Slashdot Mirror

← Back to Stories (view on slashdot.org)

Drive-By Hacking in London

Posted by CmdrTaco on from the only-a-matter-of-time dept.

delibes writes "The BBC News website carries this story about hacking wireless networks in London's financial centre. " There isn't really much in the way of details, just saying that many businesses don't encrypt their networks. They talk about finding 12 networks while driving 1km... 8 of which had no encryption.

7 of 213 comments (clear)

  1. More info by Da+J+Rob · · Score: 5, Informative

    For those who want to read more on this subject, check out this past slashdot article

    Or just go here.

  2. I See Movies Going Down Hill by Angry+Black+Man · · Score: 5, Funny

    Could the next great bank robbery movie's big scene be some guy driving by the bank in an old Cadillac with a laptop and 802.11b in his lap while hacking money into his account?

    --
    the byproduct of years of oppression by the white man
  3. Is this ethical/legal or not? by billmaly · · Score: 5, Interesting

    1. Individual companies knowingly installed these networks, and failed to encrypt and secure the access to them.

    2. "Hackers" used their own legally obtained hardware and software to identify these networks.

    3. They identified these networks while traveling on a public right of way.

    From where I sit, the people who do this are not doing anything wrong UNTIL they begin to wreak havoc on the network(s), and start causing problems for the companies. The onus is on the people setting up the wireless nets to secure them. If individuals can ID these networks, use them, and not cause damage, more power to them.

    If the network admins are dumb enough to setup these nets and NOT block unauthorized users, they deserve all the problems that they will inherit.

    Finally, why does a brick and mortar office NEED wireless? Isn't cat5 already available to every desktop? Wired nets are invulnerable to wireless hacks, hence, 100% secure against wireless hackers. Well, unless the wireless hackers find a vulnerable wireless net, hack onto your network throught that one.......yadda. :-)

  4. Re:Is this ethical/legal or not? Is WLAN worth it? by Nonesuch · · Score: 5, Informative
    In general, 'wardriving' aka Netstumbling, refers to the basic act of wandering around and logging the GPS coordinates and response of 802.11b wireless networks to broadcast 'beacon' requests.

    IANAL. I have been consulting with laywers, and this is a paraphrase of what they say (in the state of Illinois):

    The basic act of identifying a wireless network while on the 'public way' is ethical, and usually legal. The moment you connect to a network and begin to access their machines or use their resources, you are on very shaky ground ethically, and, while unlikely to be prosecuted, are committing a criminal act.

    Wireless networks are not only much less secure than wired, they are also considerably slower and less reliable. I have difficulty getting a reliable wireless connection more than fifty feet away from the AP. I have ethernet cables longer than that!

    --

    I do not deploy Linux. Ever.
  5. This may not be as bad as it sounds by fleabag · · Score: 5, Interesting

    Where I work, we have a network segement that requires no log in. Assuming you have a laptop, you can connect and get internet access - you need no special software on your machine. You are firewalled (properly) from everything else. Activity is monitored by the IP address you are assigned: if you are doing something silly, you would be booted off. ( I think the monitoring is automatic, and based on bandwidth consumed - not sure)

    The whole point of this is that when people come in to do a presentation, they can get internet access without bothering the support team. Mucking around with VPN software etc on someone elses laptop always ends in tears.

    How many of these wireless networks are the same sort of thing? If people started to leech in earnest then more security would be applied.

  6. Re:interesting... by swillden · · Score: 5, Informative

    now, as we all know, encryption isn't the one-stop shop in terms of securing data. in a wireless environment where intruders can get at you with relative ease, what other forms of protection are there against having data stolen?

    In a wireless network encryption is your only defense. Remember, though, that the encryption built into 802.11b cards and access points is lousy and trivially easy to break, even with the larger key size.

    If security matters to you, you need to:

    • Put a VPN-equipped firewall between your wireless access point and the rest of your network. Configure the firewall so that it only allows VPN connections, rejecting everything else.
    • Run VPN client software and firewalls on all of the machines you connect to the wireless network. Make sure the firewalls are configured to reject all incoming connections and permit only VPN outgoing connections.
    • It's probably also a good idea to install intrusion detection systems on the wirelessly connected hosts. Whether you take that step or not, it's important to maintain those hosts carefully, keeping up to date on all security patches (particularly the patches for the firewall and VPN software). Other actions may be a good idea as well, just remeber that every one of those wirelessly connected machines has to be able to withstand hacking on its own; there are no firewalls or barriers between those machines and the world, they are truly "bastion" hosts.
    • Put a "honeypot" wireless host or two out. Run a DHCP server on and put some other interesting stuff up (SMB is juicy). If it sees DHCP requests or other traffic, inform security and have them watch anyone who might be hanging around in publicly accessible halls or outside. If possible track down and silence the offending machine. A laptop equipped with a directional antenna and some 802.11b sniffing software that can be configured to look for a particular MAC address might be helpful.
    • Run your honeypots on the "default" 802.11b channel (6?), and run the real stuff on other channels. This isn't a barrier at all, but it does make naive attackers more likely to get caught by the honeypot.

    If all of that is too much effort, and security is important to you, then don't do wireless. When the built-in encryption is fixed you can look at wireless again; it still won't be quite the same as wired but the effort required to secure it will be lower and more related to how you manage your keys.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  7. Read the article by strags · · Score: 5, Insightful

    I'll concede it's a little light on the technical details, but don't forget that this article is targetted at Joe Public.

    I think you missed the most revealing fact in the article: 8 out of 12 networks detected were not even using 802.11 encryption at all. Yes, we all know that 802.11 encryption is not secure, but the fact that people are broadcasting unencrypted packets does mean that the networks are incredibly insecure. I'm thinking of SMB, POP3, TELNET, FTP, or any other number of services that transmit either plaintext or weakly encrypted passwords.

    Yes, people should use VPNs, but the point of the article was that they're not.

    Also, "war driving" and "war pedalling" are actual, legitimate terms - I've seen them used on many occasions before, as would you, had you researched this at all before spouting off.