E-mail updates
Follow on Twitter
Subscribe to RSSThieves and predators may be stealing your wireless signal and making you an unwitting accomplice in their criminal activities. As NBC's Kerry Sanders reports, Malcolm Riddell found himself at the center of an FBI child porn raid.
What happened to Malcolm Riddell should not happen to anyone — but it can and does, and that's the cautionary tale shared by the Florida man, whose garden-variety wireless Internet signal was "stolen" by a criminal to distribute his library of more than 10 million child pornography photographs.
When a dozen FBI agents came knocking on Riddell's door, they thought he was the bad guy. In fact, as NBC's Kerry Sanders reports (see video below), it was another man, Mark Brown, they were after — and ultimately arrested — who hijacked Riddell's Wi-Fi signal.
Riddell lives in a 12th-floor condo in Sarasota, and Brown apparently was able to steal Riddell's signal from out in the nearby marina, the equivalent of more than two blocks away.
Why? Riddell, like many Wi-Fi users, did not use password-protection for his wireless Internet access, and became vulnerable to the perils of "wardriving." Wardriving commonly involves someone driving around in a car with a laptop and antenna to find and access, perhaps exploit, a wireless computer. But in Riddell's case, the "wardriving" was done from a boat.
The ease of such an intrusion was shown by Sanders, driving around Pittsburgh with FBI agent Tom Grasso who used a Pringles can — yes, a Pringles can —as an antenna.
"In just 30 minutes, we picked up 1,524 wireless signals, a quarter of them with no password protection at all," said Sanders.
Making it more difficult is that if your signal is "stolen," "you're not going to see it, you're not going to notice any unusual activity on your computer; it's going to very hard for you to detect," Grasso said.
The first thing you can do to protect yourself is make your home wireless network password-enabled. Many wireless users are so happy just to get a Wi-Fi network up and running that they don't bother setting up a password.
"Many who purchase wireless routers don't realize that their network is open until you enable security — meaning that anyone in the area can gain access to your Wi-Fi signal and the devices logged on to it," says the Wi-Fi Alliance, an industry group. "Turn on the security features of your network and consider installing a commercially available firewall."
Here are some other tips about using Wi-Fi from the alliance:
Configure for approved connections: Many devices sense and automatically connect to any available wireless signal. To regain control, simply configure your device to not automatically connect to an open network without your approval.
Disable sharing: Your Wi-Fi enabled devices may automatically open themselves to sharing / connecting with other devices. File and printer sharing may be common in business and home networks, but you can avoid this in public networks.
Install anti-virus software: When connecting at home or at work, it's safe to assume that the other computers on those networks are protected against viruses. When using a public hot spot you have no such assurance, which makes it more important to have antivirus software installed.
Use a personal firewall: When connecting to a public hot spot, you are joining a network with other unknown computers, which can increases your exposure to unwanted risks To protect yourself , run a personal firewall program, which are easy to install and in some cases free.
Change your password around every once in awhile: "Periodically changing the passphrase on your network also increases security," the alliance says.
And, when you are using free, public Wi-Fi, for example, at an airport or hotel lobby, those "hotspots are by nature 'open' and unencrypted," the alliance says. To reduce your exposure when you use free public Wi-Fi, the alliance advises:
• Make sure that you are connecting to a legitimate hotspot — those that require a password have more protection than those that do not.
• Use a virtual private network or VPN, which establishes a private connection across the public network. This may be supplied by your employer, or you can purchase one.
• Surfing the Web and sending e-mail is fine, but doing your banking for example in a public hotspot is not advised.
More about security and your digital life:
- Spring clean your digital mess
- Student: My principal made me delete Facebook posts
- How to scare away laptop thieves using video chat
Check out Technolog on Facebook, and on Twitter, follow Suzanne Choney, who can't live without Wi-Fi, but now has a better understanding of its perils.
