Who’s looking at YOUR WI-FI?

By John David Sutter
Staff Writer

Sunday, May 14, 2006 Edition: CITY, Section: NEWS, Page 1A

Jayson E. Street, a sort of altruist with computer hacker capabilities, drives around the city in his gray PT Cruiser with a tablet sized computer bolted to his dashboard. It surveys and instantly lists the wireless Internet connections that float like clouds of information all around his car, and all around the city.

If the connections are scrambled or password-protected, a tiny lock appears on his screen.

But many appear as flashing green dots. They’re unlocked, unprotected. Vulnerable to attack.

“It’s the 12 o’clock people,” Street said of open connection owners. “Their VCR is still flashing ‘12:00.’ Their wireless connection is still unencrypted.”

Computer experts have tracked and partially mapped out the fog of thousands of personal and corporate wireless Internet hot spots across the city that are not password protected, and therefore can be used by anyone — neighbors who want to piggyback on the connection rather than pay for service, or people like Street, who has the wireless savvy to be able to steal your identity right out of the air.

Piggybacking off the unlocked connections has become commonplace in apartment buildings and neighborhoods across Oklahoma City. Many find nothing wrong with borrowing a connection. And jumping on an open hot spot for personal use will, at worst, slow it down.

But Street sees a flashing unprotected connection like a home with its windows and doors wide open — it’s waiting to be robbed. With a free piece of Internet software, called a sniffing program, anyone could intercept and steal most information — possibly e-mail passwords, bank account information — transmitted over a wireless network.

Street, and some other computer experts, have made it their goal to alert the public to risks of running an open Internet connection.

What is wi-fi?

Wireless Internet starts with a wireless router, a device that takes a wired Internet connection from a jack in the wall and floats it into the air, creating a cloud of Internet access that stretches between 100 and 300 feet in all directions.

Most any new laptop computer automatically searches for those connections. Jumping on an open network is just a click away.

And its use is becoming more common.

Wireless hot spots in Oklahoma City number in the thousands. On a 40-minute drive through northwest Oklahoma City, 601 connection points popped up on Street’s computer screen.

But protecting connections seems not to be advancing at the same high-speed rate.

Of the connections Street quickly found, 251, or 42 percent, were open to attack. The open connections included several businesses — whose financial records could be grabbed from the air — and one at a medical center. Street said if he wanted to, he likely could swipe personal medical information from that access point.

Potential risk

FBI agents paid a surprise visit about a year ago to PROMac Computers, a tiny and sleek outlet in a Northwest Expressway shopping center.

Unbeknownst to workers inside, someone had pulled into the company’s parking lot, connected to their unprotected wireless Internet router and sent threatening e mails to a federal judge.

The FBI had traced the e mails back to the store, as activity on a wireless network tracks back to the router and its owner, not the computers that are doing the surfing.

The group explained its way out of criminal charges, said Bennie McElhaney, store manager. His store did not have a password on its system but now does.

“The Internet’s wide open,” he said. “It’s like the old West.”

Computer security experts say anyone who wants to send out malicious or spam e mails only has to step outside and turn on a new laptop computer. Free and open connections are all around.

Need for information

Some computer security enthusiasts have tried to protect the unknowing public from online predators who could sell their personal information.

Street, for instance, knocked on the door of a Nichols Hills home when he noticed that an open connection, labeled with the house’s address, was beaming across a major street.

He told the woman who answered how to protect the connection, he said.

She was surprised, but ultimately thankful, and her connection is now locked.

Others, such as Derek Hubbard, 23, have considered publicity campaigns to alert the public to wireless dangers. Hubbard wanted local members of the 2600 Club, a group of computer security gurus, to go door-to door passing out informational fliers to people whose connections were wide-open.

Wi-fi law

Hubbard said he stopped short of that goal partly out of apathy, and partly because he is unsure if he would have had to commit quasi-illegal acts to figure out how secure connections are.

Laws that govern wireless Internet are hazy at best and have yet to catch up with technology, state Corporation Commission spokesman Matt Skinner said.

“It’s very difficult to keep ahead of something that’s changing so rapidly,” he said. “It’s astonishing. It’s a cliche now to say how things are changing, but the pace of the change seems to be increasing exponentially. Obviously there are ... huge gray areas that legislative minds haven’t gotten their hands around yet.”

A federal law prohibits someone from hopping on a wi-fi connection to steal information, and two Oklahoma statutes address wireless Internet borrowing.

But spokesmen for the state attorney general, the Oklahoma County district attorney and Oklahoma City police say they’ve never dealt with a single case involving wireless Internet. Nor have they heard of that happening here.

John W. Dozier Jr., an Internet lawyer based in Virginia, said the issue is “black and white.” Getting on someone else’s connection is illegal, he said.

“The issue is not what steps you take to protect your network, the issue is whether or not the person has the authority or permission to get on your network,” he said.

Not everyone takes that hard line, and it remains a bit unclear what giving a person “permission” to be on a network means, or when that becomes hacking.

“A broad statement concerning the access of unprotected wireless networks as being always legal or illegal simply can’t be made,” a spokeswoman for the U.S. Department of Justice told CNN. “It’s just kind of dicey.”

A county in New York has made it a crime for businesses not to protect their wi fi connections with passwords. Westchester County also requires warning signs in restaurants and coffee shops that offer free wi-fi to customers.

But in other places, what is legal or illegal — much less right and wrong — remains less clear.

Many wi-fi users, especially those of younger generations, say there’s nothing wrong with borrowing broadband from a neighbor.

“It’s a question of do you have any sense to read the instructions,” said Margo Beam, a 19-year-old college student at Oklahoma City University.

“If you’re younger, you just hear more about it, and you’re like, ‘Oh, I heard you can put a lock on these,’ and so you figure out how to do it. If you’re older, you’re like, ‘I just didn’t know someone could hack onto my computer.’ ”

Protection

Reducing your risk of getting hacked appears to be as simple as following an instruction manual.

Wireless routers come with detailed instructions of how to put a password on the connection.

But most wireless users — including the “12 o’clock people” — take their router out of the box and plug it in, about a dozen computer store employees and experts said. They see flashing lights and their connection works.

They think: “Hey, look, it works. I don’t need to do anything else,” Hubbard said.

Experts warn you should never stop there, because without further work, the connection is unprotected.

Simple steps that password protect wi-fi connections will save most people, though varying levels of security are available.

Wireless users need not be terrified, Street said:

“You just have to not be the slowest in the herd.”