THE MAGAZINE

The Perils of Wireless Networking

By Peter Piazza

Computers that follow their own directives—to the detriment of their human owners—are a favorite topic of science fiction. If you use Windows XP and have a wireless card installed, this kind of sci-fi scenario may not just be fiction anymore.

When you turn the computer on, it automatically looks for and connects to the strongest wireless network it can find that is not being protected by encryption or otherwise hidden from view, without considering whether you are authorized to use that network. Once connected, the computer can even hop to a new network if it finds a stronger one, without asking you first.

That could lead to trouble, because court cases in the United States and abroad are firming up the position that if you connect to someone else’s wireless network without permission, you could be guilty of unauthorized access to a computer network.

One case that is still ongoing concerns Benjamin Smith, who was charged with that crime in April in Pinellas County, Florida, when a homeowner noticed Smith sitting in a vehicle outside his house holding a laptop. The homeowner became suspicious and called the St. Petersburg police, who found Smith connected to the Internet through the homeowner’s unprotected wireless network. Smith was arrested and the case is now in its pretrial phase.

Only intent separates a criminal from the average road warrior whose computer attaches itself to the nearest and strongest network, says Thomas J. Smedinghoff, an attorney with Baker & McKenzie who specializes in computer security issues.

“I think the fact that Smith knew he was connected to someone else’s network, and apparently knew he did not have permission to do so, is probably the key issue here,” he says. Smedinghoff says that the Florida statute, like most computer-crime laws, makes it a crime to access any computer network “willfully, knowingly, and without authorization.”

While war drivers who look for open networks and provide the information to others through online maps may be the group most affected by the outcome of the Smith case, average users would be wise to take into consideration preventive measures that will head off any possible legal problems.

Windows XP users can do a bit of behind-the-scenes tweaking, says Preston Gralla, author of the book Windows XP Hacks. “You can turn off the Wireless Zero Configuration service that runs in the background in XP and automatically connects you to any nearby wireless network,” Gralla explains. “With it turned off, your computer won’t automatically search for and connect you to wireless networks,” so any decisions on what networks will be connected to will be made explicitly and solely by the user.

Turning off Wireless Zero Configuration is a fairly easy process. Open the Start menu and choose Run; in the box that opens, type services.msc and then click OK. This will bring up a box showing all the services available on the computer. Scroll down to Wireless Zero Configuration, select it, and choose Stop. In the same box, select Startup Type and change its setting to Disabled, so that the service will not automatically resume when the computer is rebooted.

Other countries are also beginning to prosecute those who piggyback onto unsecured networks. For example, this summer, British police arrested war driver Gregory Straszkiewicz for illegally accessing a wireless connection. According to reports by the BBC, he received a £500 fine and was given a year’s conditional discharge, in addition to having his laptop and his wireless card confiscated.

Companies can learn two important lessons from the Smith and Straszkiewicz cases, Smedinghoff says. “One is that obviously they need to secure their own networks, because if somebody is able to get in almost accidentally, it’s going to be embarrassing, and could be a real problem if something serious happens.”

Second is that organizations need to be sure that they are making it clear to employees the kinds of online behavior that are considered unacceptable, including accessing another person’s wireless network just because it’s available and open. “You have to resist that temptation and understand there are legal consequences,” Smedinghoff says. “For somebody who’s computer savvy there are a lot of places that are easy to go, but if you’re not authorized, you could be committing a criminal violation.”

Comments

 

The Magazine — Past Issues

 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.