Several months ago I was setting up my wireless network at home and found that I had a problem. Another signal was more powerful than mine from the other room. But what was scary was that, unlike my connection, theirs was completely UNSECURE.

My laptop has wireless built in so when I turn it on it immediately starts detecting to see if there is a Wireless Access Point, WAP, to connect. I find it amazing that wherever I go, friend’s apartment, mall, airport, etc., someone is nice enough to give me unfettered access through their high speed connection.

Stealing connections
Naturally, I don’t condone stealing in any way but my laptop can’t help itself. It is designed to connect to wireless networks. To be honest with you I turn off the wireless when I am not home, but I always test when I am out.

Unlike myself, I am sure there are plenty of people out there who have canceled their high speed connections, $40+, and are happily browsing the internet and sending email through their neighbor’s wireless network. While most of these people may not have any ill intentions there are some things to consider.

Why should I care
Besides the uneasy feeling of someone stealing from you, you may get into trouble. Everything they do on the internet will look like it came from YOU. Let me repeat myself because this needs to be clear. When someone is using your internet connection EVERYTHING they do will be traced back to YOU.

They can spam, send porno, hack into other networks, send viruses, hack your computer, steal all your information, steal money from your bank account, send nasty messages in your name, make plans for terrorist attack, I won’t go on but I can fill a book with the possible ways a malicious person can harm you. Let’s go into detail on one.

Warspamming
Once upon a time, the internet spammer had to use his own computer and his own internet connection to send millions of emails to unsuspecting potential customers. Then the spammers learned how to break into company computers to conceal their identities and again spam the world.

A few years later these spammers would sit outside of businesses that implemented wireless technology, and simply steal the connection out of thin air. Most of the bigger companies have become wise and implemented enough security to thwart most interlopers. But the spammers didn’t care they just found an easier target. Here is an interesting article, http://www.crime-research.org/eng/news/2002/09/Mess0801.htm.

Today, almost everyone has broadband and more and more people are getting wireless access points. And as I said in the beginning, not only is it easy to steal people’s connections, they literally broadcast their availability. Remember even when you turn off your computer, the high speed connection and WAP are still available.

Everyone’s problem
I recently attended a security event for computer consultants, http://www.winnetmag.com/roadshows/security2003/index.cfm#register, featuring the Microsoft expert Mark Minasi. He told us a story of how the world has changed. He has many servers that people access from the internet. They have his books and information but nothing that he would have lost any sleep over if it was stolen. He even said he would not have cared much if they were damaged or taken off line.

So, like many millions of people I’m sure, he thought I don’t NEED security. Then his server was infected with, I think, the ‘I love you’ virus and he realized that not only he had a problem but his server was helping to spread that problem to thousands of other people. This is a bit off the wireless topic, but his point and mine are that EVERYONE is responsible for security.

What can I do
Most WAPs on the market include SSID and WEP. SSID stands for subscriber service ID and it is a password that the WAP tries to detect on your computer before giving you access. This is easily hacked using simple tools.

Wired Equivalent Privacy protocol is used in 802.11 networks to protect data during wireless transmission. While these technologies are not perfect, especially the lower 40-bit key, they should be enough for the home user to protect themselves…for now.

Also some WAPs have MAC filtering and at a minimum you should turn the WAP off when you are not using it. Here is a decent site if you want to read the technical mumbo jumbo, http://www.drizzle.com/~aboba/IEEE/.

Nothing can replace due diligence in these matters. Home offices, like Mark Minasi’s, that have servers on all the time should definitely look into technologies like RADIUS to authenticate and provide logging. Even if you do all your homework and are fairly computer savvy, it would be advisable to contact an expert computer consultant.

Conclusion
Why did I call this ‘wireless terrorism’? As Rumsfeld would say, ‘there is no doubt BUT THAT’ as I write this terrorist(s) are using someone’s internet connection to plan the next attack. I am not a politician and I don’t want to scare anybody but the problem is REAL, it is HERE, and the government is absolutely HELPLESS to stop it. The only one that can make a difference is YOU.

Dr. Stephen Madaras smadaras@an-solutions.com is the president of Absolute Networking Solutions, www.an-solutions.com, a San Diego based IT consulting firm specializing in Small Business and Security.