Sun, Mar 20, 2005 - Page 12 News List

Criminals exploiting Wi-Fi networks to cover their tracks

Sophisticated cyber-criminals can make their crimes untraceable by usurping unsuspecting users' wireless networks

By Seth Schiesel  /  NY TIMES NEWS SERVICE , New York

Florida Deptartment of Law Enforcement special agent supervisor Bob Breeden stands in front of an apartment in Tallahassee, Florida, where a resident was charged last December with using an unsecure wireless Internet connection to tap into a local college's bank account to pay for online pornography.

PHOTO: THE NEW YORK TIMES

The spread of the wireless data technology known as Wi-Fi has reshaped the way millions of people go online, letting them tap into high-speed Internet connections effortlessly at home and in many public places.

But every convenience has its cost. US federal and state law enforcement officials say sophisticated criminals have begun to use the unsecured Wi-Fi networks of unsuspecting consumers and businesses to help cover their tracks in cyberspace.

In the wired world, it was often difficult for lawbreakers to make themselves untraceable on the Internet. In the wireless world, with scores of open Wi-Fi networks in some neighborhoods, it could hardly be easier.

Law enforcement officials warn that such connections are being commandeered for child pornography, fraud, death threats and identity and credit card theft.

"We have known for a long time that the criminal use of the Internet was progressing at a greater rate than law enforcement had the knowledge or ability to catch up," said Jan Gilhooly, who retired last month as the special agent in charge of the Secret Service field office in Newark, New Jersey, and now helps coordinate the state's operations for the Department of Homeland Security.

"Now it's the same with the wireless technologies," Gilhooly said.

In 2003 the Secret Service office in Newark began an international investigation called Operation Firewall that infiltrated the Web sites and computer networks of suspected professional data thieves. Since last October, more than 30 people around the world have been arrested in connection with the operation and accused of trafficking in hundreds of thousands of stolen credit card numbers online.

Of those suspects, half regularly used the open Wi-Fi connections of unsuspecting neighbors. Four suspects, in Canada, California and Florida, were logged in to neighbors' Wi-Fi networks at the moment law enforcement agents, having tracked them by other means, entered their homes and arrested them, Secret Service agents involved in the case said.

More than 10 million homes in the US now have a Wi-Fi base station providing a wireless Internet connection, according to ABI, a technology research firm in Oyster Bay, New York. There were essentially none as recently as 2000, the firm said. Those base stations, or routers, allow several computers to share a high-speed Internet connection and let users maintain that connection as they move about with laptops or other mobile devices. The routers are also used to connect computers with printers and other peripheral devices.

Experts say most of those households never turn on any of the features, available in almost all Wi-Fi routers, that change the system's default settings, conceal the connection from others and encrypt the data sent over it. Failure to secure the network in those ways can allow anyone with a Wi-Fi-enabled computer within about 60m to tap into the base station's Internet connection, typically a digital subscriber line or a cable modem.

Wi-Fi connections are also popping up in retail locations, but while chains like Starbucks take steps to protect their networks, independent coffee shops that offer Wi-Fi often leave their connections wide open, law enforcement officials say.

In addition, many universities are now blanketing their campuses with open Wi-Fi networks, and dozens of cities and towns are creating wireless grids. While some locations charge a fee or otherwise force users to register, others leave the network open. All that is needed to tap in is a Wi-Fi card, typically costing US$30 or less, for the user's PC or laptop. (Wi-Fi cards contain an identification code that is potentially traceable, but that information is not retained by most consumer routers, and the cards in any case can be readily removed and thrown away.)

This story has been viewed 6880 times.
TOP top