AOH :: ISNQ3310.HTM

Watch your wireless




Watch your wireless
Watch your wireless



http://www.lvbusinesspress.com/articles/2006/12/07/news/iq_11044250.txt 

By Matt Ward
December 07, 2006

They have quirky names, such as AirSnort, Aircrack, CoWPAtty and 
THC-LEAPcracker. They are the implements of 21st century burglary.

Widely available online -- tutorials sometimes included -- these are a 
few of the latest tools hackers are using to pilfer information from 
supposedly secure wireless networks. Experts in the field agree it no 
longer takes much interest in computers, or much skill, to penetrate all 
manner of networks, from the typical user's home connection to those 
used by small businesses and local governments. Whole communities exist 
online for the purpose of sharing tips and techniques for breaking into 
wireless networks -- www.churchofwifi.org, www.netstumbler.com and 
www.kismet wireless.net to name a few. 

Many wireless users are already familiar with the ease with which they 
can tap into someone else's network connection simply by being at the 
right spot at the right time. Similarly, it is easy for hackers to 
target those openings. The same technology allows coffee shops and 
bookstores to offer WiFi hotspots.

Computer manufacturers counter with a wide variety of security products. 
However, as one expert pointed out at the Global Gaming Expo last month, 
there is disagreement even among IT professionals over whether any of 
the standard security protocols go far enough.

"It's not like the incompatibilities are running rampant. But there are 
incompatibilities that are rather serious," said Joe Tomasone, a senior 
network-security engineer with Florida-based Fortress Technologies. 
Fortress builds military-grade secured networks for the Department of 
Defense.

Tomasone says many hackers access a wireless user's computer by sitting 
out in the parking lot of a business or the street near a home. 
Employing tools available online, it usually takes as little as 10 
minutes to start collecting sensitive data or to start downloading 
illicit material using an innocent person's IP address. Some hackers 
even build their own antennas, hoping to tap into larger streams of 
wireless networks, some as far as 100 miles away.


CASINOS THREATENED

With wireless gambling coming into play in Nevada, issues surrounding 
network security could become much more acute. "Wireless is a very 
promiscuous technology. It's designed to talk to anything," Tomasone 
said. "Convenience and security usually have an inverse relationship."

Casino operators and gaming regulators, he explained, will need to pay 
close attention to security issues surrounding wireless gaming devices. 
If securing such products isn't constantly monitored, he said, casinos 
may see network penetrations that wreak havoc on their system: theft of 
customers' personal information, compromised casino-security procedures, 
manipulation of the gaming devices themselves ... all done remotely and, 
most likely, without a trace.

"Mobile devices are transient and hard to track. That's why networks are 
easily breached," Tomasone said.

Users can't count on state and federal officials to protect them from 
Internet crimes like identity theft and corporate espionage, because 
most law enforcement computer-crime units are focused on catching sexual 
predators. Gerald Gardner, chief deputy of the Nevada Attorney General's 
Las Vegas office, says the problem of computer crime is so large that 
many agencies don't have the resources to do much about it.

"It's extremely hard to track those people down. We've done a handful of 
prosecutions," he said. "It's exceedingly hard to get our arms around 
these offenders."


IDENTITY THEFT GROWING

IN LAS VEGAS ALONE, MORE THAN 2,400 REPORTS OF IDENTITY THEFT WERE MADE 
TO METRO LAST YEAR. THIS YEAR, THE NUMBER WAS OVER 2,500 BY MID-OCTOBER. 
THOSE NUMBERS DO NOT INCLUDE CREDIT CARD FRAUD. POLICE DON'T BREAK THIS 
CATEGORY DOWN FURTHER TO DETAIL WHICH THEFTS ARE COMPUTER-RELATED AND 
MANY VICTIMS PROBABLY AREN'T AWARE HOW THEIR IDENTITIES WERE STOLEN IN 
THE FIRST PLACE.

"People are conducting more and more personal business online," said 
Gardner, who also serves as chief counsel to the state's Technological 
Crime Advisory Board. "It's frightening. We can't even get a search 
warrant for a computer unless we know its location."

The issue will never be solved by police, Gardner said, and can only be 
mitigated by financial institutions, Internet service providers and 
software manufacturers. The problem with leaving security up to software 
manufacturers is that everything is standardized, created to work with 
as many different vendors as possible, which often allows weaknesses to 
slip into finished products.

"Instead of choosing something that works the best, they choose 
something that works for everybody," Tomasone said, referring to the 
Institute of Electrical and Electronics Engineers.

Tomasone says the worst thing consumers can do is depend on their local 
computer-store clerk for advice on securing their wireless networks. He 
suggests homeowners secure them by installing a WPA protocol, creating a 
complicated password and unplugging the access point when the computer 
isn't in use. This will also work for small businesses. Above that, he 
said, the security should match the threat level a hacker could pose.

"Security is a gray area. What is secure? Saying my house is 
burglary-proof is a pretty strong statement." Tomasone said. "Do I want 
to be secure from someone using my Internet connection, the casual 
hacker or (from) someone committing corporate espionage?"

Copyright 2006, Las Vegas Business Press


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 
 

Site design & layout copyright © 1986-2014 CodeGods