GCN LAB IMPRESSIONS

Don’t get raided by a SWAT team; secure your wireless hub

There are many risks in setting up an unsecured wireless hub, from losing bandwidth when unauthorized people connect to having files snooped and removed from your network. But having heavily armed police officers toss grenades into your house probably isn’t a consequence that comes to mind.
 
One couple unlucky enough to live in Evansville, Indiana, where the police could become poster-children for overreaction, found out otherwise. Their “crime” was one that probably half the people in this county have committed.

They bought a wireless access point from a store, took it out of the box and turned it on. Pretty soon they could have been watching “Game of Thrones” on their laptops and playing “Words With Friends” on their iPhones.

But they also had unknowingly opened up their network, and their lives, to the outside world.


Related story:

How to secure your ‘Ethernet port in the parking lot’


Someone — police still don’t know who it was — used their wireless signal to post a threatening message on a chat board, warning of violence against police. That prompted a fully armed SWAT team from the Evansville Police Department to roar to their home. It was apparently an emergency, yet the police had time to invite a TV news crew to come along for the ride to film their heroic actions.
 
When they arrived at the home, they saw a clearly unarmed woman sitting on the sofa watching TV. The front door was open, with just an unlocked screen door between them and the suspect. So the Evansville PD thought the best course of action was to shatter a window, break down the unlocked door, and toss two stun grenades into the house.

Then amid chants of “go…go…go” they rushed in, automatic rifles at the ready. But instead of finding a terrorist, they just scared the wits out of an 18-year-old woman and took her and her boyfriend into custody. They were later released without charges, and the city agreed to pay for all damages relating to the raid.
 
While the police might have acted poorly in this case, some of the blame -- not in a criminal sense -- does rest with the homeowners. A threat was made via their network, which they failed to secure. In addition to this type of situation, I’ve heard that child pornographers also drive around looking for a house with unsecured wireless access to use to download their digital prey.

It’s better to lock down your wireless signals and avoid any hassle. And it’s so easy to do these days. Almost any new router you buy will allow changing the Service Set Identifier (SSID) and default password as the most basic level of control. You need to do two things.

First, change the SSID, which is the name the device broadcasts to the world. No need to let people know what kind of device you have, as this is mostly always part of the name. You can also choose to cloak the network ID, although then you will have to remember the name and manually enter that for each device you want to connect.
 
Second, you need to change your network key, which is a fancy way of saying change your password. In the old days, most wireless APs from any company used the same default password for every device. One well-known company used to use “tsunami,” for example. So be sure to change it, or add one if your device comes in default open network mode, something that thankfully is becoming pretty rare.
 
Due to a terrible storm that hit the area where I live, I ended up losing my old wireless hub despite all the protections I could give it. I went out and bought a new one from Netgear, just a basic model that costs less than $40, and was pleased to find that it came with WEP encryption by default.

Even better, the default SSID and password were both randomized. So my password was something like “elegantgazelle091” printed right on the bottom of the device. My SSID was somewhat random, though it used the name Netgear. Still, that means that if I just plugged it in and went about my business, I would be more protected than those poor people in Evansville. So it’s nice to see companies getting more serous about wireless security.
 
Of course, I changed both of the default names on my wireless, but I happen to be allergic to grenades. If you are, too, take my advice and don’t leave yourself vulnerable to a wireless intrusion, or by extension, a police action.

Reader Comments

Fri, Mar 22, 2013 Dead Thread Revival

Reason why I would miss the point on this article. On one side there is a terror-causing group smashing unlocked doors, breaking windows and throwing explosives, and on the other, a non-threatening teenage couple who aren't PC savvy enough to set up a computer network securely.

Fri, Jul 6, 2012 DEFENDER OF THE FREE WORLD

Excellent article. I think a lot of commenters are missing the point, make yourself a hard target vs. an impossible target. People who drive around looking for open ports won't spend time trying to hack into your HUB if you have the basic security measures in place, they will move on to an unprotected hub. They will only go after you if they have some gripe with you (ie stalkers, ex boyfriends, work dispute, etc.). I live near a small city and sometimes I drive around with friends a laptop and hub just to see what is available and how many people don't secure their equipment and it is scary. This is similiar to the cordless phones back in the 90's that were unsecured mostly on the 900 Mhz band, I used to hear some juicy conversations when I drive around with my scanner...

Fri, Jul 6, 2012 Steven

Thanks for this informative and educational article, which is also very funny.

Thu, Jul 5, 2012 DR

Better still, simply turn off all wireless functionality on the router and use Ethernet cables.

It may be slightly inconvenient and not "cool" (or whatever), but eliminating all wireless entry points to a network is the simple and effective way to prevent this from occurring.

Thu, Jul 5, 2012

It's a fair warning to the huddle masses yearning to go wireless, but this advice is . You were "happy to see WEP was enabled"? Clearly, you're a bit behind on the current wireless authentication / encryption standards. Also, your use of the term "password" is a bit misleading; in the case of the typical home user, WPA and WPA2 can only use PSK, which uses a "pre-shared key" (hence the name). This is not a "password" as such and you only serves to confuse by using "friendly" terminology. Finally, you completely overlooked the need to change the WAP management credentials; another favorite attack point on wireless devices. All it takes is some script-kiddie with knowledge of your WAP default password and he can build himself a backdoor faster then you can say "well, poop".

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above