Keeping network hardware up-to-date is a challenge for businesses, especially when there’s little room in the IT budget for upgrades. But there are good reasons firms shouldn’t go without updating some equipment.
Take the recent case of a group of hackers who took advantage of businesses still using the Wired Equivalent Privacy (WEP) security standard — which, despite being 12 years old and having some known flaws, is still used by a lot of routers — for their wireless networks.
Joshuah A. Witt, Brad E. Lowe and John E. Griffin were arrested for allegedly stealing confidential data from 13 Seattle-area small and medium-sized businesses, the Seattle Post-Intelligencer reports.
One method the hackers are said to have used was so-called “wardriving” — or, driving around in a car equipped with a Wi-Fi receiver that could reveal information about nearby wireless networks.
Police say the hackers targeted businesses using WEP security for their wireless networks. After finding a WEP-protected network, the group used cracking software to figure out the network’s encryption key, according to court documents.
Once on the networks, police say the hackers stole personal and financial data, and eavesdropped on corporate communications.
The men allegedly made money in a variety of ways, from selling employee and customer information to identity thieves to using businesses’ banking information to transfer money to their own accounts. The group is also charged with physically breaking into the offices of 41 businesses and stealing computer equipment.
This string of hacks should serve as a reminder of the dangers companies may face when they try to make old technology last beyond its expiration date. Despite WEP’s age and the fact it’s been surpassed by newer, better security protocols, many businesses still use legacy routers that only support WEP.
This isn’t the first time hackers have exploited that fact. In 2008, a man was indicted after using a WEP hack to steal more than 45 million credit card numbers from retail giant TJX Companies.
And earlier this year, a man was arrested after hacking his neighbor’s WEP-protected wireless network and framing him for child pornography distribution.
Experts recommend businesses conduct an audit of their networking equipment to make sure their technology is secure and up-to-date, and replacing anything that relies on WEP and other less-than-secure protocols.