Creative Loafing Charlotte

Menu Search

Archives » News

Hackers On Wheels

Many businesses' wireless networks extremely vulnerable

by

comment
"We just got one," says Xam. "It's a LinkSYS system, probably from that building." He points to an office building. "Xam," the nickname used by a hacker and student, is showcasing the weakness of business computing's hottest new tool: wireless networks.

"This one's wide open," he says. "Let's go find some more."

Wireless networks are now cheap enough that businesses and organizations of all sizes are installing them. These networks allow employees to easily access databases, e-mail and the Internet from remote locations. But, as Xam is pointing out, they create a massive potential security risk.

Most wireless networks, says Xam, are "about as secure as a screen door." Finding them is as easy as taking a ride through town with the right equipment.

The practice of roaming around looking for open networks is called "wardriving," an homage to the classic hacker movie War Games. All it takes is a laptop computer and a card that Best Buy and Circuit City sell for about $100.

As Xam navigates the streets, his laptop's screen periodically explodes with bursts of data. Wireless systems, he explains, "run what's called access point code. It recognizes that your computer is in range and broadcasts its identifier 10 times a second." He chuckles. "It makes it really easy to find the networks and if you respond to their broadcast, you can associate to their network and they don't really have any way to keep you from doing it."

And while Xam's interest is benign, this capability opens the door to all manner of mischief. "You can sniff communications on their network," he says. "You can use their network to send lots of virus-laden spam on their tab. Or if there was someone you wanted to whack on the Internet, you could use their network to do it."

By "whack," he means actions that range from crashing servers to altering the content of public Web sites.

Wireless network weaknesses popped up in the news recently as the airline industry hustled to meet a January 18 deadline to screen all checked bags for explosives. American Airlines and Southwest Airlines are both using this technology for bag matching and check-in services at selected airports. Alleged infiltration by private security firms led FAA Information Security Director Mike Brown to announce that airline wireless systems would be subject to "increased scrutiny."

Christopher Gerg, network security engineer at Berbee, a consulting firm and Web-hosting services provider, says most people don't realize the risks associated with wireless networks and for the most part, that's OK.

"For a home user, it's not that big a deal. Chances are you don't have the formula for a cancer cure on your computer, so likely you don't have to worry too much about people messing with your data," he says. "But people with nefarious intentions can still associate to your network and use it to launch attacks on another network."

The real kicker: "It's an almost untraceable attack." If someone infiltrates a wireless network for the purpose of waging an attack on someone else, efforts to trace the source of this attack will lead back to the wireless network, and end there. Says Gerg, "It's almost the perfect crime because the hacker has an anonymous access point."

And wireless systems provide a point of entry for outsiders with a desire to snoop. "The big risk is to business," reflects Gerg. "It used to be that e-mail and databases were a convenience, but now they are the oil that keeps the business machine running, so to speak, and there's a lot of sensitive proprietary information rolling around in there."

To a large degree, the problem is with the wireless systems that are on the market. FBI Special Agent Mark Bowling, computer intrusion program coordinator, says the security precautions built into most on-the-shelf wireless systems "are based on rudimentary encryption schemes which provide minimal security" and "virtually no privacy." And "while I can't say that all corporations are implementing these systems foolishly, I can say that many are introducing a degree of risk that may be unacceptable in the long term."

This point is not lost on hackers. "Yagibare," the handle of a hacker-cum-information-technology professional who, like Xam, wardrives, sees the problem as a matter of resources.

"You see a small business with say, 50 employees," says Yagibare. "They hire a consultant, or get the secretary's husband to set up their wireless because he knows a little about computers. They likely don't have a clue as to how to set up a wireless network so that it is both robust and secure. And the biggest thing they miss is the mental picture of the wireless signal."

Yagibare sweeps his arms through the air. "It goes through walls. You can see where a cable ends, and people just figure it's the same with wireless. It's not."

Despite popular characterizations, not all hackers are nefarious. Some see themselves as good guys who want to alert unsuspecting businesses that their fly is down, rather than run roughshod over their ignorance. But these "white-hat hackers" are often loath to break the news.

Law enforcement takes a dim view of their actions. "I don't buy into the white-hat, gray-hat hacker routine," says Bowling of the FBI. "I think that people have a right to privacy under the Fourth Amendment and nowhere in the Fourth Amendment does it give anybody else the ability to intrude in that privacy for the sake of curiosity. What you see are people who would be outraged if the government violated their right to privacy, and they are out flagrantly violating somebody else's right to privacy because they are curious. That's hypocrisy at its core."

OK, but what should hackers do if they want to report something? Replies Bowling, "I would prepare a letter to the chief information officer of the company with a copy to the CEO of the company and the board of directors, advising them that this vulnerability exists and that it creates a number of possible risks that could result in lost of data, network reliability, customer confidentiality, etc, etc."

But hackers are wary. "If you call up a company and say, 'Hey, I was in your parking lot and I found this vulnerability in your wireless,' they may say 'thanks' and they may call the cops and prosecute you for breaching their security," says Yagibare. "They could try to associate any damage that's ever happened to you, or drag you into court, just as a deterrent. They can say, 'You forced an upgrade of our systems and it cost 200 man hours.' The court doesn't know how long it really took."

Sitting cross-legged on the tailgate of a truck in the parking lot of a business park, Xam discovers yet another open network. "Whoa," he says, "these people aren't just open, they're wide open. I don't even have to try and I'm in. Look."

He turns around his laptop, which is showing the raw HTML code for yahoo.com. He's on the Internet, through someone else's network. "Usually it takes at least a few minutes, like trying a locked door with all the keys on your key ring when you know one will work," he says. "But these people don't have any security measures enabled. I could basically do whatever I want right now and there's nothing they could do about it."

Matt Olson is a freelance writer in Madison, Wisconsin. This story originally appeared in Madison's alternative weekly, Isthmus.

And the Folks Behind the SouthPark Lawsuit Are ...

By Tara Servatius

Since it began, the folks behind the lawsuit that has threatened to halt hundreds of millions of dollars of investment in SouthPark mall have sought to remain anonymous, according to their lawyer. It has always been assumed that a small handful of SouthPark Coalition members, fed up with the city's rezoning process, was continuing to pump money into the battle to reverse a rezoning vote that will allow the mall to expand its square footage with specialty shops.

Now it looks like their lawyer, Ken Davies, had another reason for not revealing the identities of those funding his lawsuit against the city: They no longer exist.

Sources say Davies initially got small donations from anti-expansion forces for the lawsuit, but that these dried up long ago. After the unpaid expenses in the case ran over $15,000, Davies reportedly decided to continue fighting the case without pay. Our guess is that the reason is the publicity it brought to his one-man firm.

An appeal of a lower court ruling in the case was heard by the NC Court of Appeals in February. In it, Davies argued that the input of area residents played too small a part in the Charlotte City Council's unanimous decision to rezone part of the mall property to make way for the new development. The suit challenges the process the city uses to rezone property.

Davies did not return a phone call for comment. n

Tags


© 2024 Creative Loafing Charlotte

Switch to Desktop
Back To Top