This is a real life example of significant security breaches aired in
the last 24 hours at a press conference in USA regarding wireless
systems that needs to be circulated!
Are you one of the 40 million whose credit card details are caught up in
the DOJ press release? see
http://www.usdoj.gov/opa/pr/2008/August/08-ag-689.html
U.S. Attorney Michael J. Sullivan said “the alleged thieves weren’t
computer geniuses, just opportunists who used a technique called
“wardriving,” which involved cruising through different areas with a
laptop and looking for accessible wireless Internet signals. Once they
located a vulnerable network, they installed so-called “sniffer
programs” that captured credit and debit card numbers as they moved
through a retailer’s processing networks.”
Watch the video at http://www.youtube.com/watch?v=Qyi2Q8Qpy6w then make
sure you check your wireless systems security levels before you log off
to make sure they are the right level, suitable for your business use.
Your sensitive data may already have been “harvested” in a similar
fashion!
Wireless “wardriving” is not an urban myth, these guys made real big $
(no one knows the full total) at others expense!
There are numbers of videos on the web (some have been watched hundreds
of thousands of times) that show you how to wardrive, how to hack in,
where to get the hacking software, how to tweak it to make it work, how
to identify open systems and how to break into WEP. It’s very easy.
Youtube, Myspace, and Facebook and other social sites are easy sites to
locate this information, it is very freely shared.
The people caught by the authorities in USA won’t be the last, they are
just some of the many who are busy gathering credit card data leading to
identity theft etc and it’s because they know how wide open wireless
systems are through lack of attention by many who are too eager to use
the technology without assessing the risks.
The iPhone will also have lasting impact as it is also wireless device
(over 3 million sold to date according to some sites) and this can have
up to 16GB storage.
The iPhone is a perfect tool for identity theft and wireless capture of
information from unsecured systems and you won’t know you have had
information “lifted”! This is one of the candidates that need to be
added to the governance checking mechanisms. The iPhone is less easy to
detect as an attack vector, compared to someone sitting outside your
office in a car or on a park bench with a notebook “surfing your
systems, using your free wifi” for a few hours!
The iPhone will actually be walking around inside your building, in
peoples hands, pockets, briefcases, handbags and it is constantly
polling (beaconing) for signals to enable connection to any wireless
system. If you are open they can hop on!
iPods, PDAs, and Wireless USB devices are also attack vectors, so if
your wireless systems are not secured and open, then they can hop on
too!
Businesses and government agency sites need to talk to senior management
NOW, conduct an immediate audit and lock down their wireless systems
TODAY! No need to debate the theory of the issue, just do it, you have
too much to lose by not checking and securing your systems!
If you aren’t sure how to change your wireless settings, or only have
your wireless settings at the default “out-of-the box” levels, then
check out http://www.pcprofile.com/wireless.htm (yes I know this is a
vendor response, but it is warranted – we could frighten the socks off
you with some statistics about how many open wireless systems are live
at present.) Don’t be lulled into a false sense of security by WEP make
sure you apply WPA, if you can.
Rob Harmer
PCProfile
Adelaide
South Australia
__________________________________________________
PCProfile offers practical tips on how you can understand
the rapidly changing technology scene within your business.
__________________________________________________
