Aust businesses easy targets for hackers: study

Australian businesses are easy targets for hackers, according to research conducted by software company Altiris in conjunction with SpectroTech.

In a joint project undertaken last month, a ‘war drive’ or access mapping (the act of locating WLANs in a selected location), was carried out across the central business districts of Sydney, Melbourne, Brisbane, Perth, Adelaide, Hobart and Canberra.

The project found that 18 percent of CBD-based organisations were using default configuration settings for their wireless access points. Melbourne businesses were at highest risk at 18 percent, followed by Hobart (14 percent) and Canberra (13 percent), Altiris said.

Default settings, including user names and passwords, were easily found on the internet and hackers could simply go in and gain access to a user’s corporate network, said IT security expert Laura Chappell.

Twenty-seven percent of companies made no attempt to protect their business information at all with no encryption keys used to access the wireless network, meaning clear text communications over the wireless network could be easily intercepted and read, the company said.

“Adelaide’s CBD companies are the biggest offenders at 36 percent. This figure is extremely high. If confidential information is crossing the wireless network in plain text, then that’s handing corporate secrets to the competition on a platter,” Chappell said.

The report also found that 70 percent of companies within the CBD of all major Australian cities rely on Wired Equivalent Privacy (WEP) as a security measure for their wireless networks, which is basic level authentication and encryption.

“A low 13 percent of businesses appear to use Temporal Key Integrity Protocol (TKIP), an enhancement to WEP which confirms that IP professionals perceive WEP to be an adequate security measure,” said Mark Morgan, founder and principal consultant at SpectroTech.

He continued: “While WEP may be a deterrent to some intruders, it has been proven flawed and easy to crack with simple utilities readily available on the internet,” he said.

Of the 5858 access points identified across Australia’s CBDs, 2603 were broadcasting their Service Set Identifier (SSID) which allows wireless client devices to easily detect the network name of wireless solutions and in many cases, the company name of the corporate network, Altiris said.

“Wireless access points can channel the legitimate and not so legitimate users straight to the corporate network. These results prove how vulnerable wireless networks can be and how easily intruders can gain access to an organisation’s intellectual property and client data,” said Geoff Masters, VP, Altiris Asia-Pacific.

altiris security