Wireless Broadband Hackers

[Gaille]

My sisters just got a new phone, and an iPod Touch (Which is why we need to sort her wireless network for her at home)

Last week she was sat on my sofa playing with her iPod and announced "Ohhhh i'm online on your network" to which I replied she couldnt possibly be because it was password protected & I hadnt given her the access code.

When I checked the network name I recognsed the name.  We named our network after a family member - not living here - as there were alreasy so many sky wireless networks in the area and I could never remember which one was mine, and I knew another freind & neighbour had named hers in a similar way

When I checked I knew right away she had managed to log in on this neighbours network as it was unsecured - but there were also FOUR other unsecured networks in the same area she could have picked from - she only picked this one cos she thought it was ours.

She logged in for an purely innocent reason, but its worring how easy it was for her to use someone elses connection.

We live in on the outskirts of a medium sized town, in a very quiet area that is almost a village.

Gaille

Hey, GrahamH says not to worry, so (unlike most Roots Chatters) you know where to send the solicitors letters when his helpful advice starts costing you money ! 

LOL wont cost me anything - MY networks secured and double firewalled !

Have been round & warned my neighbour how easy it is to get on her network - think she has her computer whizz coming to fix it this week for her - aka her teenage nephew!

Gaille

[GrahamH]

My sisters just got a new phone, and an iPod Touch (Which is why we need to sort her wireless network for her at home)

Last week she was sat on my sofa playing with her iPod and announced "Ohhhh i'm online on your network" to which I replied she couldnt possibly be because it was password protected & I hadnt given her the access code.

When I checked the network name I recognsed the name.  We named our network after a family member - not living here - as there were alreasy so many sky wireless networks in the area and I could never remember which one was mine, and I knew another freind & neighbour had named hers in a similar way

When I checked I knew right away she had managed to log in on this neighbours network as it was unsecured - but there were also FOUR other unsecured networks in the same area she could have picked from - she only picked this one cos she thought it was ours.

She logged in for an purely innocent reason, but its worring how easy it was for her to use someone elses connection.

We live in on the outskirts of a medium sized town, in a very quiet area that is almost a village.

Gaille

Hey, GrahamH says not to worry, so (unlike most Roots Chatters) you know where to send the solicitors letters when his helpful advice starts costing you money ! 

Nick, you really should read posts thoroughly before commenting. Gaille's post talks about unsecured networks. My comments were in response to your comparison between WEP and WPA, both of which show up as secured on a network scan.

Anyone wanting to gain free access (always assuming that they wander/drive the streets with a laptop hoping to chance on a WiFi access point) is going to go for an unsecured network rather than a secured one - so no point in panicking someone who only has a WEP capable hub/router when the risk is low.

Graham

[Nick29]

Oh dear, Graham.  WEP is about as secure as a paper bag !  People don't "roam the streets" looking for wireless networks - the guy stealing your broadband is probably the son of the guy across the road !   I mentioned standing or parking outside only to illustrate that you are not safe, even in rural areas.   And the reason these people often need an access point often isn't because they can't afford their own - it's because they want to use your broadband for their own illegal activities, which can be anything from sending out phishing emails to uploading child pornography.

[GrahamH]

Oh dear, Graham.  WEP is about as secure as a paper bag !  People don't "roam the streets" looking for wireless networks................. I mentioned standing or parking outside only to illustrate that you are not safe, even in rural areas.

Perhaps you should have been clearer in the first place then, rather than making such a statement

- the guy stealing your broadband is probably the son of the guy across the road ! .................    And the reason these people often need an access point often isn't because they can't afford their own - it's because they want to use your broadband for their own illegal activities, which can be anything from sending out phishing emails to uploading child pornography.

Which is exactly why I responded as I did on Saturday evening. If you can be bothered to look back and read my post correctly you will see that I acknowledged the difference between WEP and WPA but also pointed out that one has to be realistic about the risk:

Of course, this is all correct but, for the vast majority of us there is little to be concerned about.

Like everything else it all depends on the risk of somebody trying to break in. If the risk where you live is high then of course you need the highest level of security - but if the risk is low then extra security doesn't have to be number one on the to do list.

I should have thought it pretty obvious that if one has suspicions about ones neighbours' characters - or even if one just doesn't know them - that one would take more precautions than otherwise.

Graham

[GrahamH]

And the reason these people often need an access point often isn't because they can't afford their own - it's because they want to use your broadband for their own illegal activities, which can be anything from sending out phishing emails to uploading child pornography.

