• United States
by Dan Verton

New York presents wireless security challenge for RNC

Sep 02, 20044 mins
Cellular NetworksNetwork SecuritySecurity

Transportation Security Administration security checkpoints, hundreds of Secret Service agents, thousands of police on foot, horses and motorcycles, city blocks barricaded by dump trucks filled with tons of sand and an invisible wireless back door that is virtually impossible to monitor and control. That was a snapshop of the security situation at this week’s Republican National Convention (RNC) at New York’s Madison Square Garden.

While physical security was tightened to unprecedented levels — transforming the city into something unrecognizable to those who call it home — IT security researchers uncovered an unsettling number of unencrypted wireless devices that they say create a potential information security nightmare for convention organizers and delegates.

During a two-hour “war drive” around the site of the RNC as well as Manhattan’s financial district, security researchers from Boston-based Newbury Networks discovered more than 7,000 wireless devices, 1,123 of which were located within blocks of the convention, including a network named WirelessForKerry. More important, 67% of those devices were access points that did not have encryption protection.

During the war drive, to which Computerworld was granted exclusive access, Newbury technicians set up an unsecured wireless “honeypot” that masqueraded as a Linksys access point. According to log analysis of Newbury’s Watchdog system, a wireless device attempted to automatically connect to the honeypot every 90 seconds.

The findings underscore that while New York continues to focus on physical security for the convention, the huge numbers of open, unsecured wireless networks represent a serious threat to the city’s hard-wired infrastructure, said Newbury CEO Michael Maggio.

“A wireless-enabled notebook computer powered up inside Madison Square Garden by a conventioneer or media representative could automatically associate with wireless networks outside of the building,” said Maggio, noting that such a security gap could allow an attacker to “hop onto” the wired network inside the facility. “All the security policies in the world can’t stop a wireless intruder from accessing an open network signal emanating from a Wi-Fi access point or network card.”

The two-hour drive around Manhattan also revealed as many as 2,161 access points and 821 client devices broadcasting unique service set identifiers (SSID). “The SSIDs beaconed by clients is really a valuable list for an attacker,” said Brian Wangerien, senior product manager at Newbury. “Once the attacker knows that a client is beaconing for a particular SSID, he can change the SSID of his AP and trick the client into connecting to the attacker’s access point.”

Several network administrators in Manhattan’s financial district also appeared to use the system’s encryption key as the SSID.

These security gaps potentially open the entire hard-wired RNC network and other corporate networks to data sabotage, virus and worm infections, denial-of-service bots and spam engines, said Wangerien.

Newbury Networks conducted a similar war drive around the Fleet Center in Boston during the Democratic National Convention. Although the company found only half the number of devices that were present in New York, nearly the same percentage were unencrypted.

David Shatzkes, vice president of government services delivery at New York-based Computer Horizons Corp., the firm managing the wired network at the convention site, said convention organizers specifically avoided requesting wireless network support due to the security issues and useability issues associated with them. Although the RNC staff did not request wireless network support from Computer Horizons, Shatzkes said it could have been done securely.

However, Jose Colon, a spokesman at Hewlett-Packard Co. (HP), said he is “unaware” of any restrictions on the use of wireless at the convention and acknowledged that his company has provided dozens of wireless tablet PCs for use on the convention floor. Although security is always a concern, Colon said the biggest focus has been on coordinating with the Secret Service and providing redundant backup for the wireless systems in use.

One of the reasons for redundant wireless support, said Colon, is that when President George W. Bush arrives in the city, the Secret Service and other defense agencies follow the common practice of jamming local communications emanations for security reasons.

However, the disconnect between the RNC’s main network integrator and HP’s deployment of wireless tablet PCs raises a red flag for Maggio.

“Apparently nobody at the RNC seems to know what the wireless policy is,” said Maggio. “They spend millions of dollars on physical security and they don’t have a clue of who’s using their airwaves.”

The fact that the main network integrator was unaware of the deployment of HP’s wireless systems is an indication that IT security personnel had not been “sniffing the air” to see where authorized wireless systems were in use and where rogue or intruder systems might be deployed, he said.