WLAN Hackers Threaten Service Providers

In early August, Secretary of Homeland Security Michael Chertoff announced the nation's largest-ever hacking and identity-theft case, involving 11 perpetrators who allegedly stole as many as 40 million credit card numbers from local branches of eight retailers in the United States, storing and then selling the information in the Ukraine and Latvia. The crooks accomplished this feat via "wardriving" — the act of literally driving around in a car with a laptop or other device, scanning for unsecured wireless access points and routers through which to hack into networks.

The case points out the fact that too many SMBs fail to take appropriate measures (See “Quick Wireless LAN Security” sidebar below) to secure their wireless communications. Anecdotally, hacker sites report about a 50 percent average unsecured Wi-Fi rate in the commercial sector. Given the fact that analysts expect WLAN uptake to continue apace even with the economic slowdown (growing 6 percent in 2008, to $1.86 billion in revenue, according to the IDC), it’s safe to say the areas of weakness will grow larger.

And it’s not just individuals and businesses at risk. The ongoing convergence of wireless WAN (be it outdoor wireless broadband, 3G or 4G cellular or public mesh networks) with indoor WLAN installations potentially exposes service provider networks to the danger of hacking, viruses and worms. But it also presents an opportunity for service providers in managed overlay security services.

Hackers bent on identity theft or service provider breaches can do so with low overhead. Most use an external laptop card such as those made by Orinoco, which deliver better detection capabilities than embedded clients, and free software like NetStumbler, which is available via a simple Google search. Once in, the wardriver simply installs packet sniffers on the network to intercept and record desired information, read passwords or even just eavesdrop.

That’s a problem when you have organizations like retailers or restaurants that depend on wireless networks to transport financial information between cash registers and servers.

“These guys are looking for the weakest link — where on the edge they are processing credit cards,” said Ty Estes, director of marketing for carrier Ethernet and fiber access media converter vendor Omnitron Systems Inc. “A lot of smaller businesses will install wireless LAN because it’s inexpensive, it’s easy — and a lot of times they’ll do wireless because these businesses need to do transmissions further than 100 meters — copper becomes lossy in that case and you can only transmit so much information at a time. They’re usually using off-the-shelf APs and routers, and any time you have that, there are going to be people who can hack that. You build a fortress but let the drawbridge down.”

One of the solutions (advocated by Omnitron) is to run the almost-impossible-to-hack fiber from the point of sale to wherever the data needs to go. Media converters can be used to perform copper-fiber conversions on either end, and it adds up to a relatively inexpensive choice.

Share this article: Email, Slashdot, Digg, Del.icio.us, Yahoo!MyWeb, Windows Live Favorites, Furl
Add this article feed to: RSS, My Yahoo, Newsgator, Bloglines