Since my previous post I've done a bit of searching on Google etc and find that the amount of spam originating from the UK is minuscule compared to the rest of the world - source Spamhaus. Not all (if any) of that UK originating spam would be posted using stolen WiFi access. I should have thought that this would also be a pretty sound indicator of the amount of phishing and other illegal Internet activities originating in this country.
Perhaps, Nick, you could give us some evidence of the amounts of illegal activity which you warn of which take advantage of stolen WiFi access, so that we might all be able to accurately assess the risk.

Hey, GrahamH says not to worry, so (unlike most Roots Chatters) you know where to send the solicitors letters when his helpful advice starts costing you money ! 

Whilst you're at it, some evidence of the amounts of money you mean and the numbers of people affected would be helpful.

Graham

[Nick29]

One of my friends has recently invested in a pub, and one of the things he wanted to offer customers was free wi-fi access.  Unfortunately when he sought legal advice, he was told that he would be legally responsible for any activities which took place over this wireless connection, and he found that the equipment and expertise that he would need to put in place to prevent illegal use would make it financially not viable.

If you read your newspapers, you will find several reports of people receiving letters from music and film companies alleging that their internet connection has been used to download and upload copyright material, and some people have been taken to court.  In a case like this, the onus would be on you to demonstrate that you did not commit this crime, and this will be very difficult to do if you have little or no security on your wireless connection.

Now, quite frankly, if people choose to ignore it, then it's their lookout, but I don't really think it's very constructive for you to keep playing down quite obvious dangers.

[GrahamH]

One of my friends has recently invested in a pub, and one of the things he wanted to offer customers was free wi-fi access.  Unfortunately when he sought legal advice, he was told that he would be legally responsible for any activities which took place over this wireless connection, and he found that the equipment and expertise that he would need to put in place to prevent illegal use would make it financially not viable.

Of course - because in that case a contract would be entered into between the landlord and customers. A different situation.

If you read your newspapers, you will find several reports of people receiving letters from music and film companies alleging that their internet connection has been used to download and upload copyright material, and some people have been taken to court.  In a case like this, the onus would be on you to demonstrate that you did not commit this crime, and this will be very difficult to do if you have little or no security on your wireless connection.

We all know that one shouldn't believe all one reads in the newspapers  However, I'm not one to dismiss anything out of hand. I'll be happy to acknowledge evidence of specific cases of people being taken to court or receiving letters where there is proof that the activity has been as a result of someone illegally using their wireless connection. Please let us have the evidence.

Now, quite frankly, if people choose to ignore it, then it's their lookout, but I don't really think it's very constructive for you to keep playing down quite obvious dangers.

Again, please read my previous posts properly. I have acknowledged that WPA is superior to WEP but it is also the case that WEP is superior to no security. Perhaps if I spell it out in simple language it will be clearer.

Any risk assessment takes into account the likelihood of an event happening as well as the severity of its effects in order to calculate the risk level. Some wireless hubs/routers are capable of using only WEP rather than WPA. In that case the owner has to look at the likelihood in order decide whether to spend money replacing the hub/router with one capable of using WPA.

In this case the likelihood will depend on several factors, such as:
a) is it likely that somebody will try to use the WiFi point at all?
b) if somebody does try will they even attempt to find out if a network flagged as secure is protected by WEP or WPA?
c) if somebody does try will they have (or be bothered to acquire) the skills to hack a WEP secured network?

That approach, I submit, is much more positive than simply saying WEP is no good in any case at all so the only course is to move to WPA.

Graham

[Nick29]

http://www.theregister.co.uk/2009/05/12/davenport_lyons_acs_law/

http://www.guardian.co.uk/technology/2009/aug/25/file-sharing-internet

People were traced by their IP connection. 

Davenport Lyons, the high profile London media law firm, has dropped its mass letter writing campaign on behalf of copyright holders, which accused internet users of illegal filesharing and threatened court action if they did not quickly pay hundreds of pounds compensation.

However, the campaign has been taken up by a much smaller London firm, ACS Law, whose most notable previous action was the civil defence of Vince Acors, the Briton jailed in Dubai last year for having sex on a beach with a fellow expat.

ACS Law began sending out demands for compensation virtually identical to those sent by Davenport Lyons last week, according to posters on the filesharing forum Slyck.com. ACS Law claims the same clients as Davenport Lyons, including Swiss copyright enforcement firm Logistep and similar German outfit Digiprotect.

No doubt, you'll have some smart reply, but I have more important things do do, like making some money 

[GrahamH]

No doubt, you'll have some smart reply, but I have more important things do do, like making some money 

Not a smart reply, just a logical one. What I said was:

I'll be happy to acknowledge evidence of specific cases of people being taken to court or receiving letters where there is proof that the activity has been as a result of someone illegally using their wireless connection. Please let us have the evidence.

Neither the Register nor the Guardian story makes any mention that the activity described was perpetrated by someone illegally using a wireless connection.

Graham