Case Study

Laptop Repair Made Easy

Laptop Repair Made Easy

Get Instant Access

The following is a hypothetical, but technically accurate, tale of what may happen during your next business trip

Time: 1923hrs GMT+7

Location: Room 320, Radisson Hotel, Bangkok

Jones Wong pulled up a chair in his hotel room and collapsed into it. He had already had a long day and his work wasn't finished yet. Jones' company had sent him to Bangkok on yet another business development trip, and he spent his first day making the rounds and meeting up with various suppliers and customers. Now Jones had to send a report back to his boss at the company's regional headquarters in Malaysia and that required getting hold of that very ubiquitous resource: an Internet connection.

Fortunately, the Radisson, like countless other business-oriented hotels around the world, had kindly installed wireless access points on every floor for the convenience of its guests. Jones now wished to use this wireless access to send out his email report. Of course, nothing is free in this world nowadays and the hotel charged its guests a not-insubstantial fee for using this service. Jones called the front desk and obtained a user ID and corresponding password, all conveniently billed to his room (on the company account, of course). Plugging his laptop's power-brick into the nearest electrical socket, he powered it on and proceeded to go about his business

Time: 1927hrs GMT+7

Location: Room 311, Radisson Hotel, Bangkok

In a dimly lit room, a figure was hunched over a laptop, intently observing the screen. Julian (callsign "HammerJammer") checked the display and then leaned back in his chair, apparently waiting for something to happen. The HammerJammer was on a tight budget and had been unable to get a cheap room at the nearby Maxx. This had forced him to try the more up-market Radisson, and due to it being tourist season, the room cost an arm and a leg, so he was in no mood to shell out yet more dough for Internet access. However, he was now confronted with that same old case of "no money, no honey," and it didn't help matters that HJ was old-school—he believed that Internet access should be free for everyone. So he did what any self-respecting hac..err...security professional would do: He whipped out his on-board, Atheros-equipped laptop and fired her up.

HJ was looking for someone who had deep pockets, specifically someone who had paid for the hotel's wireless Internet access. Changing his Atheros card to monitor mode, he launched Airodump. Because the Radisson was a bit out-of-the-way, he couldn't locate any access points nearby (let alone unsecured ones) outside of what the hotel provided. So the Hammer had to do the next best thing: Find a connected (no pun intended) individual and get his or her login credentials. A change in the laptop display caught his attention and a wry smile appeared on his face.

Time: 1928hrs GMT+7

Location: Room 320, Radisson Hotel, Bangkok

Jones was right in the middle of composing his email when his cellphone rang. Nuts. His wife was calling so he had to take the call. You see, Jones felt a bit like a hen-pecked road warrior and that his wife didn't really trust him—what with all the frequent overseas trips. What she didn't know was that she was giving the Hammer a helping hand...

Time: 1929hrs GMT+7

Location: Room 311, Radisson Hotel, Bangkok

Having identified the wireless client's signal strength, its proximity to the access point, and the relative positions of the other access points in the building, HJ knew that his ph00ling attack had a pretty good chance of succeeding. He brought out his Compex WL54G wireless adapter and slotted it into his laptop's PCMCIA slot. Together with the on-board Atheros, this effectively upgraded the laptop into the wireless equivalent of a double-barreled shotgun. Associating to the access point (AP) with his Atheros card, the Hammer proceeded to rip the hotel's Service Selection Gateway web pages and save them to his laptop. Some quick modifications followed and, along with a customized Airsnarf/Apache install, the Hammer now had a fully functional web-login site, complete with legit-looking error pages. It was literally a mirror copy of the hotel's web login pages. Swapping the Atheros to master mode, HJ ran a deauthentication flood against the AP that Jones' laptop was associated with, as well as against Jones' laptop itself.

Time: 1930hrs GMT+7

Location: Room 320, Radisson Hotel, Bangkok

As he was talking to his wife, Jones noticed that his wireless connection seemed to break momentarily, and then appeared to reconnect again. However, he had to re-login to the hotel's web login page in order to connect to the Internet. He entered his user ID and password, but got an error page saying the server was having difficulties and could he please try to log in at a later time. Maybe this was a hiccup so he clicked the Back button in his browser and tried again. No dice—the error page appeared again.

Time: 1931hrs GMT+7

Location: Room 311, Radisson Hotel, Bangkok

HJ grinned broadly; the client had been forced off the legit AP by his deauthentication flood and had now locked onto his Atheros card (operating at maximum power) as the strongest signal source bearing the hotel's SSID. The DHCP server on his laptop had done the rest and all the client would see would be his fake website. The Hammer did a localhost mail-check and found two...no, now three emails bearing the login credentials. Each time the client had entered his user ID and password, the fake site had Sendmail'ed the details locally to HJ's laptop. He quickly deactivated both his Atheros and Prism54 cards and opened up the emails

Time: 1931hrs GMT+7

Location: Room 320, Radisson Hotel, Bangkok

A slightly annoyed Jones tried entering his credentials again, and this time he was able to get through. "Must have been some problem with their server," he mused and then mentally tossed that thought out the window as he got back to drafting his report.

Time: 1933hrs GMT+7

Location: Room 311, Radisson Hotel, Bangkok

HJ was humming an off-key tune as he disconnected his Prism54 card. Having gotten the credentials, temporarily changing his Atheros' MAC address was trivial (in the highly unlikely chance the hotel had security experts on the payroll and came knocking on his door). He logged in to the portal with the stolen information and start surfing the Web. Fortunately, as is typically the case with most hotel's Internet access, the hotel didn't limit the number of simultaneous logins per user ID so both Jones and the HammerJammer happily went about doing their own thing, each oblivious to the actions of the other. And so life goes on...

(HammerJammer's note: This story, while describing accurate technical procedures and using accurate geographical information, is completely, unequivocally, 100 percent fictional, and the events and actions did not actually happen in real life. However, this is not to say that it will never happen to you whenever you use any kind of paid wireless Internet service )

As the preceding story suggests, wireless has penetrated so far into our everyday lives that hardly a day passes by that we don't use some form of wireless technology. From wireless Internet access in homes and offices to wireless communications between Earth and geosynchronous satellites, we are increasingly reliant on radio frequency (RF)-based wireless communications for modern telecommunications and networking. Some examples of this increasing reliance are

• 802.11- and 802.16-based wireless Internet access

• Bluetooth-enabled phones, PDAs, and hand-held devices

• RFID-based inventory and shipment tracking

• Military land, sea, and air communications

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment