News

'Honey trap' exposes City wireless hacking

Bill Goodwin
Hackers are mapping the wireless access points of firms in the City of London as they travel to and from work.

The hackers, known as war drivers, use laptop computers or personal digital assistants to scan for wireless access points, as they travel to work in cars, on bicycles or on foot, research by KPMG has revealed.

Although most hackers simply log the systems and move on, a significant proportion are trying to break into company computer systems, the firm found.

“The simplest thing we found was someone finding a login prompt and tpying in ‘administrator'," said Mark Osbourne, director of security.

"We found people trying to detect what machines were active on the network and probing them. We saw denial-of-service attacks and people trying to log into system management utilities.”

KPMG used a wireless “honeypot" - a fake wireless access point masquerading as a real system - to record the activities of hackers in the City of London over a three-week period.

The company discovered more than 60 attempts by hackers to probe the systems, and around nine attempts to hack into the fake network.

“From the figures we have found virtually every week someone is trying to hack into your network. You add into that the fact that virtually none of the devices in use have security access. That’s a worry,” said Osbourne.

KPMG has advised companies to ensure that their wireless access points are properly protected, and to take active measures to ensure that staff do not set up unauthorised wireless networks, by plugging in equipment easily available from high-street stores. 

Wireless countermeasures

  • Make sure encryption is turned on
  • Strengthen the standard wireless network encryption by adding your own.
  • Make sure wireless access point is configured so that it does not advertise its presence.
  • Change the default settings on the device - up to half of companies fail to do this.
  • Do a site survey to make sure there is minimal radio leakage.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy