Growth of Wi-Fi Opens New Path for Thieves

E. Harley writes "Wi-Fi connections are popping up all over the place from retails locations, schools, municipalities, and homes. Unintentionally or not, most of these wi-fi hot spots never change the system's default settings, hide the connection from others, or encrypt the data sent over it. This NY Times article [Free registration required] talks about the size and extent of the problem, and what has happened with law enforcement investigating criminals using these public connections. Also, the article updates us on an earlier Slashdot story about wardriving. That case is still pending."

License to steal?

[bigtallmofo]

When criminals operate online through a Wi-Fi network, law enforcement agents can track their activity to the numeric Internet Protocol address corresponding to that connection. But from there the trail may go cold, in the case of a public network, or lead to an innocent owner of a wireless home network.

After reading the article, it gives me the impression that you have a license to do just about any illegal internet activity so long as your WiFi router uses the default SSID, broadcasts its SSID and keeps the default passwords. If anything is traced back to you, you just blame the WiFi-Boogeyman for any illegal activities originating from your IP address.

Re:License to steal?

[Bootard]

Defenitly the cops will check out your computer to see if there is evidence in the logs; maybe they can check the physical address of the card too. But if you had a laptop out on the table and your illegal laptop hidden under the bed, you could probably get by with the WiFi-Boogeyman defense. ("This is my only computer; I don't know anything; I'm just a simple, simple man")

Re:License to steal?

[DavidTC]

In fact, to be on the safe side, you should actually use the wifi to do illegal things, in case they actually come by while something illegal is going on. (Or if they want to catch someone in the act.)

Get a USB wifi adapter, or something that can easily be unplugged, stick it in your desktop computer, and spoof the MAC address. Have the router laying there, with the cable from your computer not plugged in. If the police come knocking at your door, yank the wifi out, slide it under a pile of junk, plug the network cable back in, and trip the surge protector for a second. (You may be able to set up the routing so you can leave the network plugged in.)

Oh, look, the criminals saw the police, cut off their laptop, and ran. No, officer, this computer is plugged in, it doesn't use wireless. See, let me turn it on. I have a laptop that uses wireless, let me get it out of the bag for you.

This thing laying by my computer? Oh, I have a friend with a laptop that doesn't have wireless, we use that so we don't have to mess with cables.

What do you mean, 'open wifi point'? No, I specifically bought this kind of router because it was secure. WEP? I think I had to turn that off, my friend's laptop couldn't get on the internet. (Make sure you actually have said friend.)

As long as you can stall police for four seconds coming in, and don't do stupid things like saving to disk. (There are tools for encrypted swap, and there are programs that can do two layers of encryption....encrypt some porn on the first layer, and you have plausibibly deniablity that the second layer exists at all.)

Viola, a license to do anything illegal from the safety of your own home.

coffee house voyeur

[spoonyfork]

Schlep your lappy to a Starbucks, tap into the wifi, and fire up Driftnet (linux) or EtherPEG (mac). Watch what flies by... hours of entertainment.

I'm Not a Network Administrator...

[grumling]

But I do play with home networks. Shortly after I set up my access point (with 128bit encryption) I found someone gained access. How? By looking at the darn DHCP client table. I saw a MAC I didn't recognize, and blocked it out. No problem. It would have been just as easy to only allow known MAC addresses, but the cute chick downstairs needed to get online and I didn't know her MAC. I guess I could reconfigure, but why bother? I haven't had any other attachements since then.

Now, I realize that I'm the exception, but how hard can it be to type 192.168.1.1 in a web browser? Of course, people should check the air pressure in their tires once a week, and clean the air filter on the furnace once in a while...

Re:I'm Not a Network Administrator...

[Vlad_the_Inhaler]

I helped a friend of mine set up his WiFi network a month ago. The setup was to allow a Windows network for his family, and route all external traffic via one point where he could block certain IP Addresses (his daughters are 11 and 8 and he does not want to give them unlimited access).

So far so good.

His elder daughter was surfing away happily, but could not access the other PCs. It turned out that the strongest signal she was receiving was from an unencrypted network in a neighbouring house/flat.

That explained the different subnet she was on as well, we thought one of the boxes was acting as a second DHCP server + router to the main network. A ping disabused us of that, no way was it possible for her PC to be online but not be able to ping the rest of the network.

The most likely culprit was apparently a neighbour who teaches a computer course at a local school. Nuff said.

Re:I'm Not a Network Administrator...

[Ledora]

You should ue the security I use on my AP to prevent people from getting on it. I changed the broadcast power to 2mw... just barely enough to get a good signal where I need it. also 128bit WEP and mac filtering AND I disabled the web admit page (must telnet to run it.) This is all on a WRT54G (linksys) if anyone cares to have a setup like it

We should have gotten this out by now

[Deliveranc3]

This is the same RIAA arguement from before in a diffrent context.

