[ISN] Hey Neighbor, Stop Piggybacking on My Wireless

InfoSec News isn at c4i.org
Mon Mar 6 05:31:12 EST 2006


March 5, 2006

For a while, the wireless Internet connection Christine and Randy
Brodeur installed last year seemed perfect. They were able to sit in
their sunny Los Angeles backyard working on their laptop computers.

But they soon began noticing that their high-speed Internet access had
become as slow as rush-hour traffic on the 405 freeway.

"I didn't know whether to blame it on the Santa Ana winds or what,"  
recalled Mrs. Brodeur, the chief executive of Socket Media, a
marketing and public relations agency.

The "what" turned out to be neighbors who had tapped into their
system. The additional online traffic nearly choked out the Brodeurs,
who pay a $40 monthly fee for their Internet service, slowing their
access until it was practically unusable.

Piggybacking, the usually unauthorized tapping into someone else's
wireless Internet connection, is no longer the exclusive domain of
pilfering computer geeks or shady hackers cruising for unguarded
networks. Ordinarily upstanding people are tapping in. As they do, new
sets of Internet behaviors are creeping into America's popular

"I don't think it's stealing," said Edwin Caroso, a 21-year-old
student at Miami Dade College, echoing an often-heard sentiment.

"I always find people out there who aren't protecting their
connection, so I just feel free to go ahead and use it," Mr. Caroso
said. He added that he tapped into a stranger's network mainly for Web
surfing, keeping up with e-mail, text chatting with friends in foreign
countries and doing homework.

Many who piggyback say the practice does not feel like theft because
it does not seem to take anything away from anyone. One occasional
piggybacker recently compared it to "reading the newspaper over
someone's shoulder."

Piggybacking, makers of wireless routers say, is increasingly an issue
for people who live in densely populated areas like New York City or
Chicago, or for anyone clustered in apartment buildings in which Wi-Fi
radio waves, with an average range of about 200 feet, can easily bleed
through walls, floors and ceilings. Large hotels that offer the
service have become bubbling brooks of free access that spill out into
nearby homes and restaurants.

"Wi-Fi is in the air, and it is a very low curb, if you will, to step
up and use it," said Mike Wolf of ABI Research, a high-technology
market research company in Oyster Bay, N.Y.

This is especially true, Mr. Wolf said, because so many users do not
bother to secure their networks with passwords or encryption programs.  
The programs are usually shipped with customers' wireless routers,
devices that plug into an Internet connection and make access to it
wireless. Many home network owners admit that they are oblivious to

Some, like Marla Edwards, who think they have locked intruders out of
their networks, learn otherwise. Ms. Edwards, a junior at Baruch
College in New York, said her husband recently discovered that their
home network was not secure after a visiting friend with a laptop
easily hopped on.

"There's no gauge, no measuring device that says 48 people are using
your access," Ms. Edwards said.

When Mr. Wolf turns on his computer in his suburban Seattle home, he
regularly sees on his screen a list of two or three wireless networks
that do not belong to him but are nonetheless available for use. Mr.  
Wolf uses his own wired network at home, but he says he has
piggybacked onto someone else's wireless network when traveling.

"On a family vacation this summer we needed to get access," Mr. Wolf
recalled, explaining that his father, who took along his laptop,
needed to send an e-mail message to his boss on the East Coast from
Ocean Shores, Wash.. "I said, 'O.K., let's drive around the beach with
the window open.' We found a signal, and the owner of the network was
none the wiser," Mr. Wolf said. "It took about five minutes."

Jonathan Bettino, a senior product marketing manager for the Belkin
Corporation, a major maker of wireless network routers based in
Compton, Calif., said home-based wireless networks were becoming a way
of life. Unless locking out unauthorized users becomes commonplace,
piggybacking is likely to increase, too.

Last year, Mr. Bettino said, there were more than 44 million broadband
networks among the more than 100 million households in the United
States. Of that number, 16.2 million are expected to be wireless by
the end of this year. In 2003, 3.9 million households had wireless
access to the Internet, he said.

Humphrey Cheung, the editor of a technology Web site,
tomshardware.com, measured how plentiful open wireless networks have
become. In April 2004, he and some colleagues flew two single-engine
airplanes over metropolitan Los Angeles with two wireless laptops.

The project logged more than 4,500 wireless networks, with only about
30 percent of them encrypted to lock out outsiders, Mr. Cheung said.

"Most people just plug the thing in," he said of those who buy
wireless routers. "Ninety percent of the time it works. You stop at
that point and don't bother to turn on its security."

Martha Liliana Ramirez, who lives in Miami, said she had not thought
much about securing her $100-a-month Internet connection until
recently. Last August, Ms. Ramirez, 31, a real estate agent,
discovered a man camped outside her condominium with a laptop pointed
at her building.

When Ms. Ramirez asked the man what he was doing, he said he was
stealing a wireless Internet connection because he did not have one at
home. She was amused but later had an unsettling thought: "Oh my God.  
He could be stealing my signal."

Yet some six months later, Ms. Ramirez still has not secured her

Beth Freeman, who lives in Chicago, has her own Internet access, but
it is not wireless. Mostly for the convenience of using the Internet
anywhere in her apartment, Ms. Freeman, 58, said that for the last six
months she has been using a wireless network a friend showed her how
to tap into.

"I feel sort of bad about it, but I do it anyway," Ms. Freeman said
her of Internet indiscretions. "It just seems harmless."

And if she ever gets caught?

"I'm a grandmother," Ms. Freeman said. "They're not going to yell at
an old lady. I'll just play the dumb card."

David Cole, director of product management for Symantec Security
Response, a unit of Symantec, a maker of computer security software,
said consumers should understand that an open wireless network invites
greater vulnerabilities than just a stampede of "freeloading

He said savvy users could piggyback into unprotected computers to peer
into files containing sensitive financial and personal information,
release malicious viruses and worms that could do irreparable damage,
or use the computer as a launching pad for identity theft or the
uploading and downloading of child pornography.

"The best case is that you end up giving a neighbor a free ride," Mr.  
Cole said. "The worst case is that someone can destroy your computer,
take your files and do some really nefarious things with your network
that gets you dragged into court."

Mr. Cole said Symantec and other companies had created software that
could not only lock out most network intruders but also protect
computers and their content if an intruder managed to gain access.

Some users say they have protected their computers but have decided to
keep their networks open as a passive protest of what they consider
the exorbitant cost of Internet access.

"I'm sticking it to the man," said Elaine Ball, an Internet subscriber
who lives in Chicago. She complained that she paid $65 a month for
Internet access until she recently switched to a $20-a-month promotion
plan that would go up to $45 a month after the first three months.

"I open up my network, leave it wide open for anyone to jump on," Ms.  
Ball said.

For the Brodeurs in Los Angeles, a close reading of their network's
manual helped them to finally encrypt their network. The Brodeurs told
their neighbors that the network belonged to them and not to the
neighborhood. While apologetic, some neighbors still wanted access to

"Some of them asked me, 'Could we pay?' But we didn't want to go into
the Internet service provider business," Mrs. Brodeur said. "We gave
some weird story about the network imposing some sort of lockdown

Andrea Zarate contributed reporting from Miami for this article, and
Gretchen Ruethling from Chicago.

More information about the ISN mailing list