Hacked - Episode 2: Honeypots, Evil Twins, and the Perils of Open WIFI
Episode Date: October 28, 2015In this episode, we explore the perils of open WIFI. Learn more about your ad choices. Visit podcastchoices.com/adchoices...
Transcript
Discussion (0)
However you're listening to this, imagine that you're listening to it on a subway car.
It's a subway car in London, so let's have a little fun and call it the tube.
You're on the tube, and you're using the open Wi-Fi to listen to this week's episode of Hacked.
A bunch of British telecom companies actually offer free Wi-Fi,
so you're probably not the only person staring at a screen.
Now, the average London tube car holds around 100 or so people,
meaning that things are probably pretty cramped.
You're probably standing.
And somewhere on this train, there's a person with a backpack.
And in that backpack, there's a computer.
So, fair question.
Why does any of this matter to you even remotely?
Well, because on this particular day, on this particular train,
your device, the one playing hacked right now,
isn't connected to the train's open Wi-Fi.
It's connected to a network being broadcast out of that person's backpack.
The network is a fake.
It's a doppelganger.
And its whole reason for existing is to watch you.
My name is Jordan Blumen.
And I'm Scott Weinder.
And today we are talking about the world of evil twins, honeypots, and the perils of open Wi-Fi.
On this episode, The Pact.
So, if you're like me, when you're traveling an open Wi-Fi network is like finding buried treasure.
I think at home you get used to this certain level of connectivity, and losing that can be kind of a weird experience.
So when you're traveling and you don't have data and that little open network icon podcast,
pops up, I automatically connect. And I'm assuming this is a huge mistake.
It's not not a huge mistake.
It's not smart, is it?
Not overly.
Okay, so if I'm connected to a Wi-Fi network, can you see what I'm doing?
Yeah. If you think about it, all of the information and communication between your device and the Internet is happening through the air.
So all I need to do is set up a device that listens to what's moving past it in the air.
air. So you don't need to have actually set up the Wi-Fi network that I'm connected to to be able to
monitor that activity? No, I don't. Setting up the network affords me a much more expansive range of
things to do. But if it's just public Wi-Fi, you know, be at a library, a coffee shop,
I can just literally sit there and listen to what's moving by. So when you say what's moving by,
what are those things? What does that take the form of? So if you visit,
a website, say you go to BBC.co.uk, and you want to check the news. You know, when you type that into
the address bar of your browser, it reaches out and says, hey, internet, what is BBC.coma, UK?
And something called the domain name server returns back an IP address for the server. And then
your web browser creates essentially a tunnel or a connection to that server and says, hey,
you know, I would like to see BBC.co.uk, please send me the information.
And then the server on BBC.coma.uk bundles up the source code that is the website and sends it back to you.
So when you go to a website, you're really requesting this little bundle of information, inside of which is the code that makes up the site itself.
When you click on a new page, you're requesting another little package of these packets of information.
These packets are what's flying over the air.
And these packets are what a person watching you can see.
So the next question naturally is,
are there any packets of information that they can't see?
Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone somewhere saw something too late.
An alert buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the ground up for a world
where attackers are already using AI.
They created the Aurora Super Intelligence Platform, a fully agentic system powered by the swarm of experts.
Instead of single-purpose bots or lucky-guess LLMs, this swarm is full of deterministic agents that handle whole entire workflows.
Humans stay in the loop and on the loop to validate the critical decisions and keep everything trustworthy,
and all of this is just off running on their secure operations graph.
A constantly updating intelligence engine fueled by more than 9 trillion telemetry events every week
and over a decade of real-world incident response.
The system reasons on real signals and real context not synthetic training data.
And the result is the new Aurora Agent SOC.
It's the first SOC that is agent-led-by-design.
You get agents that coordinate, agents that investigate, agents that respond at machine speed,
and hundreds more that automate the repetitive work that normally buries human analysts.
Arctic Wolf didn't try and bolt AI onto an old model.
They rebuilt the model entirely.
What makes it even more effective is how it works,
with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform
so every AI-driven decision reflects your environment
instead of generic assumptions.
The automation frees your concierge security team
to focus on higher value strategy and proactive risk reductions
while the agents handle the grind.
If you want to see what trustworthy, production-ready AI and security operations
actually looks like, go to arcticwolf.com slash hacked.
