OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[ISN] Unsecured networks open door for hackers, spies

From: InfoSec News (alertsinfosecnews.org)
Date: Thu Jan 04 2007 - 01:33:41 CST

http://www.af.mil/news/story.asp?id=123035765

By Airman 1st Class Andrew Dumboski
99th Air Base Wing Public Affairs
1/3/2007

NELLIS AIR FORCE BASE, Nev. (AFPN) -- With wireless technology,
consumers can easily network their computers within their household and
access the Internet through any of their computers.

Consumers can sit in a lawn chair on their back porch and catch up on
their e-mail and news, even do some online banking. But with this
newfound convenience lies a new danger.

"Any information that travels over a wireless network can be accessed by
anyone on that network," said Steve Carlson, 99th Communications
Squadron wireless security manager. "Even if you're accessing a secure
Web site, your information is only secure between the Internet and your
wireless router. Everything traveling between that wireless router and
your laptop is visible."

A quick drive through base housing, with a laptop searching for wireless
networks revealed many unsecure networks.

Part of Mr. Carlson's job is to test wireless networks on base to ensure
none of the residential networks are infringing on any of the government
ones. He estimates more than half of the networks he has found are not
secure.

"Having a wireless network without any form of security is equivalent to
allowing a complete stranger to look over your shoulder while you work
on your computer," said Special Agent Randy Bond, of the Air Force
Office of Special Investigations. "Someone could drive by your house,
monitor your wireless signals, and collect all kinds of information
about you."

This could lead to identity theft or worse. Depending on how the
computer is configured, a hacker with a moderate amount of knowledge
could log on to someone's network and have complete access to the
victim's files. The hacker could install keystroke loggers and viruses
with just a few clicks of a mouse.

"As military members, we have access to sensitive information; other
people are aware of that. (Operational security) isn't just for use on
the job; we must make it a practice in our personal lives too," Agent
Bond said.

"People who use their personal computers to access their Web-based
government e-mail are a perfect example," he said. "If you're accessing
that e-mail through an unsecure wireless connection, anyone could
connect to that network, and, with the right software, monitor every one
of your keystrokes. They could have your logon (information) and even
password information and you would never know it."

Adding to that danger, people who live near the outer wall of the base
risk their network being accessed by someone off base.

>From the visitor's center parking lot, use of a standard laptop recently
found three wireless networks visible, two of which were unsecure. The
secure network was from a business on the other side of Las Vegas
Boulevard. Both of the unsecure networks were broadcasting from Nellis
AFB.

"From time to time, I turn on my laptop and test to see how many
unsecure networks are visible while I'm on my way to work," Mr. Carlson
said. "Between Nellis' main gate and the intersection of Martin Luther
King Boulevard, I've counted about 270 wireless networks. More than half
had no security turned on at all."

Unsecure networks on military installations present a big operational
security risk, Agent Bond said.

However, people driving around with a laptop searching for unsecure
networks are not always trying to steal personal information. Often
they're just looking for access to the Internet, Agent Bond said.

"It's called 'wardriving,'" he said. "Someone drives around looking for
an open network, logs on and surfs the Internet. To your Internet
service provider, they appear to be you."

Victims of wardriving have no idea it's happening. The person can sit in
a car outside, surf the net or hack a computer, and drive away. They
could also steal personal information from the victim, drive to another
open network and use the first victim's identity. Any attempt to trace
the identity theft would lead to the second victim.

Store-bought routers usually come with some form of protection.

"If you don't know how to set up wireless security on your router, the
owner's manual usually explains it well. You can also get information on
the Internet," Agent Bond said.

As technology becomes more accessible and cheaper, unscrupulous people
also advance in their ability to use that technology for their own
agendas.

"It's important for people to take measures to protect themselves from
being victimized," Agent Bond said.

_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn