[ISN] Laptops at the FleetCenter at risk of breaches, attack

[InfoSec News]

http://www.boston.com/business/technology/articles/2004/07/22/laptops_at_the_fleetcenter_at_risk_of_breaches_attack/

By Hiawatha Bray
Globe Staff  
July 22, 2004

The Democratic National Convention will attract thousands of visitors
armed with laptop computers that feature wireless Internet access. And
that could be a formula for disaster, according to a Boston data
security firm that recently ran a vulnerability test in the area
around the FleetCenter.

Michael Maggio, the president of Newbury Networks Inc., said that
unless proper precautions are taken, computer vandals will be able to
tap into these laptops by using wireless transmitters located outside
of the FleetCenter. The attackers could then use the compromised
laptops to gain access to the computer network used to run the
convention. The vandals could obtain sensitive information related to
the campaign of presidential candidate John Kerry. Or they could
unleash an attack that would bring down the network and throw the
convention into chaos.

''It's part of the security . . . that people aren't thinking about,
not because they're dumb, but because we didn't have this four years
ago," Maggio said.

Indeed, hardly anyone had heard of WiFi wireless networking in 2000.  
Today, half of all new laptops come with WiFi capability built in. A
WiFi-equipped computer can share digital data by communicating with a
wireless ''access point." Standard WiFi equipment has a range of about
150 feet, but that range can be substantially increased with
high-powered equipment and a special antenna.

The Democratic convention will use a standard wired network rather
than WiFi. But according to Maggio, this won't provide any extra
security. That's because many visitors who'll plug into the network
will have computers with built-in WiFi capability. The WiFi feature is
automatically switched on when the computer is running. In effect, the
laptop can connect to a wired and a wireless network at the same time.

Maggio said that an attacker with a high-powered WiFi access point
could set up shop outside the FleetCenter, and communicate with WiFi
laptops on the inside. If these laptops haven't been protected with
the latest security patches, a skilled intruder will be able to gain
access to the laptop. He could then leapfrog onto the Democrats'
network, allowing him to steal information or vandalize computers.  
''By being on both networks at the same time," said Maggio, ''that can
compromise the entire network security."

Maggio also said Newbury Networks ran a test of WiFi vulnerability
around the FleetCenter by driving through the area in a vehicle
equipped with a WiFi ''honeypot"-- an access point programmed to
attract compatible WiFi laptops.

According to Maggio, the testers were able to connect to several
laptops being operated in or near the FleetCenter. Had these computers
been connected to the Democrats' network, the testers might have been
able to access confidential information. But Maggio said there was no
attempt to read files on the laptop or the network, because that would
violate state and federal law.

Newbury Networks stands to profit from its warning. The company
specializes in wireless network security products. But other technical
specialists agreed the convention offers a ripe target for attackers.

''That's definitely a problem with any machine that has a wireless
device that's not secure and that has not been disabled," said Chris
Wysopal, vice president for research and development for At Stake
Inc., a Cambridge computer security firm.

The presence of thousands of laptop computers increases the chance
that at least some of them will lack the latest security upgrades,
making those machines open to attack. ''The numbers are on the
attacker's side," said Wysopal. ''Out of a hundred machines you only
need to find one machine that has a vulnerability, and you can use
that to hop onto the wired network."

Kip Meacham, director of technical marketing for Senforce Technologies
Inc. in Draper, Utah, said that most of the damage from such an attack
would probably be confined to the individual laptops, because it would
be fairly difficult to undermine the Democrats' wired network. But
Meacham said that if an attacker got control of a laptop used by one
of the Democratic network managers, he could do considerable damage.  
That's because a network manager's laptop would have access to
critical network files, which could be beamed out of the FleetCenter
and into a data thief's computer.

''Wireless really makes that kind of scary," said Meacham. ''You no
longer have to be physically connected with someone."

The solution, said Meacham, is a kind of quarantine system that
isolates laptop computers from the rest of the network, until they've
passed a series of security tests.

For example, if a user plugged a laptop into the network, the machine
would be tested for virus infections, and checked to see if its WiFi
network chip is switched on. Infected laptops, or machines with active
WiFi chips, would be blocked from access to the network.

Lina Garcia, press secretary for the Democratic convention, refused to
say whether such a system is in place in the FleetCenter. Indeed, she
refused to offer any details about computer security plans, to keep
potential intruders in the dark.

But Garcia insisted the Democrats have the computer security situation
well in hand, with the help of security specialists from Cisco Systems
Inc. and Microsoft Corp. ''People can rest assured that we are aware
of the need for a strong security system for our technology
infrastructure," said Garcia, reading from a prepared statement, ''and
we are working with our partners, Cisco and Microsoft, to ensure that
our systems remain secure."

Hiawatha Bray can be reached at bray at globe.com