OWI - Yet Another Anonymous Point Of Attack

About a month ago I traveled by train for a pre-sales meeting with a prospective customer. The trip was about two hours long, which would usually mean that it'd be boring. In this case it was different though: I was surprised with free OWI (Onboard Wireless Internet) on the train!

Simply connect to the available open (no encryption) wireless access point and you will be redirected to a login portal, aka captive portal. Just like any hotspot you find at coffee shops such as Starbucks. However, I was very pleased to find out that users could login as a guest which means that all passengers could go online without paying any additional fee!

Just to make things clear, going online as a guest was a legitimate form of access provided, as opposed to bypassing the security of the captive portal. _NO_ illegal cracking (i.e.: SQL injection without permission) was done whatsoever!

Kudos to the train company that provides the service! The connection wasn't super fast, but fast enough to be able to check my email, read the news, update my RSS feeds, chat with my buddies, etc ... It was quite reliable though, which is a big plus as I hate being disconnected while I'm on-line (it reminds me of the old days of dial-up Internet access).

A bit of enumeration 101 led me to learn that:

From a security point of view, this technology adds another "anonymous" point of attack to the already-large list. I say "anonymous" (within quotation marks) because there is no such thing as truly anonymous connectivity. However, one thing is true: if the bad guy knows what he is doing, it becomes unfeasible to track the point of attack and the attacker's identity. i.e.: it's not worth starting an investigation if the committed crime didn't lead to a serious profit loss.

From the top of my head, these are some anonymous points of attack that come to mind:

Although there are tons of ways for attackers to hide their location and identity, somehow I find OWI more scary than most of them. It's scary because the attacker is always on the move, which might make tracking his location more difficult due to time correlation issues when comparing logs.

I know what you're thinking: how is this different to the attacker using a stolen 3G Internet card? After all, using a 3G card would also allow the attacker to be constantly changing his geographical location (i.e.: by being inside a moving vehicle). Well, that's a good point. However, in the case of using OWI the attacker doesn't need to steal any equipment.

If you think that being on a fast train won't make tracking the location of the bad guy when a break-in occurs hard enough, how about doing it on a plane at 800 kmph? Yes, that's right: free Onboard Wireless Internet aka In-flight wireless internet access, will most likely become very common in the future, which adds another anonymous point of attack to our list. Oh dear, remote Internet break-ins from planes, that's gonna be fun!