[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Government agencies plug leaks in wireless networks



http://www.asahi.com/english/national/K2002122600287.html

The Asahi Shimbun 
12/26/2002

Since anyone with the software could pry, cable is back in style.

The Meteorological Agency and the Tokyo metropolitan government
stopped using wireless local area networks (LAN) last week after
learning data was wide open to anyone with the will and the right
software.

Wireless LANs are increasingly popular because they can be introduced
or expanded quite simply without cumbersome cables.

But when Kazuo Tanabe, a computer consultant in Sabae, Fukui
Prefecture, studied LAN emission risks around government office LANs
in his own prefecture, then in Tokyo, he found that data transferred
on wireless LANs could be intercepted and read by anyone using
software freely available on the Web.

Tanabe said he first assessed the risk of LAN signals radiating from
the municipal buildings of Sabae and Fukui, then came to Tokyo last
week to measure the risk around some central government office
buildings, especially in the Kasumigaseki district.

There he found that data stored in the Meteorological Agency's
personal computers-even personnel records and minutes of meetings-was
especially vulnerable.

The risk was highest at the agency's department dealing with volcanic
activity, which lacked proper firewalls such as data encryption and
password-protected access.

When The Asahi Shimbun inquired about data vulnerability, the agency
found two of seven wireless LANs could be monitored from outside. A
LAN management official there said the network was shut down
immediately, departments were informed and all computers on wireless
LANs were switched to cable.

At the Tokyo metropolitan government offices, several bureaus,
including construction and environmental protection, did not encrypt
the data moving over their LANs.

At the office that administers public hospitals, most of the 80 PCs
used by supervisors could be read from outside. Data exposed to prying
eyes included payment to doctors and patient records.

An official said network personnel were not well informed about
security, but said all the wireless LANs were swapped for cable over
the weekend.

During his experimental foray at the Ministry of Economy, Trade and
Industry, Tanabe said he found pirate versions of movies, including
``Harry Potter,'' TV dramas and video clips of entertainment
personalities, which an official later said were for personal use.

Encryption had not been used in some LANs at the Foreign Ministry or
the Ministry of Agriculture, Forestry and Fisheries until September,
when data vulnerability was pointed out.

``Use of wireless LANs is inappropriate for government agencies that
handle personal information,'' Tanabe said. ``One hole in the network
lets hackers in. Data can easily be stolen or altered. Or the opening
can be used to spread viruses or other misdeeds.''

 

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.