Yesterday's radio news carried this BBC story about two arrests in Worcestershire for theft of network access. Two individuals, in separate incidents, were apparently seen using laptops in parked cars, and subsequently cautioned for the offence of 'dishonestly obtaining electronic communication services with intent to avoid payment'.
I know there are some householders who see this as a 'victimless' activity, and who are happy to leave their wireless access points open for others to access. In some cases I'm sure it is a harmless and indeed neighbourly thing to do... but it's worth reflecting for a moment on some of the other possibilities this opens up.
At the root of it is the fact that this is a form of identity theft. Insofar as the person using your wireless connection can be identified, the most damning details are:
- your IP address, and thus
- your ISP and
- your home address.
The only thing which might identify the user as someone other than you is the MAC address (probably fake) of their wireless adapter.
Given access, they might make use of it to:
- access illegal sites;
- dispatch viruses/trojans;
- send spam;
- communicate anonymously, perhaps to organise criminal activities.
Obviously, not every open wireless connection is bound to end up being abused in this way, but the risk is there and deserves to be considered. The risk assessment also needs to take into account the relative simplicity of protecting your access point with at least basic measures. The three most obvious are:
- Change the default password on your firewall/router! It's no use taking steps two and three below, if a hacker can simply log on to your access point and undo your good work;
- turn on WEP* WPA or other equivalent link encryption between the access point and the clients;
- enable MAC address filtering, to exclude all but those machines you explicitly list.
These measures, just like fitting a burglar alarm or locking your car, don't guarantee protection, but might deter an opportunist attacker.
One other note if you use MAC address filtering: for goodness' sake remember that you're using it. Otherwise the next time you attach a new machine to your wireless LAN, you might spend hours trying to work out why on earth the damn thing won't connect, debugging the network connection with mounting frustration, before finally twigging that you need to add its MAC address to the 'allowed' list. Or so I am told ;^)
*See comments below...
![[RSS Newsfeed]](/themes/sotto/images/valid-rss.png)
![[This is a Roller site]](/themes/sotto/images/roller-logo.gif){kind=logo}