Leave a Comment:
the digital industry needs a better wifi systemonly to let the people of the home only use the wifi device,it should be installed by expert's only not the owner, the owner might not no how to install the device!!!
If the owner doesn't know how, don't buy it. It's not the industry's problem...it's a consumer problem. If you buy an alarm for your home or car, you learn how to use it. Why would you buy a home or a car and not protect it? Same goes for your computer. However, too many consumers don't realize the value of that computer that extends far beyond the hardware they purchased.
It's not just a specific consumer problem. You don't just simply install an alarm system in your home. You consult a professional who installs it and they (in return) show you the proper way to use the technology. That is a good thing.
Why?
Because it's not just about that particular consumer, It's about all of us. Taxpayers fund every infrastructure within this system. The cops who are called on false alarms (or in real instances.) The investigations that go into stories of digital identity theft such as this one. Not to mention the personal anguish brought onto a family such as this. It's our personal responsibility to educate ourselves and protect ourselves of course. But we also must look out for one another.
As our technology grows exponentially, stories like this will only increase. We need to get infinitely more tough on cybercrime before stuff gets way out of control. I think mandatory prison terms for people exploiting technology is a good idea. This stuff is supposed to help us ... to further our progress as a species. If people can't respect that then I don't respect them.
@frozeninak - The better wifi system you are asking for already exists and is built into all wireless routers that are on the market. The thing that does not exist is the knowledge of the typical consumer to know what the features are and how to turn them on.
Any wifi network I setup always has a strong key, network name broadcast shut off, and the administrator password changed.
If everyone did this, stories like this wouldn't happen. A very sophisticated criminal may be able to bypass these security measures, but for what they would get out of it makes it not worth the time and effort.
@IT Guru, I do the samething as you as well as utilize MAC filtering, This would ensure only the approved devices are allowed to connect through your router.
Absolutely! That's the perfect way to ensure no unauthorized computers can use your network.
Great point, Tech-Guy.
Another vote for MAC address filtering here too. My router is set up so that only my laptop can connect wirelessly. Of course, I have strong password protection as well. I don't think anybody's advocating that MAC address filtering be a substitute for password protection.
Just remember that a talented thief has the capability of changing his MAC address through several programs available for free download. Check it out, and you'll see I'm right.
Steve is correct. MAC addresses can be cloned. Passwords can be cracked and your network's name can be discovered even with the beacon turned off. If the wrong person really wants on your network, you're screwed.
Fortunately for those of us that take these precautions, there are so many easier targets for these guys to go after than worrying about cracking our networks.
Anyone who's ever used Backtrack before knows there is nothing you can do to prevent unauthorized entry into a wireless network, except for unplugging the router. Thankfully Backtrack is far too complicated (with absolutely NO instructions) for the average computer user (and even the average tech).
He might be able to change his MAC but if you don't broadcast your SID (network) then he doesn't know what to look for.
The information he seeks is embedded in the packets sent between your wireless device and the router. Everything is there waiting to be found... If it's worth the trouble to someone.
Coming from an IT security guy, I can assure you that NOTHING on a PC is secure. The only thing you can do is make it more difficult for people when it comes to getting your data. Wireless is wide open no matter what you do because you're broadcasting it to everyone within range (and that range is actually much farther than Windows will let you think).
I am an IT guy and I have a lot of friends that have wireless routers that don't have any protection on it. I have offered my services to all of them but they don't want it. They think that it's just to much of a hassel... I am going to forward this story to them... I agree with IT Guru that you should put all of the security measures you can on your router. I have it on my wireless router and I have a 26 character passcode on it but I also know that it doesn't matter how much security measures I put on there becuase if some one that really wants to hack it they will. There is software on the internet that you can download like software to clone mac addresses. So if they want to get in they will but most will not waste the time to go through all that trouble
Actually when you use WPA-2 with AES and a very long strong password still has not been broken yet. An attacker would not be able to join your wireless network. If you were foolish to use WEP, which can be broken in under 5 mins, or WPA, then your a sitting duck for an attacker.
