"They weren't trying to bypass security," said Peiter Mudge Zatko, vice president of research and development for [at] stake Inc, an Internet security firm in Cambridge. "They were just trying to get stuff done."
As with all hacking incidents, businesses are reluctant to talk about breaches that could be blamed on poor security. No incidents of wireless trade theft have been made public, though there have been reports of lawsuits filed -- and the cases sealed -- in Silicon Valley.
"Thinking that something demonstrated to be possible isn't going to be exploited is somewhat naive," said Ian Goldberg, chief scientist at Zero-Knowledge Systems Inc, a Montreal developer of Internet privacy and security software.
Richard Power, editorial director for the Computer Security Institute in San Francisco, believes thieves already have been taking advantage of poorly guarded wireless networks.
"They're out there," said Power, author of Tangled Web, a book that focuses on digital crime. "For a while it will be like bigfoot sightings. Then, all of a sudden, it will be commonplace."
In the corporate world, most hacking cases go unreported to authorities. About 85 percent of 538 computer security specialists surveyed by the Computer Security Institute and FBI had noticed computer intrusions in the past year. Yet only 36 percent of the companies and government agencies reported the break-ins to law enforcement, perhaps fearing the reactions of shareholders, the media, and competitors.
"That's probably our biggest burden," said James F. Hegarty, supervisor of the FBI's computer crime squad in Boston.
Unreported hacking cases can be as dull as garden-variety Web-site graffiti attacks or as harrowing as full-blown network invasions.
One of Guardent's customers, for instance, is a major online retailer whose system was taken over at the peak of last year's online selling season. For seven hours, the hacker redirected customers' shipments and changed product prices without being detected.
Rather than acknowledge the breach, the merchant absorbed the costs. Some online shoppers, though, had to be wondering how they managed to snag goods at bargain-basement prices.
Another Guardent client, an auto rental company, discovered that customer files had been defaced by a hacker who added obscenities to the accounts of premier consumers. The cleanup costs totaled millions.
As security consultants and scientists continue to point out vulnerabilities in computer networks, some companies are taking steps to minimize the risks.
Wary of the risks associated with wireless networks, the Cambridge Health Alliance has decided to keep laptops out of its health-care system.
"Doctors are definitely interested in portable technology that will give them information at the point of patient care," said Tom Coffey, the alliance's director of network engineering.
But until wireless security gaps are closed, Cambridge Health Alliance officials have no interest in seeing their system compromised, Coffey said.
Who would want to steal patient records? Coffey once attended a computer programming class with several employees from a Southern California hospital who told of tabloids offering money in exchange for information about celebrity patients. Being able to pluck the information out of thin air could make that work so much easier.
RSS