News

Analysis: when will wireless hacking actually matter?

by Guy Kewney | posted on 27 March 2002


Another day, another survey of "wide open wireless networks" in London, and publicity for yet another security expert. And nobody cares. Should they?

Guy Kewney

If you ever plan to steal something, rule one - even before "don't get caught" is "make sure it can be fenced."

Is wireless data, so frequently described as "open to anybody" really a saleable commodity? I'd say, the answer is a resounding "no!" - but this doesn't mean it will always be the same answer.

First, let's try to get a handle on the perspective involved. It isn't easy. The question is sometimes asked: "What proportion of computer hacking is external, as opposed to internal?" - and the answer is that the vast majority of illicit intrusions are by insiders - estimates ranging up above 80%.

But actually the real dangers seem to be vandalism, not theft. There are, in the popular mind, terrible, important secrets buried in corporate databases, which have to be protected at all costs. In reality if you or I were given free access to the SQL mountains of London, the information we would retrieve would be unsellable. Only if we started to destroy the data, would we become a real threat to the business.

We might find names and addresses of customers - but who would possibly want to buy those? Surely, that's of interest only to direct competitors who have no mailing list. What sort of threat are they? Or we might find pricing information - information which is available from the suppliers. Or we might discover secret marketing plans. In my experience, if you want to know what Nokia's marketing plans are, talk to someone inside a Nokia distributor. Or buy the Nokia marketing manager a drink. Actually, the last thing you'd think of doing, would be to set up a Pringles antenna on your car, and start driving around London looking for WiFi signatures.

Without doubt, if you drive around London, you'll get some free Internet bandwidth. Big deal! Equally, if you walk into most reception areas and say: "I need to make an urgent phone call" they'll probably push the receiver across. Why wouldn't they?

And much the same applies to war-driving. Outside the building, a war-driver is unlikely to get much more than 2 megabits per second of bandwidth from a WiFi access point and it will be shared with the other access point users. The bottleneck, even so, will be the corporate pipe into the Internet, and my experience of corporate networks is that you get about 50K per second on a good day. If I want speed, I go to my home ADSL connection from BTOpenworld, not the corporate LAN. One more user on the office network, authorised or not, really isn't an issue.

The danger isn't from people stealing the data. War-driving is simply too random a way of finding what they might want, and too slow a way of retrieving it. No, the real problem, as I see it, is denial of service.

Malice, random vandalism, file deletion, password changing, permission alterations, and all the other mindless hacks that script kiddies love to spray on the corporate firewalls with their virtual aerosol paints - it could be as devastating as a fire in the tape backup vault.

The need for security at that level doesn't change just because an access point is broadcasting. Script kiddies don't need the ability to park a car outside your office to penetrate the servers when they can get your staff to download a Trojan from an anonymous Web site, untraceably.

Consultant Simon Gunning of the International Chamber of Commerce has managed to get his five minutes of fame on the BBC's Web site by doing yet another war-driving expose of unsecured offices. But at the end of the day, all he's doing is to expose the fact that people share the data on their hard drives with the Internet - no surprise! - and that you can get free Internet access in some parts of London.

Inside two years, you'll be able to get free Internet access like that as part of your contract with someone like Boingo or Sputnik. Internet access costs fifteen quid a month for your very own ADSL link, and prices probably won't rise; free public access for a flat-fee subscription is just around the corner. Stealing bandwidth is going to be about as serious a crime as asking a restaurant for tap water instead of paying for Evian.

But leaving your hard disk shared, with no password, on a notebook which hasn't been backed up for a month is a real sign of culpable negligence. Whether the notebook is connected to the Internet over a wire or over a wireless AP really won't change that very much.

And if the data on that hard disk really is important, the way to get it is to steal the notebook. That is, if the owner didn't leave it in a restaurant in the first place.