Hackers zero in on wireless hotspots

YOU’VE got ten minutes until you need to leave for the airport, but you just have to send out that e-mail containing this month’s sales figures. Dashing up the street in search of a taxi, you spot the magic words “wireless hotspot” in a cafĂŠ window. The figures are sensitive, but the cafĂŠ is almost empty. You sit down, facing your laptop screen away from the few others in the room and log on.

Safe as houses. Or not? Richard Rushing, chief security officer for US firm AirDefense, says people are leaving themselves open to fraudsters every day through insecure public wireless networks, which have transformed working practices.
Rushing, in Edinburgh to speak to Scottish business leaders about how to secure company data, believes groups of “bad guys” are targeting areas they know business people are likely to frequent, such as airports, or a cafĂŠ near financial institution headquarters.
He says most open networks, such as those offered for free in many public places, such as airports, coffee houses and even telephone booths, are insecure – and anyone with access to the same network could steal information just by logging on.
A former consultant for the CIA and the FBI, Rushing knows how important it is for companies – and individuals – to keep their data protected. “With more and more companies going to wireless now, it is a growing problem,” he says.
“If they supply laptops to their employees, they are at risk.
The people who are doing this are looking for company data, they’re looking for anything that is valuable, credit card details, even just knowing that people are there.”
Rushing’s firm, based in Georgia but with an operation in Basingstoke, can advise on how firms can make their computers more secure – by supplying software to encrypt data sent over the internet and also a package that can alert a PC user to someone trying to access information.
“A cafĂŠ owner doesn’t know what the situation is with his Wi-Fi – it’s not his responsibility,” says Rushing.
“He doesn’t think about the wireless network unless a customer tells him it doesn’t work, then he unplugs it, plugs it back in and asks ‘Does it work now?’ That’s it. A lot of them, especially those which are cheap to use, or even free, are unlikely to have encrypting technology.”
With plans for Edinburgh to become a city-wide Wi-Fi hotspot underway and many Scottish cities already covered by BT’s service, businesses were keen to listen to his message, with representatives from Standard Life, ScottishPower and Royal Bank of Scotland signing up to Rushing’s seminar.
Rushing, who has worked as a computer security adviser for the likes of Siemens and General Electric, and most recently held the role of chief technical officer of VeriSign’s network security services division, adds: “People get excited by wireless networks, at home as well. They say ‘great – I can log on to my next door neighbour’s wireless!’ But that means their neighbour could possibly log on to theirs too – and potentially see all of their personal information.”
Hackers do not need special software to check on what their network co-users are up to. “It’s not like they can see your screen shot for shot,” says Rushing. “But they can see any data that is sent via the internet, on an e-mail, over a website form and so on.
“You wouldn’t put your bank details on a postcard and send it through the mail for everyone to see, so why would you send them through an insecure network?”
In addition to protecting sensitive business information, Rushing is also keen to educate workers on keeping personal data close to their chests.
“If you’re out, you have your laptop and find you’re in a Wi-Fi zone, it is fine to use the internet to do certain things like check the football scores,” he says. “But if you’re not sure the network is safe, leave checking your internet bank, or using your credit card for when you are somewhere where you know no-one can access what you are doing.”
Anna Steven, senior press officer at BT, says wireless security was a hot issue for both broadband providers and companies.
The firm, which already uses AirDefense’s systems for wireless intrusion detection in around a dozen BT buildings UK-wide, recently launched a high-security way of sharing wireless broadband with other people – by providing separate channels for different users.
Steven said: “Users need to assess what is at risk and then implement the appropriate technology to protect it.”

Leave reply

Back to Top