Wireless Pirates

Wireless networks have potential for unsupervised hostile infiltration into laptop computers.

wi fi 88 (photo credit: )
wi fi 88
(photo credit: )
Usually I drive to work, but recently I had the pleasure of being a passenger in a friend’s car. Although I enjoy driving, I try to cadge rides whenever I can -- the gas is a lot cheaper that way, and I get to do some of my endless computer chores while on the road. Cadging is definitely the way to go when traveling! Trying to think of something witty to write my mind drifted a bit, as minds tend to do, so I started playin. g with my laptop’s built in wireless network detector. This nifty little feature, as users of wireless networks know, scans the area for networks you can connect to, and lets you connect to the network, if possible. While setting up a wireless network is easier today than ever, it’s not the type of thing a computer novice is likely to try on his or her own as it requires at least some degree of technical sophistication, or at least awareness. One could assume that people who have set up their own wireless networks would be among the users of anti-virus and other security programs. They are almost certainly among those who avoid opening e-mail attachments, check downloads for viruses, and set up firewalls to keep out unwanted intruders. But these people’s concerns over security stops at the entrance to their hard drive, it seems. Wherever we were driving, whether in the middle of a city or through small villages, wireless network after wireless network appeared in my available network list and nearly all of them were unprotected -- meaning that anyone who wanted could access the Internet from that network -- not to mention hack their way into other computers on the network if they knew what they were doing! I wanted to stop the car and shout, “Hey, Starman, Bakeshet, CentralOffice, Magav 16” just a few of the network names that appeared on my list “You’re sitting ducks! Turn on your security system!” But shout as I might, all I could find were stares from passersby, with a couple keying in numbers on their cell phones. Not wanting to find out who they called, we hit the road again only to come to another neighborhood or town where exactly the same phenomenon was taking place. And although I don’t want to alert any crooks to the free wireless they can get just for the searching, I know I can trust my high class honest readership with this little statistic -- would you believe that more than four out of five networks I found on my journey were unprotected, allowing anyone with the ethical temerity to wire themselves up? Driving around town and searching for network bandwidth to steal has become a popular pastime among some who have dubbed it “wardriving” (http://www.wardriving.com http://www.wardriving.com/>) with some wardrivers even “warchalking” (http://www.blackbeltjones.com/warchalking/index2.html) to indicate where they have found free access. Finding these networks is simply a matter of doing a manual search with the software that came with your wireless connection, or you can download NetStumbler (http://www.netstumbler.com http://www.netstumbler.com/>), a free tool that will beep and blink whenever a wireless network is in range, and let you know which ones are unprotected to boot. There are also “freestanding” devices, such as Smart ID Technology’s WiFi Trekker, which will light up when it gets in range of a network. Now, I am not talking about truly free wireless access points, such as the one in downtown Jerusalem or the one at Ben Gurion Airport, among the many new ones being added on a regular basis. There’s nothing wrong with those, or with wardriving to discover those kinds of networks. But connecting to a wireless network obviously not meant for public access has become a major problem and it’s not just a matter of “being cheap” or wanting to keep the hoi polloi off your network just because you’re a snob. In the worst case, unauthorized users sneaking onto your network might be hackers who steal data or spread viruses. At the very least, extra unwanted users on your network can slow you down, spreading your network resources thinner than you can afford. You don’t want that, and you don’t have to put up with it. Your most basic defense is built right into your wireless router. WEP, Wired Equivalent Privacy, will help you at least partially encrypt your data as it is sent to and from your computer to your router. You can only hook into a network by providing a password. WEP is good enough to stop average users, so the neighbor down the hall who is looking for freebies will probably back off trying. However, there are tools to break encryption codes that hackers can use, similar to password hacking programs for regular LAN systems and wireless users are at a distinct disadvantage, because while hackers need physical access to a wired network to search for passwords and codes, all they need is patience to get your encrypted access codes. One way to improve the effectiveness of WEP, experts say, is to change your password/encryption key frequently. Setting up a new key once a week will discourage hackers who do manage to break through your WEP. If the key they discovered works just once, they may just give up and move on to easier targets. Another useful tool I came across is MyWiFiZone (http://www.mywifizone.com http://www.mywifizone.com/>), a free download that will throw up another layer of defense to keep nudniks out. MyWiFiZone only allows selected users to get onto your network, requiring authentication of users by IP address and/or MAC (hardware) address for authentication. Without that, users get a redirect page telling them they’ve been banned (install it on a wired computer and follow the configuration information carefully in order to get it to work properly). The program puts approved PCs on a “white list,” members of which are allowed exclusively onto the network so if bad guys aren’t on the list, having the WEP code won’t help them. Even though you can’t see them or feel them, the networking “freeloaders” will stop at nothing to get at your network resources. Don’t make it easy for them! ds@newzgeek.com