Yeah, like something that's more and more.
common and you'll see it in things like Facebook and and your big services, your emails,
your banking is that you'll get the little lock or like an SSL encryption that means is
essentially that the tunnel or the connection that you have to the server is actually encrypted.
So the information that goes by isn't plain text. You have to be able to decrypt it. And that's
much harder. Or you can do something called a man in the middle attack, which is a lot more
complicated, but essentially you become the information broker, like just to kind of hypothetically
walk through that.
If you're trying to connect to say your online bank and it's going to be an encrypted tunnel,
what I can actually do is hijack that tunnel and then I have the encrypted tunnel to the bank
server and you have an encrypted tunnel to me.
So when you send a piece of information to the bank, I get it, look at it, and then resend
along to the bank. So I had to sit in the middle, which is why it's called man in the middle.
And when they send information back, I literally get it, look at it, and then re-encrypt it and
send it to you.
You said that if you set up the Wi-Fi network, it afforded you more opportunities,
more than just being able to watch these packets flying through the air. What exactly can you
do if I've connected to a network that you specifically set up?
It really depends on how much time I want to invest into it. You know, some of the most basic
public Wi-Fi hacks like this
is you connect to my network
and I present you with a login page saying
okay if you want to log onto the internet using this hotspot
you have to authenticate so that I can verify your traffic
log in with Facebook, log in with Google, log in with something
but really all I'm doing is stealing your login credentials
so if I'm connecting to a Wi-Fi network out in the world and it's asking for me for
any information I should be prepared to accept
up the risk that that information might not be going to who I think it is.
Yeah.
It could be going to you.
Could be going to me.
It's not going to me, but it could be.
That's a scary thought.
And, you know, there's a host of other things.
That's just one small way to go about it.
That's the easiest thing.
I could set that up in an hour.
If I wanted to spend days or weeks, I can create something called a honeypot network,
which is literally an entire network that's set up.
to steal information from you without you knowing.
How would you go about doing that?
Well, I mentioned earlier something called domain name servers and DNS names.
It's the thing that translates BBC.co.com into an IP address.
When you connect to my internet, the standard thing that happens now is you send out something called a DHCP request.
If you connect to Wi-Fi, your phone or your laptop will send out a request saying,
hey I'm on the network what's my IP address what's my setup configuration you know the
dhCP protocol is there to like automatically configure network connections so when your phone
connects or your laptop connects to my network I get to send you the configuration for the internet
for the network and that includes what domain name server to use and if I want to set up my own
domain name server I've therefore put myself in the
middle of all of your network connections. I can tell your computer where Gmail is, where
Facebook is. And if I felt the need to, I could set up my own version of Gmail. I could set up my own
version of Facebook. So when you go to log into it, it just gives me your login credentials.
And you'd never even know. So if I'm connected to your network, if you put in enough time,
It's not a matter of my connection to Google or Facebook, whatever, being encrypted.
It's a matter of I'm never even connecting to those websites.
Yeah, I could even just add credibility to it, have the connections encrypted.
So when you connect to my version of Facebook or my version of Gmail, it's encrypted, and you feel more secure about it.
So I can trust that I have a secure connection to the hacker trying to steal my information.
And it even goes further, as it always does, depending on how much.
time I want to set up because if you think about something like your phone and you think about
something like traveling so when you're abroad chances are you don't have a data plan so your phone's
not on the internet but you still have your phone on you and you stumble into a coffee shop in in rome
and you see a public Wi-Fi network and you jump on it the second that your phone realizes it has
network a ton of things happen on it it by itself reaches out and tries to check the email it logs you
into Facebook. It checks your news feeds. It updates apps. It does all this stuff in the background
without you even doing it. Once I'm in control of the network, it's not even about creating the
right honeypots. It's about just leveraging the activity that's going to happen on the network
immediately. All these things that our devices do to make life a little bit more convenient
when we're connected to trusted networks, things like automatically checking email,
automatically pulling notifications and all those things. If I'm connected,
to your weird honeypot.
I'm in control of them.
It's sketchy.
So if you think about mail,
mail's an obvious one.
You know, the mail service
that most people use today is called iMAP.
And let's say that your phone has three email addresses,
your phone's going to go out and connect
to three different IMAP servers.
