Waking Up to Warjacking
Consumer Wi-Fi connections could be the next security pain point.
According to Jupiter Research, 14 percent of Wi-Fi consumers have logged onto a neighbor's network in the last year.
Leeching off a neighbor's wireless connection seems pretty harmless. But it gets ugly when the leech uses that connection for activities that are illegal and/or reprehensible.
For example, in June 2004, two men plead guilty of hacking into Lowe's computer system through an unsecured Wi-Fi connection at one of its Detroit stores. The two men cracked Lowe's computers in six states and altered the home improvement retailer's sales system in order to steal credit card numbers.
But the unsavory possibilities include swapping pirated media files, downloading child pornography, pumping stocks or posting slanderous messages or hate speech on Internet forums, according to Tom Ohlsson, director of marketing for Roving Planet, a vendor of enterprise wireless LAN security and management software.
"You don't want your IP address associated with the activity, so why not go three or four blocks away and highjack their IP address?" Ohlsson said. "There are absolutely no digital fingerprints."
At least, there are none of the perp's. But the illegal activity could show up in the log files of the ISP as coming from the legit computer inside the house.
"Whatever folks use the Internet for will be the uses that unsecured [access points] are used for," said William Terrill, a senior analyst for Burton Group. "And, by using someone else's [access point] and Internet connection, the user gets a free ride and a certain level of 'safety' from detection." He pointed out that simply logging onto an unsecured wireless node couldn't be considered hacking.
"Two or three years ago, wardriving meant guys driving through the neighborhood looking for open networks just for their jollies or to check their e-mail," Ohlsson said. "Warjacking is a whole new ballgame: using someone else's Wi-Fi connection for really bad activity."