Criminals Targeting SMBs with Unsecured, Vulnerable Wi-Fi Networks

Paul Mah
Slide Show

10-Step Security and Vulnerability Assessment Plan

Use this plan to ensure your information system controls are correctly implemented.

Seattle police are currently investigating a group of criminals whose modus operandi was to cruise around in a vehicle to map out surrounding wireless networks for a subsequent break-in. Also known as "wardriving," hackers essentially made use of laptops armed with long-range antennas to search for unsecured or poorly-protected wireless networks that they could exploit. Once network access was obtained, the hackers could potentially siphon off credit card account information, redirect funds via the use of fake payrolls or even access identity information for the purpose of fraud.


The vehicle, a black Mercedes with heavily tinted windows was impounded last year after its owner tried to use stolen gift cards at a local wine bar. When the police searched the car, they found a passenger-seat laptop mount designed to allow the driver to operate the computer, while a laptop that draws its power from the car was also found together with a range-boosting antenna. The group was believed to have been doing this for five years.


While unsecured wireless networks are obviously at risk, businesses using WEP (Wired Equivalent Privacy) for security are also equally vulnerable. This is because WEP has well-known flaws that allow it to be trivially defeated. To illustrate just how vulnerable the anarchic algorithm is, a 104-bit WEP key could be cracked in as little as two minutes under the right circumstances-four years ago. Moreover, the tools to defeat WEP are widely available, and are easily exploited by criminals with only modest computer skills.


Modern Wi-Fi access points (AP) typically come with the more secure WPA protocol (Wi-Fi Protected Access), though WEP is often supported for the sake of backwards compatibility. As such, SMBs that misconfigure the security setting could open themselves to risk, as with businesses that opt for WEP in order to continue using older, WEP-only wireless hardware.


The risks could be particularly acute to SMBs. As reported by Network World, Detective Chris Hansen, a fraud investigator with the Seattle Police Department wrote in his affidavit that:

A number of area small and medium-sized businesses have been targeted in these network intrusions, which have also involved a pattern of financial and personal identifying information (such as credit card information).

As larger businesses tighten up their security with the use of WPA and more sophisticated Wi-Fi hardware, it is clear that SMBs that neglect to do so will place themselves at great risk. And security by obscurity doesn't work as long as the APs are switched on; instead, they are standing out, waiting to be hacked.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.