Thread: Unsecured networks open door for hackers, spies
View Single Post
  #1 (permalink)  
Old 01-04-2007, 05:21 AM
miso@sushi.com
Guest
  
Posts: n/a
Default Unsecured networks open door for hackers, spies
http://www.af.mil/news/story.asp?id=123035765

Unsecured networks open door for hackers, spies

by Airman 1st Class Andrew Dumboski
99th Air Base Wing Public Affairs

1/3/2007 - NELLIS AIR FORCE BASE, Nev. (AFPN) -- With wireless
technology, consumers can easily network their computers within their
household and access the Internet through any of their computers.

Consumers can sit in a lawn chair on their back porch and catch up on
their e-mail and news, even do some online banking. But with this
newfound convenience lies a new danger.

"Any information that travels over a wireless network can be accessed
by anyone on that network," said Steve Carlson, 99th Communications
Squadron wireless security manager. "Even if you're accessing a secure
Web site, your information is only secure between the Internet and your
wireless router. Everything traveling between that wireless router and
your laptop is visible."

A quick drive through base housing, with a laptop searching for
wireless networks revealed many unsecure networks.

Part of Mr. Carlson's job is to test wireless networks on base to
ensure none of the residential networks are infringing on any of the
government ones. He estimates more than half of the networks he has
found are not secure.

"Having a wireless network without any form of security is equivalent
to allowing a complete stranger to look over your shoulder while you
work on your computer," said Special Agent Randy Bond, of the Air Force
Office of Special Investigations. "Someone could drive by your house,
monitor your wireless signals, and collect all kinds of information
about you."

This could lead to identity theft or worse. Depending on how the
computer is configured, a hacker with a moderate amount of knowledge
could log on to someone's network and have complete access to the
victim's files. The hacker could install keystroke loggers and viruses
with just a few clicks of a mouse.

"As military members, we have access to sensitive information; other
people are aware of that. (Operational security) isn't just for use on
the job; we must make it a practice in our personal lives too," Agent
Bond said.

"People who use their personal computers to access their Web-based
government e-mail are a perfect example," he said. "If you're accessing
that e-mail through an unsecure wireless connection, anyone could
connect to that network, and, with the right software, monitor every
one of your keystrokes. They could have your logon (information) and
even password information and you would never know it."

Adding to that danger, people who live near the outer wall of the base
risk their network being accessed by someone off base.

>From the visitor's center parking lot, use of a standard laptop
recently found three wireless networks visible, two of which were
unsecure. The secure network was from a business on the other side of
Las Vegas Boulevard. Both of the unsecure networks were broadcasting
from Nellis AFB.

"From time to time, I turn on my laptop and test to see how many
unsecure networks are visible while I'm on my way to work," Mr. Carlson
said. "Between Nellis' main gate and the intersection of Martin Luther
King Boulevard, I've counted about 270 wireless networks. More than
half had no security turned on at all."

Unsecure networks on military installations present a big operational
security risk, Agent Bond said.

However, people driving around with a laptop searching for unsecure
networks are not always trying to steal personal information. Often
they're just looking for access to the Internet, Agent Bond said.

"It's called 'wardriving,'" he said. "Someone drives around looking for
an open network, logs on and surfs the Internet. To your Internet
service provider, they appear to be you."

Victims of wardriving have no idea it's happening. The person can sit
in a car outside, surf the net or hack a computer, and drive away. They
could also steal personal information from the victim, drive to another
open network and use the first victim's identity. Any attempt to trace
the identity theft would lead to the second victim.

Store-bought routers usually come with some form of protection.

"If you don't know how to set up wireless security on your router, the
owner's manual usually explains it well. You can also get information
on the Internet," Agent Bond said.

As technology becomes more accessible and cheaper, unscrupulous people
also advance in their ability to use that technology for their own
agendas.

"It's important for people to take measures to protect themselves from
being victimized," Agent Bond said.


Reply With Quote