Your computer is at the mercy of hackers

SIMON BROUDER sbrouder@kerryman.ie

GLARING security problems, with potentially massive legal ramifications, still exist with Eircom wireless broadband services a year and a half after they were first raised with the company, The Kerryman can reveal.

In September 2007 computer hackers released a simple programme which allows anyone with a wireless enabled laptop to hack into domestic Eircom broadband accounts and anonymously surf the internet.

Eighteen months on and hackers are still using the programme and can park outside a house and, within seconds, access a secure wireless network and download all manner of material, including pirated music and movies or other illegal materials.

Computer records will show that the material was downloaded to the innocent party's computer and the hacker can easily erase any evidence that they had illegally accessed the computer.

This week The Kerryman accompanied a computer expert to several locations in the greater Tralee area and watched as they hacked into five separate Eircom accounts, both domestic and business, using just a basic €600 laptop and the easily downloaded, freely available, computer programme.

The programme exploits weaknesses in the default security settings Eircom uses with its 'Netopia' wireless modems. Eircom broadband users are provided with a default Wireless Equivalent Privacy (WEP) key, the equivalent of an ATM card pin number, which is designed to prevent others accessing their networks.

The problem arises because the default WEP key, which is created using a simple mathematical formula, is based on the modem's serial number.

Computer owners can guard against hackers by manually changing their WEP key, Eircom's website contains advice on this, but anyone using the default WEP setting provided by Eircom is vulnerable.

If the default WEP is in use a hacker can, as demonstrated to The Kerryman, view all account details relating to the broadband account, erase all evidence of their presence, remove security firewalls, block the account holder from accessing the internet and potentially access private files held on the computer.

So-called back doors into 'secure' Eircom broadband networks can also be created allowing hackers access at a later date, even if the security WEP code is changed.

Though Eircom advised customers of the problem in October 2007 many of the company's customers remain unaware of the danger and have not upgraded their broadband security to deal with the threat.

In its advice to customers Eircom said that only "a person with advanced working knowledge of encryption and coding techniques" could exploit the security loophole.

However, according to the computer expert who demonstrated the technique to The Kerryman, the system is vulnerable to anyone with even a basic understanding of computers.

"You can park in any estate, use your laptop to search for wireless networks and then use the programme, which only needs you to enter an eight digit code that's part of the network name, to access the internet and even access private files on a PC. It takes seconds," they said.

According to Tralee Solicitor Pat Mann the situation could have major legal ramifications.

"It's a highly dangerous situation and it could definitely be used as a defence in court," he said.

Mr Mann said that in a court case involving a serious computer crime, such as downloading child pornography, a computer expert could easily be brought in to prove that an accussed's computer may have been compromised using this method.

Eircom is aware of the problem and notified customers when the issue first arose. The company's says its top priority is to help customers minimise any wireless security risks on their broadband connection. Advice on upgrading the security of an Eircom broadband connection is available at www.eircom.net/wirelesssecurity.

News