Wireless routers open door for crooks

WorldNetDaily.com ^ | Wednesday, February 11, 2004

[JohnHuang2]

Wireless routers open door for crooks
Report finds con artists, identity thieves can easily access your PC

---

Posted: February 11, 2004
1:00 a.m. Eastern

© 2004 WorldNetDaily.com

One of the hottest new computer-related technologies is the wireless router, but the popular Internet connection also opens the door to thieves, according to a consumer report.

High-tech criminals, using just a pocket PC and a $20 antenna, can pick up someone else's Internet connection from up to 10 miles away, says KIRO-TV in Seattle.

A wireless router beams an Internet connection through the air to other computers without the use of wires. It allows, for example, a laptop to connect from anywhere in a home or business.

Not only does it open a huge door for con artists and identity thieves, but it allows even perverts to walk right through, the KIRO report said.

"Imagine the case of pornography or child pornography and all of a sudden the authorities are knocking on your door and taking you away and you don't know what they're talking about -- because someone downloaded child pornography via your connection," Brett Hiley, a computer security consultant, told KIRO.

Hiley demonstrated the hundreds of connections he could get while sitting in an SUV in Seattle's east suburbs.

"It looks like we're sitting here in an anonymous location, and we have full Internet access," he said.

Hiley warned that not only can hackers steal your connection, they can watch everything you do and even steal your personal information through free programs available via the Internet.

"I have personally found financial institutions that were transmitting credit information … Social Security numbers, names, numbers, addresses, phone numbers, your credit report," he said.

Secret Service agent Wallace Shields confirmed that to KIRO.

"You can basically sit in a parking lot, and if you know what frequency to go in on when the stores download by satellite, you get tons of credit card information," Shields said.

Hacking tools exist, KIRO said, that decode passwords, even on some sites that claim to be secure.

Shields said it's important to use the encryption technology that comes with most routers, but KIRO's investigation found the security features are not user friendly and apparently most people have not turned them on.

Out of nearly 100 wireless connections KIRO accessed from a park during its investigation, fewer than half were encrypted.

---

[JohnHuang2]

Wednesday, February 11, 2004

Quote of the Day by OneCitizen

[Jeff Chandler]

My wireless system is secure.

My son-in-law is always picking up his neighbors' signals at his house, but he never does when he brings his laptop to my house. My supposition is that since he lives in an upscale neighborhood, more people have wireless. I live in a lower middle class neighborhood.

[Bogey78O]

10 miles? As if....

[martin_fierro]

I found it easy to encrypt the signal when both my router & 802.11b laptop wireless card were Linksys (running with Win 98 SE).

But when I got a new laptop with a NON-Linksys wireless card and Win XP Pro, I found it a lot harder to get the laptop to communicate with the router with an encrypted signal.

If any FReeper can make that process more "user-friendly", I'd appreciate it.

[Justa]

They use directional hi-gain antennas. I saw an article once about how to make one using a Pringles can. My brother made a set once to extend the range of his home network. In essence, a wireless bridge. Many metropolitan area networks (MANs) use them. Myself, I use commercial 802.11g wireless with 64/128 WEP encryption. Ain't about to be hacked.

[hmmmmm]

Ditto the "user-friendly" request. In the past 24 hours I installed an 802.11g wireless router and laptop card. I've managed to get everything connected to the internet (by sheer luck), but I'm worried about the security. The "WEP" process wasn't fully explained and I skipped that part. I've been searching for "wireless for dummies" info ever since.

Any guidance would be greatly appreciated.

[Justa]

I recommend using the 'kit' method. Buy an entire set-up from one manufacturer. That way you're assured of compatibility and performance. I prefer MSI's 802.11g equipment as they are a good balance of low price and high quality. The RG54GS gateway and 4 PC54G wireless PCI cards go for about $240.

[Prime Choice]

High-tech criminals, using just a pocket PC and a $20 antenna, can pick up someone else's Internet connection from up to 10 miles away, says KIRO-TV in Seattle.

What this article fails to point out is that this issue largely concerns 802.11b (2.4 GHz). Reliable signal only goes about 2 miles, and that's with a directional antenna. (FYI: Trader Joe's Coffee cans work better than Pringles cans.)

If one is using 802.11a (5 GHz) with the Wired Equivalency Protocol (WEP) in place (and using a key larger than 104 bits) and a LAN address pool space limited to the number of authorized users, the risk is greatly reduced.

It also helps to have a direct authentication point over an SSL tunnel with a login/pass combination satisfaction requirement before granting network access to the Internet. That way, even if someone clones your MAC address, it won't do them any good since they can't satisfy the login/pass challenge.

[Prime Choice]

The "WEP" process wasn't fully explained and I skipped that part.

Don't skip it. It's important.

WEP stands for the Wired Equivalency Protocol. It is NOT high security, but it is a reasonable measure to render wireless communications as reasonably secure as wired communications.

Here's a couple of tutorials that should help you get a leg up on the issue.

802.11 WEP: Concepts and Vulnerability
802.11 Security Beyond WEP

Good luck.

[hmmmmm]

Thank-you so much! I'm off to read those links now.

[AFreeBird]

WEP is the older less secure secure protocol.

My Linksys WRT54G router uses: Wi-Fi Protected Access (WPA) Pre-Shared key, WPA Remote Access Dial In User Service (RADIUS), RADIUS, and Wire Equivalence Protection (WEP) protocols.

From the router help page:

There are two encryption options for WPA Pre-Shared Key, TKIP and AES. TKIP stands for Temporal Key Integrity Protocol. TKIP utilizes a stronger encrytption method and incorporates Message Integrity Code (MIC) to provide protection against hackers. AES stands for Advanced Encryption System, which utilizes a symmetric 128-Bit block data encryption.

For additional security, makes sure to change the SSID of your system, and disable the broadcast of of the SSID so only systems that have pre-knowledge of the SSID can connect.

[quietolong]

802.11b Homebrew Antenna Shootout (Pringles Wins!)
http://www.freerepublic.com/focus/f-news/986401/posts

[Drango]

10 miles? As if....

LOL...I'm lucky if I can get mine 30 feet down the hall.

[woofer]

10 miles? As if....

Yeah, on it's best day, under extreme ideal condition, my wardriving rig can suck in from maybe 1 to 1 and a half klick. but not from a home wifi device. Usually a big office building or university system. I gotta get real close, practically in their driveway to use their router.

[FreedomPoster]

WEP has been shown to be hackable. WPA is what to get, for now.

I need to upgrade. Wireless base is in my basement, a hacker would have to be sitting in my driveway, is the caveat, so I'm OK for now.

[corkoman]

10 miles? As if.... LOL...I'm lucky if I can get mine 30 feet down the hall.

Yup - thats my security - good luck trying to get any signal beyond 30 feet!

[BibChr]

High-tech criminals, using just a pocket PC and a $20 antenna, can pick up someone else's Internet connection from up to 10 miles away, says KIRO-TV in Seattle.

Oh, perfect!

And I can't even get a strong signal 100 feet away!

Dan
/c8

[adam_az]

"The "WEP" process wasn't fully explained and I skipped that part. I've been searching for "wireless for dummies" info ever since."

Likely anyone can access your network.

You need to set an identical WEP key on both the router and PC.

[anymouse]

wireless ping