So I read that Lowes got hacked via wireless access points.  The hackers actually got back to the main systems in North Wilkesboro and were (allegedly) capturing credit card numbers.  You know, I interviewed for a security position with Lowes just before this happened, and knew from my wardriving around Winston-Salem that they run wireless.  One of my job functions was going to be auditing their wireless.  I found a better position and didn't get a chance to actually audit their wireless, but apparently the access points that these guys came in through were not running WEP or any other form of encryption.

Hate to slam Lowes, but that's just stupid. 

  It looks like this will be a precedent-setting case with regards to culpability in accessing open wireless systems.  So far, everybody who has been arrested for accessing a network has been acquitted if the intrusion came from an open access point (like the recent case in Texas).  The stealing credit card numbers is obviously illegal, but what about accessing their open wireless system?

  Look, if you are running wireless and don't encrypt your signal, you are advertising your network to anyone who walks, flies, boats, or drives past.  Usually, you are issuing them an IP address!  How can you get mad (or press charges) when your network issues them an address and voluntarily gives them access to your resources?  Hey genius, if you're BROADCASTING your signal, you can't get upset when someone hears it.  That's like a radio station trying to press charges when someone they don't want to listen tunes in anyway.  Doesn't make sense.  The analogy I use with wireless is that it's like putting network connections to your network in your neighbor's buildings and parking lots.  Unless you take some reasonable security measures, you are simply being negligent with your (and your customer's or patient's) data.

   One company in downtown Winston got very upset when the company I used to work for did some wardriving and found their open network (3 access points - I think it was Woodbine Main, Upstairs, and Loft).  The president of my company decided it was a good idea to tell everyone within earshot what we had found (NOT something I recommended, since Admins don't like being caught with their pants down), and the company threw a FIT.  Threatening lawsuits, etc.  I just said, "Whatever.  Do your worst.  Wardriving's perfectly legal, and we did not access your system.  If you'd like for me to help me secure your network, I'd be happy to help."  6 months later, they're still wide open.  Oh well.  I guess they'll have to be hacked - and notice it - before they learn.  That is, if they haven't been owned already, which isn't likely since I pick up their signal from I-40.

So what about WEP?

  I already hear some people saying "WEP's easily cracked.  It's useless!".  I agree that WEP is fairly easy to crack, but ask yourself this - Have you ever done it?  Some have, I have, but I'll bet that your answer is no.  It actually takes quite a bit of time to capture the data required to actually crack it, and casual wardrivers are NOT going to bother with it.  Why would they?  Half a block away there's an open access point!  Even more importantly, cracking WEP defines criminal intent, and everyone who attempts it understands that they are DEFINITELY doing something wrong.  If they go to court, there is absolutely no defense that "They didn't know the system was restricted, your Honor!".  Chances are, the lock on your front door can be brute-forced (kicked in) or picked, but everyone understands that it's still a good idea to lock it. 

   WPA is great as a way to secure your wireless, since it changes keys periodically.  With WPA enabled, I don't worry too much about my wireless being hacked.  Other things you can do include restricting by MAC address (absolutely worthless if you don't enable WEP or WPA, since your MAC can be changed), disabling SSID broadcast (may make your network stop functioning), and my favorite, connecting through a VPN.  How to configure all of this is out of scope of my rant, but there's a lot of web info out there.

   Look, I love wireless, and have been running it since the old Intel Anypoint 900 MHz days.  But if you're going to run it, be careful.  If you're like the 100 out of 119 access point owners I found around Winston-Salem, you better be ready for other people to be in your system, because I'll bet they already are.

Later,

Chuck