PI Feature
wireless I S nternet ecurity
46
f
PI magazine
ace it. Wireless internet (Wi-Fi) is in. According to the Pew Internet Project, approximately one-third of all adult American internet users (34%) have logged onto the internet by wireless means using a laptop computer, PDA, or cell phone. Of the 34% who have logged onto the internet, 19% have wireless networks in their homes and 27% have logged on wirelessly from a place other than home or work. And, as the wireless internet popularity comes to grow, experts predict that number to dramatically increase over the next few years.
| July/August 2008
By Terah Shelton
“Wireless internet provides a tremendous convenience in that it allows employees, or just users at home, to be able to be mobile -- moving from one location to another -- and still maintain a data connection,” say Tony Bradley, a certified CISSP-ISSAP and BT INS security consultant. “For business networks, it can represent a significant cost savings to implement a wireless network rather than having to run network cabling through the walls and ceiling and installing Ethernet jacks all over the place.” The Wireless Association for the Wireless Telecommunications Industry (CTIA) recently announced that wireless data service revenues for the first half of 2007 rose to $10.5 billion. This represents a 63% increase over the first half of 2006, when data revenues were $6.5 billion. Wireless data revenues now amount to 15.5% of all wireless service revenues. “American consumers are continuing to turn to wireless for their voice and data needs. As wireless devices continue to evolve to meet ever-changing consumer demands, we are seeing an increase in the number of subscribers who are using wireless to surf the Internet, listen to music, watch video and take photographs” said Steve Largent, president and CEO of CTIA-The Wireless Association in a recent article. “Wireless is the only medium that allows consumers to stay in-touch and connected while on-thego and its popularity and usefulness continues to grow.” In the last couple of years, wireless internet has become
July/August 2008 |
ingrained in the fabric of how people are using the internet. It has invaded businesses from hotels to restaurants to airports touting the service as a way to please customers while also capitalizing on revenue opportunities. Telecommunication companies and even cities are getting on board. AT&T recently introduced plans to make wireless internet free at more than 10,000 hot spots nationwide. Last year, the city of Honolulu began offering free wireless internet to users in downtown Honolulu. And the pace is picking up internationally as well. WiFi hotspots can now be found in 135 countries according to JiWire, the leading provider of information and services to help people connect to the internet without wires. “The demand for wireless internet is basically driven by users who are demanding it in those types of environments. And business owners are making decisions to offer it based on their own criteria.” says Seth Cenac, vice president of operations of Grove Networks.
Is Wi-Fi Secure?
Based on overwhelming evidence, Wi-Fi has become an integral part of the way people stay connected. But, it begs the question: is it secure? No, according to Justin Peltier, a senior security consultant for Peltier Associates. “It could be, but is not usually secure in public locations such as hotels and restaurants.” Ben Rothke, a senior security consultant for BT INS, adds that “from a practical real-world issue, given how it has been deployed, wireless is not secure.” In the last year, nearly 10 million Americans became victims of identity
www.pimagazine.com
47
With all the insecurity surrounding wireless internet, there are opportunities available for private investigators interested in expanding or broadening their specialties by incorporating wireless internet security audits and Wi-Fi consulting as sectors of their business.
The Rise of Wi-Fi
War Drivers
The Pew Internet Project study listed that four in ten (39%) internet users have laptop computers and of these laptop users, 80% say their laptops can connect to the internet on a wireless network. Most of the time, those with wireless enabled laptops connect to a wireless network at home, although most also have logged on from someplace other than work or home. More importantly, 88% of laptop users have at one time logged on using a home wireless network.
to a wireless network adapter or Wi-Fi capable device.” Peltier adds that wireless internet works by running on the same frequency as cordless phones and microwaves. “It’s an unregulated frequency and basically what you are doing is making a radio signal network connection from your laptop to what’s called an access point. The access point is the server for the wireless environment. Multiple laptops or multiple computers all associate with or connect with this access point. So what you have is a bunch of radio signals going from the laptops and computers to this access point. Then, the access point will have wireless on one side and wired on the other side. That wired side is typically going to be the part that’s connected to the internet.” Rothke states that thieves can intercept and review data transmitted by wireless internet as it travels over the air. “If your wireless access point has ineffective security, thieves can tap into your network. If your devices lack security such as personal firewalls or access control lists, then they simple access you data as another network device.” More importantly, information stored on a laptop or computer that contains credit card numbers, bank account numbers, usernames, and passwords can be stolen and used to access financial accounts or fraudulently acquire credit or make purchases.
