Skip to comments.Wi-Fi cloaks a new breed of intruder (Turn on your router's encryption, people!)
Posted on 07/05/2005 11:21:25 PM PDT by Dont Mention the War
By ALEX LEARY, Times Staff Writer
Though wireless mooching is preventable, it often goes undetected.
ST. PETERSBURG - Richard Dinon saw the laptop's muted glow through the rear window of the SUV parked outside his home. He walked closer and noticed a man inside.
Then the man noticed Dinon and snapped his computer shut.
Maybe it's census work, the 28-year-old veterinarian told his girlfriend. An hour later, Dinon left to drive her home. The Chevy Blazer was still there, the man furtively hunched over his computer.
Dinon returned at 11 p.m. and the men repeated their strange dance.
Fifteen minutes later, Dinon called police.
Police say Benjamin Smith III, 41, used his Acer brand laptop to hack into Dinon's wireless Internet network. The April 20 arrest is considered the first of its kind in Tampa Bay and among only a few so far nationwide.
"It's so new statistics are not kept," said Special Agent Bob Breeden, head of the Florida Department of Law Enforcement's computer crime division.
But experts believe there are scores of incidents occurring undetected, sometimes to frightening effect. People have used the cloak of wireless to traffic in child pornography, steal credit card information and send death threats, according to authorities.
For as worrisome as it seems, wireless mooching is easily preventable by turning on encryption or requiring passwords. The problem, security experts say, is many people do not take the time or are unsure how to secure their wireless access from intruders. Dinon knew what to do. "But I never did it because my neighbors are older."
A drive through downtown St. Petersburg shows how porous networks can be. In less than five minutes, a Times reporter with a laptop found 14 wireless access points, six of which were wide open. "I'll guarantee there are tons of people out there who have their wireless network being exploited but have no idea," Breeden said. "And as we see more people utilizing wireless, we'll see more people being victimized."
Prolific Wi-Fi growth
Wireless fidelity, or "Wi-Fi," has enjoyed prolific growth since catching on in 2000. More than 10-million U.S. homes are equipped with routers that transmit high-speed Internet to computers using radio signals. The signals can extend 200 feet or more, giving people like Dinon the ability to use the Web in the back yard of his Crescent Heights home but also reaching the house next door, or the street.
Today someone with a laptop and inexpensive wireless card can surf the Web via Wi-Fi at Starbucks or eat a bagel and send instant messages at Panera Bread. Libraries, hotels, airports and colleges campuses are dotted with Wi-Fi "hotspots." Even entire cities are unplugging.
"The information age is over. The information is out there," said Jim Guerin, technology director for the city of Dunedin, which will soon be the first city in Florida to go completely Wi-Fi. "Now it's the connectivity age. It opens up a whole new area for ethics, legal boundaries and responsibilities. It's a whole new frontier."
There's a dark side to the convenience, though.
The technology has made life easier for high-tech criminals because it provides near anonymity. Each online connection generates an Internet Protocol Address, a unique set of numbers that can be traced back to a house or business.
That's still the case with Wi-Fi but if a criminal taps into a network, his actions would lead to the owner of that network. By the time authorities show up to investigate, the hacker would be gone.
"Anything they do traces back to your house and chances are we're going to knock on your door," Breeden said.
Breeden recalled a case a few years ago in which e-mail containing death threats was sent to a school principal in Tallahassee. The e-mail was traced back to a home, and when investigators arrived, they found a dumbfounded family. The culprit: a neighborhood boy who had set up the family's Wi-Fi network and then tapped into it.
In another Florida case, a man in an apartment complex used a neighbor's Wi-Fi to access bank information and pay for pornography sites.
But he slipped up. The man had sex products sent to his address. "The morning we did a search warrant, we found an antenna hanging out his window so he could get a better signal from his neighbor's network," Breeden said.
Last year, a Michigan man was convicted of using an unsecured Wi-Fi network at a Lowe's home improvement store to steal credit card numbers. The 20-year-old and a friend stumbled across the network while cruising around in a car in search of wireless Internet connections - a practice known as "Wardriving."
(The name has roots in the movie WarGames, in which Matthew Broderick's character uses a computer to call hundreds of phone numbers in search of computer dialups, hence "war dialing.")
A more recent threat to emerge is the "evil twin" attack. A person with a wireless-equipped laptop can show up at, say, a coffee shop or airport and overpower the local Wi-Fi hotspot. The person then eavesdrops on unsuspecting computer users who connect to the bogus network.
At a technology conference in London this spring, hackers set up evil twins that infected other computers with viruses, some that gather information on the user, the Wall Street Journal reported.
Not all encryption is rock solid, either. One of the most common methods called WEP, or Wired Equivalent Privacy, is better than nothing but still can be cracked using a program available on the Web.
"Anybody with an Internet connection and an hour online can learn how to break that," said Guerin, the Dunedin network administrator. Two years ago when the city of Dunedin first considered Wi-Fi, Guerin squashed the idea because of WEP's inadequacy.
