In the May 24 issue, I wrote about how your computer could be doing dastardly things behind your back, due to being surreptitiously
infected with a botnet virus. But it’s not the only piece of equipment that could get you in trouble without your knowledge.
If you’ve got a wireless (Wi-Fi) router, you could be in some serious hot water if it’s not properly secured.
The router is the device that connects your wireless network to the Internet, usually via an Internet service provider. A secured router can’t be easily accessed wirelessly by somebody you haven’t authorized. The simplest way to do it is have a password that must be sent by the computer to the router to allow access to the Internet through the router.
A router without such protection is considered unsecured, and anybody with a Wi-Fi-equipped computer can tap into it. It permits your neighbors to use it, and for scoundrels who prowl the streets looking for free Wi-Fi to use it for criminal purposes, too. When they do, the cops can’t follow a trail back to the miscreant; they can follow it only to the router. Your router.
This is exactly what happened to one individual I know, who shall remain unidentified at his own request. He suffered more than a year of torment from both local and federal authorities because a Wi-Fi parasite had been doing illegal things on the fellow’s Wi-Fi. He left the router unsecured because he was trying to be a good guy by allowing others to access the ’Net on his nickel. He was finally exonerated, but it was a long road overfilled with sharp stones.
You’d think that proving you couldn’t have done the deed would be a defense, but even that may not work. In a recent case in Germany, someone illegally downloaded music on an unsecured router, and a musician who claimed the music belonged to him sued the unfortunate router owner. But the owner had a superb alibi—he was on vacation during the downloading period.
Tough, said the court. It ruled that owners have a responsibility to keep the lawbreakers out of their systems, and it fined the owner 100 euros.
After the German decision came down, British Internet users became understandably nervous about their own security law. A new rule in Britain, the Digital Economy Act, allows someone to be fined if he “allows” someone else to download copyrighted material using his system. Unfortunately, “allowed” hasn’t been rigorously defined yet.
In the United States, it’s rare for a state or city to require that Wi-Fi be secured, but not doing so invites notice from not only the malefactor, but also the forces of the law chasing him, who can be quite aggressive when they’re on the scent and merciless during investigations.
It’s not just illegal downloading you’re exposed to if your router is unsecured. There’s also the penetration of your network and the leakage of identity information, the threat of viruses, and just plain old loss of privacy.
Google recently found itself in international disapproval over the last issue. It seems the cars that captured the photos and other information for Google Street View were also sniffing out unsecured Wi-Fi. All they were supposed to do was find the Wi-Fi connections and map them, but Google says that occasionally data was mistakenly gathered through those security holes and stored in Google databases. It’s still working with various European governments to determine what to do with that data.
The other side of the usage coin is even riskier, logging on to an unsecured point without permission. That’s illegal in many places, despite the implied invitation. It might also be a “honey pot,” an attractive trap for the unwary. Use that unsecured system, and all your traffic can be captured and analyzed. In some states, it’s even illegal to use Wi-Fi that’s freely available to café patrons if you’re not buying anything. It usually comes under the heading of “fraudulently accessing a computer system” or some such wording.
Wi-Fi doesn’t have to be left open intentionally. It’s often left open by accident, if the new router doesn’t have its password set by default, or the password is never changed from the default one that comes from the factory, which is just as bad from a security standpoint.
Many of us install our own routers, so we may miss the instructions about resetting the password. You can tell quickly if yours is unsecured. Just open a Wi-Fi-equipped laptop within range of your router and look at the laptop’s list of available connection points. Find yours on the list, and if it says something like “unsecured” next to it, you’re wide open.
If you see cars crowding your driveway with occupants happily pecking away on laptops, that’s a pretty good sign, too.•
Altom is an independent local technology consultant. His column appears every other week. He can be reached at firstname.lastname@example.org.