Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Republicans Security Wireless Networking Networking Privacy

Avast Suckers GOP Delegates Into Connecting To Insecure Wi-Fi Hotspots (theregister.co.uk) 109

Avast conned more than 1,200 people into connecting to fake wi-fi hotspots set up near the Republican convention and the Cleveland airport, using common network names like "Google Starbucks" and "Xfinitywifi" as well as "I vote Trump! free Internet". An anonymous reader quotes this report from The Register: With mobile devices often set to connect to known SSIDs automatically, users can overlook the networks to which they are connecting... Some 68.3 percent of users' identities were exposed when they connected, and 44.5 per cent of Wi-Fi users checked their emails or chatted via messenger apps... In its day-long experiment Avast saw more than 1.6Gbps transferred from more than 1,200 users.
Avast didn't store the data they collected, but they did report statistics on which sites were accessed most frequently. "5.1 percent played Pokemon Go, while 0.7 percent used dating apps like Tinder, Grindr, OKCupid, Match and Meetup, and 0.24 percent visited pornography sites like Pornhub."
This discussion has been archived. No new comments can be posted.

Avast Suckers GOP Delegates Into Connecting To Insecure Wi-Fi Hotspots

Comments Filter:
  • by Anonymous Coward on Saturday July 23, 2016 @11:43AM (#52566473)

    Results will be skewed, because the Dem convention delegates will know that somebody is (probably) waiting to entrap them. The Pubs won't have had the same emphasis placed on cyber security before their convention.

    And if the results are bad for the Dems, will you all publish?

    • by Mashiki ( 184564 )

      Considering the stuff coming out of the 20k emails leaked by wikileaks? There's going to be a lot of very nervous people at the DNC this week, so yep I expect that they figure someone will want to fish for information and they'll likely have signs up saying only xyz are approved hotspots or some such.

    • Dating is only tiny sliver of what meetup.com. Take for example the hundreds of these politics-related [meetup.com] meetups.

      And if the results are bad for the Dems, will you all publish?

      Of course, they will. Avast is a scamware company. They thrive on misinformation, fear, and publicity.

      http://avastscam.com/a-track-record-of-fraud/ [avastscam.com]

      Avast's CEO has even blamed its affiliates for their scams, which he claims they deactivated and are no longer forwarding phone calls from their 800 numbers to, but once the bad press [reddit.com] died down, nothing changed, and their current affiliates are still sca

    • by ebvwfbw ( 864834 )

      They don't need to worry about that anymore. They simply won't prosecute them, just like Hillary. So they can feel free to talk about their illegal donations and so on.

  • Holy shit they used insecure internet! Isn't that grounds for a felony?

    • Re: (Score:2, Informative)

      by Pedohammad ( 4655617 )
      Let's ask Hillary. She is kind of an export on that subject.
      • Re: Impeach! (Score:3, Interesting)

        by Anonymous Coward

        It's only a felony for the little people.

        Clintons don't have to follow the same laws.

        Dumbass OP shouldn't have touched this one if he's a Clinton supporter.

        The sane people in this country who aren't drowning in koolaid or ever worked anywhere in security know she should absolutely be in prison right now. No buts what's ifs.

        She is a criminal who put this nations security at risk in a direct and premeditated effort to skirt the freedom of information act, committing two crimes at one go.

        Only a Clinton could

  • I didn't know. Am I supposed to be using it to find 'chicks'?
    • At least in my area there are several singles (speed dating) groups, but most of them are actually pretty small. It's indeed a bit odd to add it to dating sites.

      Besides, is it nowadays immoral to even just visit dating sites?

  • All web browsers should have pornhub be the default landing page, make it easy on everyone.
    • by Anonymous Coward

      Only 0.24% went to porn sites. I really question the drive of these republicans, they do not seem like real men and women.

    • by Anonymous Coward

      Or do the math. That's what? 3 users of the 1200 quoted? I'd call that a fairly positive statistic.

  • I am not sure the point. We got a thousand connections, sure they should connect to free wi-fi however...
    1. So they found out what sites they went to. Now much of that data was incrypted. So the details weren't too obvious.
    2. The numbers were not that crazy.
    TFA said about 1000 people connected. So...
    About 50 people played a popular game
    7 people were using a dating app
    3 people viewed porn.
    Being that it is populated with many people who's main candidate married a porn star is it that surprising.
    3. What doe

    • Avast conned more than 1,200 people into connecting to fake wi-fi hotspots set up near the Republican convention and the Cleveland airport

      ...meaning they caught a lot of non-Republicans in their little "sting operation". All in all, a non-news story. I'm sure they were really hoping that they'd find 10% of the people looking at porn, or something more salacious. Why call out porn and dating apps in the first place?

