- change ups
New Cyber ThreatDriveUpHacking
Andre Brougher, a senior systems engineer with Remex Corp., says that as more and more people come to rely on wireless communication, they unwittingly may leave themselves open to something called “drive-up hacking.”
Brougher indicated most businesses by now are well aware of the need for information and network security. Accordingly, they have adopted numerous security steps from protected passwords to firewalls and anti-virus programs.
But he said both people and businesses are making a mistake if they think wireless communication is invulnerable to penetration by either mischief-makers or the truly malicious.
Brougher explained that around each site in which a wireless signal propagates, there’s a significant radius within which a laptop with a wireless network card can detect and access a wireless signal.
He said this means hackers, in a process now called “war-driving,” can drive through any downtown office district and access numerous wireless networks. Brougher said it’s a bit like driving around with a cell phone that’s turned on to find the right spot to receive a caller.
Ancillary to war-driving is another process commonly used in such snooping. It’s called “war-chalking.” War-chalking is the practice of marking an innocuous symbol on walls or sidewalks to indicate nearby wireless access.
The notion of war-chalking is inspired by the hobos of the Great Depression who used symbols to indicate homes from which one could get a hand-out. Except now, what looks like a child’s sidewalk drawing actually might indicate a home’s or business’s vulnerability to a wireless hand-out.
Brougher believes wireless hacking will become increasingly prevalent as the number of wireless network users increase.
“Companies need to be fully aware of the potential problems with a wireless network,” Brougher said. “There are simple security measures one can take to protect themselves, their family or business. It is scary that I can drive around a Grand Rapids block and log onto several unprotected wireless networks.”
He read of one “white hat” (computer term for a good hacker) who performed a test with his wireless laptop by driving it down Pennsylvania Avenue in Washington, D.C.
Brougher said the hacker was able to access more than 20 networks — most of them government-run.
He said that the same is possible in any city, with no one the wiser.
Brougher said the implications of wireless hacking go far beyond being able to log onto someone else’s network to do some free Internet surfing.
When a “hack” is performed, he explained, the hacker can trace back until he enters the home network. With that access, the hacker then can do something devious or illegal and that activity will register as if it originated, not with the hacker, but in the violated network.
Brougher recommends a few steps people can take to enhance protection and prevent outsiders from using their wireless networks.
First, he recommends configuring wireless access points to use encryption so the data would be unreadable if someone were to get into a network.
Second, he said one can use authentication procedures — a long-standing military security procedure — so that any new computer entering the network must authenticate its right of access by use of a special key, designated by the administrator, between the system and the access point.
The last and best method, he said, is to set up a network for specific MAC addresses. Every wireless network card has a MAC address and a network can be configured to accept users with designated MAC addresses.
Brougher says these procedures should be used in tandem for the greatest security. But he stressed that such precautions are not perfect — a determined person will eventually get in.
The main purpose of such steps, he said, is to induce hackers to look for easier prey. He said it takes about 15 minutes to set up a secure wireless network configuration, depending on the amount of users and level of protection desired.
Remex is a technology integration firm serving West Michigan for about 30 years.