[ISN] Our raid on Downing St.

From: InfoSec News (isnat_private)
Date: Wed Aug 28 2002 - 02:08:15 PDT

  • Next message: InfoSec News: "[ISN] Electronic Data Discovery Primer"

    http://www.sundaymirror.co.uk/homepage/news/page.cfm?objectid=12125585&method=sm_full
    
    Tuesday, 27th Aug 2002  
    
    TOP-secret files can be downloaded from the Prime Minister's computers
    in Downing Street.
    
    The alarming security breach was exposed after our investigators were
    shown how to log on to the private network used by the Cabinet Office
    and MPs.
    
    We discovered that it takes just minutes to infiltrate
    highly-sensitive information - and all you need is a laptop computer
    and a £70 gadget available on the high street.
    
    Big businesses, banks and city institutions are also at risk from
    hackers who are breaking the law by reading classified emails, files
    and internal memos flowing between computers.
    
    Now security experts fear the techniques could be used by terrorists
    to wage electronic warfare on the Government as the world braces
    itself for the first anniversary of the September 11 attacks on the
    World Trade Center.
    
    The "drive-by" hacking phenomenon has also been dubbed "warchalking"  
    because hackers who have succeeded in breaking in mark buildings with
    a tell-tale chalk sign to invite further attacks.
    
    Sunday Mirror investigators were shown how to access the system used
    by MPs at their new £234million offices at Portcullis House, while
    parked at traffic lights 50 yards away.
    
    Using a laptop computer in the shadow of Big Ben, we identified 26
    parcels of confidential computer information. The secret identity code
    of the Government network - which the Sunday Mirror will not reveal
    for security reasons - flashed up on the screen in a small box with a
    connection confirmation signal.
    
    The data box timed the session as lasting 11 minutes and 48 seconds
    but the connection was not detected.
    
    The Sunday Mirror has learned that several big banks have hidden
    copies of sensitive files at secret websites to counter this threat.
    
    Hackers use a gadget, called a WiFi (Wireless Fidelity) card, which
    enables them to tap into the latest generation of computers that use
    wireless technology. These computers send data to other machines in
    the same building using radio waves instead of traditional cables.
    
    But many transmissions "leak" from the buildings onto the street,
    where they can be identified and picked up.
    
    The Sunday Mirror commissioned Britain's top wireless security expert
    Phil Cracknell to test the Government's security. He used a £2500
    handheld Compaq computer, modified to scan radiowaves, to measure the
    strength of leaks from Whitehall buildings.
    
    The screen displays the strength of the signals in a similar way to
    the signal bars on a mobile phone. As we cruised down Whitehall the
    scanner picked up full-strength signals at four points - directly
    outside the iron gates at Number 10 Downing Street, at Portcullis
    House, at the Department of Environment, Food and Rural Affairs, and
    near the Houses of Parliament. These areas are called access points -
    places where the signal is strong enough to allow connection to a
    network - and flash green on the scanner.
    
    Once the access point was identified it was relatively easy to log-on
    to the Government network. To prove how simple the process was we
    asked an 11-year-old boy to repeat it - he did. Our reporters were
    then able to monitor the flow of electronic data around Portcullis
    House. For example, every time an email was sent it registered on a
    box on our laptop screen. It clicked up 26 times in the time it took
    to turn the corner of the building in a car.
    
    To take the experiment to the next level and open the emails and files
    and read their contents, all we would have needed was a a
    specially-designed programme called Airsnort, freely available on the
    internet and simple to use.
    
    Cracknell estimated that this would take between one and two hours -
    but it is illegal under the Telecommunications Act and possibly the
    Official Secrets Act.
    
    Cracknell surveyed other parts of London and identified vulnerable
    networks - including banks, media organisations, national transport
    companies and multi-national businesses. He warned: "It is astonishing
    to find four access points to the Government's network in just a short
    drive down Whitehall. One was directly outside the gates at Number 10.
    
    "I've no doubt hackers will have infiltrated this system already. It's
    only a matter of time before terrorists do."
    
    Phil Cracknell is a computer security consultant for an official
    regulatory body and the banking, electronics, legal and media
    industries.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Aug 28 2002 - 05:10:39 PDT