Local Reporters Just Can't Get Enough Of The WiFi Fear Mongering
from the again? dept
Over the last few years, we've seen time after time after time when local news reporters would put up an article about this big scary fear called "war driving." Of course, in almost every one of those cases, the reports are overblown or get the facts wrong. You would think, after so many of those over the years that enough people would be clued in not to write another one. No such luck. Broadband Reports points us to an article a local news report in Utah, whipping up fear about the evils of those crazy war drivers. Unfortunately, this article is again a bit short on the facts. While it's true that people can get on your network, the amount of damage they can do really depends on how you have your system set up and what you do online. The article, of course, claims that anyone who gets on your network can see everything you do, including getting access to account numbers and passwords. That would be true if you used sites that didn't encrypt that information -- but those are pretty difficult to find these days (and sites that don't encrypt, probably aren't very important). The article then pulls out the favorite line about how those war drivers might be surfing child porn on your network and "there's no way to prove it wasn't you." While there is some debate over liability if someone else does something illegal on your network, it would seem that there's a pretty damn good way to prove it wasn't you: you won't have any child porn on your computers. Considering it's a criminal charge, it would be up to the FBI to prove that you did it -- and without any additional evidence, combined with an open WiFi network, it's hard to see how they would have the evidence to support such an accusation, because it wouldn't be true. That doesn't mean you shouldn't understand the security implications of using WiFi. Securing your network usually does make sense. However, fear mongering reports that get the facts wrong don't do anyone any good.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
What Good Is It?
[ link to this | view in chronology ]
Re: What Good Is It?
On my last run from Boston to Providence (via back roads and state highways) I picked up over 200 access points on a low powered rig (iPaq on dashboard, no external antenna), less than a third with any encryption. Since there are many businesses in the area that percentage skews higher than most residential areas.
Of the ten wireless networks on my street, only one (besides mine) has encryption- and only WEP at that. WEP is so broken it is pathetic, WPA-PSK is subject to offline attack and can be beaten, and now there is work being done to port the WPA-PSK attacks to WPA2.
As far as available bandwidth, even a low powered card hitting a Linksys WTR54G will give decent performance in residential settings. For better performance, there are planty of 200mw cards available, hook one of those up with an external antenna and the performance rivals sitting in the living room.
[ link to this | view in chronology ]
Re: What Good Is It?
[ link to this | view in chronology ]
Re: What Good Is It?
[ link to this | view in chronology ]
To put it a better way...
But why not, the less ignorant know the truth, and a techie who lost his job to outsourcing can always make a lucrative living off of the purchasing recourse of such news reports. The masses would rather pay to feel protected than learn whether they should fear in the first place. That’s Awesome... if you’re a capitalist.
[ link to this | view in chronology ]
Wardriving is not a crime!
Wardrivers are people who drive around with laptops and GPS devices for the sole purpose of logging the location of any wifi networks they identify.
I bet the reporter would be shocked to hear what
what Tom Grasso of the FBI had to say about wardriving : http://tv.seattlewireless.net/january/january2004.html
There are many useful purposes for wardriving that the public can benefit from. For example www.placelab.org provides software to identify your location using your wifi card and that so called "evil" data collected by wardrivers.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
War Driving for Porn?
Solution - don't rely on WEP or WPA alone to secure your wireless network. Add Radius Authentication or require a VPN tunnel to complete the connection. Just my two cents
[ link to this | view in chronology ]
Re: War Driving for Porn?
Eventually the charges were withdrawn...$7000 dollars later!
The worst part is, I found out that due to the nature of the charge I will remain on file with the police FOREVER.
So, my advice is that the media should go ahead and scare the crap out of wireless users until the manufacturers start putting these devices on the street with encryption turned on and a "ARE YOU REALLY REALLY REALLY SURE?!?!" messege when you want to turn it off.
[ link to this | view in chronology ]
I unfortunately have to disagree
The article is correct in its position that your internet activities are relatively safe since keylogging software, etc. is mostly defunct with antivirus/spyware being on most people's computers but its what is on your computer that can do the most damage.
Mathew Schlabaugh says " It is rare to find an unprotected wireless network that the granny next door set up although it does happen on occasion. " You are right, I seriously doubt the granny next door setup her network but somebody did. In fact, in my neighborhood in a city of about 300K citizens the local telco (rhymes with Horizon) was giving away wireless routers with their DSL service. They would install them for you (wireless on, encryption off). Now Mathew Schlabaugh is pretty safe in Montana where you can't get closer than 150ft but in my suburban neighborhood you can get within about 30ft easily without suspicion.
