[ISN] Hackers prey on unguarded wireless links

[InfoSec News]

http://www.insidebayarea.com/businessnews/ci_2886879

By Erika Chavez
SACRAMENTO BEE 
07/24/2005

A shiny new laptop computer can be had for as little as $500,
lightning-fast DSL Internet service has dropped to $14.95 a month and
a wireless router costs $50 or less.

Welcome to the golden age of wireless, where every day, thousands of
average Joes and Janes are making that cordless leap onto the
information superhighway.

At least 13.2 million U.S. households will have wireless home networks
by the end of 2005, up from 9.1 million in 2004, according to IDC
Research, a tech analyst based in Massachusetts. And in May, notebook
computer sales outpaced desktop sales at retail stores for the first
time, according to San Diego-based Current Analysis.

A broadband connection coupled with a wireless router allows consumers
to set up a home office at the dining-room table or outside by the
pool. But that cordless convenience could carry a heavy price.

Roughly two out of every three wireless signals are left unencrypted,
according to Internet security experts, which means anyone with a
laptop and a $20 wireless card could tap into an unsecured signal to
surf Web sites or check e-mail.


Some might take it further.

A small subset of computer-savvy hackers has the know-how and gadgets
for more nefarious activities.

Through an open wireless connection, a criminally minded hacker could
commit virtual identity theft by accessing your computer files,
sending spam, stealing your credit-card numbers, even trading child
pornography.

Even worse, whoever owns the wireless network could be held liable,
said Sacramento County Sheriff's Lt. Bob Lozito of the Sacramento
Valley Hi-Tech Crimes Task Force.

"If they're doing these things under your identity, it comes back to
you," Lozito said.

The mobile nature of these crimes makes them hard to trace.

"We suspect it's happening much more often than it's being reported,"  
Lozito said.

Convicting hackers is even more problematic, though there are
exceptions.

One well-known case involved a Lowe's home-improvement store in
Southfield, Mich. Two young hackers parked outside, tapped into the
store's unsecured wireless network and stole credit-card numbers. They
were convicted on federal charges of computer intrusions, damage and
fraud.

Last month in Elk Grove, a high-school student faced eight felony
computer-theft charges for allegedly hacking into his school's
computer system and changing his grades.

When police searched his home, they found aluminum-lined, cylindrical
potato-chip containers that some hackers use as crude antennas to help
them intercept wireless signals.

Known as "cantennas," they consist of a Pringles can and some hardware
worth $5 to $10 but can be used to amplify a wireless signal several
miles away.

"They're unsophisticated but reliable, and it's illegal to possess
them," said Lozito of the Hi-Tech Crimes Task Force.

It's also illegal to access wireless networks that aren't public. In
other words, if you've ever been pleasantly surprised to open your
laptop, pull up your browser and have Internet access, that likely
means you've just intruded into someone else's unsecured network — and
really aren't allowed to be there.

The solution: People should encrypt their signal, says Bret McDanel, a
freelance security consultant.

"Most people pull a new computer out of the box, plug it in and if it
works, they're done," McDanel said.

The problem: Most computer and wireless router security features are
off by default, and it's up to the consumer to enable them.

[...]