Wireless computer networks are becoming increasingly popular with businesses and consumers in New Hampshire.
But security problems also make them prime targets for hackers.
A bill currently before the state legislature would require operators of wireless networks to secure them -- or face the consequences.
NHPR correspondent Brian McWilliams has the story.
It's a Wednesday morning, and I'm driving down Elm Street in Manchester with Jeff Stutzman, a computer security expert.
He's taking me on what computer hackers call a "war drive."
As we roll into the heart of Manchester's business district, we're testing just how easy it is to eavesdrop on unprotected wireless computer networks.
We drive past a bank, and an icon on the screen of Stutzman's laptop computer begins flashing.
"All right, I just picked up another one. There we go ... the signal strength is ... oh, there's another one. So right now we've got eight of them." [stutzman2.wav]
Eight unprotected wireless networks in less than 10 minutes. If we were hackers, we could have pulled over and, without leaving the car, waltzed right in the companies' computers.
"Be able to take a look at their file structure. Any data that's being passed. Typically I'd be able to go right through and be on their LAN, just like you were an authorized user." [stutzman3.wav]
Stutzman is CEO of Manchester-based ZNQ3, an information security firm.
He says wireless networks have recently become very popular with businesses and consumers.
Similar to cordless telephones, the systems use radio signals to transmit data to other computers in a local network.
But often those signals are strong enough to be picked up hundreds of yards away.
And many people neglect to turn on security features to protect the signals and the network from outsiders.
Sometimes wireless networks are left open on purpose.
But more often than not, insecure wireless networks exist because their owners simply don't understand the security risks.
A bill currently before the New Hampshire legislature is attempting to change that.
House Bill 495 says that owners of wireless computer networks are responsible for securing them.
If an operator doesn't take steps to lock down a wireless system, he or she could find it difficult to prosecute anyone who either deliberately or inadvertently gets access to the network.
Such inadvertent access apparently is quite common.
Carlos Pineda co-owns the Fusion Internet Cafe and Espresso Bar on Elm Street in Manchester.
Since it opened four months ago, Fusion has been providing coffee drinkers with free access to the cafe's wireless network.
But Pineda says sometimes it's possible to boot up and find yourself connected instead to the wireless network of a well-known business across the street.
"I don't even think their employees are aware the signal from their Internet is being broadcasted outside of their space. That means I have access to their IP address so I can break into their system. Personally I can't, but other more savvy people could do it." [pineda2.wav]
Pineda has protected his business data.
But he still hasn?t completed locking down the wireless network to prevent unauthorized access.
In the mean time, Pineda says that Fusion advises customers not to use its Internet connections for online shopping or other sensitive communications.
Pineda says the big electronics store that sold him his wireless gear didn't even bring up the subject of turning on security features.
"People talk about wireless technology but no one talks about the security problems ... people stealing the signal, hacking your system. That's not their concern. Their concern is to push a product out of the store and not to provide a customer with feedback on the drawbacks to a wireless system." [pineda1.wav]
House Bill 495 amends New Hampshire's computer crime law.
And it?s drawing national attention.
Mark Rasch is a former head of the U.S. Justice Department's computer crime unit.
"I do think it could create problems for the people who have wireless networks. If they want to be able to prosecute people for hacking into their wireless networks, they need to have done something to have secured the networks." [rasch1a.wav]
The Senate's Judiciary committee is currently reviewing the legislation.
Committee Chair Andrew Peterson says the proposed wireless security law is designed to help protect those who innocently stumble upon insecure wireless networks.
At the same time, the Peterborough Republican says, the bill will seek to maintain existing protection for victims of wireless hacking.
"It's very clear that if someone knowingly gains unauthorized access to a computer network, that they are guilty of a crime under our state laws. We want to be sure that it wasn't the case that, through trying to protect people under certain circumstances, we were opening up greater opportunity for criminal activity." [peterson2a.wav]
But the New Hampshire attorney general's office says the bill may muddy rather than clarify the state's existing computer laws.
Will Delker is a Senior Assistant Attorney General.
"The bill as it currently stands doesn't seem to change in a material way the manner in which these prosecutions would go forward. There's significant ambiguity in it, and I'm not sure it accomplishes that goal unambiguously." [delker_new1.wav]
The Senate Judiciary committee is expected to hold another hearing on the wireless security bill in May.
If passed into law, it would take effect in January of next year.
For NHPR News, this is Brian McWilliams.
###
Delicious
Digg
Reddit
Facebook
Google
Yahoo