« Supertrojan? | Main | Strategy and the spotless mind »
August 18, 2005
Watch that Wi-Fi!
What with all those TV shows we've been watching and the knowledge that our computers are out to get us, it doesn't take much to move Bleeding Edge from our normal state of anxiety into total paranoia.
We were therefore horrified by a reader's email saying he believed someone had hacked into a wireless home network and used up his monthly bandwidth allowance.
The reader had just moved from BigPond's 200MB a month cable plan to the 500MB deal. On the first Sunday of the month he checked his email at lunchtime and saw three emails from BigPond. The first, at 12.35pm, told him he'd used half of his allowance. In fact, he'd used somewhat more than that - 346.63 MB, it said.
Two minutes later, another email said he'd used three-quarters of the allowance, or 476.17MB.
The third email arrived a minute later. Now 579.03MB was gone, it claimed, and his allowance was spent, with 24 days of the month to run.
Obviously, this user adopted a similar approach to our own when faced with crises of this magnitude - excess usage charges of 15 cents a megabyte: blind panic. He unplugged the modem and phoned BigPond's tech-support department and then its billing department.
He was told BigPond could not check the past two days' usage but all the internet service provider's equipment was operating normally. He'd have to pay any excess charges. They suggested asking the police to investigate.
He sought advice from Bleeding Edge on how to tighten his security.
Like most users, his security was practically nonexistent. Unlike wired networks in which people have to plug a computer into the network, anyone within about 100 metres in any direction from a wireless router or access point could leech from your download allowance.
The first thing anyone using wi-fi should do is change the default SSID (service set identifier) and default password. This reader hadn't done that.
Another option is to use MAC address locking, which limits connections only to known computers.
A third tip we picked up from a book titled Home Networking Simplified (Cisco Press) is to stop advertising the presence of your wireless network. By default, wireless routers are set up to broadcast their SSID. Once you've established all the devices on your network, it's unnecessary and, at that point, it's safer to disable that feature.
There's a good backgrounder on some newer methods of improving wi-fi security in the Windows Secrets newsletter at windowssecrets.com/comp/050714/, and Witopia offers a free wi-fi security program to personal users at www.witopia.net.
We passed on the information but we weren't satisfied that anyone had been stealing his bandwidth. He'd kept his anti-virus software up to date so it was unlikely the other potential bandwidth parasite - a Trojan communicating with a remote server - was at work. Just in case, we referred him to some free online resources. One is House Call at trendmicro.com, and the same company has recently picked up CWShredder, a free tool to deal with another possible cause of problems, the Cool Web Search browser hijacker.
We went back to those BigPond emails. They said the reader's system had downloaded 103MB in a minute. That would have been remarkable on a wired network, but at a distance over a wireless network it seemed to us impossible.
BigPond says its cable network can download data at "up to" 5Mbps (remembering that 1Mb, or megabit, is one-eighth of one MB or megabyte) so it would seem to be beyond the theoretical capacity of the network, and certainly beyond anything we've been able to wring out of BigPond cable over the years. Big Pond explained that the emails aren't sent in real time, but instead they go out at the end of a billing session. Because 500MB of the 770MB of usage occurred in the hour from 8am to 9am, the thresholds were reached in the same session, and the emails despatched at the same time.
The evidence seemed pretty conclusive. It was quite possible, given his absolute lack of security, that a neighbour could have been stealing his bandwidth. Big Pond sells wi-fi equipment, and it won't provide support for any other products. But it's more costly to take that route. There are several manufacturers who make products that are at least as secure, provided they're installed correctly. In this case, the installer seems to have been less than diligent.
Our reader could have checked out the efficiency of the hardware firewall included in his equipment by using the free ShieldsUp! service. Whether you're using a wired or wireless network, that's a wise move.
In this case, he would have benefited from being a little more paranoid. When it comes to broadband internet connections, we thoroughly recommend it.
Posted by cw at August 18, 2005 10:41 PM
Comments
This is quite strange - we are with bigpond cable as well and we don't have a wireless network (only one computer - iMac) and the same happened to us. Within the first three days we got emails from bigpond that we've used up our allowance - something that we normally cannot achieve month to month. Initially I thought it's to do with leaving Skype on. Rang bigpond and they said it's a virus. I haven't heard of any mac virus that does downloading. Anyone else with the same problem? This is during Aug.
Posted by: Chris at August 18, 2005 11:03 PM
It is not hard to do, i must admit I've often needed to access an email etc while downtown and 'borrowed' an unsecure network for a sec..
I know its bad but i think serve them right for not WEPing it atleast..
ws
Posted by: me at August 19, 2005 01:11 AM
Changing the SSID and using MAC filtering is almost pointless, you can still be hacked within minutes.
You must change the default password.
You must use WPA PSK with a long key.
cheers, Paul
Posted by: Paul at August 20, 2005 05:17 PM
Cleptomaniac and Sociopath? WS/me do you believe that you can take or use what does not belong to you?
Posted by: Stuart at August 20, 2005 05:40 PM
The column suggests changing the default password and SSID, but more to the point, not broadcasting the SSID, which definitely helps.
The truth is, however, that if someone is determined to break your Wi-FI network, and they have sufficient time and knowledge, nothing will keep them out. You have to be alert.
Bleeding Edge also uses DU Meter, and if we see any unexplained traffic, we check it out immediately.
Posted by: cw at August 20, 2005 06:23 PM
I'd be happy to talk to some wifi hacker. They just might be able to get my bloody Bluetooth working. Hours of pain have not helped connect the mobile to pc via a usb bluetooth thingo. The car headset works mostly but also has a mind of its own at times randomly dialing and doing things on the phone. I know its not wifi as most see it, but my experience over the last year is that bluetooth has a long way to go.
Posted by: Francis Xavier Holden at August 22, 2005 02:36 PM
Chris, are you running OSX 10.4 on your iMac? I suspect that the widgets built into the dshboard feature in the OS could be responsible for an increase in downloads - they are mostly, after all, mini browsers.
Personally, anyone taking on a broadband connections with downloads measured in MB (with horrendous excess charges) would be better off with dialup.
Posted by: entropy at August 26, 2005 10:00 AM
I have had a steep learning curve into the world of "wireless" recently.
I made the switch from dialup to broadband a couple of months ago (iinet lite) and have been blissfully unaware of the lack of security that I had (hadn't) implemented. Since I was not planning to use the wireless function on my new router immediately (am looking at laptops), I mistakenly believed that I didn't need to worry about anything.
A few days into my new monthly billing cycle, I noticed that things seemed much slower than usual. I checked my connection speed (4.6 Mbps) which was 'normal' but it wasn't until a couple days later that I logged into the iinet toolbox to check my usage that my eyes almost popped out of my head!! My entire monthly allowance (2 GB) had been reached in just over a day!! A call to my friendly iinet support person revealed that I had probably been 'hacked' as I was generously broadcasting my routers availability to one and all!!
I felt like a bit of an idiot for not having taken the proper precautions in the first place but count myself fortunate that I am not charged for excess usage (although being throttled back to 64 kbps is a bit painful!!).
Anyway, its another 10 days before I get back to decent broadband speeds again. Thanks to the info I have since found in this forum and others, I should be better prepared.
Cheers
karmick
Posted by: karmick at September 1, 2005 02:27 PM
I had something similar with optus. Problem was I had already changed the password, hidden the ssid, only allowed the 3 MAC addresses of my network computers access to the internet and am using WPA PSK. Lost 1 gig in about 3.5 hours, 2 days into the billing period. No idea how it happened. It was the august billing period as well.
Neil
Posted by: Neil at September 17, 2005 04:34 PM