Skip to main content /TECH with /TECH

Firms warned of 'drive-by hackers'


By CNN's Peter Wilkinson

LONDON, England (CNN) -- Companies that use wireless technology to allow workers to log into networks throughout offices have been warned they could be laying themselves open to hackers.

The alert comes ahead of the scheduled signing in Hungary on Friday of a European convention that aims to unite about 30 countries in the fight against cyber-criminals.

The warning was made by London-based computer security company Orthus, after it drove around the financial centre of the British capital to see how easy it was to pick up radio signals containing data from wireless networks.

Using a laptop and easily obtainable software, Orthus said its experts detected 124 wireless computer systems that allowed them to access 207 different networks. More than two-thirds of these systems were not protected by any form of encryption, it added.

Orthus spokesman Richard Hollis said wireless users, expected to grow rapidly in number in the next few years, presented hackers using easily available equipment with an easy target.

"You come in completely behind the firewall and behind any defences whatsoever," he told Channel 4 News. "You come in and you're identified as an authorised user and given user privileges -- so what more do you want?

"That is the objective of the hacker to get in and not be confronted by any security measures. This is the perfect crime."

Another expert, Tim Pickard from RSA Security, agreed, saying: "There is a problem with wireless technology at the moment and that is to do with encryption and the privacy of the information that's bring passed across the wireless network.

"We are passing messages in plain text and that message goes out into the ether and can be picked up very very cheaply and easily. So people can listen to your conversations ... they can interrupt them (and) they can send their own messages.

"They can hijack your network and send messages as you. It's very, very important for people to understand the security implications of wireless networks."

Risk to life

The findings back up a study published earlier in the year that painted a bleak picture of cyber-crime in the UK.

The survey by the Confederation of British Industry (CBI) in August found that businesses hit by hackers were more likely to be attacked by hackers from outside the company, than inside.

Of the 148 respondents, two thirds said they had been the victim of a "serious" cyber-crime in the past year. The CBI defined a serious cyber-crime as a case of hacking of a company's computer system, a virus attack or credit card fraud.

Of those breaches of security, 45 percent were committed by hackers, 13 percent by former employees and another 13 percent by organised criminals. Only 11 percent of the cybercrimes committed were carried out by a company's current employees, the study said.

The European convention that interior ministers and law enforcement officials from Europe, South Africa, Canada and the United States aims to raise awareness of the consequences of computer crime and boost instant international cooperation.

A Council of Europe official told Reuters on Wednesday that many people still see computer hacking as mainly a moral issue, without realising the associated material damage and risk to life.

"There was a recent case when someone took control of the computer system at a small U.S. airport and switched off the landing lights. This could have killed many people."


• Comdex: Sony bids for 'invisible' network
November 13, 2001
• Companies examine cyber-security
September 21, 2001
• Mobile net boom will boost cyber-crimes
August 23, 2001
• Sci-Tech
Cyber-crime treaty enters home stretch
April 26, 2001
• Police target online bank fraud
August 23, 2000

• Orthus - Information Security Solutions
• SecurityFocus
• Wireless Security Perspectives - technical bulletin
• Council of Europe convention on cyber-crime

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top