And here is my point. I was able to show to my Average Joe neighbor that not only could I surf his internet connection from my laptop with a decent signal but that I was able to copy off his QuickBooks file to my computer (which was not password-protected). My average joe neighbor had an average joe internet connection an average joe network setup an average joe 6 month old Windows XP Dell computer and I was not only able to get on his network but have access to quite a bit of his financial information
I then showed him that 6 of the 8 networks I could detect around my house were unencrypted and this isn't just my neighborhood it's my in-laws and it's my parents and we all live in 3 very different parts of the city.
[ link to this | view in chronology ]
After recent stories about government domestic spying, I think I'll start using my laptop and one of these unprotected routers when I post comments here or at the many left-wing blogs I frequent.
[ link to this | view in chronology ]
Fear == Ratings
[ link to this | view in chronology ]
Real Dangers
[ link to this | view in chronology ]
Local hysteria re: wifi access
[ link to this | view in chronology ]
Education stems from fear
At one time we were all newbies, and something happened or we were told something that led us beyond just being a novice user {newbie} who saw the internet and a PC as no more than an appliance. We now see them as the powerful tools that they are and we spend endless hours trying to make them do more than we thought they cold do.
Will these "scare tactics" work for all viewers/readers? No. But if even one person with an open wireless network gets the message to at least try to close holes, it's worth it.
My Opinion, feel free to disagree. (no spell checkers or grammar comments please)
By the way, isn't the safest, fastest and easiest way to secure a wireless network to use MAC filters?
I use an encryption like WEP or WPA or WPA2 etc.., but that only covers my connection to the hub, router etc.. A MAC filter will only allow "me" to access the router regardless of the other security settings. Doesn't that remove the "someone else was looking for porn on my connection" scenario?
That's a bit more than 2 cents worth, but keep the change if you need it.
[ link to this | view in chronology ]
Working with City-Wide WiFi
Anyway, I have worked for a company out in California who offers city-wide WiFi using 802.11 technology that can be accessed up to 15miles away, and I currently work for a company in Utah using MMDS technology where service can be accessed from 25miles. The only way either of these systems might come under attack, to where someone would gain critical information, is if they understood everything in the architecture. People with this skill set aren't usualy interested in your personal data. More or less these people have a goal, usualy to expose or cause an inconvience to a company or agency they view to be in bad taste. What's at risk are businesses with unsecured networks. The average home user only has to fear loosing bandwith from the kid leeching from next door.
The media, who's business model is fear mongering, cares for ratings, so they'll say anything to keep you watching. Just like with the Bird Flu reports, these are no different. They take 1 sliver of truth, throw in a forest of editing, and you get the obscured story.
[ link to this | view in chronology ]
Edit to statements
[ link to this | view in chronology ]
Get a firewall, get a good AV (antivirus) and don't do anything stupid like putting your router password on your neighbors doors. You should be fine.
[ link to this | view in chronology ]
Who Benefits?
[ link to this | view in chronology ]
I then continued to attempt to log in to all open routers, change the password(if it was still default), and eneble some form of encryption, just so they go nuts not knowing what happened. Turns out, one of them I couldn't get at all, 6 of them still had the default passwords, the other two, I either couldn,t figure out the default passsword, or it may have been changed.Now I make a habit of regularly messing with unsecured networks in this fashion.
[ link to this | view in chronology ]
The kiddie porn is a MUCH BIGGER deal than you mak
So as long as you have your door kicked in by police at 0600 on a Sunday while your neighbors gather on their lawns watching your computers being seized, forensics teams going in and out, and you being marched in bracelets out to a van - it's all fine. Just so you're acquitted, right? They couldn't prove it, so you're acquitted 6 months later, bankrupt and not welcome at your kid's school. Your neighbors don't speak and the in-law's aren't sure about you even being around their grandchild. But you were "innocent". Wait a minute: There's no finding of "innocent" - you just weren 't convicted. You got off just like O.J. Simpson.
Sure; no biggie.
Sometimes the charge IS the sentence.
[ link to this | view in chronology ]
That's actually true. If you can get on a subnet, you can sniff all the traffic with ARP poisoining. Look up man-in-the-middle attacks.
[ link to this | view in chronology ]
Som big companies still don't encrypt
[ link to this | view in chronology ]
[ link to this | view in chronology ]
RE: What Good Is It?
Chris is right on with:
"Yes, as this article states people can get into your wifi network when it's unsecured. Easiest way around this is WEP, better way is MAC filtering, best way is to not broadcast your SSID, enable WEP and MAC filtering"
and
"What's at risk are businesses with unsecured networks."
Sneaky illustrates the true danger with:
"I like to have a little fun with these idiots who just buy the router and plug it in."
I think the moral of the story is:
Read the manual and don't forget to secure your wireless network...
[ link to this | view in chronology ]