In my blog post entitled 4 Ways to Deter Superyacht Internet Hackers, I asked you to imagine this headline:
Hackers Access Bank Accounts, Passports and
Personal Information from
Superyacht Guests and Crew!
I described a frightening scenario where electronic devices used on a superyacht in port might, while searching for the port's Wi-Fi connection, be tricked into linking to a nefarious Wi-Fi connection. In the cyber world, this type of connection is called an “evil twin.”
According to Wikipedia, this is how hackers use evil twins to trick you into giving up your information:
For people who know what they are doing, rogue access points are fairly easy to set up. All it takes is a laptop with a wireless card that can be used as an access point. And the hacker can make a wireless network look legitimate by giving the fake access point a name that is similar to the actual Wi-Fi network's name.
Once connected to on board electronic devices, the bad guys might gain access to your passwords, bank account numbers and other financial information. In 4 Ways to Deter Superyacht Internet Hackers, I gave (and thoroughly explained) the following tips for avoiding evil twin hacks:
1. Make sure you verify the network name EXACTLY.
2. Use encrypted sites.
3. Update your software whenever updates are available.
4. Use a VPN service.
A new way to fight back.I just read about a new tool to defend networks from evil twins in an article by Lucian Constantin of IDG News Service. The article describes a product called EvilAP_Defender, which is “designed specifically to detect malicious access points that are configured by attackers to mimic legitimate ones in order to trick users to connect to them.”
According to Constantini, EvilAP_Defender "can use a computer’s wireless network card to discover rogue access points that duplicate a real access point’s SSID, BSSID, and even additional parameters like channel, cipher, privacy protocol, and authentication." EvilAP_Defender is open source software, meaning its source code is available for anyone to view, edit, and redistribute. It is also free of charge.
Constantin explains that when implemented, “the tool will first run in learning mode, so that the legitimate access point [AP] can be discovered and whitelisted. It can then be switched to normal mode to start scanning for unauthorized access points. If an evil AP is discovered, the tool can alert the network administrator by email, but the developer also plans to add SMS-based alerts in the future.”
I haven't yet tried EvilAP_Defender, but I like the idea that developer Mohamed Idris is trying to protect humanity from nefarious computer hackers. And the fact that this is free and open source gives me additional faith in the powers of good over evil. Sure, there will always be bad guys. But there are many more good people in this world poised to do battle with them.
Are you looking for some yacht IT "good guys?"
The Technology Team at Great Circle Systems can set up on board and shore side systems designed to keep your yacht computer network and data safe from hackers. We can provide a VPN service for your vessel, help you keep your software current, and even train your crew in data security best practices.
Want to know more? Just click on the picture below to contact our Technology Team.
photo credit: bre pettis via photopin cc
photo credit: kryptyk via photopin cc