Published June 2002

Keep cruising hackers out
of your wireless network

By Tom Schreier
Computer Q&A

Armed with my trusty laptop and a new wireless network card, I decided to try my hand at the latest rage in the hacker community. Using easy-to-download software, I tossed my laptop on the front seat and began a leisurely drive through Everett.

I barely made it out of the parking lot when my little laptop started reporting all of these strange wireless network points. Within a short time, I was amazed at finding over 30 networks in the local downtown area. I started to go through the list and my amazement turned to horror when I noticed that over half of the networks were not using any form of encryption. Nor did they want a password or user credentials to become part of their “private” network.

Welcome to the sport of war driving. Just like hackers in the ’70s and ’80s dialing every possible phone number looking for network access points, the new breed of hacker is driving around with network sniffers stumbling across unprotected networks.

Luckily, someone at a major chain store found out from some security discussion groups that the store’s networked cash registers were broadcasting in the clear. For at least a month, this company was broadcasting credit card numbers and sales information to anyone who wanted to sit in the store’s parking lot with sniffing devices. This company has fixed the problem, but many more are unaware of the dangers.

Wireless networks do offer some forms of protection, but as seen in my informal survey, many companies are not employing the security features offered. Of the networks I stumbled across, less than half were using the basic 40-bit WEP encryption. Even the cheapest of wireless access points offer this level, but it is not enabled by default. WEP is not the most secure form of wireless encryption, but it’s a start.

Added to this lack of encryption was the fact that most of the unprotected networks didn’t even require a user name and password to access their “private” networks.

So what could a hacker do with this free access point?

The best-case scenario would be that they only use the access point for free Internet access. They would be restricted by any firewall that should be in place, so the harm might be minimal. I, however, would not want to be on the receiving end when you get a phone call from the Secret Service wanting to know why someone in your network is sending porn to the president — or worse.

The worst-case scenario would be that the hacker uses this network to launch an internal attack on your servers. You could have the greatest security policy protecting your system from outside invaders, but it wouldn’t do a bit of good, since this hacker is already inside. Just as if you had put a network connection in the local coffee shop — one quick scan of your network and the hacker is free to poke around.

What can you do? Well, first off, install a copy of Netstumbler (www.netstumbler.com) and find all of the access points within your domain. It will do no good to find most, since all it takes is one rouge device and you’re at risk.

Now, with list in hand, make sure each device is requiring a login and that at least WEP is enabled. Change all passwords for administrative functions. Check all equipment for patch updates; download and apply them as needed. Check access logs on all servers and access points to get a baseline of use. Watch for any abnormal usage from that point on.

Stay diligent. Just because it took two minutes to set up, don’t leave it running unchecked. Make sure you stay on top of any security issues — for your hardware and software. And remember, yesterday’s protected network is today’s free ride.

Tom Schreier is the Webmaster and Network Security Analyst for The Herald. He can be reached by sending e-mail to schreier@heraldnet.com.

Back to the top/June 2002 Main Menu