The consumer-level wireless networking market has exploded over the past few years. Unfortunately, manufacturers have been lax in explaining the potential security risks associated with their products.
Typical instructions bundled with consumer products are geared towards getting you up and running as quickly as possible. Only recently has consumer equipment begun shipping with basic security measures enabled. Unfortunately, this effort is flawed by the fact that all devices typically ship with the same default configurations, making the effort wasted.
Do People Really Care About Wireless Security
While there are hundreds, if not thousands, of articles currently available on how to secure a wireless home network, they frequently address only the steps involved, ignoring the reasoning behind them. Of course the most obvious reason is to protect the data on your own network. Believe it or not, many people don’t see this as enough incentive. One of my own family members (who has an IT background, no less) once expressed to me that the security of his network wasn’t of concern because he knew his individual machines were safe. He was right with regards to his systems; they were pretty secure. However, his belief that someone intruding on his network was there for his stuff was flawed.
Using Your Wireless Network For Fun & Profit
Your bandwidth alone is a significant motivator for the less than scrupulous. Your unsecured wireless network can provide the ultimate “anonymizer” for illicit activities. You may be facilitating a glorious “hacker” techno-battle, such as those portrayed in the movies and television. Perhaps an international spy needs to transmit secret data back to her superiors and decides to borrow your network to fulfill the task. While not likely, you never know.
Little Johnny Wants A New Toy
Here’s a more realistic scenario:
Little Johnny has a stolen credit card number. We don’t know how he got it, it doesn’t really matter. What does matter is that Johnny now wants to take advantage of his prize and knows exactly how. His reward will be one of those new handheld video games that are flying off the shelves. Johnny isn’t foolish enough to walk into a store and use his stolen credit card, he knows a better way. Johnny lives across the street from you and your unsecured wireless network
So here’s what Johnny does. First he configures his computer to use your wireless network instead of his own, taking an extra minute to make sure that he spoofs any information that may uniquely identify his computer. Next, he searches the web a bit for the perfect online vendor to acquire his product. He avoids the biggest and the smallest vendors. The largest vendors tend to be very thorough in credit card validation as they have solid resources at their disposal. The smallest vendors are often quite thorough as well as loss due to fraudulent transactions impacts them dramatically. He searches for a middle of the road vendor, one with a reputation for lousy customer service, in the hopes they won’t bother verifying that the shipping address is valid for the credit card being used.
Once he locates a suitable vendor he places the order and has it shipped to your next door neighbor. Why there? Well, he doesn’t actually know that the wireless network he is using is yours and doesn’t really care. What he does know is your next-door neighbor leaves the house every morning promptly at 7:30 and doesn’t return until at least 6:00 in the evening. This leaves opportunity to safely retrieve the “tried to deliver while you were out” slip that will be left behind by the parcel delivery driver. The following morning he will reattach the delivery slip to the door, with instructions to leave the package on the doorstep. A few hours later he picks up his package, leaving no trail leading back to him.
Conclusion
More than likely this single incident will disappear without further involving you or Johnny. The owner of the credit card will dispute the charge, and the credit card company or vendor will end up eating the loss and the story ends. Of course, there’s always the chance that some motivated investigator will follow the trail back through your internet provider and ultimately to you. You may not be going to jail over it, but you’ll likely be having a few uncomfortable discussions with some gentlemen wearing badges.
The fact is this isn’t an original scenario. This type of scam has been run over and over again and dates back decades before the internet explosion. It has dozens of variations and permutations. What is important is that this time around you have become part of the equation. By ignorance or by apathy you are in the middle of something bad that you never imagined could have happened.
Erich currently specializes in providing network and
security solutions for small to medium businesses that
frequently have to resolve the conflict of need versus
budget. His commitment to precision and excellence is
eclipsed only by his fascination with gadgets, particularly
ones that are shiny, or that blink, or that beep. If you
would like to contact Erich you can e-mail him at
erich.heintz@gmail.com. If you would like to know more about
computer security please visit us at
http://www.defendingthenet.com.
