Sometimes security dangers aren’t as clandestine as you may think. One of the most serious threats to your firm’s security could be sitting next to you… in the airport departure lounge…
Engineers from the global security consultancy Scanit have found documents and emails that could bring some global companies to their knees, on public access terminals in airport departure lounges.
What began as a mixture of curiosity and boredom led consultants from the Dubai-based network security outfit to uncover a plethora of secrets left by globe-trotting executives who log on in-between flights.
While such senior figures possess high-level knowledge of their companies’ affairs, they often aren’t equipped with a similar knowledge of IT security, as Scanit’s discoveries show.
The average executive lounge offered to business and first-class flyers is equipped with a number of PCs that allow visitors open access to the web.
Each PC is installed with a standard Windows package that includes Microsoft Explorer, Outlook Express and sometimes Office.
As a weary executive pulls up to a terminal, a sense of familiarity encourages them to behave as they would at home or in the office and send an email the same way. Why not use Outlook, just as they would at their desk?
But this could be a costly mistake.
Outlook Express is probably not configured to allow emails to be sent from such machines, so the correspondence simply moves to the system’s ‘outbox’ where it remains indefinitely after the user clicks ‘send’. And if the system is configured to send messages, the email that goes out is automatically saved to the machine’s ‘sent items’ folder.
In either case, the message is ready for anyone to access at their leisure.
While travelling to meet clients, Scanit engineers have found everything from intimate missives to mistresses (perfect for blackmail) to desktop-saved documents outlining multi-million dollar deals, complete with profit margins and lowest bid values.
However, they also stumbled on something more sinister. Many machines, they found, were infected by Trojans – or back-door programs – that can monitor, record and relay information entered by the execs to someone watching their activities externally.
Scanit CEO David Michaux recalls a discovery he personally made while waiting for a delayed flight.
“As I was playing patience, I noticed heavy network traffic on the lounge machine’s taskbar even though I wasn’t using any network applications.
“After some delving I was amazed to find Back Orifice 2000 (BO2K) as the culprit. It had been invisibly collecting my keystrokes and sending a record of them to a Hotmail account every 15 minutes!”
Michaux reported his findings to the lounge receptionist who responded by explaining she couldn’t take responsibility for the security of the machines.
BO2K is a well-known Trojan capable of taking full control of the machine it has infected. The perpetrator is able to view the machine’s webcam, listen in on its microphone and watch a streaming video of its display, all in real time.
It is, however, important to stress that Trojans are not always put on public-access machines intentionally – for example, by a hacker – and can sometimes piggyback on apparently harmless-looking applications like pop-ups and games that a user may download during a session.
Another security lapse Scanit found – this time at a lounge in a London airport – allowed users to log onto machines as Administrator, as opposed to a ‘restricted user’, meaning they are able to download and install any program to those machines.
This would give a green light to any spyware that wanted to install itself in the background after arriving on the back of an otherwise innocuous payload, such as an email attachment from webmail or MP3 downloaded from the internet.
Again, Scanit’s engineers found key-loggers running on systems there, configured to send information to an external email account at regular intervals.
“The danger is that the CEO types who travel on behalf of their companies and use these lounges are privy to usually sensitive data,” Michaux explains.
“This makes computers there a veritable goldmine, whether it’s executives downloading attachments from their webmail and leaving them on the desktop, or even deleting them afterwards, but not emptying the recycle bin before they leave to catch their plane.”
What’s more, he adds, execs who do take precautions are likely to be let down by the lounge’s security itself, especially if a hacker has turned its machines into listening posts.
Michaux says he is very keen to hear from anyone who has experienced security lapses on public access terminals, and invites users to contact him in confidence by email to: info@scanit.net
As airport lounges increasingly offer passengers wireless internet access, existing Trojan problems are being eliminated.
But as so often happens in the world of IT security, this new era will usher in a whole new family of network malignancies.
Until then, I’ve got a plane to catch…
How to increase your security