Method
The attacker uses a bogus base station that someone connects to using Wi-Fi wireless technology. By imitating the SSID name of another, legitimate wireless provider, it can fool people into trusting the Internet services that it is providing. When the users log into bank or e-mail accounts, the phishers have access to the entire transaction, since it is sent through their equipment.
Unwitting web users are invited to log into the attacker's server with bogus login prompts, tempting them to give away sensitive information such as usernames and passwords. Often users are unaware they have been duped until well after the incident has occurred.
Users think they have logged on to a wireless hotspot connection when in fact they have been tricked into connecting to the attacker's base station. The hacker jams the connection to the legitimate base station by sending a stronger signal within proximity to the wireless client – thereby turning itself into an 'evil twin.'
A rogue Wi-Fi connection can be set up on a laptop with a bit of simple programming and a wireless card that acts as an access point. The access points are hard to trace, since they can suddenly be shut off, and are easy to build. A hacker can make his own wireless networks that appear to be legitimate by simply giving his access point a similar SSID name to the Wi-Fi network on the premises. Since the hacker may be physically closer to the victim than the real access point, his signal will be stronger, potentially drawing more victims. The hacker's computer can be configured to pass the person through to the legitimate access point while monitoring the traffic of the victim, or it can simply say the system is temporarily unavailable after obtaining a user id and password.
Several free programs available on the Internet can decode packets to reveal clear-text logins and passwords. Using an evil twin attack, a hacker is able to harvest Web applications such as email that could send passwords in clear text.
Hackers typically setup evil twin attacks near free hotspots, such as airports, cafes, or near student residences, hotels or libraries.
Read more about this topic: Evil Twin (wireless Networks)
Famous quotes containing the word method:
“Argument is conclusive ... but ... it does not remove doubt, so that the mind may rest in the sure knowledge of the truth, unless it finds it by the method of experiment.... For if any man who never saw fire proved by satisfactory arguments that fire burns ... his hearer’s mind would never be satisfied, nor would he avoid the fire until he put his hand in it ... that he might learn by experiment what argument taught.”
—Roger Bacon (c. 1214–1294)
“You that do search for every purling spring
Which from the ribs of old Parnassus flows,
And every flower, not sweet perhaps, which grows
Near thereabouts into your poesy wring;
You that do dictionary’s method bring
Into your rhymes, running in rattling rows;”
—Sir Philip Sidney (1554–1586)
“Protestantism has the method of Jesus with His secret too much left out of mind; Catholicism has His secret with His method too much left out of mind; neither has His unerring balance, His intuition, His sweet reasonableness. But both have hold of a great truth, and get from it a great power.”
—Matthew Arnold (1822–1888)