If you could get away with committing an offence knowing that from the point of view of the authorities someone else did it, would you?
I opened my netbook today and decided to search for wifi access points within the vicinity of my home and discovered a total of 14 unique networks including my own. I was surprised by this as I don't live in a particularly densely populated area.
My first impression from the list of network names was of slight bewilderment that some of them were named after either the operator or their house number and street. Free information.
Not especially useful to me really, but now that I knew some of their names I decided to see how far I could potentially go in order to become one of these people from the comfort of my chair.
Approaching this, I knew that many of the wireless routers supplied by ISPs are configured by default to use a weak security algorithm called Wired Equivalent Privacy (WEP) rather than the much more secure Wi-Fi Protected Access (WPA).
WEP was determined to be an insecure security algorithm in 2001 and was deprecated by the IEEE because it did not serve the purpose it was designed for - to secure your network. It can be cracked within a few minutes with freely available tools. In fact my own ISP, O2, supplied me with a router that was configured with WEP enabled by default, leaving my network wide open for anyone with a few minutes spare.
Knowing this, I decided to boot my netbook into Backtrack:a linux distribution focused on network auditing and security. It's a nice distribution and can be burned on to a USB stick or DVD for use as a "live" system. Opening kismet I discovered some more details about the wireless connections in my area.
I was interested in finding out whether they were using WEP or WPA. It's possible to brute force attack a WPA secured network but it could take longer than the universe will exist to crack. Anyway, within minutes I had retrieved the keys for all of the WEP secured wireless networks in my area. The Aircrack website details how to use the tools to do it if you're interested.
At this point I could bridge all of these networks and load up any of my favourite peer-to-peer software with lots of music, films and games shared and from the point of view of the BPI or any other organisation that attempts to monitor our internet usage it would be my neighbours who were doing it. As a result, they'd get the BPI threat letter and any resulting court action. Perfect!
It's surprising in these days of fraud, identity theft, ID cards and 24/7 surveillance that people have such a blase attitude towards protecting their own identity. I do however think it's bad sport for ISPs to supply hardware that is preconfigured in such a way that your home or small business network can be compromised by anyone that wants to use it.
Is it fair to assume that an ISP will supply hardware that is as secure as it can be upon installation? I think so. Consumers should not be expected to be knowledgeable about the technicalities of wireless encryption methods. Indeed, the consumer may not even have a wireless enabled computer yet their network would be wide open and they wouldn't even know.
I await the case whereby someone that didn't do anything wrong actually gets prosecuted based on what they are perceived to have been sharing. Who would be liable? The consumer or the ISP for supplying hardware that permitted anyone to use it?
Sunday, 12 July 2009
Ruling the airwaves
Subscribe to:
Post Comments (Atom)
I await the case whereby someone that didn't do anything wrong actually gets prosecuted based on what they are perceived to have been sharing. Who would be liable? The consumer or the ISP for supplying hardware that permitted anyone to use it?
ReplyDeleteI suppose it depends on how knowledgeable you are to begin with.
If you know your router is hackable, then you're almost as likely to be able to prove that other devices were accessing your Internet access (MAC address logs etc), which presumably would go a long way to disproving any allegations of file sharing (and would be a kick in the face for the mongs at Davenport Lyons).
However, I'm assuming most people would not be aware of this, so how are they to prove their innocence otherwise?
All routers are hackable if they're configured to use WEP. This isn't new information either, it's been known since 2001 and the protocol was effectively scrapped. For this reason it's quite amazing that in 2009 an ISP will supply a router preconfigured with wireless enabled using WEP.
ReplyDeleteMAC addresses can be spoofed easily: in fact part of the crack for WEP involves sending spoofed packets that, by spoofing a MAC address, impersonate a known client on that network. Client MAC addresses are discoverable using the tools I mentioned!
Further to this you can assign a new MAC address using standard linux tools without spoofing anything. So MAC logs don't carry any water unless you can say they are definitely not spoofed, but alas you can't.
But doesn't all this matter only in the regard of 'the balance of probabilities', as part of a civil case? I suppose it depends on just how believable you can be and how much you can blag a judge? I wonder how you would fare against the forensics proferred in a criminal case?
ReplyDeleteRegardless, the reason WEP is used by default is because of WPA's non-existent support with XP prior to SP2 - I reckon there's a not insubstantial number of domestic users out there who don't run updates, for whatever reason!