Slashdot Mirror
Drive-By Hacking in London
delibes writes "The BBC News website carries this story about hacking wireless networks in London's financial centre. " There isn't really much in the way of details, just saying that many businesses don't encrypt their networks. They talk about finding 12 networks while driving 1km... 8 of which had no encryption.
this is very interesting to me in particular - i've been considering a system for establishments that would in part run on a wireless scheme (ease of installation, basically), and encryption was honestly one thing i hadn't thought of.
this alerts us to something else, too: wireless networks, encrypted or not, can be sniffed easier than regular wire networks, since you don't have to be physically connected to the internet to be sniffed.
now, as we all know, encryption isn't the one-stop shop in terms of securing data. in a wireless environment where intruders can get at you with relative ease, what other forms of protection are there against having data stolen?
i'm amazed that i survived - an airbag saved my life.
- 801.1 outdoor range: approximately 100 to 300 metres.
- 12 open networks found within 1Km.
- In the financial district of London.
Is this industrial-espionage-by-numbers?Yes, but I think that the difficulty in getting to the wiring is actually pretty important here. 802.11 is being sold as a panacaea for cheap start-up networking as much as for huge financial institutions. Cheap start-ups are not likely to have the expertise to implement IPSEC internally even if they've heard of it.
Um, Even guys like Peter Shipley (who thinks he's a vampire) know how to do this stuff, and that was reported about a year ago. Maybe we can post a story after Xmas about the world trade center?
-- http://www.criticalassets.com
Since 802.11b uses a flawed encryption scheme there is no way to make the over-the-air protocol truy secure.
This does not mean that the networks are compromised. One way to set this up would be to leave the 802.11b interface wide open (thus making it easier for laptop-users to roam onto the network), but to place the wireless access point outside the firewall. Legitimate users VPN into the network (with VPN encryption of course). The exposure is no worse than any other point at which a private network is exposed to the public internet through a firewall.
One problem is that "anyone" can set up a wireless access point for their personal use -- without realizing that they are exposing their company's LAN (Apple Airport anyone). A contributing factor is a false sense of security because most notebook 802.11b cards have a far shorter range than the access point broadcasts. Your notebook may not be able to pick up the signal outside the office but someone with an external antenna can pick it up at much greater range.
No, I don't want to explore the Recycle Bin.
It's hardly a secret that your laptop will see something when you're standing out in the parking lot near any company with an 802.11 network. That doesn't mean it's insecure. A company with even a smidgen of security sense will put the wireless network outside their firewall, and require employees to use VPN to access internal stuff. People on the outside may be able to get a little free internet access, but that's it.
The article is very light on details, gives no information as to what "wide open" means (just because you can see the network, that does not mean it is insecure). There is only one mention of the word "firewall" in the whole thing, and even then it's very vague.
I think this reporter has been duped by a couple of script kiddies. The supposed terms "war driving", "war pedalling", and "war walking" sound like something the kiddies made up on the spot, and later snickered at the reporter for believing.
Free Hans!
I've been thinking about getting a 802.11b network going on my lan, and thinking about how to make it somewhat secure.
My idea is to add a third NIC to my firewall/masq/server machine, which the wireless hub hanging exclusively off this NIC. That way I could add some ipchains rules that only apply to the wireless network.
The question is, what sort of ipchains rules? One idea I had was to only allow the MAC address of known/authorized cards (this would require iptables/kernel 2.4 -- ipchains doesn't look at MAC AFAIK). Even though MAC address could be spoofed, it would probably be enough for my home lan.
Is this similar to what other people have tried? What do other people do for this?
I'll concede it's a little light on the technical details, but don't forget that this article is targetted at Joe Public.
I think you missed the most revealing fact in the article: 8 out of 12 networks detected were not even using 802.11 encryption at all. Yes, we all know that 802.11 encryption is not secure, but the fact that people are broadcasting unencrypted packets does mean that the networks are incredibly insecure. I'm thinking of SMB, POP3, TELNET, FTP, or any other number of services that transmit either plaintext or weakly encrypted passwords.
Yes, people should use VPNs, but the point of the article was that they're not.
Also, "war driving" and "war pedalling" are actual, legitimate terms - I've seen them used on many occasions before, as would you, had you researched this at all before spouting off.