Local Reporters Just Can't Get Enough Of The WiFi Fear Mongering
from the again? dept
Over the last few years, we’ve seen time after time after time when local news reporters would put up an article about this big scary fear called “war driving.” Of course, in almost every one of those cases, the reports are overblown or get the facts wrong. You would think, after so many of those over the years that enough people would be clued in not to write another one. No such luck. Broadband Reports points us to an article a local news report in Utah, whipping up fear about the evils of those crazy war drivers. Unfortunately, this article is again a bit short on the facts. While it’s true that people can get on your network, the amount of damage they can do really depends on how you have your system set up and what you do online. The article, of course, claims that anyone who gets on your network can see everything you do, including getting access to account numbers and passwords. That would be true if you used sites that didn’t encrypt that information — but those are pretty difficult to find these days (and sites that don’t encrypt, probably aren’t very important). The article then pulls out the favorite line about how those war drivers might be surfing child porn on your network and “there’s no way to prove it wasn’t you.” While there is some debate over liability if someone else does something illegal on your network, it would seem that there’s a pretty damn good way to prove it wasn’t you: you won’t have any child porn on your computers. Considering it’s a criminal charge, it would be up to the FBI to prove that you did it — and without any additional evidence, combined with an open WiFi network, it’s hard to see how they would have the evidence to support such an accusation, because it wouldn’t be true. That doesn’t mean you shouldn’t understand the security implications of using WiFi. Securing your network usually does make sense. However, fear mongering reports that get the facts wrong don’t do anyone any good.
Comments on “Local Reporters Just Can't Get Enough Of The WiFi Fear Mongering”
If the fear mongers get the average Joe off his computer and in front of the TV watching riveting entertainment like “Deal or no Deal” their ratings go up.
What Good Is It?
Say someone had left their computer running a brute force (Better pack a lunch), dictionary, or some other more precise attack against a wireless network. Home based wireless routers have 40+ bit encryption, sometimes multiple keys, and most routers are password protected nowadays. It is rare to find an unprotected wireless network that the granny next door set up although it does happen on occasion. Corporate networks are often much better protected and they also add the need to detect the protocol they are operating on in the first place. Getting passed all that… routers typically require passwords or at least handshakes, file shares typically time out even if prompted for the password to open a session, ssh, and remote desktop require passwords, not to mention most computer are running some sort of firewall… and will forcefully denies the request. Email is often outlook or groupwise, etc. (Requiring yet another hack). If you manage to get passed this layer of security. Just realize that packet sniffing and pings against the router reveal heavy packet loss after maybe 150 feet or so…(A typical distance from the target router although many routers advertise a clear connection at this distance.) That leaves the ability to access the internet if they don’t require a proxy connection password…LOL just to access their wireless network in a very slow, lossy way. Wow? You just went through all that trouble in order to access the internet as them at the speed of a dialup connection (Due to packet loss). Boy I hope you’re getting paid for all this because to go through this much work for so little pay off… Let me guess you think you’re going to try to access a site masked by the IP of the router? Well when you think about it most of the sites that you are going to try and do your illegal activities on are secured sites am I right? The page very, very frequently will time out!!! In fact that is only the beginning of the troubles in hacking a WiFi network. What good is it? Although I maybe missing something I have a feeling alot of people writting these articles have been misinformed about the easy at which this is done. So what are they really reporting? I agree with “you overlook the obvious”.
Re: What Good Is It?
You really need to go for a wardrive yourself.
On my last run from Boston to Providence (via back roads and state highways) I picked up over 200 access points on a low powered rig (iPaq on dashboard, no external antenna), less than a third with any encryption. Since there are many businesses in the area that percentage skews higher than most residential areas.
Of the ten wireless networks on my street, only one (besides mine) has encryption- and only WEP at that. WEP is so broken it is pathetic, WPA-PSK is subject to offline attack and can be beaten, and now there is work being done to port the WPA-PSK attacks to WPA2.
As far as available bandwidth, even a low powered card hitting a Linksys WTR54G will give decent performance in residential settings. For better performance, there are planty of 200mw cards available, hook one of those up with an external antenna and the performance rivals sitting in the living room.
Re: What Good Is It?
