Who Are the Snoopers? | Absolute Beginners Guide to Security, Spam, Spyware & Viruses

If it's easy to access a wireless network, who's snooping? Well, there are a few types of interlopers. Generically, I call them wireless network snoops , but they come in three basic varieties.

Wardrivers

Wi-Fi is such a huge phenomenon that all you have to do is drive down a city street with a Wi-Fi enabled laptop to pick up dozens of open Wi-Fi networks. Approximately 40%60% of all wireless routers are unprotected by security measures.

These wireless networks make geeks curious . They can't resist probing them, poking them, and sampling them a bit. These geeks are kind of like kids around a bowl of cake icing. Most just sneakily sample a little bit of the wireless offering and move on. The problem is that more nefarious geeks take it too far. These are the people that when they were kids would steal the icing bowl, lick it clean, and wear it as a hat. They are the ones you should be concerned about.

The practice of probing wireless networks is called wardriving . All wardrivers need is a car, a Wi-Fi laptop, a snooping program downloaded from the Internet (see Figure 6.3), and optionally an upgrade antenna. Sometimes these are made out of cylindrical potato chip cans.

Figure 6.3. Network Stumbler is a free program that can be used to electronically sniff out Wi-Fi networks.

Wardrivers also sometimes use Global Positioning System (GPS) receivers to register the exact geographical location of an open Wi-Fi network. These coordinates are cataloged and sometimes published to the Web so others can locate the open networks when they need to connect to the Internet.

How Wardrivers Operate

Want to see what wardrivers see? If you live in a well- populated urban area, there are probably at least half a dozen Wi-Fi networks detectable right where you sit. If you live in an apartment building, there might be dozens. I once opened my laptop in an apartment in one of those clusters of high-rise apartments and detected 23 Wi-Fi networks.

Now, I am not advocating that you engage in wardriving practices. Trespassing on networks you do not own is illegal in Canada and the United States and likely other jurisdictions. However, I want you to know how easy it is to do it. Here's the fail safe: If you don't actually connect to the wireless network, you're not doing anything wrong.

That said, here's how to peek at the networks near you:

Wardriving is a modification of the term wardialing , a technique used by hackers to repeatedly dial phone numbers looking for computers they can potentially break into. The term was introduced in the 1983 movie War Games . In it, Matthew Broderick's teenage character programmed his computer to dial phone numbers sequentially, seeking other computers.

1.	First you need a Wi-Fienabled computer. Most laptops are Wi-Fienabled today, so if yours is fairly new, you probably already have the capability.
2.	You might need to turn Wi-Fi on with a switch. Some laptops have a slider that needs to be switched on to turn on the wireless capability.
3.	Look for a little icon (a tiny picture) that looks like a screen with radio waves emitting from the right side of it. You'll find this in your System Tray on the bottom right of your Windows XP screen. Windows 95, 98, and Me need an add-on Wi-Fi program to do this.
4.	Double-click on the icon and the Wireless Network Connection Status box appears. Click on the View Wireless Networks button (see Figure 6.4).
5.	The Wireless Network Connection box appears, listing all the wireless networks that can be detected by your wireless computer (see Figure 6.5). Next to the name of each network is the signal strength.
6.	If the network has security measures, a little lock icon appears next to it and its security status appears below its name (see Figure 6.6).

Figure 6.4. In the Wireless Network Connection Status box, click View Wireless Networks to see what Wi-Fi networks are available to connect to.

Tip

Warchalking is the practice of tagging pavement near an open Wi-Fi network to alert others that wireless access is available at that location.

Figure 6.5. The Wireless Network Connection box contains a list of the Wi-Fi networks detected by your computer that you might be able to access.

Figure 6.6. A lock next to the Wi-Fi entry means the router has wireless security measures turned on.

Bandwidth Bandits

The most likely damage you can expect to your wireless home network is not really damage, but more of an inconvenience: People will steal your bandwidth.

Caution

In many jurisdictions around the worldincluding the United States and Canadaaccessing a network without its owner's permission is illegal.

Bandwidth is your Internet connection's capacity to carry data. In plumbing terms, bandwidth would be the diameter of the pipe that carries water through your house. This is not to be confused with bumwidth, which is the mathematical capacity for a plumber's pants to ride down based on the girth of his belly.

If you notice a slowdown on your Internet connection, it could be because a bandwidth bandit is accessing your network and sharing your bandwidth.

Because wireless connections are possible up to 300 feet from the Wi-Fi router, it's easy for someone outside your home to log on to your Wi-Fi connection, access the Internet, and get her email or surf the Web without your permission. By doing this, she is stealing your bandwidth.

Caution

In the contract you have with your Internet provider, there is likely a clause that sets a ceiling on the amount of bandwidth you can use before being billed extra. This is probably more than you would ever use yourself. But if hordes of bandwidth bandits use your wireless connection, you could find yourself going over the limit and being surcharged or having your service cancelled.

If you live above or very close to a coffee joint, bus station, or any place where people with laptops might gather, I can guarantee that the local bandwidth bandits love you and are happily using your open Wi-Fi Internet connection.

Long ago, before I wrote fun books like this, I commuted to work on a train into Toronto. (I also put pants on before noon and shaved daily.) When the train stopped at a station on the way, I'd pick up a local Wi-Fi signal for a minute or so. This was long enough to download my email. Many of the people around me did the same with their laptops. If the person who owned the connection was trying to surf the Internet when the train pulled in, he'd see his Internet service slow drastically until all us bandwidth bandits disappeared out of range as the train pulled out of the station again.

Don't Get Wi-Phished

A new phenomenon called Wi-Phishing is hooking bandwidth bandits.

Bad guys are setting up wide open Wi-Fi routers to lure bandwidth bandits to connect. When they do, all the data the victim sends and receives over the rogue wireless connection is captured.

If it's credit card, banking, or personal information, the Wi-Phisher steals it and rips the bandwidth bandit off.

This practice is rare and perpetrated by small time crooks, but if it pays off, it could become a bigger threat.

A tip here: If you borrow someone's connection, do not send sensitive data with it. Someone could be watching.

To learn more about phishing in general, see Chapter 4, "Identity Thieves and Phishers: Protect Your Good Name and Bank Account."

Wireless Hackers

Perhaps the most insidious wireless network snoopsbesides pantless book writersare criminally minded people who are out to hack onto your network and steal your banking access information, identity, or other valuable data on your home network. Although these people are rare, they are also the most dangerous type of wireless network snoop.

If you work for a big corporation, these people might also be able to get onto your wireless network and access a computer that has security access to your company's network. If you have access to a virtual private network (VPN)a secure connection which you use to access your company's servers from homeyou are at risk.

A VPN uses the public Internet to tunnel like an electronic gopher across the public Internet into the company's network. The data that runs through this digital tunnel is protected from snoops because the data is scrambled. However, a wireless snoop can make his way onto your computer, access the open end of this electronic tunnel, and march down it into your company's network.