Inside Dark Networks

Today Google finally opened their free GoogleWifi to all residents of Mountain View California. Tempted though I am to ditch my current provider and migrate to Google, I must question….How am I sure it is Google I am connecting to?

It could be an ‘Evil Twin’ access point masquerading as a legitimate Google Wifi Access point. To see how difficult it is to create an evil twin network, capable of stealing passwords, login information, instant messages and emails, I put one together.

The whole process took less than 15 minutes. The step by step approach I took has been fully documented here (http://www.darknetworks.org/uploads/WiMax.pdf). If you are going to use the Google Wifi network, perhaps you should think about installing their encryption client.

Otherwise you may fall prey to:

Victims, when they connect to the evil twin access point, become very vulnerable:

a) All the traffic between them and the real access point is unencrypted. This means that a recording device (such as a PC running a sniffer, such as the freeware tool ethereal) may capture their traffic and spy on them. Unencrypted passwords, instant messages, emails and credit card information are easily intercepted.

b) Machines that join the network via the evil twin may be directly scanned and accessed by the attack machine. Sensitive information may be stolen from shared folders.

c) The attack machine can easily be configured for phishing. Even when Google WiFi is fully operational, users will have to authenticate to the network. Users may be redirected to a fake login page on the attack server, which will steal the users credentials. This Google login gives access to user email and so may be used for identity theft later.

d) The attack machine may trick the end user into downloading spyware/malware, by modifying the logon page. This may allow the attacker to install keylogging software and access private files.

e) The hacking server may also act as a poisoned DNS server. This would redirect users to phishing sites rather than legitimate financial sites where their logons and account information could be stolen. Banks and eBay are logical targets. These servers would completely control where the victim is allowed to visit on the Internet.