Random Radio Waves Around Wall StreetBy Tom Steinert-Threlkeld | Posted 2002-06-07 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Think your institution's Nets are secure? Watch the data going out the window.
A year ago, the idea would have seemed a relatively innocent exercise of freedom of the pressand the freedom to move about this country.
But sitting in a deli a few steps from the New York Stock Exchange, mixed feelings were the order of the day. Across the tiny table from me, a gearhead was breaking out an antenna and wireless modem that would allow him to take in data signals as we moved about. He would then stuff his laptop and the extra accessories into a backpack. No unaided eye could see the signal-gathering equipment.
The mission was to take a random walk around Wall Street and see whether investment houses, stock brokerages and exchanges in this brain center of global capitalism were vulnerable to having communications snatched by passersby. The exercise was born of concern that rogue installations of wireless base stations and access points are endangering corporate networks.
It was also, conceptually speaking, a 21st century way to testor maybe carry outthe efficient-market theory of Burton Malkiel. The Princeton economics professor, in his classic 1973 book, A Random Walk Down Wall Street (W.W. Norton & Company), propounded the theory that daily fluctuations in shares of stock couldn't be foretold, because prices reflected all publicly known information. Following that theory, then, only persons with information the rest of the market did not possess could logically gain a clear advantage on stock movements.
The concern about rogue access to enterprise networks is not misplaced, as you can read in Sean Gallagher's story this month about Best Buy. A shopper bought a wireless access card at one of its stores, went out into the parking lot, installed it in his laptop and began pulling in credit card numbers from transactions taking place inside. Our sister publication, eWEEK, provides a detailed report on the products and techniques you can use to crack down on the insecurity of wireless networks. There's also a primer on Ad Hoc Networks in our December issue.
A Walk on the Wireless Side
Nonetheless, it was with a bit of trepidation we set out by foot this sunny morning in May onto the sidewalk at Exchange Place. You had to wonder whether security teams at financial institutions or law enforcement had somehow begun to scan the air for indications that free-floating data was being tapped.
Four signal-tracking excursions over two hours passed the New York Stock Exchange, the House of Morgan, the Chase Manhattan Plaza, the World Financial Center adjacent to Ground Zero, and federal office buildings. The walks covered pretty much any street that is important to Wall Street, including Broad, Exchange, Pearl, Hanover, Pine, Williams, et al.
The findings, overall, were reassuring. Three of the walks picked up signals from 18 access points. One walk produced none at all. Given the hundreds of firms operating there, this was a surprisingly low number.
Better yet: None were obviously tied to major financial institutions. The Service Set Identifiers for the wireless access points did not readily give away the name of a top-tier firm.
But in this day where anyone standing anywhere can be a threat to someone, something or some organization, the threat still hasn't sunk in. Of the 18 access points whose signals were picked up, 13 were sending unencrypted messages. That means the communications could clearly be read by anyone so inclined, as confirmed by Guardent, a Waltham, Mass., security firm that analyzed the results.
Keep in mind, too, that these walks took place at street level. Good physical security in each tower kept us, except in one instance, from gaining access to higher floors. The survey only caught signals emanating from below the 20th floors of office buildings, in all likelihood.
And there can be no mistaking that the Street still is at risk. The bomb squad of the New York Police Department was out in force this particular Friday, monitoring financial district activity from an alley near the intersection of Exchange and Hanover.