Working in a network war zone

Networks rife with eavesdropping; government agents rubbing elbows with hackers; a hotel network under constant attack: Welcome to CanSecWest.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
2 min read
VANCOUVER, British Columbia--Even before the CanSecWest security conference started on Wednesday, unknown hackers had given the hotel's high-speed network a case of the hiccups. By Wednesday evening, the system was laid out flat.

The pros were peeved, and a call for an electronic posse went out.

"We're forming a hunting party," Dragos Ruiu, independent security consultant and conference organizer, told the room of nearly 150 hackers and security experts late Thursday afternoon. "If anyone wants to help us find out who's...poisoning the hotel network, talk to me."

But that evening, the vandal stayed offline and the hotel network was, for a little while, glitch free.

Networks don't come much more hostile than those at the CanSecWest security conference. The three-day conference brought together hackers, security consultants, and government officials to talk tech about the latest tools and trends in the online arena.

Yet, the hackers evidently found it hard to stay away from wandering about the network. Overt attacks against computers seemed to be rare. More attacks were of the same type that afflicted the hotel's free Ethernet network, which in this case had so-called ARP poisoning.

The Address Resolution Protocol, or ARP, is the means by which routers--the network device that directs information from the sender to the destination--keep track of what hardware is where. An attacker who successfully "poisons" a router's ARP tables can have a copy of data sent to them and can pretend to be another device on the network, such as the hotel's gateway.

By spoofing the hotel's gateway, for instance, an attacker's computer could grab data, allowing the hacker to read unencrypted passwords, e-mail or Web pages. Along with giving the hotel network a case of confusion, unknown hackers set up eavesdropping programs and devices to capture data on the wireless network used by conference attendees.

To protect against eavesdropping and because most of today's e-mail servers don't allow encrypted logins, many attendees encrypted their mail using any of the several available programs.

Again, impersonation is the danger. By spoofing an encryption server, especially when the victim doesn't know the telltale signs of the hack--a warning that the server's encryption key has changed--the attacker can grab all the user's keystrokes.

No wonder the government personnel left their laptops at home. Standard procedure requires them to blank their systems before leaving for such a conference and reinstall the operating system when they return. Too much trouble, it seems, as none of them brought a laptop.

Other security experts decided to go PC-free as well, rather than deal with defending their laptops against all comers on the network.

Those that connected either have total faith in their security, plan to reinstall the operating system or don't mind wondering whether their PC caught something up north at CanSecWest.