E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.		 LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


'WAR DRIVERS' EXPLOIT SECURITY GAPS

Source: National Post

Posted on October 11, 2002

      J.P. Tanguay is sitting in his green Ford Explorer sport-utility vehicle when his laptop computer beeps. It's a signal indicating the presence of a wireless computer network and a potential victim of drive-by hackers like him.

      "I could easily plug into that network," says Mr. Tanguay, who uses a free software program called NetStumbler that he downloaded over the Internet on his "war driving" expeditions.

      As wireless local area networks have proliferated, so has the practice of war driving, a term derived from the Matthew Broderick character who uses his computer to hack his way into a nuclear command and control system in the 1983 movie War Games.

      Most war drivers are hobbyists, who engage in electronic scavenger hunts in familiar areas for amusement purposes, says Mr. Tanguay, an independent security consultant based in Oakville, Ont., a Toronto suburb.

      They drive around cities looking for exposed networks in an effort to educate as well as demonstrate vulnerability to tech managers and eventually sell their services.

      But other hackers look for security gaps in wireless networks in the hopes of finding sensitive corporate data or simply to use people's networks for nefarious purposes such as spamming. Some war drivers have even taken to flight to find open wireless networks.

      The malevolent war drivers that gain access to wireless networks can easily spam thousands or gain access to sensitive information, a danger for work-at-home employees that have not taken necessary precautions, says Mr. Tanguay.

      While businesses have spent heavily securing their networks, analysts say consumers are still largely unaware of their exposure to hackers.

      "Consumer wireless networks are still the largest unprotected resource of computer users," says Stephen Cobb, a consultant with ePrivacy Group, based in Paoli, Penn. "A lot of consumers aren't aware of the ease with which people can do war driving and hack into networks."

      With the NetStumbler program, detecting a hole in someone's home network is as simple as reading a symbol on the left side of the computer screen. A small circle, which should have a lock symbol indicating a higher security level, instead flashes a solid green colour and beeps indicating the presence of an insecure wireless local area network (WLAN) nearby, a way to connect to the Internet in which a mobile user can connect to a local area network (LAN) through a wireless connection.

      Mr. Tanguay says homes are most vulnerable, a point underscored during a recent war drive where he found that 47 of 60 wireless network owners in residential areas of central Toronto had not enabled wireless security.

      The high number of unprotected wireless networks should serve as a wake-up call to consumers and corporations, said Chris Kozup, senior analyst with Meta Group in Burlingame, Calif.

      Analysts and consultants say consumers can easily deter would-be network assailants by simply "turning on" security protocols embedded in their network equipment.

      Security can easily be augmented by enabling the WEP security protocol typically embedded in wireless equipment.

      Short for Wired Equivalent Privacy, WEP is a security specification designed to provide a wireless local area network with a level of security and privacy comparable to what is expected of a wired LAN which are more commonly used in Canadian homes and offices.

      But consumers continue to ignore highly publicized wireless LAN security warnings, Mr. Kozup says.

      "This is a market that doesn't have a clear appreciation of the security risks," he added.

      Wireless vendors need to introduce products that make it easier for consumers to protect themselves from malicious war drivers, Mr. Kozup says.

      A high-profile incident or tangible may be needed to serve as a wake-up call to vulnerable consumers, he added.



CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.