The dangers of WiFi fraud
Home and mobile connectivity are here to stay, but are our online lives increasingly at risk of cyber crime? Steve Freeth assesses the risks.
In 2008, the US Department of Justice announced that it had arrested 11 people around the world for stealing close to 40 million credit and debit card numbers over the Internet. It’s thought to be the largest identity theft fraud in history, and was made possible simply by driving around suburban streets and hacking into home wireless networks.
Known as ‘wardriving’, criminals have been steadily exploiting the fact that many people do not take steps to secure the wireless or WiFi routers and systems they install at home.
ADVERTISEMENT
In this particular case, once the criminals involved had access to countless home computers they were able to hack into online stores or banks and install ‘sniffer’ software, which began harvesting financial data illegally. It’s a problem that’s now getting a lot of attention, particularly as more and more of our personal information is stored – and transmitted – wirelessly.
Australian police services have also got unsecured wireless networks in their sights, with the Queensland Police making headlines by looking to create the world’s first residential wireless, or WiFi, fraud squad.
While details are still forthcoming, it was suggested that such a squad would also begin to make wardrives through the streets of Brisbane, checking for unprotected home wireless networks.
Despite the fact that no other police agency around the country has joined Queensland’s lead, and that some have, in fact, questioned just what you can do once you identify vulnerable homes, the move suggests that fighting crime is going to have get a lot more high-tech.
Certainly if the statistics are to be believed it could soon be a large part of police work.
According to the Australian Bureau of Statistics, in 2007 approximately half a million Australians were the victim of some sort of fraud, with online crime via identity and credit card theft a rapidly growing trend.
More recent figures from the Australian Institute of Criminology found that a whopping nine in ten people have been the target of Internet scams, with 18% lured into online traps at a cost of almost $1 billion a year.
Many experts are now saying it is the vulnerability of wireless networks, especially when many people leave them unsecured, that has caused cyber crime to grow so quickly. To prove this, researchers at Columbia University in the US scanned 130 million IP addresses and found nearly 300,000 devices where administrative interfaces were accessible from anywhere on the net.
Ominously they also found nearly 21,000 routers, webcams and VoIP products open to remote attack because owners had failed to change the manufacturer’s default password.
The Queensland Police brought that message even closer to home following a wardrive through 25 Brisbane streets a few months ago. They discovered that more than half of the 1,100 wireless networks they detected had no security whatsoever – they were wide open to both convenient piggy backing by neighbours, but also to those with more insidious motives.
Detective Superintendent Brian Hay of the Queensland fraud squad told Brisbane’s Courier Mail newspaper at the time that the exercise showed “poor Internet security was a far bigger problem than was ever imagined.”
“Most people using the unsecured networks would be simply enjoying free net access, but criminals could hack into the system to get access to your computer to have a look at your financial details or documents, or to secrete or plant some malware.”
Of course any online presence is open to risk, and the threats to our cyber-based lives just keep accelerating as everything becomes connected, speeds increase and the crooks get a lot more technologically savvy.
Hacking is no longer a concern that is exclusive to big business or government, when sneaking into a home PC can be done from a car in the street. Add to that threats of ‘phishing’ – personal data requests from fraudulent organisations – malware, spam, botnets, zombies and scams, to name just a few, and you start to realise how many risks are lurking out there.
But it’s the growing spread of unsecured wireless that seems to be ringing a lot of alarm bells for both public and private sector agencies these days.
A big reason for that is the rapid growth in wireless Internet. After doubling in just six months in 2008, around 10% of Australians now use it for online connectivity at home, while mobile connection is even bigger following a 51% surge in subscribers in 2009.
Such breakneck growth appears to have come at the expense of security, something that was less of an issue when most online activity was done over cables and Ethernet. Now, tracing illegal activity back to an IP address can lead to an innocent home system that’s simply been high-jacked, or to a public WiFi spot where the trail goes cold.
Just how careless we’ve become was underlined by a 2008 survey by cyber security company AUSCERT, which is based at Queensland University.
Their study showed that 11% of people don’t update their operating system, 8% never upgrade anti-virus software, 30% click on links in spam email, 23% have confirmed malware infections and, of those, 14% take no action to fix it.
Further, while privacy concerns may have tempered online commerce early on, that too appears to have lost some of its urgency as convenience becomes king. According to AUSCERT, 84% of people use Internet banking, 66% make Internet-based payments such as PayPal, 52% buy or sell goods or services online, and 11% go there for shares trading.
It means there’s now a lot of personal data sitting on home computers, laptops and smart phones, all transmitting reams of important information over wireless-based Internet.
John Hilvert from the Internet Industry Alliance says the situation is hard to believe, suggesting that people are beginning to take their security for granted.
“It’s hard to understand why such setups are tolerated as they leave the user open to security and privacy breaches, and to having their data quotas stolen by unscrupulous users nearby, he says.
“More generally it also means covert players can launch legally dubious activities like distributed denial of service attacks, mass spam activities and worse.”
According to John the problem needs to be tackled with public education programs emphasising the rights and responsibilities of running wireless Internet networks.
“We’d like to see point of sale advice on securing wireless network equipment, configuration by default to ‘secure’ by manufacturers, and public programs to detect and notify users of their unsecured home and office networks.
“This way, people can easily make changes to their wireless routers so that default passwords are changed. That, and backing up data, are two of the most effective things you can do.”
Of course, making online security a priority is only going to get more important in the future.
For a start, there are now increasing concerns about when and how you should use public WiFi hot spots. Recently in the UK, the BBC’s Watchdog program took a look at just how easy it is take over computers when people are in cafes, hotels and airports.
According to one British Internet security company, “Over the last year there’s been a tripling in account takeover fraud, where criminals try and access existing accounts rather than use stolen identities.”
Garlik’s Tom Illube says, “I think a lot of people don’t realise that using public WiFi that’s insecure is pretty much like writing your bank details onto a postcard and popping it in the post and being surprised that someone’s read it.”
Concerns, too, have been surfacing lately about the security of mobile phones with hackers recently creating software that allows users to overcome the software restrictions on iPhones.
Aptly called ‘jailbreak’, the technology is not authorised by Apple and the dangers involved were recently highlighted when an Australian became the first person to create a ‘worm’ virus – albeit benign – for a hacked iPhone.
Recently, experts also raised the issue of cloud computing (the process of storing data and using services on remote servers), expressing concern that they, too, are vulnerable to hackers.
It’s easy to see why the Australian Institute of Criminology is calling for a more uniform approach to e-crimes like wireless fraud. Currently the Federal Government’s Cybercrime Act is being promoted as a model that all states and territories should enact, but laws and definitions still differ across the country.
Keeping ahead of the criminals is also becoming more urgent, as the NSW Government acknowledged at the end of last year as it announced an overhaul of that State’s Crimes Act to specifically target cyber-based identity theft.
As NSW premier Nathan Rees told the media, “We are responding to the growth in cyber-criminals using stolen identities to engage in money laundering, drug trafficking and illegal immigration.
“These laws send an important message to this new breed of criminal-we will find you and send you to jail.”
-
ADVERTISEMENT
-
ADVERTISEMENT
-
ADVERTISEMENT
-
ADVERTISEMENT