Internet Security in a Wireless World
Security in a Wireless World
The Case of the Not-So-Friendly Neighborhood Spammer :
Source: FBI, Washington D.C., November 10, 2004.
Nicholas Tombros has the dubious double honor of being the
first spammer convicted under federal law ... and the first convicted "war
spammer" in U.S. history.
"War spammers"--in case you
haven't heard the term--are a pernicious combination of "war drivers" and "spammers."
What does that mean?
War drivers are people who drive around neighborhoods and office parks with
laptops looking for open or unprotected wireless access points to the Internet.
War spammers not only electronically hijack the web connections they find, but
also use them to send unsolicited e-mails.
First, war drivers/spammers
get free access to the Internet--at your expense. They can use your online
connection to do anything they want ... and do it anonymously.
Second, if you have
an unsecured wireless network and personal computer, they can use some commonly
available software tools to read your e-mail, browse and access your networked
folders and all the information stored in them, and log or "sniff" virtually
everything you do on the Internet (including credit card purchases, stock trades,
And third, if spam
is sent from your computer, your Internet Service Provider, or ISP, may find out
and close your online account on the spot.
Which is precisely what
happened to Nicholas Tombros' victims in Marina Del Rey, California. On
September 27, Tombros pled guilty to sending spam by the thousands while war
driving through the neighborhoods of Marina Del Rey last year. And not just any
spam, either. Spam that advertised pornographic web sites.
How can you keep your
wireless device from being hijacked like this? It's less complicated
than you think. Here are a few basic steps you can take:
Enable the WPA (Wireless Protected Access) or WEP (Wired
Equivalent Privacy) encryption and other security options provided by the
product's manufacturer. Since this encryption is inherently vulnerable,
consider changing the key periodically.
Change the default "Service Set Identifier" SSID network
name and turn off the feature that continually broadcasts the SSID. While
you're at it, change your router administration account name and password.
Activate the MAC (Media Access Control) Address filtering
feature of your router.
Whether or not you connect to the Internet wirelessly,
always make sure your computer has an up-to-date operating system with all
the current patches and service packs, virus protection, and a personal
firewall (preferably a software firewall and hardware-based router/firewall).
If you believe you've been "war-driven"
or "war-spammed," file a report with your local police department and
the Internet Crime Complaint Center,
cosponsored by the FBI and the National White
Collar Crime Center.