Shutdown

Posted on 25 Oct 2004 at 16:30

 

Gallery

Wi-Fi may have serious security issues, but those in the know who are capable of penetrating it tend not to have any malicious intent.

It's midnight, on a sunday, late spring 2000, and I'm sitting, hunched in the back of a Saturn with its engine running, hiding out in the car park at Apple's HQ. In front of me is a laptop. It has just attached itself to Apple's internal Wi-Fi network. I am, as they say in the cyberthrillers, in. Professional that I am, I proceed to giggle like a teenage girl. Then, freaking out like a teenage boy, I log off and drive away before we get into trouble.

I'd love to tell you that this is how we break the big Apple stories - through technological espionage at huge personal risk - but it's not true. Really, I just wanted to see if it could be done (officer). It could: it was the early days of the AirPort, and while Apple more than anyone must have been aware of the security implications, it can't have been too worried.

A few months later someone will ask me to show him how to do the same thing so he can blow the lid off various evil mega-corporate practices. Unfortunately, on that occasion, I don't even manage to show him how to connect to our local Starbucks.

Oh, I guess I could have run up some sort of headline news story - an expos?bout Apple's lackadaisical security. To be honest, though,my Apple car park revelations were far more entertaining as a bit of idle conversation than as a shocking headline story.

It wasn't even clear that Apple was being particularly lax. For all the paranoia that security consultants emit, most of them, in their private lives, are happy to accept the comfort that a mild insecurity brings. At a recent hacker's conference I attended, a panel of experts in the many ways to intrude and break into a Wi-Fi network warned sonorously of the weakness of even the strongest protection, but reiterated the importance of doing it anyway. Finally, one panelist stood up and, in the manner of an Alcoholics Anonymous meeting, announced he was a security professional who ran an open Wi-Fi network at home, and bet he was not alone. A show of hands revealed a sizeable minority of the audience and panel did the same thing.

They weren't being sloppy, either. Rather than taking a knee-jerk response to securing their machines, they'd played out the potential threats in their mind and decided on their comfort level. Evil drive-by spammers hooking themselves to their DSL lines and sending scads of mail through their router? Possible, but an acceptable risk, given the pain of regularly changing passwords. Life's too short to devote it to security, even when you're a security guy.

To this day, I don't know whether I could really have lifted top-secret iPod designs from that Apple link. It's unlikely: Apple knows that the real risk of leaked information comes from inside. If that data wasn't on the connection I made, it was because it would be hidden from even most Apple employees.

Even if I had snagged it, would I have broken the story? I suspect not. And that fits in with what I know about the psychology of the computer underground, too. Despite the temptations, most of them don't want to cause any harm, and don't want to take more risks than teenagers exploring a boarded-up office building. The potential of rich rewards makes the game less fun, not more.

In February this year, news got out that part of the Windows 2000 source had been leaked onto the Internet. News articles talked about how it was equivalent to Microsoft losing 'the crown jewels'. This was really nothing new, though: the NT source code has been illicitly circulating for years, but no one would admit to owning it. The value of hacked 'secrets' is when they hover between the truly secret and the completely public. Everyone's favourite gossip is the stories they can't tell the world.