GOT
A WIRELESS NETWORK?
It’s Time to Shore Up Security
05/04/07
Some words to the wise: if you have a
wireless Internet or network connection,
make sure you’ve got the best possible
security measures in place. And don’t
delay.
Why? We’ve recently
learned that the basic protection against
intruders—Wireless Encryption Protocol,
or WEP—is increasingly vulnerable to
accomplished hackers.
The tip came from one of the members of
our longstanding InfraGard program, which
brings together public and private sector
security professionals to share breaking
information on threats and vulnerabilities,
particularly in the cyber world.
The member alerted our Birmingham, Alabama,
office about computer hackers in Europe who
have developed a method for cutting through
the security provided by the WEP within a
matter of seconds—and who are ready
to share that secret.
“We knew once that information got
out—and it most likely would—these
vulnerabilities were going to be exploited,” said
Paul Daymond, the media representative from
our Birmingham office who helped coordinate
a press conference on the issue recently. “So
we wanted to get the word out quickly.”
What is WEP? In layman’s
terms, it’s one way computers try to
keep unauthorized users from tapping into
your wireless network. A wireless network
is more vulnerable to outside hackers than
a closed one, which physically connects computers
with cables.
WEP is generally the lowest level of security
that comes with a new wireless network. Hackers
have been improving their ability to get
around the security settings in WEP for years.
They know that most people don’t even
bother to set up password protection, and
when they do, they simply use the default.
That
can be a boon to “war drivers,” people
who drive around looking for unsecured wireless
Internet access points to hijack. After they
tap into the connection, they can do all
sorts of things—including illegally
sending spam or pilfering your computer’s
data, like Nicholas
Tombros did a few years ago.
You might not even know if these hackers
have gained access to your connection. They
may be a couple houses over or on the next
street. But if they’re doing something
illegal with your Internet connection, it’s
going to come back to you.
So what can you do? At
the very least, set up password protection
and change the default and security settings
on the WEP, if that’s what you’re
using. Then we recommend you consider changing
your wireless security to a more secure protocol,
like WPA2, TKIP, or AES.
Don’t know how to do that? Check
the website of your wireless router manufacturer.
All of the major companies have websites
devoted to security.
“There’s a lot of information
out there about making your wireless system
more secure,” says James E. Finch,
assistant director of our Cyber Division. “We
recommend taking a layered security approach.
That is, throw as many locks on the computer
to thwart these hackers as possible.”
Good advice…and we hope you take
it.
Resources:
-
FBI Cyber Investigations
-
More Cyber Crime Stories
-
Internet Crime Complaint Center
-
InfraGard