Headline Archives

   

GOT A WIRELESS NETWORK?
It’s Time to Shore Up Security

05/04/07

Laptop computer

Some words to the wise: if you have a wireless Internet or network connection, make sure you’ve got the best possible security measures in place. And don’t delay.

Why? We’ve recently learned that the basic protection against intruders—Wireless Encryption Protocol, or WEP—is increasingly vulnerable to accomplished hackers.

The tip came from one of the members of our longstanding InfraGard program, which brings together public and private sector security professionals to share breaking information on threats and vulnerabilities, particularly in the cyber world.

The member alerted our Birmingham, Alabama, office about computer hackers in Europe who have developed a method for cutting through the security provided by the WEP within a matter of seconds—and who are ready to share that secret.

“We knew once that information got out—and it most likely would—these vulnerabilities were going to be exploited,” said Paul Daymond, the media representative from our Birmingham office who helped coordinate a press conference on the issue recently. “So we wanted to get the word out quickly.”

What is WEP? In layman’s terms, it’s one way computers try to keep unauthorized users from tapping into your wireless network. A wireless network is more vulnerable to outside hackers than a closed one, which physically connects computers with cables.

WEP is generally the lowest level of security that comes with a new wireless network. Hackers have been improving their ability to get around the security settings in WEP for years. They know that most people don’t even bother to set up password protection, and when they do, they simply use the default.

That can be a boon to “war drivers,” people who drive around looking for unsecured wireless Internet access points to hijack. After they tap into the connection, they can do all sorts of things—including illegally sending spam or pilfering your computer’s data, like Nicholas Tombros did a few years ago.

You might not even know if these hackers have gained access to your connection. They may be a couple houses over or on the next street. But if they’re doing something illegal with your Internet connection, it’s going to come back to you.

So what can you do? At the very least, set up password protection and change the default and security settings on the WEP, if that’s what you’re using. Then we recommend you consider changing your wireless security to a more secure protocol, like WPA2, TKIP, or AES.

Don’t know how to do that? Check the website of your wireless router manufacturer. All of the major companies have websites devoted to security.

“There’s a lot of information out there about making your wireless system more secure,” says James E. Finch, assistant director of our Cyber Division. “We recommend taking a layered security approach. That is, throw as many locks on the computer to thwart these hackers as possible.”

Good advice…and we hope you take it.

Resources:
- FBI Cyber Investigations
- More Cyber Crime Stories
- Internet Crime Complaint Center
- InfraGard