Wi Fi Hackers!

As Los Angeles and hundreds of other communitiesthe firewall is no longer in place. That means the
push to turn themselves into massive wirelesscomputer is unprotected. Once hackers have "got a
hotspots, unsuspecting Internet users are stumblingtoehold in a network, it's pretty much game over,"
onto hacker turf, giving computer thieves nearlyBickers said.
effortless access to their laptops and privateMost laptops are configured to search for open
information, authorities and high-tech security expertswireless points and common wireless names, whether
say.or not the user is trying to get online. That leaves
It's an invasion with a twist: People who think they arepeople open to hacking.
signing on to the Internet through a wireless hotspotIn two new attacks, called "evil twin" and "man in the
might actually be connecting to a look-alike network,middle," hackers create Wi-Fi access points titled
created by a malicious user who can steal sensitivewhatever they like, such as "Free Airport Wireless" or
information, said Geoff Bickers, a special agent for thean established, commercial name.
FBI's Los Angeles cyber squad.In the "evil twin" attack, the user turns on a laptop,
It is not clear how many people have been victimized,which may automatically try to connect. When it does,
and few suspects have been charged with Wi-Fiit is connecting to a fake access point, or "evil twin,"
hacking. But Bickers said that over the last couple ofand the hacker gets into personal files, steals
years, these hacking techniques have becomepasswords or plants a virus.
increasingly common, and are often undetectable. TheThe hacker can become a "man in the middle" when
risk is especially high at cafes, hotels and airports, busyhe funnels the user's Internet connection through this
places with heavy turnover of laptop users, authoritiesfalse access point to a true wireless connection. The
said.unsuspecting Wi-Fi surfer may then proceed to enter
"Wireless is a convenience, that's why people use it,"credit card information, access e-mail or reveal other
Bickers said. "There's an axiom in the computer worldsensitive data that can be tracked by the hacker.
that convenience is the enemy of security. PeopleMeanwhile, the session appears ordinary to the user.
don't use wireless because they want to be secure.Although the FBI has been aware of this kind of attack
They use wireless because it's easy."for about five years, its use has increased in the last
For Mark Loveless, just one letter separated securitycouple of years and is being seen as a "huge threat,"
from scam.Bickers said.
Logging on to his hotel's free wireless Internet in San"The actual tools you need, the software, the
Francisco last month, Loveless had two networks tohardware, etc., to mount this sort of attack has
choose between on his laptop screen - same name,become insanely easy to acquire," Bickers said. "You
one beginning with a lowercase letter, one with aneed a laptop, wireless radio and the ability to
capital. He chose the latter and, as he had done earlierdownload a free tool and run it. It literally is child's play."
that day, connected. But this time, a screen popped upThe creation of the access point itself is not generally
asking for his log-in and password.considered criminal; it's what happens next - tracking
Loveless, a 46-year-old security analyst from Texas,people's Internet use - that can cross the line.
immediately disconnected. A former hacker, he knewThese hacking techniques are considered to be
an attack when he saw one, he said."tantamount to a computer intrusion and illegal
Most Internet users do not.interception of wireless communication that can be
About 14.3 million American households use wirelessprosecuted under federal law," Bickers said.
Internet, and this figure is projected to grow to nearlyBut computer evidence and statistics are hard to
49 million households by 2010, according tocome by, said Arif Alikhan, a former federal
JupiterResearch, which specializes in business andprosecutor and former chief of the cyber and
technology market research.intellectual property crimes section for the U.S.
"There's literally probably millions of laptops in the U.S.attorney's office in Los Angeles. People can unwittingly
that are configured to join networks named Linksys orcompromise their computers in a multitude of ways,
D-Link when they are available," said Corey O'Donnell,and often there's no trace.
vice president of marketing for Authentium, a company"You can tell how many burglaries occur because
that provides security software. "So if I'm a hacker, it'syou're victimized, and someone knows they're
as easy as setting up a network with one of thosevictimized," Alikhan said. "People don't always know if
names and waiting for the fish to come."someone is using their wireless network, and it's very
Linksys and D-Link are two of the many commercialdifficult to tell unless you trace back every single
brands of wireless routers, products that allow a userconnection.... It happens more than I think we all realize."
to connect to the Internet using radio frequency.The U.S. attorney's office will not comment on pending
As the field of wireless connectivity expands, so tooinvestigations; however, wireless hacking cases are
does a hacker's playground. More than 300relatively new, and few if any current cases involve
municipalities across the country are planning or"evil twin" or "man in the middle" attacks, law
already operating Wi-Fi service.enforcement authorities said.
Los Angeles Mayor Antonio Villaraigosa last month"This is a classic case of law and law enforcement
announced plans for citywide Wi-Fi in 2009. USCbeing a little behind the technological curve," Bickers
already offers free wireless, and by the end of March,said.
Los Angeles International Airport will officially offerOther types of wireless-related Internet hacking cases
wireless at all its terminals under a new contract withhave recently popped up across the country.
T-Mobile.Nicholas Tombros was found guilty in 2004, under the
Some airlines already offer Wi-Fi at LAX. "There arefederal Can-Spam Act, of "war-spamming." He drove
no signs for any service at all, so if any passenger isaround the Venice Beach area with his laptop and
accessing a free wireless service ... they should beused unprotected wireless access points to send
cautious," said Nancy Castles, an airportspam. He could receive up to three years in federal
spokeswoman.prison at his sentencing next month.
A survey at Chicago's O'Hare Airport by AuthentiumHe is the only defendant who has been charged in a
revealed 76 peer-to-peer networks, or access pointscase involving wireless hacking by the Greater Los
that are connected to via another user's computer,Angeles section of the U.S. Department of Justice's
with 27 of them advertising access to free Wi-Fi - acyber and intellectual property crimes division since it
trademarked term for the technical specifications ofwas established in October 2001, according to
wireless local area network operation. The companyAssistant U.S. Atty. Wesley L. Hsu, deputy chief of the
also found that three of the networks had fake orsection.
misleading addresses, one sign the hotspots could be"They are technically difficult cases.... They're difficult
hackers.cases to put together, so law enforcement is having to
"At a busy place like O'Hare, in one hour a bad guysort of catch up," Hsu said.
could get 20 laptops to connect to his network andOn Sept. 30, Gov. Arnold Schwarzenegger signed into
steal the users' account information," said Raylaw the Wi-Fi User Protection Bill, which aims to block
Dickenson, vice president of product management atunauthorized sharing of open Wi-Fi networks and
Authentium, who conducted the survey lastinform users of the dangers of unsecured networks.
September.Starting in October, warnings and tips will be required
Corporate networks are sometimes the moston all wireless home-networking equipment sold in
vulnerable, as employers push for a more mobileCalifornia.
workforce without always educating its users on theThe law specifically addresses "piggybacking" - or the
security risks of wireless Internet.use of another person's wireless network to access
Many workers rely on corporate firewalls in the officethe Internet - a problem that security experts say has
and an automatic default network setting that linksbeen a concern for years.
them to their corporate networks. Outside the office,