From the AEGIS e-Journal, Volume 4 Number 5, May 2001
Some years ago a friend had his telephone line crossed with that of the Brooklyn DA, turning it into a party line. While there was some minor amusement in listening into conversations about the witness protection program and high-profile cases, it was mostly an annoyance to not have access to his phone. (He finally solved the problem, the phone company being indifferent to it, by calling the DA’s office to offer helpful suggestions. When he explained how he had all this information, the DA was mysteriously able to get the phone company to unscramble the lines is something under ten minutes.) Today’s equivalent to the crossed line – actually closer to a party line – is the wireless network, some of which are being installed by corporate IT departments, and some of which are being hooked up by users without IT knowledge. In either case, if you drive around business areas with a laptop in which you have a wireless network card, you face a high probability of being able to access somebody’s wireless network. “Ah,” you might say, “but you still need to sign in.” Well, in many cases authentication is missing, and you will be able to capture much of the confidential information zipping around the network. “Ah,” you might say again, “we run Wireless Encryption Protocol (WEP), and are protected.” Well, we note again, Adam Stubblefield, a 20-year-old math major working as a summer intern at ATT labs finally broke WEP, which has been under attack for some time. ÆGIS, May 2001 8 On the bright side, while WEP may be dead, administrators can take other measures, like implementing IPsec, a set of protocols currently in wide use to implement Virtual Private Networks (VPNs), as well as turning on the protective features that come with the wireless network.