http://www.sundaymirror.co.uk/homepage/news/page.cfm?objectid=12125585&method=sm_full Tuesday, 27th Aug 2002 TOP-secret files can be downloaded from the Prime Minister's computers in Downing Street. The alarming security breach was exposed after our investigators were shown how to log on to the private network used by the Cabinet Office and MPs. We discovered that it takes just minutes to infiltrate highly-sensitive information - and all you need is a laptop computer and a £70 gadget available on the high street. Big businesses, banks and city institutions are also at risk from hackers who are breaking the law by reading classified emails, files and internal memos flowing between computers. Now security experts fear the techniques could be used by terrorists to wage electronic warfare on the Government as the world braces itself for the first anniversary of the September 11 attacks on the World Trade Center. The "drive-by" hacking phenomenon has also been dubbed "warchalking" because hackers who have succeeded in breaking in mark buildings with a tell-tale chalk sign to invite further attacks. Sunday Mirror investigators were shown how to access the system used by MPs at their new £234million offices at Portcullis House, while parked at traffic lights 50 yards away. Using a laptop computer in the shadow of Big Ben, we identified 26 parcels of confidential computer information. The secret identity code of the Government network - which the Sunday Mirror will not reveal for security reasons - flashed up on the screen in a small box with a connection confirmation signal. The data box timed the session as lasting 11 minutes and 48 seconds but the connection was not detected. The Sunday Mirror has learned that several big banks have hidden copies of sensitive files at secret websites to counter this threat. Hackers use a gadget, called a WiFi (Wireless Fidelity) card, which enables them to tap into the latest generation of computers that use wireless technology. These computers send data to other machines in the same building using radio waves instead of traditional cables. But many transmissions "leak" from the buildings onto the street, where they can be identified and picked up. The Sunday Mirror commissioned Britain's top wireless security expert Phil Cracknell to test the Government's security. He used a £2500 handheld Compaq computer, modified to scan radiowaves, to measure the strength of leaks from Whitehall buildings. The screen displays the strength of the signals in a similar way to the signal bars on a mobile phone. As we cruised down Whitehall the scanner picked up full-strength signals at four points - directly outside the iron gates at Number 10 Downing Street, at Portcullis House, at the Department of Environment, Food and Rural Affairs, and near the Houses of Parliament. These areas are called access points - places where the signal is strong enough to allow connection to a network - and flash green on the scanner. Once the access point was identified it was relatively easy to log-on to the Government network. To prove how simple the process was we asked an 11-year-old boy to repeat it - he did. Our reporters were then able to monitor the flow of electronic data around Portcullis House. For example, every time an email was sent it registered on a box on our laptop screen. It clicked up 26 times in the time it took to turn the corner of the building in a car. To take the experiment to the next level and open the emails and files and read their contents, all we would have needed was a a specially-designed programme called Airsnort, freely available on the internet and simple to use. Cracknell estimated that this would take between one and two hours - but it is illegal under the Telecommunications Act and possibly the Official Secrets Act. Cracknell surveyed other parts of London and identified vulnerable networks - including banks, media organisations, national transport companies and multi-national businesses. He warned: "It is astonishing to find four access points to the Government's network in just a short drive down Whitehall. One was directly outside the gates at Number 10. "I've no doubt hackers will have infiltrated this system already. It's only a matter of time before terrorists do." Phil Cracknell is a computer security consultant for an official regulatory body and the banking, electronics, legal and media industries. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Aug 28 2002 - 05:10:39 PDT