Some people like to share we should encorage that... The best possible solution is for the router to limit bandwidth to outside connections (length of use = more bandwidth? First 2 users connected get most bandwidth?)

Even windows doesn't have sharing on by default... Allowing users to sit behind your firewall isn't a huge deal, there are tonnes of users sharing their windows dir on Kazaa or whatever if someone wanted to be malicious they should.

There is some importance in making life better for other people, if you don't when you go on a camping trip people around you will be weighing how hungry bears are against the $ in your wallet.

The defaults are the problem

[chrisgeleven]

Part of the problem is that the manufacturers don't disable anything by default...instead, you can literally plug a wireless router in and it'll instantly work assuming your internet connection uses DHCP to get its IP address.

Perhaps the easiest way to solve this problem is to disable the wireless part of the router until you run the setup program (or even better, make it launch the browser so it will work on any OS) and make you go through the steps of enabling encryption and everything.

I have WPA enabled on my wireless router (a Linksys WRT54G with the latest firmware) and MAC filtering. I broadcast my SSID ("Break this"), but that is more for ease of use then anything.

I then enabled SSL for the admin pages, so I must type https://192.168.1.1/ (the actual IP is different) to reach the router's admin page. I figure between SSL and WPA, it will be pretty hard for someone to break into my router's admin page.

The key is, with WPA and MAC filtering that will keep out all but the most determined out. If they ever got past that and onto my wireless network, I have logs so I could manually block them.

happened to me

[mslinux]

We have a Python script on our laptops that send netstat, ipconfig, route info via email when they boot. When a laptop is stolen and the thief is dumb enough to use it online, we can subponea the ISP and walk to their door. But the last one that was stolen was in an apartment building that had 5 or 6 open WAPS. We knew that the laptop was in one of the apartments, but the cops could not get a search warrant for all the apartments within 150' radius of the open WAP that the stolen laptop was on... long story short, they got away with it.

Re:Fair Use?

[the+grace+of+R'hllor]

In some nations, owning the original is not necessary to being allowed a backup. Destruction of said original being a reason to MAKE backups.

Re:this article NEVER questions their motives

[Cryofan]

OK, Anonymous Coward, let's get it on! (BTW, are you are a lobbyist for the telco/cable industry? Is that why you post anonymously?)

you wrote:

Prove it. You always make these unfounded claims with nothing to back it up.


I cannot PROVE it. I do not have a complete audio-video record of every waking moment of everyone who is in control of the NY Times. But I don't HAVE to prove it. All I have to do is show that there is a LIKELIHOOD that the this article and others are biased in favor of established industry players. Really, it should be obvious to anyone who is unbiased.


You can't even show that there is a pattern of industry favortism in the NY Times' articles, but even if I showed you numerous articles that praised wireless access, you'd try to claim (again, with no proof) its just another conspiracy to make people think that they aren't in cahoots.


Oh, so, in order to point out that this article unquestioningly cites opinions that demonize wifi, I have to FIRST be able to go back through the archives and show a pattern? Look, the evidence is right in front of us. We ALL know that established corporate lobbies want to shut competition. We ALL know that they manipulate the media to do so. With that in mind, why, oh, WHY does this article NOT take that into account? Why doesn't the reporter acknowledge the huge industtry that stands to profit from demonizing wifi as this article does? Isn't that what fair journalism is all about?


In short, there is nothing NY Times can do to be good in your eyes unless they say exactly what fits your own socialist agenda.


I am not a socialist. Period. I am a Leftist. But Rush Limbaugh and the Wall St Journal did not provide you with the information to make that distinction, did they? How unfortunate for you...


Anything that deviates from this must be some sort of Republican conspiracy to consolidate corporations and oppress the people.


The Democrats are only marginally better then the Republicans.

WiFi == Identity-Theft/Child Porn/Terrorism

[Cryofan]

Notice how this NY Times articles is careful to associate each of this poisonous trio of ID Theft-ChildPorn-Terrorism with...WiFi.

And what a coincidence that just as this article is being published, that all over America, state governments are trying to decide whether to outlaw municipal wifi. Of course, this drive to outlaw municipal wifi is in NO WAY connected to this article that tends to associate wifi with THEFT, CHILD PORN, and TERRORISM. And in no way would the telco and cable TV lobbies that stand to lose BILLIONS (if municipal wifi takes off) try to get the NY Times to help make wifi look bad.

No way the media would do that! They have integrity. They would never sell out to the telco-cableTV lobby like that.
Would they?

FUD alert! can the author even spell "Free WiFi"?

It is disgusting to see someone writing FUD and bullshit like this while others are volunteering their time, efforts, and money to help build free community WiFi networks.

Instead of cultivating even more paranoia in our country what we really need is more trust, pioneers, and heroes who help build free WiFi networks.

I am running an open access point for everyone to use and I am happy to find the same whenever I am on the road.

Lets all be reasonable and not spread FUD but support the urgently needed free WiFi access.