Do you even have a clue what you are talking about?
Re: What Good Is It?
Seems to me you’re a little misinformed or live somewhere that the houses are not on top of each other. Where I live alone I can see 3 out of 10 wireless networks completely open. Nearly every neighborhood I’ve worked in has an open network. It’s also common that I find my new clients network unprotected as well. BestBuy Geeks-on-Call and others like them with no talent set the networks up the easiest and maybe the only way they know how. No Security. Many of these people don’t use passwords on their PC, and even if they did the administrator account has no password. So what I’m saying is someone gets on the router, attaches to the PC, installs a key logger, and all on-line accounts whether encrypted or not are accessed easy enough. And guess what? you access them from their own network even. It’s easy enough if you wanted to do this without even hacking anything. Oh an by the way if you want someone’s e-mail (Outlook) all you would have to do is copy the .pst and open it locally. Some people should be scared as they store their lives in there.
To put it a better way...
Fear equals ratings. there are only two things that sell to a certain class of people. As internet users we all know the first very well. The bottom line to most news networks is ratings and “war driving” has the perfect angle to hook the uneducated masses.
But why not, the less ignorant know the truth, and a techie who lost his job to outsourcing can always make a lucrative living off of the purchasing recourse of such news reports. The masses would rather pay to feel protected than learn whether they should fear in the first place. That’s Awesome… if you’re a capitalist.
Wardriving is not a crime!
This is just aother example of some reporter not fully understanding what it is they are talking about.
Wardrivers are people who drive around with laptops and GPS devices for the sole purpose of logging the location of any wifi networks they identify.
I bet the reporter would be shocked to hear what
what Tom Grasso of the FBI had to say about wardriving : http://tv.seattlewireless.net/january/january2004.html
There are many useful purposes for wardriving that the public can benefit from. For example http://www.placelab.org provides software to identify your location using your wifi card and that so called “evil” data collected by wardrivers.
This is nothing but an “internet for idiots” style article meant to appeal to mostly “AOLer” type people. Well, yeah, duh, leaving your WiFi network totally unsecured is just inviting someone to hack your systems, but no more dangerous than having a cable, dsl or dialup connection and not having a firewall or even anti-virus. I’m by no means a computer genius, a good tech or hacker would eat me for lunch, but I still know people who complain to me all the time about their computer doing wierd things. First question I ask them is “got a firewall?” “No, do I need one.” I just want to reach throguh the computer and smack them upside their heads. These types of people don’t need to fear “war drivers” as their computer are already compromised ten ways to Sunday.
War Driving for Porn?
I find it a little interesting that no one really commented on the implications of a war driver accessing Joe Blows unsecured (or secured with WEP) AP and downloading kiddie porn. In the event the downloading gets tracked down to your public IP it really doesn’t matter if you have the materials on your computer or not. Sooner or later the media will get a hold of the story, your employer will find out, the neighbors find out, etc. Even if you are found innocent due to lack of physical evidence, which is unlikely in this day and age as the Govt. doesn’t seem to need evidence to do anything it decides it wants to do, Joe Blow’s reputation is still badly tarnished. Everyone needs to realize that this is the USA, where depending on the crime you are accused of, like downloading kiddie porn, you are guilty the moment the public finds out what you are accused of.
Solution – don’t rely on WEP or WPA alone to secure your wireless network. Add Radius Authentication or require a VPN tunnel to complete the connection. Just my two cents
Re: War Driving for Porn?
With regards to being falsely accused and later found innocent… I was falsely accused of “sexual assault” last year (Angry girlfriend used cops as a weapon.)
Eventually the charges were withdrawn…$7000 dollars later!
The worst part is, I found out that due to the nature of the charge I will remain on file with the police FOREVER.
So, my advice is that the media should go ahead and scare the crap out of wireless users until the manufacturers start putting these devices on the street with encryption turned on and a “ARE YOU REALLY REALLY REALLY SURE?!?!” messege when you want to turn it off.
I unfortunately have to disagree
I’m a long time reader and I rarely ever contribute to these discussions but I have to disagree with the author’s of this article and in particular Mathew Schlabaugh’s comments. You both couldn’t be more wrong.
