CNN reports that the Inspector General of the Department of Homeland Security has completed an audit of internal security and found that its own wireless communications systems leave gaping holes into their networks:
Although charged with making the nation more secure, the Department of Homeland Security has not taken the steps needed to secure its own wireless communications, according to a report from the department’s Inspector General. …
In some tests, investigators detected Homeland Security wireless signals broadcasting beyond the perimeters of secure facilities. “We detected wireless signals … in the parking lot, on public roads behind the facility, and in the surrounding residences,” the report says. “These wireless signals create security vulnerabilities such as eavesdropping and denial of service attacks.”
Investigators also detected wireless signals from surrounding residences and businesses within some Homeland Security facilities. “These signals can be used to monitor or gain access to DHS wireless networks and sensitive data,” the report says.
Wireless networks are tricky; their signals do not necessarily respect boundaries such as walls and fences, and unless precisely calibrated and located, will allow access from unusual spots (and disappear in others). In some of my adventures with my laptop and wireless adapter, especially in hospitals and medical facilities, I have been surprised by how easily I have accessed network resources to get out to the Internet. I can’t access the network file servers — I’d have to know quite a bit more about the network, including internal IP addresses and logins — but a more adept user might be more successful at gaining access.
Frankly, I’m a bit disappointed that the IT people at DHS haven’t figured this out before now. I’m sure that their wireless networks are encrypted, or at least I would think CNN would have reported it if they weren’t, but encryption does not ensure impregnability. DHS needs to address this weakness immediately.