The thing that most people, even some IT folks, do not realize is that there are many free GUI tools available for download on the Internet that anyone no matter their skill level, can use to quickly crack WEP or WPA. Just a matter of a few clicks and the programs do the rest. Hell, my 10 yrd niece probably could get some tools to work by following the directions lol.
99% of Wifi tapping is done through just insecured systems. Just putting a weak password through a weak security mesaure is enough to deter 99% of the problem. Most don't want mischief, just free internet and don't want the hassle of the hack.
If you use a good password with good encryption and MAC filtering... yes, they have ways to hack it. However, I wouldn't be surprised if you NEVER have issue.
The only known way to attack WPA-AES is brute force, which is impossible for a sufficiently long key.
itsmekirill - very wrong. Nothing is impossible to brute force. Especially with distributed computing, cloud services for rent (Amazon's service has been used to brute force before quite quickly and successfully), and CUDA GPU computing. Not to mention to brute force WPA/WPA2 you don't need to be online at all, so you have all the time in the world given how infrequently people change their wifi passwords.
tldr; absolutely *NO* wifi is safe. You could swap "wifi" for "computer" and be right but that's not the subject of this article.
Halifax is dead on with no wifi or computer is unhackable. If one has the time it can be hack. The thing to remember is way spend an hour on hacking one system when their next door neighbor you can hack in 5 mins. Most people take their new wifi router home, take it out of the box, and plug it in.
@Tech-Guy_MD, The idea that MAC filtering would keep you safe is very misleading. There are several free tools that allows an attacker to discover a devices MAC address. Once that devicee is unplugged from the network, an attacker just needs to change the MAC address on their laptop to match the MAC of the device. Then using other tools they can join your wireless network and have free reign to cause havoc. Same goes for hiding the SSID, easy to find using free tools that are available. Best advice is to use WPA-2 personal with AES if your wireless router and devices supports it. Just make sure you use a pretty long (over 16 characters in length) complex key with a mix of upper and lower case letters and numbers.
Last time I checked (which admittedly was some years ago) the devices came with a set of instructions for setting it up. I wasn't born with the knowledge that I should secure my internet Wi-Fi...I read the instruction pamphlet and then used some common sense. When someone buys a car with new features, the developer of those features doesn't stop by to teach you how to use them. You read the Owner's Manual and figure it out.
My wireless router did NOT come with instructions on setting the security. I went to various forums to find the information. Yes, I did use WPA-2. Now I cannot add an additional device as it barely keeps the one that I have online. Wireless is overated. Went back to wired. No problems. there needs to be a better way for the average consumer to get the instruction on how to set security and still get the ding-dang-daggnabbited thing to work as it is supposed to.
"a quarter of them with no password protection at all," said Sanders"
So when the FBI comes knocking or breaking with 12 agents they need to expect that right off the top the user has a 25% chance of not being the perp. In fact they themselves can test that with any smartphone before they break doors.
The only people that want you to not share your wifi is the cable or phone company. Because they want to sell additional accounts. There is very little real world risk to leaving it open... except from the FBI.
Who ever said that having insecure wifi frees you from guilt in online crimes?
There's nothing wrong with doing your banking on a public hotspot because all banks' sites use SSL encryption. In fact, if you value your privacy, sending email in the clear or performing other web surfing activities that are not encrypted is far worse than banking.
Sigh...
People: turn on your wireless security! If you don't know how to do that, refer to the documentation on your router or access point. If you don't want to read the instructions that came with your device(s), then use wired connections and leave WiFi to those who want to learn a bit about it before becoming victims.
The encryption used in today's wireless devices is good enough to provide moderate to high levels of protection...but you *do* have to configure it.
Most consumer-level routers and access points (Netgear, Linksys (Cisco), Belkin, etc.) are fairly straightforward to set up. Some offer installations that do most of the configuration for you right out of the box (after asking basic questions about usernames and passwords).
