Wi-Fi Convenience May Come With a Cost

Fraudsters Are Sophisticated
This article examines the technology associated with Wi-Fi, vulnerabilities to commit fraud and preventative measures that can be taken to avoid becoming a victim of fraud.

The latest electronic issue of the Journal of Forensic & Investigative Accounting, Vol. 5, No. 2, July – December, 2013, is now available online at:  http://www.bus.lsu.edu/accounting/faculty/lcrumbley/jfia/Articles/v5n2.htm.

One of the nine articles, “Wi-Fi Hotspots: Secure or Ripe for Fraud,” explores the threats involved with accessing public wireless fidelity (Wi-Fi) hotspots, and how sensitive information can be compromised by malicious users to commit fraud.

The abstract indicates that every network has a service set identifier (SSID), which can be exploited to conduct an attack on a wireless unprotected public network.  The three authors, Brody, Gonzales and Oldham indicate that since unprotected wireless networks are susceptible to attack, security mechanisms surrounding wireless networks are necessary.  Older wireless encryption algorithms such as Wired Equivalent Privacy (WEP) have become deprecated due to malicious users successfully cracking the key.

The authors at University of New Mexico believe that Wi-Fi Protected Access (WPA & WPA2) is the industry-best standard for maintaining a secure wireless connection to mitigate any attempts of acquiring information from other users on the network.  They state that attackers can execute various techniques to harvest critical information from users on the same network, which can be used to commit fraud.  The most common fraudulent actions by the attacker include activities such as obtaining authentication credentials, conducting social engineering attacks and acquiring sensitive information for personal gain.

Fraudsters incur little risk since their attacks are difficult to detect using methods such as intrusion detection system (IDS) or intrusion prevention systems (IPS).  Difficulty of detection stems from the fact that attacks utilize a low level network protocol.  The most dangerous aspect is the individuals committing these types of attacks.  The profile of these fraudsters is rapidly shifting from disorganized individuals towards highly organized and structured software development teams.

The authors examine the technology associated with Wi-Fi, vulnerabilities associated with using public Wi-Fi, methods for exploiting vulnerabilities to commit fraud and preventative measures that can be taken to avoid becoming a victim of fraud.

D. Larry Crumbley  is a KPMG Endowed Professor at Louisiana State University and co-author of the Forensic & Investigative Accounting textbook published by Commerce Clearing House.  He can be contacted at dcrumbl@lsu.edu.