The article is correct in its position that your internet activities are relatively safe since keylogging software, etc. is mostly defunct with antivirus/spyware being on most people’s computers but its what is on your computer that can do the most damage.
Mathew Schlabaugh says ” It is rare to find an unprotected wireless network that the granny next door set up although it does happen on occasion. “ You are right, I seriously doubt the granny next door setup her network but somebody did. In fact, in my neighborhood in a city of about 300K citizens the local telco (rhymes with Horizon) was giving away wireless routers with their DSL service. They would install them for you (wireless on, encryption off). Now Mathew Schlabaugh is pretty safe in Montana where you can’t get closer than 150ft but in my suburban neighborhood you can get within about 30ft easily without suspicion.
And here is my point. I was able to show to my Average Joe neighbor that not only could I surf his internet connection from my laptop with a decent signal but that I was able to copy off his QuickBooks file to my computer (which was not password-protected). My average joe neighbor had an average joe internet connection an average joe network setup an average joe 6 month old Windows XP Dell computer and I was not only able to get on his network but have access to quite a bit of his financial information
I then showed him that 6 of the 8 networks I could detect around my house were unencrypted and this isn’t just my neighborhood it’s my in-laws and it’s my parents and we all live in 3 very different parts of the city.
I live in a densely populated area near downtown Chicago. Right now I can see 6 unprotected wireless routers, three of which have very good or excellent connections. Let’s see, there’s “default” “linksys” another “default” something called “CPSNet”, another linksys and one with the name of a neighbor I don’t like. My daughter and I use laptops all over the house and half the time I look, I find that we’re connected to some other router and not even realizing it. If I was so inclined, I would never have to pay for internet.
After recent stories about government domestic spying, I think I’ll start using my laptop and one of these unprotected routers when I post comments here or at the many left-wing blogs I frequent.
Fear == Ratings
No duh.
Real Dangers
While most wardrivers are not out to do any real harm, I have experienced one who was. It cost me almost 2k in lawyer’s fees and many sleepless nights. When the scumbags who get through life on other people’s credit cards decide to make an online purchase, how do you think they do it? That’s right. They use unsecured wireless Internet connections. Most cops are completly stupid when it comes to computer crime. If an illicit purchase gets traced back to your network you are basically guilty until you (and your lawyer) educate the idiots and prove that it was basically possible for someone other than you to have done the deed. While you are sweating this out, you may find yourself arrested and your reputation ruined. I’m not out of the woods yet but I have learned the hard way that not all visitors to an unsecured wifi net are harmless.
Local hysteria re: wifi access
This is all propaganda spurred by telcos and cable providers that try to make public local funding of wifi less popular or understood. FUD by these folks is just beginning to hit the media, much of which they control, either directly or through advertising or business relationships. They are waging a huge campaign to prevent people that in all likelihood wouldn’t be customers of their dsl or cable modems anyway. It’s pure control.
Education stems from fear
I hate these scare tactic reports that are only intended to drive up ratings rather than awareness, but I think that even with the ill intent, these “doomsday” reports might actually convert a few newbies into wannabees and potentially techies.
At one time we were all newbies, and something happened or we were told something that led us beyond just being a novice user {newbie} who saw the internet and a PC as no more than an appliance. We now see them as the powerful tools that they are and we spend endless hours trying to make them do more than we thought they cold do.
Will these “scare tactics” work for all viewers/readers? No. But if even one person with an open wireless network gets the message to at least try to close holes, it’s worth it.
My Opinion, feel free to disagree. (no spell checkers or grammar comments please)
By the way, isn’t the safest, fastest and easiest way to secure a wireless network to use MAC filters?
I use an encryption like WEP or WPA or WPA2 etc.., but that only covers my connection to the hub, router etc.. A MAC filter will only allow “me” to access the router regardless of the other security settings. Doesn’t that remove the “someone else was looking for porn on my connection” scenario?
That’s a bit more than 2 cents worth, but keep the change if you need it.
Working with City-Wide WiFi
Yes, as this article states people can get into your wifi network when it’s unsecured. Easiest way around this is WEP, better way is MAC filtering, best way is to not broadcast your SSID, enable WEP and MAC filtering (really overkill).
