No hacking requiredComment on this story
Residents and businesses at the Big Bay Estate in Blaauwberg, Cape Town, have reacted with shock to the news that their personal computer files can be freely accessed through the network they use to connect to the internet.
It remains unclear where the blame for the security oversight lies.
Last week, Big Bay resident Nick Wagenaar inadvertently connected to a Local Area Network (LAN). He says that this network gave him access to three other computers connected to the LAN. Later, with the help of an IT technician, he came across more “batches” of computers on which he could access files and e-mails.
One of the computers which Wagenaar accessed belongs to Diversity Letting, a Blaauwberg-based estate agency.
When he heard this, Andre van Wyk, an agent at Diversity, said: “It is with utter shock that we had to hear that you had free access to our computers. If (Wagenaar) could read the agent’s e-mails, then obviously (he) had access to some information that was only intended for the users of (those) computers.”
Diversity employed their IT technician, Justin Abrahamse, to investigate the network. In his report he noted that many computers were connected to two “purposeless” routers, which still had factory default password settings.
“(On this network), this should not be the case. We were able to access non-password-protected computers via the network. If there was anyone with malicious (intent) connected, the information (on other users’ computers) could be copied or deleted,” said Abrahamse.
Later, Abrahamse found more routers that were interconnecting other users on the network.
Smart Village, Diversity and Wagenaar’s internet service provider (ISP), say that they are not to blame for the shortcomings in the network’s security set-up.
Karen Lambrechts, the ISP’s regional manager, said the estate’s network was owned by the Eden on the Bay’s body corporate and that Smart Village had “inherited” the network. Smart Village had offered to pay for network security infrastructure upgrades, but the body corporate had ignored them, said Lambrechts.
“(Smart Village) do not provide services via ADSL routers. These devices are therefore not (our) responsibility,” Lambrechts added.
Deon de Kock, a trustee of the body, said: “Lambrechts is (being) somewhat disingenuous to blame the body corporate for the problem.”
Neither Lambrechts nor De Kock provided a conclusive answer on whose responsibility it was to rectify the network’s security configuration. - Cape Argus