      All this proves is that we really need encryption everywhere, and that we need to make sure it's turned on by default, so that ordinary users don't have to think about it too much (because let's face it - that will never happen).

      • by Koby77 ( 992785 )
        Even for the hotspots near the convention, the researchers don't appear to have distinguished between Republican delegates connecting, and all others connecting such as venue workers, media personnel, protesters, or simply random citizens walking nearby. As for the airport hotspot, I somehow doubt that convention delegates spent the majority of their time hanging out at the airport, several miles from the venue. This experiment undoubtedly captured a lot of non-delegates.
  • by SuperKendall ( 25149 ) on Saturday July 23, 2016 @12:06PM (#52566571)

    Surely they plan to do the same thing at the Democratic convention - does anyone doubt the results would be similar? People in general, no matter political affiliation, are prone to connect to insecure WiFi. How is that even news?

    • the dems don't have anti-porn and anti-LGBT line items in their party platform. It's funny seeing these numbers at their convention. I'm actually surprised how low they are. Then again somebody has been doing this every convention since at least 2000 so folks are probably wising up.
      • Neither do the Republicans - one of the signature speakers at the RNC was gay after all.

        Isn't it better than the Democrats approach which is to treat the gay community like garbage because they assume the gay community will always vote democratic? Nothing like being taken for granted.

        At this point the Democrats are by far the worst party to support if you are gay, because after all if you aren't having sex 24/7 you are just like everyone else being screwed over by terrible immigration policy, or the after-

        • Maybe you should read the Republican Platform before you claim what's in it. A lot of double speak as in anti-environment talk, anti-EPA put under Environment Protection. & the "Renewing American Values" section... eye opener for sure. I could go on but what's the point? They had a gay person speak! There were some black people there too!
          • Trump doesn't follow the platform, so why should it matter what it says?

            I think you are confused and ignorant of what is really going on now.

            I'll bet in fact YOU have not read the platform and just believe someone else's lies as to what is really in it.

            • You think... well, you would be wrong about your thoughts. I've certainly have not read all of the platform, only some of it, the parts I was referring to. Whoever wins the election, it won't matter much what they personally think or plan to do, the president does not pass laws. So Trump can shoot off his big fat goofy ass mouth all he likes but he won't be able to do much without the backing of Congress.

              You really need to read the platform because you should not be confused & ignorant as to what yo

      • by Anonymous Coward

        I'm not sure the R's have those things either, but exactly how few people would have to connect to porn before it didn't get the headline? The number they report is POINT TWO FOUR. That's a quarter of one percent. That means that out of every four hundred that connected, one of them needed to spank one out. Those are shockingly low numbers for people. I bet you won't hear what the Democrats do- even if they only access porn at the same rate as the general public, they'll still blow these Republican num

    • by Bert64 ( 520050 )

      It's free internet, most people probably don't even care who's listening...

    • Surely they plan to do the same thing at the Democratic convention - does anyone doubt the results would be similar? People in general, no matter political affiliation, are prone to connect to insecure WiFi. How is that even news?

      I use free Internet but because unless I am buying something or using account that is attached to my bank account/credit card I don't care. When I want to use them I just use Tor anyway so it doesn't matter anyway. When I had a server i would just use it as a VPN by tunneling all of my traffic over it.

    • by mcgrew ( 92797 ) *

      I seldom connect to any public hotspot. And I never engage in commerce on My phone. But then, I have unlimited data so I really don't need a hotspot.

    • At DNC fewer attendees will connect to the "I vote Trump!" network.

      • I forget where I read it but I think I remember reading an article some years ago where someone stood up a free Wifi network named something along the lines of "get hacked" and it still had many, many users...

        If it's free WiFi people will use it regardless of potential danger, the name is literally nothing.

    • I'd expect the same. Their nominee already said she "[doesn't] know how it works digitally at all."

      https://m.youtube.com/watch?v=... [youtube.com]

  • Avast didn't store the data they collected, but they did report statistics on which sites were accessed most frequently. "5.1 percent played Pokemon Go, while 0.7 percent used dating apps like Tinder, Grindr, OKCupid, Match and Meetup, and 0.24 percent visited pornography sites like Pornhub."