Dunedin's network, however, will be protected by the AES encryption standard, used by the Department of Defense. Passwords will be required, and each computer will have to be authenticated by the network. There also will be firewalls. "I'm confident to say our subscribers are at zero risk for that kind of fraud," Guerin said.
Leaving the door open
Not everyone has sinister intentions. Many Wardrivers do it for sport, simply mapping the connections out there. Others see it as part public service, part business opportunity. When they find an unsecured network, they approach a homeowner and for a fee, offer to close the virtual door.
Some Wi-Fi users intentionally leave their networks open or give neighbors passwords to share an Internet connection. There is a line of thought that tapping into the network of a unsuspecting host is harmless provided the use is brief and does not sap the connection, such as downloading large music files. "There is probably some minority of people who hop on and are up to no good. But I don't know there is any sign it's significant," said Mike Godwin of Public Knowledge, a public interest group in Washington, D.C., focused on technology.
"We have to be careful," Godwin said. "There's a lot of stuff that just because it's new triggers social panic. Normally the best thing to do is sit back and relax and let things take their course ... before acting on regulation."
Randy Cohen, who writes "The Ethicist" column in the New York Times Magazine , was swayed by Godwin's thinking. When asked by a Berkeley, Calif., reader if it was okay to hop on a neighbor's Wi-Fi connection, Cohen wrote:
"The person who opened up access to you is unlikely even to know, let alone mind, that you've used it. If he does object, there's easy recourse: nearly all wireless setups offer password protection."
But, Cohen went on to ask, "Do you cheat the service provider?" Internet companies say yes.
"It's no different if I went out and bought a Microsoft program and started sharing it with everyone in my apartment. It's theft," said Kena Lewis, spokeswoman for Bright House Networks in Orlando. "Just because a crime may be undetectable doesn't make it right."
"I'll probably never know'
In a way Dinon was fortunate the man outside his home stuck around since it remains a challenge to catch people in the act. Smith, who police said admitted to using Dinon's Wi-Fi, has been charged with unauthorized access to a computer network, a third-degree felony. A pretrial hearing is set for July 11.
It remains unclear what Smith was using the Wi-Fi for, to surf, play online video games, send e-mail to his grandmother, or something more nefarious. Prosecutors declined to comment, and Smith could not be reached.
"I'm mainly worried about what the guy may have uploaded or downloaded, like kiddie porn," Dinon said. "But I'll probably never know."
--Times staff writer Matthew Waite contributed to this report. Alex Leary can be reached at 727 893-8472 or email@example.com
It sounds like this guy was stealing bandwidth. The setting that would have prevented that is access control, not encryption.
Use WPA, MAC address authentication access, and don't broadcast your SSID.
Could be a way terrorist might use to access the Internet. Can you imagine what would happen if Eschalon caught him using such terms as "nuke attack" on your wireless connection? Within 30 minutes you would be hearing loud knocking sounds on your front door.
As I sit here now I see three other wireless networks. Of the three only one has security enabled.
I secured my wireless router with a password about a month ago. However, how do you do the WPA, and the SSID?
It is the same in my area.
What type (brand) of router do you have?
Sigh. Wonder if these people leave the keys in their unattended car with the engine running while performing an errand?
Airwaves are free game!!
Probably. And when someone steals that car and uses it in the commission of a crime the police will come knocking on the car owner's door.
"A more recent threat to emerge is the "evil twin" attack. A person with a wireless-equipped laptop can show up at, say, a coffee shop or airport and overpower the local Wi-Fi hotspot. The person then eavesdrops on unsuspecting computer users who connect to the bogus network."
Actually it's a "man in the middle" attack.
Is echelon a real thing? or is that something they made up for Alias?
Especially if you're running Windows.
I'm in a rural area on an 2.5 mile unencrypted WISP, so WAP, WEP, etc. are essentially useless for my type of connection. But I do use an encrypted VPNs and SSL tunnelling for some connections - and I'm on a Mac, so I'm not too worried about getting hacked.
The reality is that the traffic coming over the wire is more dangerous than the war drivers.
and then he steals all the porn from your shared folder!!!
And no, I'm not talking about the Gov.
Bump for more info - I've got a DLINK DI-624 - Ideally I'd like it to ONLY respond to two IP addresses - with no encryption (slower) - Is this possible? Help!
Now there are perhaps three major sub rosa operations. If you know somebody who mentions certain types of words too often, I guarantee they are on a watch list.
Put three geeks together...get three hundred people who can't quite understand them.
Guys, help me out: How can I protect myself? Are there simple instructions, sites I can visit for directions, etc.? Appreciate it, thanks.
It would amaze a lot of folks if they knew how careless some companies are with their wireless networks. There's a lot of them out there setup by non security folks.
Wardriving in business areas is what I would worry about. In addition to personal ID theft.
You can turn off WEP, turn off SSID but get a WAP that supports PPTP.
