From the Digital Shadows –the true story of a home WIFI invasion
During the last week in February and the first week in March, Trusted Internet performed incident response, assisting a hacked homeowner to recover from an Evil Twin attack on his home wireless network.
An Evil Twin attack means something is impersonating something else but with malicious intent. Karma is one tool that hackers use to duplicate an otherwise trusted WIFI connection, enticing users with seamless connectivity. There are several, but in this case, the homeowner is a tech-smart guy and was convinced that this was a Karma-related attack. Karma identifies and then duplicates a known WIFI SSID, but without credentials in the hope that an unsuspecting user will connect, or better, a machine will look for the first successful connection. And so it happened.
The unwitting victim opened his phone only to associate it with a Karma-generated WIFI doppelganger broadcasting the SSID of his in-home WIFI but without the need to authenticate! The evil twin offered the best signal, a known SSID (in the phone’s recent connections list), and an easy connection, allowing the phone to connect without user interaction. Once connected, sensitive data began to flow freely -contacts, credit card information, usernames, and passwords, and even the contents of private communications became fodder for the attacker's insatiable appetite. Within the first few hours, the infection spread. The homeowner was quickly overtaken with paranoia and fear. He’s a smart technical guy but couldn’t find a clear way through it. Credentials were being changed, and devices were locked out. He was becoming desperate fast.
At about hour twelve, Trusted Internet received a call.
We instructed him to terminate his internet access. We had no idea how this was happening, but our first step was isolation. Once cut off from the Internet, we had one more call by phone –we had him pick up a new phone and laptop at the local Best Buy. The phone was set up on a Trusted Internet VPN and used only as a Mobile Hotspot, allowing him to download our endpoint security tools safely. We overnighted him a firewall and had him move to a wired connection while we rebuilt the remainder of his home computers. We created a separate network for his work and brought computers on one at a time, watching the firewall and security tools for any indications of compromise. It took about a week to fully restore the network and computing in his home.
The consequences of a successful Karma attack can be devastating, both for individuals and organizations. Besides financial damage, the fallout from such an incursion becomes personal. Trusted Internet can help. Our team of Virtual CISOs can respond quickly, offering technical cybersecurity support and cybertherapy, as needed.
Need help now? Contact us at help@trustedinternet.io.