Wireless hackers creep nearer to UK homes

Security experts are warning the rapid uptake of wireless networks in the UK could spell disaster for home working professionals, if they fail to safeguard their IT systems against "war-driving" attackers.



Such a process of targeting Wi-Fi networks has already been punished in the US with the longest ever jail sentence for the culprit, and now the cyber technique is destined for Britain.



One security firm, Red-M, which last month tested London's wireless points, says because the new technology is so easy and cheap to set up, users often ignore the security holes it creates.



Of most concern is the wide range of wireless networks, which often extend beyond the user's home - their walls and neighbouring houses.



This means that any outsider armed with a laptop computer, free downloadable 'war-driving' software and an Ethernet card can potentially infiltrate a Wi-Fi network from about 100m.



"If you can sleep properly at night in the new wireless world, you don't understand the significance of the problem," said Karl Fielder, CEO at Red-M, before conducting his London experiment.



In the test, he found it easy to disconnect small home and office networks, read personal e-mail and disable broadband access, without any sign of outside interference.



"Wireless makes it very easy to wreak havoc with someone's life and then vanish without a trace, leaving them to pick up the pieces," said Fielder.



"Without adequate security measures, computer users are vulnerable to identity theft, unconscious involvement in internet crime, viruses, and theft of internet access and network bandwidth."



IDC estimates there are 958,000 wireless networks in the UK, with this figure expected to double to almost two million by the end of the year.



A similar experiment by US firm, Computer Worx, found that 'war driving' for Wi-Fi points in a residential area, exposed 23 unsecured networks in just 40 minutes.



These signals were mostly detected in privately owned houses but Orville Erickson, who likes to war–drive to prove a security point, said his firm identified unprotected networks at a local church.



He says Wi-Fi users are opening themselves up for incredible amounts of grief because the majority use their default network identifier, instead of changing their security settings.



"Say somebody logs on to your network and downloads some child pornography," said Erickson, speaking to the WCFCourier Press.



"Well, how are they going to trace that back? It won't be traced back to the laptop that hacked into it. It will be traced back to the homeowner's IP address. And he would be blamed and he would have no defence."



Erickson said that a war-driving hacker could even use a little computer expertise to install key-logging software on a computer to reveal credit card numbers, bank accounts and passwords.



Security firm, Red-M, has issued the following security tips to protect home and business networks from malicious war-drivers.



1. Detect all the wireless activity going on inside and outside your home or office using a 24 x 7 monitoring tool. Without round the clock scanning, you can't possibly know who is connecting to your computer network.



2. Secure your data against hostile activity, theft and manipulation. This can be as simple as turning on your hardware and software's built in security capability (most of which defaults automatically to the off position).



3. Control your business or personal network with security policies that are appropriate for the wireless age. For example, you need to prevent staff connecting their own equipment to the network, thus creating a back door for hackers. You also need to constantly monitor your security measures for effectiveness.



Red-M said these measures are not the definitive guide to thwart Wi-Fi attacks but offer users the most basic of protection.



"Gartner believes that by 2006, improperly configured wireless LAN access points and client software will be responsible for 70 per cent of successful wireless network attacks.



"They recommend intrusion detection and protection systems as the best practice for keeping intruders off your network."