Wireless networks are targets for the mobile hacker

As a former police officer, Paul Klahn knows an unlocked door is as good as a welcome mat to people with trouble in mind.

Riding shotgun around the city next to partner Gene Abramov this past month, Klahn has found a number of essentially open doors in area computer networks. Armed with an antenna and laptop computer, the two FishNet Security Inc. employees have been on the lookout for wireless local-area networks susceptible to hackers seeking free Internet access or a whole lot more.

"Basically," Abramov said, "you could hack a company's system right from its parking lot."

Known as LAN jacking, stumbling, netstumbling, wireless auditing and drive-by airporting, Abramov said this type of hacking is made possible by a standard called "Wi-Fi" (wireless fidelity), also known as 802.11b. Wi-Fi networks are being used in homes and businesses because they're relatively inexpensive to install and transmit information at high speeds.

Because these wireless local-area networks (WLANs) broadcast data hundreds of feet from the point of origin and through walls, it is easy for a hacker down the street to intercept the signals without being noticed.

Despite the risks, network security experts said WLAN installation is on the rise. In 1999, 1.4 million WLAN devices were shipped worldwide, according to a report by Allied Business Intelligence. In 2000, 4.9 million WLAN devices were being used, and the number could go as high as 55.9 million by 2006.

Abramov said WLANs already are in heavy rotation at big businesses in Kansas City. This is mainly because networking groups in the office are trying to become more productive without considering the security ramifications.

Ken Dulaney, vice president of mobile computing in Gartner Inc.'s San Jose, Calif., office, said there also is a movement under way to encourage home computer users to install wireless networks so that they can access the Internet from any room. The problem, Dulaney said, is that it is so easy to install one of the wireless devices to a corporate computer that many companies have employees using WLANs and don't know it.

"If you are a home worker who signs on to your company's intranet and leaves the security off and the portal open, then there is the potential that someone can go in from the outside," Dulaney said.

Abramov said the threat from employees installing unauthorized wireless networks is amplified by the ease with which it can be done.

"These things can be running without anyone knowing it because employees can plug the device in so easily," Abramov said. "A company can have a secure network, throw up a wireless piece like this, and it's like opening a back door up and asking hackers to come in and steal all your private company information."

Supervisory Special Agent Scott Williams of the FBI Computer Crime Squad in Kansas City said his team is watching for problems with wireless networks.

"We haven't seen much of that particular problem at this time," Williams said. "But we expect it to grow, especially as the use of wireless systems in criminal activity is growing."

Klahn said the chances of catching LAN jackers are low at present because the hackers aren't physically connected to networks, so they leave less of a fingerprint.

Abramov said security measures are available, but they are weak, and most are not in use.

The Wired Equivalent Privacy (WEP), an encryption mechanism for 802.11b, has proved easy to crack. A hacker can scan for a network and break in using a laptop computer and software downloaded from the Internet.

WEP does work, Klahn said, but only if it is turned on.

"Most people just don't take the precautions necessary to secure these networks," Klahn said. "For hackers at this point, it is like the frontier days when Internet just hit and had no firewalls."

Although driving around looking for susceptible networks may raise questions, Klahn and Abramov defend the ethics of their search.

"If you are scanning networks and looking for vulnerabilities, that is not illegal," Klahn said. "But take it further and use those vulnerabilities to gain access to someone else's network, and that is illegal and unethical.

"That is why we drive down the road and look for open networks. We are not breaking in, just looking for open doors."

• Print
• Email

Reader Comments

• More News Headlines
• Popular News Stories