Someone recently pointed me to a very interesting Web site. While not technically a Microsoft security issue, I thought it would be something that you would be interested in knowing about. The site, www.dhsnnw.org proposes to be affiliated with the US Department of Homeland Security. Note that this site is not a government site. If it were an official US government site, it would be using the .gov top-level domain name.
So, what it is that they do? They recommend that you use open source network sniffing tools to capture in-flight data on not only your own network, but any other network that you can connect to. This includes your neighbors networks', the Starbucks WLAN, the McDonald's WLAN, and even password protected networks, if you can find a way to get the password.
The Network Awareness Program even provides you with a nice, step by step guide on how to install and configure your network sniffers -- http://www.dhsnnw.org/HNAPDocs/NNW-HNAP-How%20To%20Sniff%20Wireless%20Traffic.pdf
But it doesn't stop there. Not only are you supposed to using the network sniffers to listen to the traffic, you are instructed on how to store the results of your sniffing sessions and then send those results to the Neighborhood Network Watch people. They then claim that they will analyze this information and send you a report about the potential terrorist activity taking place on your network!
Now, I don't know if this organization is for real, or just part of a colleague student's undergraduate thesis. What is clear that in many States this type of network espionage is illegal. While I don't expect networking professionals to fall for this stuff, it's clear that the site isn't being targeted at us. Instead, it's being targeted at hapless end users who aren't aware that these log files contain the contents of their email communications, instant messenger communications, and any other unencrypted communications (and contents of encrypted communications).
If you have friends, co-workers, family members or anyone else who might be tricked into participating in this program, please let them know that not only is this a really bad idea, but that they can also expose their personal information to an untrusted stranger and potentially break local laws by following this Web site's advice.
Thomas W Shinder, M.D.
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: [email protected]
MVP - Microsoft Firewalls (ISA)