Wireless networks have become the new stomping grounds of hackers, who with an antenna and a couple of hundred dollars worth of hardware are able to access internal corporate networks, according to consulting firm KPMG.
The phenomenon is called war driving, a takeoff of an earlier hacking movement called war dialing. War dialing, featured in the John Badham film War Games, involves rapid dialing of phone numbers in an effort to locate vulnerable computer connections. With war driving, hackers rapidly deploy encryption keys in an effort to unlock data.
Though war driving originated with American hackers driving around using a scanner plugged into the car antennas to break into networks, Francis Beaudoin, senior manager of KPMG’s risk management group, said would-be hackers could just as easily be sitting in the reception area of a company’s offices when perpetrating a wireless network break-in.
“It’s really an image,” Beaudoin said of the driving reference. “(The point is) that it’s easy to have access to a wireless network.”
“Security is no longer confined to your building,” added Ben Sapiro, a senior consultant with the risk management group. “It is compromised by the people walking down the street. The waves a wireless network works on radiate through your network and outside your building.”
War driving, which first got in gear about a year ago, has the potential to cause hundreds of millions of dollars in damage, especially as wireless use grows, said Sapiro.
“Let’s say (the hacker) was driving along and picked up the signal of a law firm’s wireless network,” said Sapiro, who suggested lawyers could be exchanging information about a murder trial or a looming corporate merger. “The hacker knows some confidential information. They can phone up the media or use it for other uses.”
Once inside the wireless network, hackers can sniff out passwords and then access and modify data.
“All you need to do is start transmitting and there you are,” Sapiro said.
According to Sapiro, getting in is almost as easy said as done. All would-be hackers need is an antenna, a wireless network card, which can be had at Future Shop for between $200 and $400, and software that can be freely downloaded from the Internet.
Hacking a wireless network is so easy in part because most companies use the standard 802.11 wireless card with what Sapiro suggested was questionable encryption technology. While 128-bit encryption is a major improvement over its 40-bit predecessor (Sapiro said the latter could be broken in five-hours of guessing), the encryption algorithms are still a problem, Sapiro said.
Sapiro said companies should demand vendors strengthen the algorithms in their hardware.
“You have to pressure your vendors and them you’re not going to buy equipment from them until they address this problem.”
However, both Sapiro and Beaudoin said many companies fail to even turn on their encryption protocol, leaving the door to their wireless networks wide open.