[ISN] Government agencies plug leaks in wireless networks

From: InfoSec News (isnat_private)
Date: Fri Dec 27 2002 - 04:10:38 PST

  • Next message: InfoSec News: "[ISN] Time ran out for 2 pups on the loose in Fulton"

    The Asahi Shimbun 
    Since anyone with the software could pry, cable is back in style.
    The Meteorological Agency and the Tokyo metropolitan government
    stopped using wireless local area networks (LAN) last week after
    learning data was wide open to anyone with the will and the right
    Wireless LANs are increasingly popular because they can be introduced
    or expanded quite simply without cumbersome cables.
    But when Kazuo Tanabe, a computer consultant in Sabae, Fukui
    Prefecture, studied LAN emission risks around government office LANs
    in his own prefecture, then in Tokyo, he found that data transferred
    on wireless LANs could be intercepted and read by anyone using
    software freely available on the Web.
    Tanabe said he first assessed the risk of LAN signals radiating from
    the municipal buildings of Sabae and Fukui, then came to Tokyo last
    week to measure the risk around some central government office
    buildings, especially in the Kasumigaseki district.
    There he found that data stored in the Meteorological Agency's
    personal computers-even personnel records and minutes of meetings-was
    especially vulnerable.
    The risk was highest at the agency's department dealing with volcanic
    activity, which lacked proper firewalls such as data encryption and
    password-protected access.
    When The Asahi Shimbun inquired about data vulnerability, the agency
    found two of seven wireless LANs could be monitored from outside. A
    LAN management official there said the network was shut down
    immediately, departments were informed and all computers on wireless
    LANs were switched to cable.
    At the Tokyo metropolitan government offices, several bureaus,
    including construction and environmental protection, did not encrypt
    the data moving over their LANs.
    At the office that administers public hospitals, most of the 80 PCs
    used by supervisors could be read from outside. Data exposed to prying
    eyes included payment to doctors and patient records.
    An official said network personnel were not well informed about
    security, but said all the wireless LANs were swapped for cable over
    the weekend.
    During his experimental foray at the Ministry of Economy, Trade and
    Industry, Tanabe said he found pirate versions of movies, including
    ``Harry Potter,'' TV dramas and video clips of entertainment
    personalities, which an official later said were for personal use.
    Encryption had not been used in some LANs at the Foreign Ministry or
    the Ministry of Agriculture, Forestry and Fisheries until September,
    when data vulnerability was pointed out.
    ``Use of wireless LANs is inappropriate for government agencies that
    handle personal information,'' Tanabe said. ``One hole in the network
    lets hackers in. Data can easily be stolen or altered. Or the opening
    can be used to spread viruses or other misdeeds.''
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 09:54:12 PST