Does your organization still use WEP encryption for any of its wireless connections? If so, you may be asking for trouble.
A Minnesota man was recently handed a hefty prison sentence for hacking into his neighbors’ wireless network and framing them for illegal activity.
The strange story began after the couple living next door to Barry Ardolf told police that Ardolf had kissed their four-year old son.
To get revenge, Ardolf hacked into the couple’s home Wi-Fi network and used their Internet connection to upload child pornography, sexually harass the husband’s co-workers and even send emails threatening to kill Vice President Joe Biden.
Ardolf was eventually caught after a packet sniffer discovered his computer on the network — but not before the Secret Service showed up at the husband’s office in response to the emailed threats against Biden, Wired reports.
As far as the actual hacking, Ardolf didn’t appear to have too much trouble. Although he likely wasn’t an experienced hacker, as evidenced by the instruction manuals found in his home, it took him just two weeks to get into the network. The neighbors used WEP encryption — a protocol that’s known to be susceptible to hacks. With the right tools and expertise, even a 128-bit WEP key can be cracked in just a few minutes.
Hopefully, Aldorf will learn his lesson on account of his 18-year prison sentence. But this story has a lesson for IT departments, too. Many businesses are still using WEP even though its flaws are widely known, mostly because they’re still using old equipment that doesn’t support newer, better protocols.
But as this and other hacks on wireless routers show, the risks of keeping legacy equipment in commission likely cancel out any cost savings that may be gained. Experts recommend businesses use devices with support for more advanced encryption protocols such as WPA and WPA2.