[ISN] Unsecured networks open door for hackers, spies

From: InfoSec News (alerts@private)
Date: Wed Jan 03 2007 - 23:33:41 PST


By Airman 1st Class Andrew Dumboski
99th Air Base Wing Public Affairs

NELLIS AIR FORCE BASE, Nev. (AFPN) -- With wireless technology, 
consumers can easily network their computers within their household and 
access the Internet through any of their computers.

Consumers can sit in a lawn chair on their back porch and catch up on 
their e-mail and news, even do some online banking. But with this 
newfound convenience lies a new danger.

"Any information that travels over a wireless network can be accessed by 
anyone on that network," said Steve Carlson, 99th Communications 
Squadron wireless security manager. "Even if you're accessing a secure 
Web site, your information is only secure between the Internet and your 
wireless router. Everything traveling between that wireless router and 
your laptop is visible."

A quick drive through base housing, with a laptop searching for wireless 
networks revealed many unsecure networks.

Part of Mr. Carlson's job is to test wireless networks on base to ensure 
none of the residential networks are infringing on any of the government 
ones. He estimates more than half of the networks he has found are not 

"Having a wireless network without any form of security is equivalent to 
allowing a complete stranger to look over your shoulder while you work 
on your computer," said Special Agent Randy Bond, of the Air Force 
Office of Special Investigations. "Someone could drive by your house, 
monitor your wireless signals, and collect all kinds of information 
about you."

This could lead to identity theft or worse. Depending on how the 
computer is configured, a hacker with a moderate amount of knowledge 
could log on to someone's network and have complete access to the 
victim's files. The hacker could install keystroke loggers and viruses 
with just a few clicks of a mouse.

"As military members, we have access to sensitive information; other 
people are aware of that. (Operational security) isn't just for use on 
the job; we must make it a practice in our personal lives too," Agent 
Bond said.

"People who use their personal computers to access their Web-based 
government e-mail are a perfect example," he said. "If you're accessing 
that e-mail through an unsecure wireless connection, anyone could 
connect to that network, and, with the right software, monitor every one 
of your keystrokes. They could have your logon (information) and even 
password information and you would never know it."

Adding to that danger, people who live near the outer wall of the base 
risk their network being accessed by someone off base.

>From the visitor's center parking lot, use of a standard laptop recently 
found three wireless networks visible, two of which were unsecure. The 
secure network was from a business on the other side of Las Vegas 
Boulevard. Both of the unsecure networks were broadcasting from Nellis 

"From time to time, I turn on my laptop and test to see how many 
unsecure networks are visible while I'm on my way to work," Mr. Carlson 
said. "Between Nellis' main gate and the intersection of Martin Luther 
King Boulevard, I've counted about 270 wireless networks. More than half 
had no security turned on at all."

Unsecure networks on military installations present a big operational 
security risk, Agent Bond said.

However, people driving around with a laptop searching for unsecure 
networks are not always trying to steal personal information. Often 
they're just looking for access to the Internet, Agent Bond said.

"It's called 'wardriving,'" he said. "Someone drives around looking for 
an open network, logs on and surfs the Internet. To your Internet 
service provider, they appear to be you."

Victims of wardriving have no idea it's happening. The person can sit in 
a car outside, surf the net or hack a computer, and drive away. They 
could also steal personal information from the victim, drive to another 
open network and use the first victim's identity. Any attempt to trace 
the identity theft would lead to the second victim.

Store-bought routers usually come with some form of protection.

"If you don't know how to set up wireless security on your router, the 
owner's manual usually explains it well. You can also get information on 
the Internet," Agent Bond said.

As technology becomes more accessible and cheaper, unscrupulous people 
also advance in their ability to use that technology for their own 

"It's important for people to take measures to protect themselves from 
being victimized," Agent Bond said.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Wed Jan 03 2007 - 23:50:51 PST