INTERNET
SECURITY IN A WIRELESS WORLD
The Case of the Not-So-Friendly Neighborhood Spammer
11/10/04
Nicholas Tombros
has the dubious double honor of being the first spammer convicted under
federal law ... and the first convicted "war spammer" in U.S.
history.
"War
spammers"--in case you haven't heard the term--are a pernicious
combination of "war drivers" and "spammers."
What does
that mean? War drivers are people who drive around neighborhoods
and office parks with laptops looking for open or unprotected wireless
access points to the Internet. War spammers not only electronically
hijack the web connections they find, but also use them to send unsolicited
e-mails.
Is war-driving/spamming
really such a big deal? Yes, for three reasons.
First,
war drivers/spammers get free access to the Internet--at your expense.
They can use your online connection to do anything they want ... and
do it anonymously.
Second,
if you have an unsecured wireless network and personal computer, they
can use some commonly available software tools to read your e-mail, browse
and access your networked folders and all the information stored in them,
and log or "sniff" virtually everything you do on the Internet
(including credit card purchases, stock trades, etc.).
And third,
if spam is sent from your computer, your Internet Service Provider, or
ISP, may find out and close your online account on the spot.
Which is precisely
what happened to Nicholas Tombros' victims in Marina Del Rey, California. On
September 27, Tombros pled guilty to sending spam by the thousands
while war driving through the neighborhoods of Marina Del Rey last
year. And not just any spam, either. Spam that advertised pornographic
web sites.
How can you
keep your wireless device from being hijacked like this? It's
less complicated than you think. Here are a few basic steps you can
take:
- Enable the WPA
(Wireless Protected Access) or WEP (Wired Equivalent Privacy) encryption
and other security options provided by the product's manufacturer.
Since this encryption is inherently vulnerable, consider changing the
key periodically.
- Change the
default "Service
Set Identifier" SSID network name and turn off the feature
that continually broadcasts the SSID. While you're at it, change
your router
administration account name and password.
- Activate the MAC
(Media Access Control) Address filtering feature of your router.
- Whether or not
you connect to the Internet wirelessly, always make sure your computer
has an up-to-date operating system with all the current patches and
service packs, virus protection, and a personal firewall (preferably
a software firewall and hardware-based router/firewall).
If you believe
you've been "war-driven" or "war-spammed," file
a report with your local police department and the Internet
Crime Complaint Center, cosponsored by the FBI and the National
White Collar Crime Center.
Links: DOJ
Press Release | [Internet Crime Complaint
Center | FBI Cyber Investigation