Monday, June 25, 2012

Can I Have Your Bank Account Information?

When was the last time you handed your house keys to a total stranger? Have you ever displayed a sign in your window listing all of your banking information? Most of us are going to think that these questions are pretty silly, but you may be doing the digital equivalent right now. If you are running an open wireless network any information that travels over that network is free for the taking. You also run the risk of somebody gaining access to your network and forcing their way into the computers connected to that network. As unlikely as these risks may seem, the number of cases of these things occurring is growing rapidly. You could go shopping and leave the keys in the ignition of your car while you're in the store, and your car would probably still be parked where you left it when you come back out. The question becomes, why risk it?
Putting a password on your network does more than just prevent people from getting on the Internet using your bandwidth. It also encrypts all of the information that travels over that network. This means that nobody can access that information without knowing the code, and they don't have access to the code without knowing the password. Of course there are differing levels of encryption, which will protect your information to different degrees. In the early days of wireless WEP was the standard. Unfortunately, it proved easy to defeat. There was a scramble to find a better encryption standard, but a patch was needed to give people protection in the mean time. WPA was released to be that patch. Once the new standard was decided upon it was released as WPA2. Any equipment built from 2005 on should be able to handle all three standards. The question is, how much security is needed? Well, let's put this all in perspective. WEP would be the equivalent of a lock on a screen door, it will keep out people that are just looking to steal some bandwidth but anybody with malicious intentions won't even be slowed down. WPA would be like closing and locking out all of your doors and windows, it should be enough of a deterrent to stop most small time crooks. WPA2 would be like adding an alarm system, some closed circuit cameras and maybe a guard dog or two. Is it possible to defeat? Sure, but somebody would have to really know what they're doing and really want to get in. They're more likely to move along and look for easier prey.
All of this may seem like a lot of bother, and besides how likely is it that somebody is going to come along and try to steal your information? There are a couple of recent cases which indicate that not only is this possibility plausible, but the consequences can be pretty extreme.
There was a case in Buffalo, NY in which federal agents stormed a family's home with assault weapons drawn and seized all of their computer equipment. The husband in this case was accused of downloading and distributing child pornography. The agents had traced the files to the family's Internet Provider, who provided them with an address. It was later found out that there was actually a neighbor tapping into their unprotected wireless network in order to commit these crimes. This information wasn't found out for three days however. In the meantime, the family was being barraged with questions and accusations, not to mention the embarrassment of being arrested for child pornography. In another case in Sarasota, FL a man parked his boat in a marina and scanned for unencrypted wireless networks. He found one in a nearby building, logged on and proceeded to download over 10 million images of child pornography. The results were the same, with the owner of the network having his home stormed by the police. There is a case currently pending in New York in which a man running an unencrypted network is being sued for illegally downloading movies. He claims that somebody must have logged onto his open network and downloaded the movies. The problem is, nobody else has been caught. While he is not being charged criminally, the movie studios are pursuing a lawsuit against him. The common thread in all of these cases is that the criminals knew that what they were doing was illegal and they didn't want the police knocking on their doors, so they simply found an unsuspecting neighbor and used their network to perform their criminal acts.
Another problem that is created with open networks is the practice of packet sniffing. As we discussed earlier, password protecting your network encrypts all of the data that is sent over that network. The flip side of this is that if you don't password protect your network, your data is being sent unencrypted. Packet sniffing is the practice of watching a network and intercepting messages that are being sent and received. Google is in the middle of a scandal in which it was revealed that their Street View vehicles engaged in packet sniffing. Google has admitted to grabbing log-in names, passwords, even entire emails while driving past unencrypted networks. Unfortunately, you don't need an advanced vehicle set up to steal information off of wireless networks. A quick YouTube search will reveal videos explaining how to get all of the equipment needed to sniff wireless networks into a backpack that can be worn while walking down the street. There is also a group of people that engage in “Wardriving”, which is driving around looking for wireless networks to infiltrate. Wardrivers will log the GPS coordinates of these networks and post them online, even going so far as to spray paint markers in front of houses that are vulnerable. While this is perceived by these groups as innocent fun, a marked network would definitely be seen as an opportunity for somebody looking to steal data.
Are any of the attacks mentioned today likely to happen? Maybe not, but just like taking your keys out of the ignition when parking your car, prevention is easy enough that there's no real reason not to protect yourself. Encrypting your network can take as little as five minutes, and it's a one-time procedure. As always, if you aren't familiar with how to configure your router seek professional help. An incorrectly configured router will leave you unable to connect to the internet to look for possible fixes. Taking these steps won't guarantee that you won't be targeted, but like locking your front door they will make you that much less appealing to somebody looking for an easy victim.

No comments:

Post a Comment