Whiz-kids on attack
Source: The Advertiser
Date: November 10, 2003
COMPUTER whiz-kids have attacked 45 South Australian companies in a dramatic demonstration of cyber-terrorism.
The university students exposed the firms as "highly vulnerable to attack" after probing their computer defences in a secret operation in Adelaide.
Computer science student Ben Turnbull, 22, said he could have created havoc as a cyber-terrorist – and no-one would have known.
"We could have stolen sensitive information, disabled their systems or used their computers to attack other companies and no-one could have traced us," the University of SA student said.
He stopped short of accessing the files of the companies and has refused to reveal their identities or their locations to protect them against further attacks.
His electronic raids have been revealed in a paper he will present to the Australian Information Warfare and Security Conference in Adelaide later this month. The two-day conference has attracted about 100 computer warfare experts from the US, Europe, South America and Asia.
Mr Turnbull and fellow student Daniel Nicholson drove around Adelaide hunting for unsecured networks using a laptop computer linked to an antenna in a technique known as "warchalking".
New-age hacking is made possible by wireless network systems in offices, which allow employees to access the internet from anywhere in the building without connecting to a phone line.
The radio waves leak out of buildings, meaning hackers break into a company's network using sophisticated software to access the internet or tap into company files.
Mr Turnbull said, of the 45 firms and eight homes targeted, only 17 per cent had a basic level of anti-hacking software.
"It is highly likely that there are a large number of wireless networks that are extremely vulnerable to attack in the city of Adelaide," the conference paper says.
In a twist, the students also set up a "honeypot" computer in the city to lure would-be hackers and gauge the depth of the problem.
The computer was attacked twice in two weeks with the most intrusive being a hacker who scanned 800 access points before trying to use the "honeypot" to log on to the internet without success.
Mr Turnbull said the attack confirmed there were expert hackers trying to exploit vulnerable networks in Adelaide.
"This wasn't a university exercise. This was for real and by someone who had hostile intentions," Mr Turnbull said.
He has warned South Australian companies they must upgrade their computer security or risk a wave of hacking by industrial spies or cyber-terrorists.
"It's no good having a basic level of security, as hackers can get it," he said.
Conference chairwoman, senior University of SA lecturer Dr Jill Slay, said the information and security conference aimed to bring together experts in the field.
^macro[showdigestcomments;^uri;Whiz-kids on attack]