I do this for a living because I like it. I respect those who don't and don't, but if you're going to use a tool, you need at least a basic understanding of how it works so you don't wind up getting hurt.
This is an open plea to those of you who want to blame the problems on us stupid non-techies--- I don't know where you expect us to find out all of this stuff. If I don't know something exists, I can't ask for it or find out how to do it. Nothing I have bought lately comes with the kind of instructions I apparently need, probably because they know that revisions and upgrades come so fast that the instructions are outdated before they are printed. I spend hours looking for IT information, and a great number of online discussions are practically undecipherable, thanks mostly to the use of jargon and abbreviations -- WEP? WAP? WAP-2? AES? SSID? MAC filtering? (Does that one mean I have to have a Mac?)
Yes, I am an old fogy, but if you needed something from my field of expertise and I threw our jargon at you, you wouldn't be able to figure out what you needed either.
Sure, I can take a day off to look up all these words and probably make sense of what you are saying -- but then you IT-whizzes can't even agree among yourselves, so I still don't know what to do. I just read on another site that I need WPA. But you all seem to think I have to have a WPA-2 with AES (whatever those are). And you don't even agree among yourselves. Some of you think the MAC thing is fine, but then Gary1969 says it isn't so good after all.
Please don't think I am against geeks -- my son is a professional one, so I am lucky. And if I didn't have him, I would jump at the chance of help from someone like the ITGuy-316.... But you young people who understand all this stuff need to realize that it is an upward and fast-moving learning curve for those of us who grew up speaking Fortran and punching holes in out data cards. And, as you will find out some day, it is all coming at a time when our brains are slowing down. Meanwhile, instead of blaming the victims, why not try to help educate us with some decipherable advice. If I can make molecular biology understandable on a practical basis to my 9-year-old granddaughter, surely one of you can tell me where I can find the hidden SSIDs. Thanks for your thoughtful comments, Chad -- you were on the right track.
Here's why we think you should already know this - this is information concerning your own security. This is also information that has been around for years. You've got WPA, okay. The same way you set that up, go back in and change it to WPA2 if you can. MAC filtering helps, but probably not against someone who can break into a WPA/WPA2 network to begin with. Media Access Control (MAC) addresses are supposed to be unique for every network card but they can be changed to copy someone else's quite easily when you know how. It's not foolproof, but just like how having security cameras stop casual shoplifters this will filter out the casual script kiddies (wannabe-hackers). As far as not agreeing amongst ourselves, we generally do agree. This is not an opinionated field, but some people just don't know about certain things (like how easy it can be to spoof MAC addresses) and that changes their outlook. Other information (like saying you should use WPA) is either a typo missing the "2" or it is very old.
WEP - I can break into WEP networks in under 10 minutes on my low-power netbook. DO NOT USE WEP.
WPA/WPA2 - better to have WPA2 if possible. Relatively secure - usually takes much time to break in to these network. Assign a long password (that isn't a dictionary word) to make it harder to break in to.
AES/TKIP - types of encryption (security) for WPA/WPA2 networks. Choose AES whenever possible.
SSID - this is just the name of the wireless network. You see it when searching for access points to connect to.
MAC address - Media Access Control. Unique address assigned to every network card (wired or wireless). Can be easily read and copied onto another card without even breaking into the network first. Doesn't reference any Apple products, though Mac network cards also have MAC addresses - the capitalization can be used to differentiate them.
OK the pedophile was the culprit, but why does this guy skate? He is responsible for allowing the activity on his network. He needs to be charged as an accessory to the crime. When people allow this to happen they are criminally negligent. After all the articles like this and the public does not take the 15 minutes to set this up? Give me a break... they should be charged and then people would wise up. If you are too stupid to set up the product (which means reading the manual) then you are too stupid to have the product.
