An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Unsecured networks open door for hackers, spies

  • Published
  • By Airman 1st Class Andrew Dumboski
  • 99th Air Base Wing Public Affairs
With wireless technology, consumers can easily network their computers within their household and access the Internet through any of their computers.

Consumers can sit in a lawn chair on their back porch and catch up on their e-mail and news, even do some online banking. But with this newfound convenience lies a new danger.

"Any information that travels over a wireless network can be accessed by anyone on that network," said Steve Carlson, 99th Communications Squadron wireless security manager. "Even if you're accessing a secure Web site, your information is only secure between the Internet and your wireless router. Everything traveling between that wireless router and your laptop is visible."

A quick drive through base housing, with a laptop searching for wireless networks revealed many unsecure networks.

Part of Mr. Carlson's job is to test wireless networks on base to ensure none of the residential networks are infringing on any of the government ones. He estimates more than half of the networks he has found are not secure.

"Having a wireless network without any form of security is equivalent to allowing a complete stranger to look over your shoulder while you work on your computer," said Special Agent Randy Bond, of the Air Force Office of Special Investigations. "Someone could drive by your house, monitor your wireless signals, and collect all kinds of information about you."

This could lead to identity theft or worse. Depending on how the computer is configured, a hacker with a moderate amount of knowledge could log on to someone's network and have complete access to the victim's files. The hacker could install keystroke loggers and viruses with just a few clicks of a mouse.

"As military members, we have access to sensitive information; other people are aware of that. (Operational security) isn't just for use on the job; we must make it a practice in our personal lives too," Agent Bond said.

"People who use their personal computers to access their Web-based government e-mail are a perfect example," he said. "If you're accessing that e-mail through an unsecure wireless connection, anyone could connect to that network, and, with the right software, monitor every one of your keystrokes. They could have your logon (information) and even password information and you would never know it."

Adding to that danger, people who live near the outer wall of the base risk their network being accessed by someone off base.

From the visitor's center parking lot, use of a standard laptop recently found three wireless networks visible, two of which were unsecure. The secure network was from a business on the other side of Las Vegas Boulevard. Both of the unsecure networks were broadcasting from Nellis AFB.

"From time to time, I turn on my laptop and test to see how many unsecure networks are visible while I'm on my way to work," Mr. Carlson said. "Between Nellis' main gate and the intersection of Martin Luther King Boulevard, I've counted about 270 wireless networks. More than half had no security turned on at all."

Unsecure networks on military installations present a big operational security risk, Agent Bond said.

However, people driving around with a laptop searching for unsecure networks are not always trying to steal personal information. Often they're just looking for access to the Internet, Agent Bond said.

"It's called 'wardriving,'" he said. "Someone drives around looking for an open network, logs on and surfs the Internet. To your Internet service provider, they appear to be you."

Victims of wardriving have no idea it's happening. The person can sit in a car outside, surf the net or hack a computer, and drive away. They could also steal personal information from the victim, drive to another open network and use the first victim's identity. Any attempt to trace the identity theft would lead to the second victim.

Store-bought routers usually come with some form of protection.

"If you don't know how to set up wireless security on your router, the owner's manual usually explains it well. You can also get information on the Internet," Agent Bond said.

As technology becomes more accessible and cheaper, unscrupulous people also advance in their ability to use that technology for their own agendas.

"It's important for people to take measures to protect themselves from being victimized," Agent Bond said.

Comment on this story (comments may be published on Air Force Link)

Click here to view comments/letters page