Unsecured networks open door for hackers, spies
By Airman 1st Class Andrew Dumboski , 99th Air Base Wing Public Affairs
/ Published January 03, 2007
NELLIS AIR FORCE BASE, Nev. -- As technology develops, prices drop, and gadgets become faster and more accessible.
The development of the Internet and the many ways the world communicates follows.
Throughout the 1990s, the unmistakable sound of beeping mixed with static was one that residents could sing along to as their modem "dialed on" to the Internet.
As high-speed Internet services developed, like cable and DSL modems, and with wireless technology consumers can easily network their computers within their household and access the Internet through any of their computers.
With Wi-Fi, consumers can sit in a lawn chair on their back porch and, conveniently and comfortably, catch up on their e-mail and news, and even do some online banking.
These days, it's almost impossible to drive down a residential street and not stumble across a wireless network in at least one home. But with this newfound convenience lies a new danger.
"Any information that travels over a wireless network can be accessed by anyone on that network," said Steve Carlson, 99th Communications Squadron wireless security manager. "Even if you're accessing a secure Web site, your information is only secure between the Internet and your wireless router. Everything traveling between that wireless router and your laptop is visible."
A quick drive through Nellis' base housing, with a laptop in the passenger seat searching for wireless networks revealed many unsecure networks.
Part of Mr. Carlson's job is to test wireless networks on base to ensure none of the residential networks are infringing on any of the government ones. He estimates more than half of the networks he has found are not secure.
"Having a wireless network without any form of security is equivalent to allowing a complete stranger to look over your shoulder while you work on your computer," said Special Agent Randy Bond, Air Force Office of Special Investigations. "Someone could drive by your house, monitor your wireless signals, and collect all kinds of information about you."
Much of this could lead to identity theft or worse. Depending on how the computer is configured, a hacker with a moderate amount of knowledge could log on to someone's network and have complete access to their victim's files. The hacker could then install keystroke loggers, trojan horses and viruses with just a few clicks of their mouse,
Agent Bond added. "As military members, we have access to sensitive information; other people are aware of that. OPSEC isn't just for use on the job; we must make it a practice in our personal lives too."
For military members, this adds an extra level of danger.
"People who use their personal computers to access their Web-based government e-mail are a perfect example," he said. "If you're accessing that e-mail through an unsecure wireless connection anyone could connect to that network, and, with the right software, monitor every one of your keystrokes. They could have your log on and even password information and you would never know it."
Adding to that danger, people who live near the outer wall of the base risk their network being accessed by someone off base.
From the Visitor's Center parking lot, using a standard laptop, there are at least three wireless networks visible, two of which are unsecure. The one that is secure is from a business on the other side of Las Vegas Blvd. Both of the unsecure networks are broadcasting from Nellis.
"From time to time, I turn on my laptop and test to see how many unsecure networks are visible while I'm on my way to work," Mr. Carlson said. "Between Nellis' main gate and the intersection of Martin Luther King Blvd., I've counted about 270 wireless networks - more than half had no security turned on at all."
Unsecure networks on military installations present a big operational security risk, Agent Bond said.
However, people driving around with a laptop searching for unsecure networks are not always trying to steal personal information. Often times they're just looking for access to the Internet, Agent Bond said.
"It's called 'wardriving,'" he said. "Someone drives around looking for an open network, logs on and surfs the Internet. To your Internet Service Provider, they appear to be you."
Victims of wardriving have no idea its happening. The person can sit in a car outside, surf the net or hack a computer, and drive away. They could also steal personal information from the victim, drive to another open network and steal the first victim's identity. Any attempt to trace the identity theft could lead back to the second victim.
Often times, store-bought routers come with some form of protection.
"If you don't know how to set up wireless security on your router, the owner's manual usually explains it well. You can also get information on the Internet," Agent Bond said.
As technology becomes more accessible and lower cost, unscrupulous people also advance in their ability to use that technology for their own agendas.
"It's important for people to take measures to protect themselves from being victimized," Agent Bond said.