Our raid on Downing St.

[InfoSec News <isn () c4i org>]

http://www.sundaymirror.co.uk/homepage/news/page.cfm?objectid=12125585&method=sm_full

Tuesday, 27th Aug 2002  

TOP-secret files can be downloaded from the Prime Minister's computers
in Downing Street.

The alarming security breach was exposed after our investigators were
shown how to log on to the private network used by the Cabinet Office
and MPs.

We discovered that it takes just minutes to infiltrate
highly-sensitive information - and all you need is a laptop computer
and a £70 gadget available on the high street.

Big businesses, banks and city institutions are also at risk from
hackers who are breaking the law by reading classified emails, files
and internal memos flowing between computers.

Now security experts fear the techniques could be used by terrorists
to wage electronic warfare on the Government as the world braces
itself for the first anniversary of the September 11 attacks on the
World Trade Center.

The "drive-by" hacking phenomenon has also been dubbed "warchalking"  
because hackers who have succeeded in breaking in mark buildings with
a tell-tale chalk sign to invite further attacks.

Sunday Mirror investigators were shown how to access the system used
by MPs at their new £234million offices at Portcullis House, while
parked at traffic lights 50 yards away.

Using a laptop computer in the shadow of Big Ben, we identified 26
parcels of confidential computer information. The secret identity code
of the Government network - which the Sunday Mirror will not reveal
for security reasons - flashed up on the screen in a small box with a
connection confirmation signal.

The data box timed the session as lasting 11 minutes and 48 seconds
but the connection was not detected.

The Sunday Mirror has learned that several big banks have hidden
copies of sensitive files at secret websites to counter this threat.

Hackers use a gadget, called a WiFi (Wireless Fidelity) card, which
enables them to tap into the latest generation of computers that use
wireless technology. These computers send data to other machines in
the same building using radio waves instead of traditional cables.

But many transmissions "leak" from the buildings onto the street,
where they can be identified and picked up.

The Sunday Mirror commissioned Britain's top wireless security expert
Phil Cracknell to test the Government's security. He used a £2500
handheld Compaq computer, modified to scan radiowaves, to measure the
strength of leaks from Whitehall buildings.

The screen displays the strength of the signals in a similar way to
the signal bars on a mobile phone. As we cruised down Whitehall the
scanner picked up full-strength signals at four points - directly
outside the iron gates at Number 10 Downing Street, at Portcullis
House, at the Department of Environment, Food and Rural Affairs, and
near the Houses of Parliament. These areas are called access points -
places where the signal is strong enough to allow connection to a
network - and flash green on the scanner.

Once the access point was identified it was relatively easy to log-on
to the Government network. To prove how simple the process was we
asked an 11-year-old boy to repeat it - he did. Our reporters were
then able to monitor the flow of electronic data around Portcullis
House. For example, every time an email was sent it registered on a
box on our laptop screen. It clicked up 26 times in the time it took
to turn the corner of the building in a car.

To take the experiment to the next level and open the emails and files
and read their contents, all we would have needed was a a
specially-designed programme called Airsnort, freely available on the
internet and simple to use.

Cracknell estimated that this would take between one and two hours -
but it is illegal under the Telecommunications Act and possibly the
Official Secrets Act.

Cracknell surveyed other parts of London and identified vulnerable
networks - including banks, media organisations, national transport
companies and multi-national businesses. He warned: "It is astonishing
to find four access points to the Government's network in just a short
drive down Whitehall. One was directly outside the gates at Number 10.

"I've no doubt hackers will have infiltrated this system already. It's
only a matter of time before terrorists do."

Phil Cracknell is a computer security consultant for an official
regulatory body and the banking, electronics, legal and media
industries.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.