    I'm impressed, I would have put those numbers much higher.

  • Apart from "I vote Trump! free Internet" there is also a "I vote Hillary ! free Internet".

    Expectedly...

    "Of the people connecting to the fake candidate name Wi-Fi in Cleveland, 70 per cent connected to the Trump-related Wi-Fi, 30 per cent to the Clinton-related Wi-Fi."

  • Kids these days (Score:5, Interesting)

    by Areyoukiddingme ( 1289470 ) on Saturday July 23, 2016 @02:28PM (#52567289)

    People use free WiFi without encryption. Not only is this unremarkable, it should not be in any way remarkable. The Internet Protocol and its children, UDP and TCP, were designed from the very beginning with one overriding goal: the intelligence is at the edges. Only the nodes matter. Everything else is just transit. Whether or not Layer 2 is encrypted is irrelevant. Only Layer 6/7 encryption can be trusted.[1] It is equally as safe to use any random wifi hotspot as it is to use your cable modem at home.

    Knowing what we know about NSA spying, let me repeat that: it is equally as safe to use any random wifi hotspot as it is to use your cable modem. Historically, the various protocols that were designed to run over TCP/IP and UDP[2] largely assumed that transit would be benign. That's because IMAP and POP and HTTP were designed by engineers who were unaccustomed to designing a world that's proof against flaming assholes. Those days are over.

    Now that the whole world uses the Internet, engineers have to design protocols and systems that are proof against flaming assholes. It's no longer optional. Avast saw identity leakage because not all software has come to grips with the new reality. Eventually, when all the software is updated, there will be nothing to report. The grand strength of the design of the Internet will once again make itself felt: upgrade the nodes to use encryption (math is your friend) and transit is just transit, as was and ever shall be. You and I already have the ability to upgrade the nodes under our control to be proof against flaming assholes. Eventually the nodes that Jane and John Q. Public buy will come configured that way out of the box.

    We just want our packets routed. The SSID will be totally irrelevant. People who already treat it as if it is aren't wrong. They just need to use a slightly smarter node. Apparently 30% of users already have one.

    ---
    [1] Or possibly you can squeeze it all the way down to Layer 4, if you use Authentication Header and Encapsulating Security Payload. (IPSEC)
    [2] Why does no one ever write UDP/IP?

    • That's because IMAP and POP and HTTP were designed by engineers who were unaccustomed to designing a world that's proof against flaming assholes.

      Actually IMAP was designed by an engineer who was himself a flaming asshole.

    • My mail server doesn't even accept imap connections, only imaps. That is one of the measures I took almost without thinking years ago when I set it up. Why even still support unencrypted imap? No good reason for that. The imap port is even closed in the firewall.

      When connecting to a hotspot I prefer it to be an encrypted over-the-air connection (WPA-PSK for example), but that is often not available. Starbuck's et.al. don't do that, it's easier to connect without. No password. Just an activation code (hard e

  • 0.24 percent visited pornography

    I suppose that sounds more impressive the saying 3 out of over 1200 random people.

    And how many of the "GOP delegates" connected to “I vote Hillary! free Internet”?

  • I have been running an open wifi for 4 years now with multiple access points covering my neighborhood corner which gets a good amount of pedestrian traffic. A typical month I'll get 225 unique visitors and about 35 unique visitors per day. Four years ago it was common for people to pop email and send passwords in the clear. Nowadays with all the new devices almost everything is end to end encrypted. I doubt Avast got anything more than device ids and dhcp names and of course all the destinations a devi
  • by Whatchamacallit ( 21721 ) on Saturday July 23, 2016 @09:07PM (#52568573) Homepage

    A Pineapple is a home made device using a small router connected to a cellular hotspot. Every computer actually broadcasts the networks it has saved in order to locate one of the networks. The Pineapple sees these probes and instantly becomes that wifi network allowing them to connect without a password. Then all traffic is passed onto the hotspot but at this point the attacker is a man in the middle and can intercept all traffic. Unless the user is using encryption such as SSL, VPN, there is quick a bit of information that can be obtained. Also any zero days could be attempted to hack their device.

    Walk through any airport with a Pineapple and you will hit 1,200 people easily. The Pineapple is cooler than setting up multiple phony hotspots because it can fit in your pocket or laptop bag and you can just walk around scooping up connections to investigate.

You are always doing something marginal when the boss drops by your desk.

Working...