Company secrets fall straight in a hacker's lap

Click to follow
The Independent Online

Prowling Paul is not the only IBM computer security consultant trying to break into client premises. However, most of his burgling brethren use what the computer industry might consider more sophisticated techniques. That is, they deploy cyber methods.

One of his "partners in crime" on the cyber front is IBM security consultant Daniel Keely, who specialises in finding holes in the latest form of computing – wireless.

Technologies that allow workers to tap into corporate networks and databases using radio, infra-red or other airwave connections from computers and other devices are proliferating. Companies implement them to cut down on wiring hassles within their premises, and to support remote access.

But a downside is that wireless computing can be alarmingly porous, and Mr Keely is out to prove that point. Like Prowling Paul, he says his challenge is often too easy.

A typical day for Mr Keely or for one of his team would entail sitting in a client's car park or roaming its perimeter with a laptop computer, attempting to tap into the company's wireless networks.

Companies which implement wireless "LANs" (local-area networks) scatter receiving antennae around their premises. According to Mr Keely, these will let in just about anyone in range with standard wireless computer technology, unless the company installs security software in the electronic access stations attached to antennae.

"If they haven't implemented any security at all, we can get through in 10 seconds,'' claims Mr Keely, who is part of IBM's Global Services division.

As with Prowling Paul, his wireless snooping is sanctioned by the client, as part of a computer security assessment. He says IBM's break-in success ratio is "very high".

During a briefing at IBM's international wireless security centre outside the French city of Nice last week, Mr Keely and other IBMers painted a computing world very vulnerable to wireless infiltration. They pictured wireless cyber baddies not just roaming car parks but also:

* sitting in cafés using Bluetooth wireless connections to infiltrate the laptop computers in use at the table in the corner (once in, the hacker could snoop laptop files, ride the laptop connection into a corporate network, or simply run down the machine's battery to effect a crude "denial of service" attack);

* reading their competitors' wireless email in acts of industrial espionage;

* committing the most rudimentary form of wireless crime – stealing laptops to gain access to the information stored in them or to which they are connected.

That scenario is partially the spin of a company which wants a piece of the wireless security market, estimated by International Data Corporation to hit $21bn (£14m) by 2005.

However, it is steeped in the reality that progress – in this case the emergence of unwired any time, anywhere connections – often comes with its own set of problems.