Home users warned to secure networks

By PAUL BRISLEN

Security experts are warning home users of wireless computer networks to secure their systems or face huge internet bills, and possibly much worse.

While wireless networking has been commonplace in the business world for a number of years, residential users are only now discovering its convenience.

However, the national manager of the police e-crimes laboratory, Maarten Kleintjes, says users must embrace security at the same rate they embrace new technology.

"The most worrying thing is that, overseas, insecure wireless networks are being used by terrorists. They don't go into cyber-cafes, they just drive around until they're connected."

Kleintjes said a more usual problem was theft of data or internet bandwidth. Broadband internet connections are typically charged by the amount of data sent and received and some users had been unaware that their connection had been hijacked until an inexplicably large ISP bill arrived.

The Herald drove around several central Auckland suburbs and discovered more than 80 wireless networks, most running without any form of encryption or with limited security. Kleintjes said that was quite common.

"You can drive around and just wait until you get an IP address," said Kleintjes.

While residential networks lacked security, a similar exercise in the CBD showed businesses had become more security conscious.

Herald staff took a wireless laptop for a walk around central Auckland and found well over 100 wireless access points, but none would allow access to a network or to the internet without requiring at least a user name and password. A similar test three years ago resulted in access being granted to several networks.

IBM Logical CSI's principal security specialist, John Martin, says businesses have finally got the message about securing wireless networks.

"I believe security awareness has been significantly raised in the last two years."

Martin said the message was getting through to business users through the media and organisations like the Wireless Data Forum. However, the same cannot be said of wirelessly networked residential users, to their potential cost.

"Someone with a laptop - a business owner, for example - could be unaware of the security implications and an unscrupulous neighbour could connect quite easily."

In such circumstances, not only is data at risk, but the trespasser could also run up a bill on the wireless network owner's internet account.

Residential wireless networks are becoming more common as costs come down. Laptops running on Intel's Centrino chipset have wireless connectivity built in and Intel will extend the same functionality to desktop PCs in the next year or so.

Wireless routers, for connecting to the internet, are plummeting in price and increasing in capability, but as the Herald has reported (June 4, 2004), making them secure isn't as easy as it could be.

Kleintjes said the new anti-hacking law brought in last year meant it was illegal to access someone else's computer system without their authority. But catching wireless hackers was next to impossible.

"With a long-range antenna these guys could be anywhere in an 8-10km radius. Even if we had the staff resources, finding them would be difficult."