Forwarded by: cripto <cripto@subterfuge.fireriver.com>
http://www.msnbc.com/news/565275.asp?cp1=1#BODY
By Lee Gomes
The Wall Street Journal
April 27, 2001
It is a Friday afternoon, and Peter Shipley and Matt Peterson are
sitting in a late-model Saturn in a Silicon Valley parking lot,
balancing notebook computers on their laps, checking out e-mail and
looking after files.
NOT THEIR OWN e-mail and files, but those of Sun Microsystems Inc., in
whose lot the two are sitting and on whose corporate network they are,
in effect, spying.
"Look, there's someone transferring a file," says Mr. Peterson,
looking down at his computer. Mr. Shipley sees even more: "There --
someone just turned on an NT machine and is getting mail."
Despite outward appearances, Messrs. Shipley and Peterson aren't
malevolent hackers. To the contrary, their aim is utterly benign: to
expose one of the newest and potentially most dangerous security holes
in U.S. business, in the form of wireless computer networks.
These are the increasingly popular systems that connect computers in
offices or homes to other computers, or to printers, by using radio
signals, much as cellphones do. These networks are remarkably
convenient; they not only dispense with cables but also allow someone
to roam around an office with a laptop computer while staying
connected to the Internet.
While wireless technology isn't new, prices have dropped dramatically
in the last year or so; a small netwrok can be setup for a few hundred
dollars. And so usage has taken off: About 6.2 million wireless
devices will be shipped world-wide this year, according to market
researcher Cahners In-Sat, and double that in two years.
The problem is that many companies appear to be setting up these
networks forgetting about the fact that -- unless special steps are
taken -- anyone can detect what is being said on them, even strangers
just sitting out in the parking lot.
Which is precisely the point of the demonstration by Messrs. Shipley
and Peterson. In the course of a recent 90-minute drive around a small
stretch of Silicon Valley, using mostly standard personal-computer
equipment, the two men found mroe than 40 corporate networks where
basic security steps did not appear to have been taken. The men say
they have spotted hundreds more on other trips and can find 10 or more
on a single block in downtown San Francisco.
Security specialists aren't suprised. One estimates that a majority of
the wireless networks in operation today have no security whatsoever.
That means anyone in the neighborhood can likely read the network's
e-mail and files, says Mr. Shipley, and, worse yet, probably be able
to gain access to corporate passwords, log on to servers, take over a
Web site -- or shut the network down entirely.
"Wireless security today is worse than cellular security was years
ago," says Alan Paller, of the System Administration, Networking and
Security Institute, a computer-security outfit that has just scheduled
its first seminar on security issues posed by corporate wireless
networks.
It's easy to make a wireless network secure; the "virtual private
network" software, or VPN, commonly used over the Internet will keep a
wireless network hidden from prying eyes. But the software is often
never turned on. John Drewry, a senior director of business
development at 3Com Corp., says many wireless users are so enamored of
the conveinence of their devices that "security is often an
afterthought. A lot of education needs to happen."
And education is something Messrs. Shipley and Petersen believe in.
Mr. Shipley, 35 years old, is a security consultant who is well known
in "white hat" hacker circles; Mr. Petersen, 19, is a wireless buff
who wants the technology to be used with appropriate security. The men
have been driving around the San Francisco Bay Area logging the
entworks they find as part of a research undertaking. "People don't
believe they have a problem until you prove it to them," Mr. Shipley
says.
When they find an unprotected network, the men only look at the
technical data the network is passing around, and not the actual
contents of teh files or teh e-mails being transmitted. While any
number of computer programs that circulate widely in the hacker
community could actually read the messages and files, doing so is a
felony. Already, there are reports of sealed court suits in Silicon
Valley involving wireless theft of trade secrets.
One of the men's research outings begins in a Sunnyvale parking lot,
where they set up their gear. While Mr. Peterson favors a big plastic
"boom" antenna, Mr. Shipley relies on a much smaller one, the sort
used in everyday offices.
Two seconds after driving off, they get their first hit. A network
called "tutsys" appears on the men's computer screen; a building
belonging to computer-network supplier Tut Systems Inc. is located
across the street. "Wow, we are already seeing stuff," says Mr.
Peterson. (A Tut spokeswoman said later that network was used by
engineers, and that it would quickly be making it more secure.)
Every block or so, another network name pops up on the two men's
computers, which are running special monitoring software. But because
all wireless networks operate on the same frequency and with the same
equipment, anyone with a Windows notebook and a $100 wireless
networking card could do much the same thing. The two men see more
than 40 networks in all, usually without stopping the car. One network
is spotted while the men are taking a freeway off ramp. Most of the
networks appear to be completely insecure.
On one network, Mr. Peterson notices that a printer is broadcasting
its availability, something network printers do whenever they are
turned on. He notes that had he wanted to, he could have sent the
printer something to print out from hsi laptop comptuter, even while
driving by.
Mr. Shipley says that when he misses a network on a quick drive-by of
a company, he often finds one later prowling around the back sides of
its parking lot. He says these "rouge networks," are often set up by a
few employees without the knowledge of a company's computer
department, typically to connect a fwe computers to a printer. But
even the smallest network can be deadly, he says, since they give a
hacker a way to bypass the sturdiest corporate firewall.
At Sun Microsystems, a network is detected right in front of the
building. There is a lot of traffic, most of it coming from PCs
running Microsoft Corp.'s Windows. "Wow, we're really drinking from
the fire hose," Mr. Shipley says.
(A Sun spokeswoman said later that any network heard that day was part
of a Sun test, though she didn't know what was being tested, and added
that the network was no longer operational. Mr. Shipley was skeptical,
saying that it appeared to ahve made much of Sun's larger corporate
network vulnerable in the process.)
A mile or so away from Sun, the men find a small network at a building
belonging to Nortel Networks Corp., which, among other things, sells
VPN software. They can spot the network from the street; when they
pull into the Nortel parking lot, Mr. Petersen was able to sit in the
car and surf the Web, courtesy of Nortel's network (Nortel wouldn't
comment.)
Messrs. Shipley and Peterson say it isn't necessary to be close to a
network to listen in. For a coming project, they plan to head for the
hills above San Francisco, where they will use a special amplifier to
pick up networks in downtown office buildings, many miles away. Says
Mr. Peterson: "That ought to really scare people."
EOF
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Sat Apr 28 04:36 CDT 2001