WiFi security ping.
check this out
It is irrelevant what operating systems you are using. It is the WiFi access point that is the source of this vulnerability. You don't even have to have a computer on for this. Whether your ISP is Wireless, DSL, Cable, WiMax or whatever is also irrelevant. This is about your LAN, not your Internet connection. Living in a rural area is relevant, though. :-) However, WiFi range can be up to a couple of miles, depending on the antennas and terrain.
If you have a wireless home network, read the user's manual for your wireless router and secure it.
Open your Web browser and type http://192.168.0.1 into the URL address box. Then press the Enter or Return key.
Type admin for the username and leave the password field blank (unless you've already set a password).
Once you have logged in, the Home screen will appear.
Click Run Wizard
Do enable encryption. Your DI-624 is capable of much faster speeds than your internet connection, so the slow down due to encryption won't make a difference.
Alternatively, Start/Help and search for "manually add wireless".
I use a Dell router. How do I do this (not transmit my SSID)?
It is highly relevant to overall network security. After 15 years as a heavy Internet user with zero virus, worm or spyware infections, I credit the Mac.
It is the WiFi access point that is the source of this vulnerability. You don't even have to have a computer on for this. Whether your ISP is Wireless, DSL, Cable, WiMax or whatever is also irrelevant. This is about your LAN, not your Internet connection.
Merely encrypting the wireless LAN will not prevent interception when the tower on the roof is blasting an unencrypted signal to the WISP. I use VPN and SSL tunneling past the WISP for stong encryption instead. Access control - not encryption - is useful for preventing unauthorized use of bandwidth.
Living in a rural area is relevant, though. :-)
Heh, network city-boys couldn't survive out here in the wilderness.
This depends on how you can access your router's configuration. If you still have the manual, it should tell you how.
If you don't, generally what you do to access a router is to open your web browser, type http://192.168.0.1 in the address bar, and hit enter. If it prompts for a user/password, it's usually admin/blank password. From there, you can get into the nuts and bolts of configuration.
You generally want to use at least WPA-level encryption with a complex password (WPA2 is out, along with a Windows XP patch to enable it, though it's not downloadable from Windows Update), MAC address filtering (basically, only allowing certain computers on your network), and of course SSID hiding. You also want to change your SSID to something that isn't completely obvious. For example, most routers use an SSID of "default," and Linksys-brand routers have an SSID of "Linksys."
You can load up Dell's online support and try to find step-by-step instructions for doing this, if you're so inclined.
Yeah, let's keep the world safe for the people snooping on us AND the people selling $50/mo. broadband access. WOuldn't want to give any bits away for free, would we?
This article is a disgusting propaganda piece. Just make sure your wifi access is on the far side of your firewall and leave it open. Many businesses do this for business visitors.
So what's the deal with this? In the future I'll be purchasing a reasonably priced laptop with wireless capability. We will be living in a semi-rural area. My biggest problem is trying to remember how to network the printer between a laptop and the desktop pc.
Now I have to worry about someone hacking into my wireless?
His recommendations were good for most wireless LAN users - but I explained why his recommendations would not provide adequate protection for my network.
Netstumbler will pick up on a wireless network without you broadcasting SSID, this is the program of choice for wardrivers, I only know because I have done it before. With Netstumber, Map Point and a simple script, you can not only find networks....but you can create a pin point on map using GPS. Green for open, Red for secure. MAC filtering is simple way to keep people out, not bullet proof.......nothing is, but its better than nothing and keeps the casual wardriver out. With MAC filtering the user will go to other unsecure networks.
Dlink has emulator for your router on their site, I just pulled this up. Navigate to the filters page of your router, add your two computers MAC. Open windows command prompt, type "ipconfig /all" and it will list all MAC address's of adapters. Add these to filters in Dlink.
Had second thoughts...huh?
Oh and as far as admin for password, if that be the case......change that too, I have found networks that were unsecure and had the default password as admin!! This allows me to get you main ISP email address and account password, using a simple program.
Encryption of communications between the devices doesn't prevent the communication.
To limit the devices that can access your wireless network, ID each permitted device by its MAC.
A point obfuscated by the thrust of the article, and most of the comments on this thread.
Using the proper settings for encryption also prevents access to the WAP. Using WPA-PSK/AES with MAC filtering is a "belt and suspenders" way of securing your network.
Of course, the best way would be to use RADIUS and a password token (i.e SecureID). But that's way beyond what's needed for the average Joe's home WLAN.
Also: change your password regularly. One good strategy for creating passwords is to take a poem or a limerick you know, and use the first initials of every word to form the password.
There is more than one way to obtain unauthorized access. For most home networks, it is sufficient to limit the machines that are authorized (e.g., via MAC limiting), without getting to the "user" level.
Encryption is necessary to make it more difficult for strangers to snoop on your broadcast keystrokes.
The problem with this article is that it plants the idea that data encryption instigated/required by the WAP will prevent unauthorized access.
I can't tell you how many commercial systems I've worked on where they had the password set to 'password'! >:-0 Blows my mind...