Wednesday, July 06, 2005

Be Afraid! Evil Hackers Everywhere!

So, I just finished reading this article about the new type of evil Wi-Fi hacker: the wardriver. Frankly, this article is garbage. Wardriving has been around for quite a while now. I think I first heard the term about 5 years ago. The article is filled with fear-inducing references to kiddie porn, fraud, and bank account theft. Mix that in with a few high-level details about wireless networks and you have an insightful technology article, right? Wrong.

The article gives no useful advice on security. Just a bunch of worst-case scenarios. Here's some simple advice for those of you concerned about these security issues. Use common sense!! Would you go to a coffee shop, call up your bank on a cell phone, and say (in a very loud voice where everyone can hear), "Yes, my account number is XXXXXX and my social security number is 999-99-9999." Of course not. You don't want to share private information like that. Similarly, if you're using a public network, you shouldn't even consider doing anything that you would worry about other people listening in to. You never know who is looking at the laptop screen over your shoulder.

Here's some advice for security at home. First, secure your wireless router. The instructions are in the box. They are easy to follow. If you don't, you are broadcasting everything related to any web site you are access. That include usernames, passwords, bank account numbers, etc. So secure your wireless. Or, when you're doing something where you really want more security, disable your wireless and connect through an ethernet cord. Or, if you want 100% security, don't do anything on the computer at all. There will always be a trade off between security and convenience. Accept that and move on. Securing and encrypting your wireless is probably good enough for most people.

The article above mentions Benjamin Smith III, who was parked in his Chevy Blazer outside Richard Dinon's home, "hacking" into Dinon's (open and public) wireless network. First, there was no hacking. Hacking involves bypassing security mechanisms. So how can it be hacking if there were no security mechanisms? The absolute worst part of this article is the end:

It remains unclear what Smith was using the Wi-Fi for, to surf, play online video games, send e-mail to his grandmother, or something more nefarious. Prosecutors declined to comment, and Smith could not be reached.

"I'm mainly worried about what the guy may have uploaded or downloaded, like kiddie porn," Dinon said. "But I'll probably never know."

All we know for sure is that Smith accessed the network. Now, through the inclusion of this last quote, Smith is cast as a possible kiddie porn peddler. This is sloppy reporting, getting close to slander.

Now, on to wireless networks for a real discussion. Wireless routers generally come setup for public access. I.e., if you buy a router and plug it in, anyone can access your network. The responsibility is yours to turn on the security mechanisms. Smith has been charged with unauthorized access to a computer network, a third-degree felony. However, Dinon had kept his router set to the public settings. So, if you advertise your network as being public, how can someone take "unauthorized access?" Dinon knew how to turn on the security features of his router, but chose not to do so. "I never did it because my neighbors are older." He, Dinon, is the one at fault. If he wanted to give his neighbors access but not others (such as Smith), he should have turned on the features, then talked to his neighbors. It is absolutely not reasonable to label the network as public then complain because the public uses it.

My favorite gem from this article, though, comes from Kena Lewis, spokeswoman for Bright House Networks in Orlando: "It's no different if I went out and bought a Microsoft program and started sharing it with everyone in my apartment. It's theft." This is describing the wardriver who latches onto someone else's network. The only problem is that the analogy does not apply. The person buying the Microsoft program and sharing it is the person not securing their wireless network, not the wardrivers. Let's borrow the RIAA's lawyers with their strong arm tactics. These owners of wireless networks are hardcore pirates who need to be threatened with tens of thousands of dollars in fines!!

Another false analogy I've seen in other places has been that your wireless network is private property. I wouldn't just walk in to your house and eat your food if you left the front door unlocked, would I? Then what right do I have to use your broadband connection? The problem with this analogy is the boundary. For me to eat the food in your kitchen, I have to cross the threshold of your property line. I have to enter your door. For me to access your wireless network to surf the web, all I have to do is sit on my couch. I.e., your network is encroaching on my living space. If you have an apple tree that crosses our property lines and it drops apples on my property, do you have the right to forbid me from eating those apples? I can't imagine there's a court anywhere that would convict me of theft for those apples. So how could it be different for wireless?

John Dvorak, a famous tech writer if you don't know him, has a great article discussing this issue. His view: "We must put the burden of responsibility on the broadcaster, not the end user. It has to be made clear that people sending open connections all over town should be responsible for them." I couldn't agree more.


At 10:00 PM, Anonymous Marissa said...

Actually... you'd probably be surprised about the apples from the tree! (Plus, that's actually a frequently-used analogy for tax law, of all things, but that's neither here nor there, really.) Legal nitpicking aside (which I must request forgiveness for, but hey, I spent the past couple of years being trained for that, haha) I totally agree. Loved the commentary--as usual.


Post a Comment

<< Home