Anyway, I have worked for a company out in California who offers city-wide WiFi using 802.11 technology that can be accessed up to 15miles away, and I currently work for a company in Utah using MMDS technology where service can be accessed from 25miles. The only way either of these systems might come under attack, to where someone would gain critical information, is if they understood everything in the architecture. People with this skill set aren’t usualy interested in your personal data. More or less these people have a goal, usualy to expose or cause an inconvience to a company or agency they view to be in bad taste. What’s at risk are businesses with unsecured networks. The average home user only has to fear loosing bandwith from the kid leeching from next door.
The media, who’s business model is fear mongering, cares for ratings, so they’ll say anything to keep you watching. Just like with the Bird Flu reports, these are no different. They take 1 sliver of truth, throw in a forest of editing, and you get the obscured story.
Edit to statements
By WEP I meant to say enabling encrypition. WEP is easy to get around if you know what you’re doing, WPA is better, but if MAC filtering’s enabled, it doesnt make any difference.
Simple answer, secure your wireless network / use a LAN – If you don’t know how to read the damn manuel that came with your router. It’s not hard. A little 13 year old can do it.
Get a firewall, get a good AV (antivirus) and don’t do anything stupid like putting your router password on your neighbors doors. You should be fine.
Who Benefits?
“However, fear mongering reports that get the facts wrong don’t do anyone any good.”
I beg to differ, follow two things. First and foremost, follow the money (Always, Always!), then see what Orin Hatch (Mr Stepford) is or isn’t doing. This IS Utah afterall. Who knows what goes on there?
I like to have a little fun with these idiots who just buy the router and plug it in. Just the other day, I finished working in a customers house and sat in my truck to have lunch. Broke out the laptop and found 11 networks, 9 of which were un-encrypted.
I then continued to attempt to log in to all open routers, change the password(if it was still default), and eneble some form of encryption, just so they go nuts not knowing what happened. Turns out, one of them I couldn’t get at all, 6 of them still had the default passwords, the other two, I either couldn,t figure out the default passsword, or it may have been changed.Now I make a habit of regularly messing with unsecured networks in this fashion.
The kiddie porn is a MUCH BIGGER deal than you mak
In stating your point about burden of proof if someone surfed for kiddie porn from your AP, you overlook what that would still be like.
So as long as you have your door kicked in by police at 0600 on a Sunday while your neighbors gather on their lawns watching your computers being seized, forensics teams going in and out, and you being marched in bracelets out to a van – it’s all fine. Just so you’re acquitted, right? They couldn’t prove it, so you’re acquitted 6 months later, bankrupt and not welcome at your kid’s school. Your neighbors don’t speak and the in-law’s aren’t sure about you even being around their grandchild. But you were “innocent”. Wait a minute: There’s no finding of “innocent” – you just weren ‘t convicted. You got off just like O.J. Simpson.
Sure; no biggie.
Sometimes the charge IS the sentence.
“The article, of course, claims that anyone who gets on your network can see everything you do, including getting access to account numbers and passwords.”
That’s actually true. If you can get on a subnet, you can sniff all the traffic with ARP poisoining. Look up man-in-the-middle attacks.
Som big companies still don't encrypt
Marvel Comics doesn’t encrypt their online transactions. I was going to get a subscription to a comic from them but I didn’t because of the lack of encryption. That was about two years ago. They might have added it by now.
I be not doin anything illeagle so we dont care if my uncle listins in
RE: What Good Is It?
My previous comments made the improper assumption that many people secure their WiFi networks. Although as PopeRatzo, 3cats, and THOR point out I am misinformed. However, my main point was once basic hardening of the WiFi network has been completed it is not the easiest thing to break. I agree with flan4u that said, the media “intended to drive up ratings rather than awareness”.
Chris is right on with:
“Yes, as this article states people can get into your wifi network when it’s unsecured. Easiest way around this is WEP, better way is MAC filtering, best way is to not broadcast your SSID, enable WEP and MAC filtering”
and
“What’s at risk are businesses with unsecured networks.”
Sneaky illustrates the true danger with:
“I like to have a little fun with these idiots who just buy the router and plug it in.”
I think the moral of the story is:
Read the manual and don’t forget to secure your wireless network…