From a bench somewhere in Cambridge, Massachusetts, security consultant Jerry Brady is trolling for e-mails, passwords, and files that zip through wireless airwaves as naked as streakers.
In less than 20 minutes, his laptop computer collects a heap of digital booty: files from federal agencies, a flurry of e-mails from a university, and business documents traveling to a hotel printer.
In an office building across the street, an employee with a computer manufacturer has no idea that Brady has captured his user name and password -- bigbadfast. Brady tracks another worker visiting ETrade's Web site for stock prices and Yahoo for Arizona maps. As if sensing the cyberstalk, the worker stops in mid-mouse click to scan the privacy policy.
"Well, that's not going to help her now," said Brady, chief technology officer of Guardent Inc, an Internet security firm in Waltham.
Like most consultants in the booming field of electronic security, Brady is trying to draw attention to the latest and perhaps most underexposed cyber threat: the wireless computer network. Armed with laptops, Brady and his research team, including code crackers in their 20s like Jamie Fullerton and Seth McGann, are able to demonstrate that the widely popular technology has many businesses unknowingly broadcasting their secrets.
Wireless networks are sprouting up in offices, homes, hospitals, airports, and construction sites, fueled by the plummeting prices of wireless equipment. Today, gear for a basic wireless network can be purchased online for less than US$400.
Wireless networks link computers to laptops, desktops, and printers through radio signals -- similar to the way cellphones work. There is no need for cables, and laptop users can stay connected while wandering around the office or buying a latte next door.
In the wireless era, every innovation has been followed by a host of security concerns. Wireless computer networks present potentially greater risks than cellphones or other wireless devices because they often broadcast a bounty of data, such as research documents, spreadsheets, and valuable network information.
Eavesdroppers find them to be easy targets. It takes more work to break into a regular wired, or cable-based network, without being detected. But anyone with a laptop, US$100 networking card, and appropriate software can pluck corporate data from airwaves without leaving digital tracks.
If Brady worked for a rival company, he could monitor corporate e-mails he has collected on his laptop. If he worked for a foreign country, he could look at files with Internet addresses allocated to the Department of Defense and Department of Energy. He could alter spreadsheets, tweak print jobs, join an unguarded network -- or take it down.
Tapping into wireless computer networks can even happen inadvertently: While testing clients' network security, Brady's technology team has picked up other firms' e-mails, files, and print jobs.
"It doesn't take much effort," Brady said. "It's like taking candy from a kid."
Many firms, however, neglect to install or turn on even basic encryption software.
Still other companies do not know that their employees have built wireless windows into their corporate networks. When the culprits are discovered, they are often business units working on a project, blissfully unaware that they have compromised internal networks.
RSS