General discussion

Locked

A Swedish Watergate - of sorts.

By foringmar ·
There is a general election coming very soon in Sweden. One of the big issues has been an IT-break-in by people from one party into the IT-system of another party. According to media reports the have used genuine user identifications and passwords. And how have these been obtained?

A swedish Watergate of sorts, one might say.

One newspaper published a story according to which it's suspected that the user ID:s and passwords used in the break-in have been obtained by listening to traffic of the wireless network on a party office in a small swedish town. There were four people working in the office. The three which did not encrypt the traffic between their laptop and the net-node had their user ID and password stolen. The fourth person which used encryption did not. And one of rhe persons whos user id and password was stolen used his own nickname for both! Urgh!!!

I assume it would be relatively easy to apprehend a user ID and password that is sent as plain text. The only thing one would have to do would be to park somewhere nearby, start ones own laptop, tune it to receive signals from the wireless network in the office, and just simple wait until somebody decided to log on the network.

At this stage I started thinking. If one could listen to the traffic that is not encrypted one can certainly also listen to the encrypted traffic. If one would know which clientprogram that was used one would presumably be able to single out which part of the encrypted traffic contained the encrypted user ID and password. If the clientprogram was known one could try it out beforehand. In the swedish case it is known due to media reports. They used First Class.

And I also assume that it would be not be nesessary to decrypt the user ID and password at all. Why not log in to where-ever one wanted just by sending the user ID and password in the already encrypted form to the server.

Is there some idea in all this or am I totally way off base???

Ingmar Forne

This conversation is currently closed to new comments.

0 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Back to Security Forum
0 total posts (Page 1 of 1)  

Related Discussions

Related Forums