[ISN] Often unguarded wireless networks can be eavesdroppers' gold mine It is easy to make a wireless network secure.

From: InfoSec News (isnat_private)
Date: Sat Apr 28 2001 - 02:25:03 PDT

  • Next message: security curmudgeon: "[ISN] IMPORTANT MESSAGE FROM EGGHEAD.COM CEO (fwd)"

    Forwarded by: cripto <criptoat_private>
    By Lee Gomes
    The Wall Street Journal
    April 27, 2001
    It is a Friday afternoon, and Peter Shipley and Matt Peterson are
    sitting in a late-model Saturn in a Silicon Valley parking lot,
    balancing notebook computers on their laps, checking out e-mail and
    looking after files.
    NOT THEIR OWN e-mail and files, but those of Sun Microsystems Inc., in
    whose lot the two are sitting and on whose corporate network they are,
    in effect, spying.
    "Look, there's someone transferring a file," says Mr. Peterson,
    looking down at his computer. Mr. Shipley sees even more: "There --
    someone just turned on an NT machine and is getting mail."
    Despite outward appearances, Messrs. Shipley and Peterson aren't
    malevolent hackers. To the contrary, their aim is utterly benign: to
    expose one of the newest and potentially most dangerous security holes
    in U.S. business, in the form of wireless computer networks.
    These are the increasingly popular systems that connect computers in
    offices or homes to other computers, or to printers, by using radio
    signals, much as cellphones do. These networks are remarkably
    convenient; they not only dispense with cables but also allow someone
    to roam around an office with a laptop computer while staying
    connected to the Internet.
    While wireless technology isn't new, prices have dropped dramatically
    in the last year or so; a small netwrok can be setup for a few hundred
    dollars. And so usage has taken off: About 6.2 million wireless
    devices will be shipped world-wide this year, according to market
    researcher Cahners In-Sat, and double that in two years.
    The problem is that many companies appear to be setting up these
    networks forgetting about the fact that -- unless special steps are
    taken -- anyone can detect what is being said on them, even strangers
    just sitting out in the parking lot.
    Which is precisely the point of the demonstration by Messrs. Shipley
    and Peterson. In the course of a recent 90-minute drive around a small
    stretch of Silicon Valley, using mostly standard personal-computer
    equipment, the two men found mroe than 40 corporate networks where
    basic security steps did not appear to have been taken. The men say
    they have spotted hundreds more on other trips and can find 10 or more
    on a single block in downtown San Francisco.
    Security specialists aren't suprised. One estimates that a majority of
    the wireless networks in operation today have no security whatsoever.
    That means anyone in the neighborhood can likely read the network's
    e-mail and files, says Mr. Shipley, and, worse yet, probably be able
    to gain access to corporate passwords, log on to servers, take over a
    Web site -- or shut the network down entirely.
    "Wireless security today is worse than cellular security was years
    ago," says Alan Paller, of the System Administration, Networking and
    Security Institute, a computer-security outfit that has just scheduled
    its first seminar on security issues posed by corporate wireless
    It's easy to make a wireless network secure; the "virtual private
    network" software, or VPN, commonly used over the Internet will keep a
    wireless network hidden from prying eyes. But the software is often
    never turned on. John Drewry, a senior director of business
    development at 3Com Corp., says many wireless users are so enamored of
    the conveinence of their devices that "security is often an
    afterthought. A lot of education needs to happen."
    And education is something Messrs. Shipley and Petersen believe in.
    Mr. Shipley, 35 years old, is a security consultant who is well known
    in "white hat" hacker circles; Mr. Petersen, 19, is a wireless buff
    who wants the technology to be used with appropriate security. The men
    have been driving around the San Francisco Bay Area logging the
    entworks they find as part of a research undertaking. "People don't
    believe they have a problem until you prove it to them," Mr. Shipley
    When they find an unprotected network, the men only look at the
    technical data the network is passing around, and not the actual
    contents of teh files or teh e-mails being transmitted. While any
    number of computer programs that circulate widely in the hacker
    community could actually read the messages and files, doing so is a
    felony. Already, there are reports of sealed court suits in Silicon
    Valley involving wireless theft of trade secrets.
    One of the men's research outings begins in a Sunnyvale parking lot,
    where they set up their gear. While Mr. Peterson favors a big plastic
    "boom" antenna, Mr. Shipley relies on a much smaller one, the sort
    used in everyday offices.
    Two seconds after driving off, they get their first hit. A network
    called "tutsys" appears on the men's computer screen; a building
    belonging to computer-network supplier Tut Systems Inc. is located
    across the street. "Wow, we are already seeing stuff," says Mr.
    Peterson. (A Tut spokeswoman said later that network was used by
    engineers, and that it would quickly be making it more secure.)
    Every block or so, another network name pops up on the two men's
    computers, which are running special monitoring software. But because
    all wireless networks operate on the same frequency and with the same
    equipment, anyone with a Windows notebook and a $100 wireless
    networking card could do much the same thing. The two men see more
    than 40 networks in all, usually without stopping the car. One network
    is spotted while the men are taking a freeway off ramp. Most of the
    networks appear to be completely insecure.
    On one network, Mr. Peterson notices that a printer is broadcasting
    its availability, something network printers do whenever they are
    turned on. He notes that had he wanted to, he could have sent the
    printer something to print out from hsi laptop comptuter, even while
    driving by.
    Mr. Shipley says that when he misses a network on a quick drive-by of
    a company, he often finds one later prowling around the back sides of
    its parking lot. He says these "rouge networks," are often set up by a
    few employees without the knowledge of a company's computer
    department, typically to connect a fwe computers to a printer. But
    even the smallest network can be deadly, he says, since they give a
    hacker a way to bypass the sturdiest corporate firewall.
    At Sun Microsystems, a network is detected right in front of the
    building. There is a lot of traffic, most of it coming from PCs
    running Microsoft Corp.'s Windows. "Wow, we're really drinking from
    the fire hose," Mr. Shipley says.
    (A Sun spokeswoman said later that any network heard that day was part
    of a Sun test, though she didn't know what was being tested, and added
    that the network was no longer operational. Mr. Shipley was skeptical,
    saying that it appeared to ahve made much of Sun's larger corporate
    network vulnerable in the process.)
    A mile or so away from Sun, the men find a small network at a building
    belonging to Nortel Networks Corp., which, among other things, sells
    VPN software. They can spot the network from the street; when they
    pull into the Nortel parking lot, Mr. Petersen was able to sit in the
    car and surf the Web, courtesy of Nortel's network (Nortel wouldn't
    Messrs. Shipley and Peterson say it isn't necessary to be close to a
    network to listen in. For a coming project, they plan to head for the
    hills above San Francisco, where they will use a special amplifier to
    pick up networks in downtown office buildings, many miles away. Says
    Mr. Peterson: "That ought to really scare people."
    ISN is hosted by SecurityFocus.com
    To unsubscribe email LISTSERVat_private with a message body of

    This archive was generated by hypermail 2b30 : Sat Apr 28 2001 - 02:34:12 PDT