Drive-by Identity Theft

Sitting in the passenger seat of a late model sedan, Warsentra uses his laptop to access the computer hard drive of an unknowing Scottsdale resident. Since hacking into wireless networks is not entirely legal, this seasoned hacker prefers that we know him only as Warsentra, his Internet identity.

It's dark outside, and the light from the laptop illuminates his face. The display now presents a DOS page, the gateway into a hard drive. But this is no ordinary DOS page; it's giving Warsentra access to the home computer inside a condo about 30 feet away. All thanks to a relatively new and commonly used technology, wireless networks.

While they may sound like a high tech system for businesses, chances are you or your neighbors are using a wireless Internet network. The systems work much like a cordless phone, sending and receiving data from a laptop computer so users can access the Internet without wires. The only problem is that hackers can use the same wireless signal to access your system, and you probably wouldn't even know it.

"Yes, this is illegal," Warsentra says of tapping into unprotected wireless signals to use Internet access, or worse, to rummage through someone's personal files. "But now you see how easy it is to get into an unprotected wireless network," he adds, closing the window before exploring any further. "We could have looked through their entire hard drive if we wanted."

Whether Warsentra would normally hack right into someone's hard drive, we can't know. What is certain is that those with his knowledge and a criminal mind can glean everything from credit card information to social security numbers using these steps, making unguarded wireless networks a prime target for identity thieves.

"The last time I went driving for open networks in Scottsdale was about a year ago," Warsentra explains, returning from a 35-minute exploration that netted 540 wireless signals.

"A year ago I would have had to drive around all night to get that many signals," Warsentra says. Wireless network sales confirm his observation. Experts predict nearly 28 million networks will sell worldwide in 2005, compared with only 4.5 million in 2002 when Warsentra, a network technician for an area Internet company, began searching for signals.

But as wireless spans neighborhoods, security often lags behind. "Many wireless networks are essentially unprotected," says Mark Handelman, a Scottsdale-based security consultant. He says setting up a wireless system without taking any precautions is "like leaving the keys in your convertible with your laptop on the backseat." A hacker could see anything on your computer.

"They can see all of your e-commerce. They can copy all the data off your laptop's hard drive onto their hard drive. They have your traffic and the potential to get into your system." But Handelman says homeowners can lock hackers out.

Wireless insecurity in the Valley

"In Scottsdale there's a significant number of open access points," Handelman says. And the number of access points increases as more homeowners enjoy the convenience of checking their email and sending files from the couch, pool deck or kitchen table. But the same technology that creates convenience can be employed by those who want to steal information.

Last fall, a handful of homeowners in the Stonecreek neighborhood suspected someone might be using their wireless networks. Their charges, filed in August of 2004, were eventually dropped because the homeowners could not prove the suspect had stolen any information.

However, in response to the violation, the City of Scottsdale accelerated the launch of its cyber crime department, a unit so young it still has no statistics on wireless theft or fraud in the Valley.

"Very few people are even aware that it's happening," Handelman says of Internet crime, which, he adds, is not limited to homes.

"A classic exploit these days is to sit at a coffee shop or hotspot login. You think you're logging into an access point, but you could be logging into a Web server on the laptop at the table next to you. You're inserting your ID and password into his database. You need to be careful about what you send in public places. It's like walking down the street yelling out your MasterCard number," Handelman adds.

Protecting yourself

By design, wireless networks are not only an open door to other wireless devices, but an advertised and welcomed point of entry.

But the wireless door can be locked in a number of ways. Once you're aware of the threat, start by simply turning on the encryption security that came with your wireless transmitter, a task explained in the owners' manual.

Back in the passenger seat of the sedan, Warsentra explains that once in a hard drive, a hacker can employ a host of programs to search for all sorts of information. The resulting crimes could range from credit card fraud to identity theft.

An experienced hacker can even crack some forms of encryption, Handelman says. But Warsentra says, "Hackers won't usually take time to break the encryption because so many signals are wide open. Those looking for credit card numbers and financial data have plenty of unprotected houses to busy themselves with."

Working from home

"The issue really is, in terms of business, theft of credit cards," Handelman says. "Without proper security all your customers' credit card and healthcare information could be compromised."

Back in the car Warsentra's laptop emits a blip noise every time it detects a new wireless system, which in North Scottsdale is every few seconds. As he drives by one auto parts store, the name of the detected wireless network on his screen matches the lighted sign.

"This isn't smart," he says of the unprotected, unencrypted signal. "If someone were looking for credit card numbers, this would be a great stop."

More than a third of the business signals discovered in the half-hour drive were unlocked, open doors, and almost half the residential signals were unprotected.

Warsentra recalls one business where he and his friends gained full access to the network. "This was years ago. It was a fabric business out east with hundreds of customers. We could have taken anything we wanted, but all we did was print a wardriver marking on their printer. They probably still don't know how that got there."

Wardriving

Wardriving is what Warsentra's doing right now, the sport of driving with antennas, a laptop and possibly even GPS devices to track wireless signals across a city. Right now, wardriving Web sites display maps of cities across the U.S., complete with coordinates to vulnerable wireless networks. Technically, wardriving is legal, as long as the driver doesn't actually use the wireless signal.

And wardrivers say they don't. They claim to get a kick out of simply driving around, tracking where systems are vulnerable. But once they post those locations on their Web sites, any hacker can access the map to see the most vulnerable wireless locations in a city.

Hacking vs. Wardriving and the ground between

Wardrivers argue that computer gurus smart enough to steal wireless data are also smart enough to avoid crime. And the evidence, or lack thereof, suggests that that hundreds of tech-kids do avoid committing any crime.

Still, theft occurs, and often goes undetected. The most pronounced case of attempted wireless theft occurred about a year ago when three young men intercepted a wireless signal from a Lowe's in Michigan. One of them eventually received 12 years in prison for installing the program that swiped credit card numbers as shoppers checked out.

"Hobbyists, kiddies and criminals, their goals are different based on the user community," says Handelman. "Some are just doing it for kicks, for kudos. But there are individual criminals looking to target a business," he adds.

Warsentra says he once picked up a signal from about 100 yards away using the same Pringles can-style antenna currently poking out our window.

Still another time, he and three friends had picked up an open signal outside of a Fortune 500 company. "We were just seeing how vulnerable it was when a security truck began driving towards us. We just left."

As for big business security, Handelman says, "The issue is for the guy who comes home from work at night with his company laptop and taps into his wireless network at home.

"Then the wardriving individual could penetrate the perimeter of the business through this consumer's use of his company laptop at home. If a computer has been attacked by a backdoor virus at a home, it could be a zombie machine running password search behind other programs at the office.

"The biggest challenge is security awareness and knowledge," Handelman says. While wireless security may seem complicated, he says that home and business owners can secure their systems if they will just acknowledge the need to do so.