Wi-Fi and the PI
The French Ban Wireless security is important because, without it, anyone can read your data, access your network, perform denial of service attacks, and much more. Identity Theft Daily reports that there is a higher risk of identity theft among individuals who frequently use wireless technology. The French government is so concerned about the lack of security provided by wireless technology that it recently banned the use of BlackBerrys in government offices and at the presidential residence.
48
PI magazine
| July/August 2008
theft, a crime that cost them approximately $5 billion total. And one of the ways thieves steal a person’s identity is through an unencrypted wireless internet connection. With all the insecurity surrounding wireless internet, there are opportunities available for private investigators interested in expanding or broadening their specialties by incorporating wireless internet security audits and Wi-Fi consulting as sector of their business.
How Does It Work?
However, in order to answer the security question, one most learn what is wireless internet and how does it work? “As the name implies, wireless networking is network communications without the wires,” says Tony Bradley. “The data is broadcast through the air from a wireless router or access point
But how can private investigators add wireless internet security as a valuable service to their customers? Simply put, by educating themselves on wireless internet security and offering that expertise to secure customer’s networks. “Using wireless networking securely requires a little knowledge and a little extra effort,” says Bradley. That extra effort could benefit private investigators who invest the time to learn the terminologies and procedures associated with Wi-Fi. Peltier Associates, located in Michigan, teaches an Internet Security Basics class that covers background in firewalls, encryption, virtual private networking, and security assessment. Private investigators interested in learning more about internet security could also look for classes at their local community or technical colleges. However, Bradley adds that a wireless router or access point works within a certain range. “If that range is 100 feet, you can sit in your living room 75 feet away and use the wireless network connection. By the same token though, an unauthorized user sitting 75 feet away in a neighbor’s living room, or sitting in a car by the curb can also use the wireless network connection. An attacker that gets into your network could compromise your system with a rootkit that enables them to access your computer at will, or a bot that enables them to use your computer remotely for attacks on other systems, or to send out spam email, or any other malicious purpose.”
Thieves are not the only people hacking into wireless internet connections. They are called war drivers and they are people who drive around looking for free Wi-Fi – especially those from home networks – to surf the internet or to download files. Security consultants argue that there are some dangers associated with this phenomenon such as unlawfully accessing files of the network owner, installing viruses and Trojan horses in their systems, storing files containing pedophilic content and distributing spam. While most claim they are not taking anything away from the owners, however, the process still requires a breach in the system. Ironically, a recent article has even suggested that private investigators could find clients by using the same methods a hacker could by “driving around with a cheap Wi-Fi hotspot finder and test the signal for access security. Then triangulate the signal to an owner and offer information and a 5-minute service to secure their wireless LAN.” Both New York and California have passed laws requiring owners of wireless routers to protect themselves from routine public access. More specifically, the law prohibits the provision of internet service to which there is free access if such network is not protected by a firewall. The duty to secure the network also applies to businesses which store people’s private information. In addition, the internet service providers are required to post a notice warning of the dangers lurking online. The breach of these sections is punishable by fines. Other states requires the owner of a network, who suspects that it has been breached, to inform the people whose private information is stored in such network and who may have been hurt due to such breach. But, Cenac adds that it’s not so much an issue of security of what’s being offered, creating an opportunity for private investigators. “Basically, businesses offering wireless internet are giving you access. How you secure your own personal equipment or laptop is pretty much up to you. There certainly are vulnerabilities of using a laptop on a public network and users have to be aware of those risks and take whatever steps they feel appropriate for their own sensitivities.”
July/August 2008 |
www.pimagazine.com
49