If my neighbor drives my car, and he runs a red light... he's the one that gets the ticket. If I can prove I wasn't in the car, the ticket gets dismissed. It's the right thing to do. Throwing people in prison for something that they had no knowledge of having going on is just wrong.
Be responsable....read the instructions and secure it or make the news....DUH!!!!!!!!!!!!
it should be no more criminal to have an open network that gets used like this as it is for ATT or your cable company to xmit that same data.
Just like a private road owner shouldn't be liable if a bank robber drives down it.
People, thanks for the tip about WPA-2. My network was configured for WPA, so I changed that.
Sue, a news item isn't a good place for help with wireless security. There's a very helpful forum on this subject here:
http://www.dslreports.com/forum/wsecurity
I'd suggest that as a good starting point if you want to ask questions. It's a friendly place and well moderated.
There are ten's of thousands of American 'laws' which any American citizen could unknowingly break and be a victim of America's utter injustice dept. who has convicted hundreds of thousands of law abiding American citizens whose defense was they didn't know what they were doing was a crime which of course is no defense and a green light to convict that person.
Sadly any law abiding American citizen can and does end up with possibly illegal photos or files thru normal search engine results and being a victim of a website uploading images or files to you that you in no fashion asked nor wanted on your computer. Although you would seem to be the victim, in the eyes of a law dog or criminal wearing a badge you are guilty in their eyes and they'll railroad you right into jail if they have to. Countless websites do this and being ignorant to the fact is no defense nor that you didn't know those files or photos were on your computer buried among ten's of thousands of files which is the utter height of injustice. NO I am not excusing some scum child porn king, I am pointing out the utter hypocrisy of the sewer level of America's injustice on the American Citizens and people.
Oh sure in this example loads of child porn is without question inexcusable, however I have seen and been on totally unrelated websites that uploaded porn and unwanted files completely behind the scenes to my computer system regardless of my firewalls and anti-virus settings. I just happen to look over the many thousands of files on my computer knowing damn full well some law dog would do the same if they had any legal or illegal excuse to do so looking for anything to pursue a charge and conviction.
I fully encourage users to use the freeware file, folder and empty drive space shredder AS Shredder to at least make it difficult to recompose any deleted files on the sad Windows Operating System driven computer that you use at home or at work. Chose the 'Security' website option at their website to view Shredder information and download that freeware program.
I fully encourage users to use the freeware program CCleaner to remove and at least make it difficult to follow your Internet history, cookies and any browser and program related temporary files on the sad Windows Operating System driven computer that you use at home or at work.
I fully encourage users to use the freeware encryption open source software program True Crypt to encrypt a partition of your personal computer hard-drive using multiple heavy duty encryption algorithms and to quickly, freely and easily heavily encrypt a flash drive.
When testing to see what is still on your Windows based computer that was previously deleted since day ONE, I highly suggest getting and using the freeware program Recuva to scan your computer and prepare to be utterly shocked and surprised how many ten's of thousands of old deleted files are still perfectly recoverable by some animal wearing a badge who would possibly use those to blackmail, extort or threaten you with wrong doing.
Although I obviously highly recommend using long complex passwords for your WiFi connection and DO NOT USE the default passwords whenever possible. I am however encouraged that a great many Internet Users realize there are so many nefarious agency's in America and in Israel that comb thru the emails, instant messages, text messages, land line calls and cell phone conversations they are taking extra steps to help return some small modest personal freedoms and liberty's which were abundantly stripped and eliminated under the utterly depraved and corrupt Republican administration of Bush-Cheney with the 'Patriot Act'.
I have used the above freeware programs, have nothing to do with their programming nor distribution but use them, enjoy them and they work very well in the specific area they were designed for. Some ask for donations prior to downloading them which the user can ignore or contribute to as they freely chose. The above programs are fully functioning freeware, not shareware and not time limited or crippled products.
