comments For This Post
  1. C Jordan Says:

    A fascinating and very informative article

  2. anoncoward Says:

    if the criminal keep it up we’re going to end up with some kind of nationalised internet regulation this type of behavior is grounds for spending billions on new infrastructure to support a gov’t dragnet serverfarm.

    please stop, jerks.

  3. remowill Says:

    They already have the Patriot Act .

  4. Faith Hodge Says:

    Very interesting and informative. This is scary to know. Thanks for sharing.

  5. gandalf Says:

    Under “Certification Authority Generated Certificates” the first company you list is called Thawte.

    Interesting read. Browser manufacturers have come to the party, and developed stronger reprasentation of the authentication and verfication steps CA’s will put an organization through, before signing a cert for them. Green address bars provide consumers and users with a clear and easily identifiable way of knowing the site they are dealing with are who they say they are, as a result of Extended Validation process the CA puts them through prior to signing the SSL. Heck, even Iphones have EV SSL capabilities now….take that phishing!

Leave a Reply
comments powered by Disqus