Internet security in a wireless world: a ‘how to’ primer

Editor’s note: Ken Oliver, a longtime Kyrene Corridor resident and former FBI agent now living in Texas, contributed the following, originally posted on the FBI’s online network.

Nicholas Tombros has the dubious double honor of being the first spammer convicted under federal law ... and the first convicted “war spammer” in U.S. history.

“War spammers”—in case you haven’t heard the term—are a pernicious combination of “war drivers” and “spammers.”."

What does that mean? War drivers are people who drive around neighborhoods and office parks with laptops looking for open or unprotected wireless access points to the Internet. War spammers not only electronically hijack the web connections they find, but also use them to send unsolicited e-mails.

Is war-driving/spamming really such a big deal? Yes, for three reasons.

First, war drivers/spammers get free access to the Internet—at your expense.. They can use your online connection to do anything they want…and do it anonymously.

Second, if you have an unsecured wireless network and personal computer, they can use some commonly available software tools to read your e-mail, browse and access your networked folders and all the information stored in them, and log or “sniff” virtually everything you do on the Internet (including credit card purchases, stock trades, etc.).

And third, if spam is sent from your computer, your Internet Service Provider, or ISP, may find out and close your online account on the spot.
Which is precisely what happened to Nicholas Tombros’ victims in Marina Del Rey, Calif. 

On Sept. 27, Tombros pled guilty to sending spam by the thousands while war driving through the neighborhoods of Marina Del Rey last year. And not just any spam, either. Spam that advertised pornographic web sites.

How can you keep your wireless device from being hijacked like this? It’s less complicated than you think. Here are a few basic steps you can take:

• Enable the WPA (Wireless Protected Access) or WEP (Wired Equivalent Privacy) encryption and other security options provided by the product’s manufacturer. Since this encryption is inherently vulnerable, consider changing the key periodically.

• Change the default “Service Set Identifier” SSID network name and turn off the feature that continually broadcasts the SSID. While you’re at it, change your router administration account name and password.

• Activate the MAC (Media Access Control) Address filtering feature of your router.

Whether or not you connect to the Internet wirelessly, always make sure your computer has an up-to-date operating system with all the current patches and service packs, virus protection, and a personal firewall (preferably a software firewall and hardware-based router/firewall).

If you believe you’ve been “war-driven” or “war-spammed,” file a report with your local police department and the Internet Crime Complaint Center, cosponsored by the FBI and the National White Collar Crime Center.