Best of luck to each on regaining your American citizenship rights, liberty's and freedoms which in the present Police State are entirely under siege.
They have some nice nifty viruses on the internet that would put child porn on your computer without you knowing it. Then distribute the porn to everyone. Again, if the person has no knowledge of it, he shouldn't be charged.
They have a nifty program called 'Deep Freeze' that prevents anything permanent from being written to your computer. When the computer shuts down, poof... all the changes disappear and the computer goes back to the way it was when you started it.
This makes it EXTREMELY difficult for a virus or otherwise to attach itself to your computer. It is made by Faronics.
A nifty easy to use freeware program which plugs many of the leaks on Windows based operating system personal computers is called Samurai and is a Host-based Intrusion Protection tiny program (HIPs). I use it, don't have anything to do with the development nor distribution however I'm pleased with the added security it add's and immediately plugs. For a great many it is a single button click solution, you select ALL the features to plug and address of the menu listed of Windows security problems and then click on 'Apply configuration' button to plug them immediately.
Back when I had cable, and thus DSL, I tried to used a router with a password. It setup just fine. But once I shut my computer down and rebooted for the update and configuration bs that you have to do with all new hardware/software, my computer didn't regocnize the router or the wireless system I had setup. And trying to setup a second one didn't work for some reason.
So, I started hijacking my neighbors. I know, let the bashing begin. I did eventually get an aircard and get rid of the cable, but I do still occassionally hijack a neighbors signal, if I'm over my data limit and need to download something.
I don't have a problem with it, so long as it isn't abused. Doesn't seem like you are abusing it to me.
I often do homework at a Cafe in my area. They do not have Wifi, but someone living in a trailer next door does. I don't abuse it, but I use it.
There was an old bible verse in the old testiment that literally told field farmers to 'not' harvest the edge of their fields and to leave that food for the poor to wander in and take. The point being, that sometimes, the temporary and little use of something isn't always wrong.
No, they don't.
I had my open wifi system hacked once, they even changed the password on my wifi router, trying to keep me out of the router.
I reset the router and FINALLY enabled sercurity. I worry a lot less now.
If you leave the keys in your car, and someone steals it and uses it to commit a crime, are you entirely innocent?
If you install your own microwave and wire it incorrectly and start a fire, whose fault is it? If you buy a gun and accidentally shoot your thumb off, or incorrectly use a chain saw and maim yourself, whose fault is it?
Most current home routers come with good instructions for secure setup. It's as ludicrous to blame AC house wiring technology for a fire caused by shoddy installation/workmanship as it is to blame us "techies" for "non-techies" unwillingness or inability to make the effort to secure your home wi-fi connection. If we set it up securely for friends or relatives, they will whine that their friends can't connect with their iPod when they come over since even if it can see the router, they have to enter the password. Horrors! Sometimes it may have as many as *20* characters!
As far as not understanding the terminology and concepts, try the dslreports site recommended above by engineerguy and/or Wikipedia for definitions and concepts.
So much for being an scientifically advanced nation. A young man in Africa has provided wind-driven electrical/mechanical power for hmself and other villagers from basically little more than scrap from the dump, two old textbooks and ingenuity. WE have the Internet, search engines and libraries, but seem too lazy to use our brains.
You "wi-fi squatters" above must feel like reeaallly leet hack0rz. Do you steal from the tip jar at the diner, too?
End of my security rant, for now...
I can honestly say that my router that came from ATT came with no instructions on how to setup Wifi Security. It didn't even tell me about the webpage you can go to to set it up. My router came by default with WEP enabled and some default key on the side of it. Companies could do better at explaining that these security features exist, I already knew they did because I am going to school for computer networking. But people that know nothing about such a thing because the company fails to say anything should never be punished for it. Alot of things dealing with technology is not common knowledge, especially with older people. I know alot of older people that have no idea what even a router is, so before anyone says anything else just remember you were a noob once also. So thats my rambling for the day.