Archive

Posts Tagged ‘Computers’

Wireless Network Cracking on the Rise. How Safe Are You?

May 28th, 2009 No comments

   A show of hands. How many of you use a wireless Internet connection at home? Now, how many of you monitor who is on your network? Sure, you have it password protected so it must be safe right? Wrong! What if I told you that some stranger could be “borrowing” your Internet connection right along side of you and most likely you are completely unaware of it. Well, it’s true. If you have a wireless network, chances are a hacker has, at one time or another, already logged on to your network or is right now borrowing your bandwidth. How can this be? Why should I care? and, How can I protect myself? Well, I’m glad you asked.

   Most Wi-Fi routers out of the box are defaulted to run a security protocol named “WEP.” WEP stands for Wired Equivalent Privacy, but you don’t need to know that though. WEP is an encryption scheme that takes your password and converts it to a 8 or 16 character encrypted key (64 bit and 128 bit keys respectively, but you don’t need to know that either). Basically, it converts your spiffy password into a bunch of seemingly random numbers and letters. When you try to log onto the network you’ll need to provide this key or else you will be refused access. Most computer operating systems will remember your key once you have entered it so after the initial log on, you probably won’t be asked for it again but rest assured the key is being passed to the router to gain access each time you log on.

   How long might it take someone to guess every possible combination of numbers and letters of a 64 bit (8 character) WEP key? Mathematicians might say 200+ days would be needed with your average laptop computer running 24/7. That makes you feel all warm and safe doesn’t it? I mean who is going to sit there and run a laptop for 200 days just to get Internet access? Right?

   Enter the wonderful world of Wi-Fi cracking. Software developed over the past few years can now crack your WEP key in just a few minutes.

Video of Wi-Fi network being compromised in less than 90 seconds

   The danger of this is that if you’re not watching who’s logging onto your network, a hacker could gain access and start downloading kiddie porn, sharing bootleg music or sending spam, all from your network. Now, when law enforcement checks to see who the culprit is and traces it back to your Internet provider, your Internet provider will handily give them YOUR name and address. Maybe you recall the grandmother who got sued by the RIAA for downloading music when, in fact, she had not? Surprise!

   A Wi-Fi trespasser might employ such things as a high power network card in order to boost the range of their computer. Still others might use a high gain antenna capable of capturing the Wi-Fi signals of an entire neighborhood. Some use both.

yagi-stick

Sample of a homemade high gain Yagi stick type antenna which is used to increase the Wi-Fi area being scanned.

   It gets worse. There are some who actually drive around neighborhoods with mobile laptop computers and car mounted antennas scanning for wireless networks in what is called Wardriving and then uploading their findings to websites like WiGLE.net (Wireless Geographic Logging Engine) for all to see.

wardriving-map

Sample of wardriving map generated by a popular software program. Green represents completely open networks (no password required) while Red represents password protected networks. The circles represent the individual coverage area of a specific network.

   Scary huh? But all is not lost. We’ll give you three easy steps to help make your network more secure.

   Step 1. Install some network monitoring software on your computer. This will notify you when somone logs onto your network — friend or foe. AirSnare is one such product and best of all, its free! It runs seamlessly in the background and can give you an audible alert when any unauthorized computer accesses your network.

   Step 2. While we discussed how easy it is to crack your WEP key, many newer routers offer the more secure WPA encryption method. WPA stands for Wi-Fi Protected Access, but you don’t need to know that either. WPA is much harder to crack than its predecessor WEP. WPA allows for you to use a regular type password such as “Mary’s Computer.” With WPA, the cracker will usually only perform a dictionary attack on your network, i.e., comparing your password to every word in the dictionary, which takes time and will only be successful if your password is a common word or phrase. For this reason, you want to pick a password consisting of both numbers and letters. To add even more strength to your password, throw in some irregular characters like the # sign or the @ symbol together with the use of upper and lower case letters. By going this route, the cracker would have to perform an attack using every conceivable number and letter combination starting at AA, A1, AB, A2 and working its way through ZZZZZZZZZZZ for example. Unless the cracker is specifically targeting your computer out of some personal motivation, chances are that he’ll move on to easier pickings, like your neighbor next door using WEP, rather than the days, weeks and even years it might take him to successfully crack your WPA password.

   Step 3. If you pass any kind of sensitive data over your network, i.e., financial reports for work, credit card transactions, etc., then change your Wi-Fi password often. Even if you don’t do any kind of sensitive work, don’t be afraid to change your password on a regular basis. This goes for both WEP and WPA. This will help ensure that your network remains safe and it beats having to explain to your neighbors why the FBI kicked in your door at 5 a.m. and led you away in handcuffs announcing they’ve captured the porn king when that title rightfully belongs to the teenage cracker next door.

css.php