Drive-by wireless hacking
The Edwards resident and long-time local spent a recent evening in a convertible cruising the highways of Eagle County, scanning the airwaves with a homemade antenna and his laptop computer and looking for unprotected wireless computer networks.
What Nottingham found should make for sleepless nights for many wireless network operators.
Nottingham, who works at Microsolutions in Edwards as a computer technician, scanned wireless networks operated at local schools, businesses and private residences, and most were ready to be hacked without any obstacles, he says. Worse yet, he adds, the number of networks being created and the number of people using them illegally may is on the rise.
It’s the very convenience of setting up a wireless network that creates the vulnerability, says Commander Dave Pettinari of the Pueblo County Sheriff’s Department, who specializes in cybercrime prevention.
“The lack of physical connections makes it easy for hackers,” Pettinari says. “It’s a radio transmission that goes out over the airwaves. Don’t send information over that you wouldn’t want to see on the front page of your local newspaper.”
Of the 68 wireless networks detected on Nottingham’s “war drive,” only nine were protected by encryption. The rest were unprotected, accessible to anyone with a computer and the right software. Most of the software is available as a free download on the Internet. Nottingham says he got his equipment for scanning wireless networks from a client.
On his drive around the valley, Nottingham computer beeps as it detects wireless networks from as far away as two miles.
“That one – I could get into and could change all the settings,” says Nottingham, 22, who’s working on completing his B.S. in computer science.
“Anything I want.”
It’s a crime and a game
For some hackers, the challenge in making “war drives” and locating unprotected computer networks makes it a game. There’s even a Web site listing thousands of unencrypted sites.
For those on the receiving end of “drive-by hacking,” however, there are potentially expensive consequences. At stake is data contained on servers and the thousands of hours it took to generate it. All of that could be deleted with a keystroke. Remote hackers can even plant a virus, a seemingly innocuous item that once inside your computer could destroy data.
But there are other, less malicious ways hackers use unprotected wireless networks.
“That’s the cheapest DSL I never bought,” Nottingham says of on site he found that has a digital subscriber line, or DSL, on which he could have surfed the Internet for free. Many wireless networks have such high-speed data lines.
Recent technology has allowed computers to form networks of up to 64 computers without wires by connecting to a server using radio waves. Wireless networks can also be used to access and download data from digital assistants and other communications devices.
Once you have the internet protocol, or IP, address for the network, you can access any computer on the network, including the Internet, voice-mail or e-mail.
Getting into most of those unprotected networks is so simple it’s frightening, Nottingham says. The hard-wired computers of the U.S. military – and even those of super-secret NORAD, the North American Air Defense Command – and many high-profile businesses have been hacked.
Hacking wireless networks is typically easier.
Earlier this month, the FBI warned major Internet providers to prepare for increasing instances of cyberterrorism, both domestic and international.
“You can’t stop a determined hacker,” says Nottingham. “The easiest way to make it tougher (for hackers) is to encrypt things so they go to easier, unencrypted targets.”
Encryption software, or WEP or wireless encryption protocol, typically comes with a wireless network software. It merely needs to be enabled with log-ons and passwords. Many people do not do that, Nottingham says, opting instead to operate without one. Some enable the encryption but make log-ins and passwords too easy to crack.
“A lot of people just use their first and last names,” he says, shaking his head.
Crossing the line
But there’s a fine line between fun and felony. Discovering unprotected networks is one thing; connecting, using and altering them is quite another, with stiff consequences, depending on the damage done.
Catching a hacker is difficult, however, if not impossible.
“It’s very tough to trace,” says District Attorney Mike Goodbee. “It becomes a crime when you access something for which you don’t have authorization.”
But catching someone illegally connecting to and using a wireless network is difficult. Nottingham says he doesn’t actually access any networks on his drives, but he demonstrates how easy it was to acquire the information needed to access them. He’s often just one keystroke away.
Wireless hackers can blend in with the background because they can unobtrusively sit in a nearby car with a computer. Once they’re done, they’re gone.
“That’s why cybercriminals love wireless,” says Pettinari, who has been used to help prosecute cases Eagle County.
To catch cybercriminals in the act requires special software and tactics, Pettinari says, but most local police department do not have the technical expertise.
The best security, he adds, is to use encryption software and to install a firewall protecting the server from outside access.
Nottingham says there are nearly 200 wireless networks in Eagle County, and the number is growing.
With the general lack of security precautions he’s seeing so far and the ease with which most networks can be accessed, problems arising from hackers are as safe a bet as the probability of receiving junk e-mail, Nottingham says.
How to foil wireless hackers:
– Use, WEP, or wireless encryption protocol software.
– Move wireless hubs away from windows and toward the center of the room. Putting them in the basement is even better.
– Change default settings.
– Limit the number of access points, to make it less vulnerable.
– Install a firewall between regular wide area networks and local area networks.
– Be aware of what data you place on a wireless network.
– Make plenty of backups.
– Make sure sensitive information is transmitted on a secure Web site.
Cliff Thompson can be reached at 949-0555 ext 450 or email@example.com