Or maybe one.
Once you're on my network,
I'm in control of where those go.
So I can literally send all of the IMAP
traffic to my server, my Honeypot IMap server.
So your phone reaches out and says, hey, I want to log into Gmail.
I need the email for Jordan at hackpodcast.com.
And my Honeypot server says, okay, give me your password.
Your phone gives me your password.
Boom, it's over.
I've got your username and password.
I return an air code so that your phone thinks that there was just a simple mistake,
and you don't even know.
And I've just gotten your email address and password.
Ever feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking year for major breaches,
from sophisticated ransomware operators to AI-enabled attacks that turn defenses on their head.
Organizations around the world saw headlines they never expected,
and cybersecurity teams were tested like never before.
But here's the thing.
These incidents aren't just news headlines.
They're learning opportunities.
And that's why Arctic Wolf is hosting a live webinar on February 5th,
diving into the most impactful breaches of 2025.
Their field CTO and security leaders are going to unpack not just what happened,
but why these attacks succeeded,
and most importantly,
what businesses can do to fortify their defenses for it's too late.
You're going to walk away with real insights into how threat actors are evolving,
how defenders are responding,
and what strategies can help you stay ahead of the next big breach.
It's not fearmongering.
It's practical, actionable, intelligence from experts in the trenches.
Register now at arcticwolf.com slash hacked.
If I understand correctly, if I'm connected to someone else's Wi-Fi network and you're within range of me, you can see all of the information I'm sending flying through the air.
If I connect to a Wi-Fi network that you've set up, you can make it so that that information is either all going to you or it's all going through you first.
Is there any way I can connect to the Internet in a way that you can't see what I'm doing and get in the middle of it?
it'd be tough.
That's a really ominous answer.
It's the truth.
If I plug a cable into a wall...
It's still possible, but it's a totally different process.
Being hard-lined in means that there's a lot more physical infrastructure
where any time you're on Wi-Fi, it's literally just flying through the air.
So the lesson here is just avoid public Wi-Fi.
When you're traveling, just accept that you don't have a connection.
Don't use public Wi-Fi.
Only use trusted open-net...
Like, only use networks provided by trusted sources.
It'll definitely reduce your risks.
Trusted networks are better ways to go.
But it doesn't mean that you're always going to get the network you think you're going to get.
How am I not getting the network I think I'm getting if I'm connecting to the network named public library Wi-Fi?
Well, if you've ever set up a wireless network, you know that you can name it whatever you want.
and you can do something called an evil twin,
which means that you essentially set up another wireless router
in a public space, in your backpack, wherever,
that literally broadcasts under the same name.
And as long as the connection is a little bit stronger,
often what will happen is devices will end up connecting to you.
So when I'm connecting to a Wi-Fi network
from what I think is a trusted source,
you're saying, I need to, like, physically look around the room I'm in first and make sure Scott
Winder isn't sitting there with a backpack looking around with a sketchy look on his face.
I don't think that's going to help because it's not going to be me first and foremost.
I am a law-abiding citizen.
Don't I know it?
But the reality of it is is that it can be anyone and it happens.
It's really quite easy to set up a evil twin router.
I can literally walk into a Starbucks.
and become Starbucks's public Wi-Fi.
And if I've got my Honeypot network set up,
I'm getting all of that information.
So just don't use the internet?
No.
Except to listen to episodes of Hacked.
Which brings us back to that person,
the one with the backpack from the start of the show.
The one broadcasting the evil twin network,
the British version of you,
was unknowingly connected to.
So we learned that that's one way of doing things.
But as we discussed, at the end of the day,
using Wi-Fi is still just sending these little packets of information flying throughout the air.
Anyone with a know-how can just kind of reach out and grab them.
Where those packets of going is another story entirely.
Thanks for listening to this week's episode of Hacked.
We've been getting tons of awesome feedback from people, and we appreciate everyone who's reached out in support.
Shout out to Greg, Andy, the folks in Newsreel, and anyone else who contacted us.
It would mean a lot to us if you would rate and subscribe to us on your podcasting app of choice.
and if you feel like it, fault us on social media.
This episode has been produced by Sticks and Stones,
art and designed by Matthias Smell.
Thanks for listening, everyone.