An unprotected wireless network is an open invitation for anyone to use your internet connection to upload or download anything they want using your connection. That can be anything from normal everyday internet use by a neighbour who accidentally connects to your internet connection by simply connnecting their laptop to the first available network, in this case, yours; to the filesharer next door, to the criminal who is determined to garner as much personal information about you as they can, possibly with a view to identity theft, fraud or burglarly.
Criminals may use your network.
In Arlington County, Va., police tracked down the IP address of a suspected peodophile who traded child pornography online. Armed with a warrant, police knocked on the door of the person who used the IP address and found an elderly woman who they quickly realized wasn’t the suspect. Someone had hopped onto her wireless network to do the deed.
For businesses, determined criminals may seek to use an unsecured wi-fi to gain access to an entire computer network.
For example, two 21-year-old Michigan men found an unprotected wireless network at a Lowe’s retail store in Southfield, Mich. They hopped on to the network, “which gave them access to Lowe’s central computer system in North Wilkesboro, N.C., and to other computer systems located in Lowe’s stores around the country.” Armed with that access, they installed malware at a number of Lowe’s retail stores in order to steal the credit card information of customers making purchases.
Even worse was one of the largest data breaches in retail history, when hackers stole 45.6 million credit and debit card numbers over a year and a half from The TJX Companies Inc. Once again, poor wireless security at a single access point was the weak point. Hackers sat outside a Marshalls discount clothing store in St. Paul, Minn. Using a directional antenna and cracking software, they intercepted data being sent over the store’s wireless network, which was protected by notoriously easy-to-crack WEP encryption, rather than the stronger WPA.
Once they broke into the small, local network, they gained access to TJX’s main corporate network and stole the 45.6 million records.
The recording industry may sue you!
For several years, the recording and entertainment industry has been using the courts to go after illegal dowloaders and file-sharers of copyrighted material, some of whom were indeed illegally pirating music and entertainment and some of whom were quite clearly the victims of poor or non-existent wireless security.
For example, a Brooklyn woman, Marie Lindor, was sued by the Recording Industry Association of America (RIAA) for illegally downloading music even though she didn’t own a computer and had never used one. Apparently, the woman’s son used to live at home but took his laptop with him when he moved. However, he left behind a wireless router that was unprotected allowing someone to piggyback onto it and downloaded copyrighted files, so the RIAA went after Lindor.
Games manufacturers may sue you!
Barbara Burch in the UK received an 18-page letter from Davenport Lyons, one of the most respected law firms in the UK, alleging that she had breached copyright on a computer game called ‘Two Worlds’, and demanding £600.
Alan Guest also received a letter from Davenport Lyons, this time alleging a breach of copyright of a computer game by Atari and demanding £500 compensation or they would take him to court and costs would be substantially higher.
IP addresses and the Courts
Struan Robertson, legal director at Pinsent Masons, when asked if you can be held legally liable on evidence as flimsy as an IP address, said, “It’s probably enough to make a case,” he warns, “as these cases are being dealt with as civil matters, not criminal matters, so the standard of proof required is low.” If a case is defended, the rights-holder has to prove the person being sued infringed copyright. But being a civil case, “they only have to prove this on the balance of probabilities, not beyond any reasonable doubt.”
Other legal experts agree that IP evidence is enough to convince a magistrate. “If a rights owner can establish that a particular infringing act took place from or at a particular IP address, then that is prima facie evidence that the person who is responsible for that IP address has carried out the infringing act,” says Ruth Hoy, a partner at DLA Piper.
ISP’s and illegal downloads
In moves to protect copyrighted material, Britain’s six biggest service providers – BT, Virgin Media, Orange, Tiscali, BSkyB and Carphone Warehouse – have signed up to a scheme to curb internet access to any household which illegally downloads music and films. Although the companies rejected proposals to disconnect broadband services to ‘offending’ households, those that ignore warnings will be subjected to online surveillance and their internet speeds will be reduced, making it very difficult for them to download large files.
Unless you are completely computer non-savvy, and I’m assuming this isn’t the case as you are reading this, you will know about bandwidth and how expensive it can be to over-run your monthly bandwidth limits with your ISP charging you for each Gb or part thereof used above your monthly allowance. Even unlimited accounts are subject to ‘fair use’ policy which generally means if you are using too much you will be discontinued as a customer or placed on a ‘heavy user’ line (this can seem like the bad old days of dial-up all over again). An unsecured network means you are sharing your bandwidth with anyone who is of a mind to use it.
An unsecured wireless network may leave you vulnerable to anyone with a little knowledge snooping through your computer files or even intercepting the traffic between your computer and your router, effectively monitoring your surfing habits in realtime! So if you don’t want anyone seeing what you are up to online, including your shopping habits, holiday plans, or er, adult surfing, you really need to secure your network!
If you’re still not convinced then perhaps this video about why you should protect your wireless network may do the trick.