Peter Booth was minding his own business last Sunday afternoon at home in Kippax, near Leeds, when the knock on the door came. On his porch was Andrew Mason, 6ft 4in and dressed in a black T-shirt. He was holding a laptop and a strange antenna that resembled a Pringle crisps tin on a sticks
Booth blinked, admitted that he didn’t know how to secure his wireless connection, then invited Mason into the house and upstairs to the bedroom where he kept his computer.
Mason, one of a new breed of self-styled ethical hackers, had found another potential victim of cyber crime in need of help.
Wireless routers, or Wi-Fi connections, which allow laptops and computers to link to the internet without the need for wires, are one of the most popular applications for computers. They enable users to log in and out without being physically tied to one place in the house, and when out and about to check their bank account or buy a present online where there is a public Wi-Fi hotspot.
But because these are open portals they are increasingly leaving Britain’s 29m internet users exposed to fraud, identity theft or worse. Bank account details, including passwords and pin numbers, credit card numbers and expiry dates and other personal and financial information can be grabbed from the air by snoopers. Public Wi-Fi hotspots are rarely secure but perhaps surprisingly neither are many domestic networks.
Last week research carried out by the government and the industry online safety group Get Safe Online (www.getsafeonline.org), found that up to 5m home computers are left open to criminal attack in Britain from viruses, spyware or criminal hacking. The report, entitled Internet Safety: The State of the Nation, also found that one in five (21%) of households that use wireless broadband for their computers do not have password protection on their connections.
Tellingly, the study found that fewer than half of people questioned felt that responsibility for online security lay with them (many felt it was up to the banks, websites or internet service providers to protect them from fraud). The casual approach to personal security is reflected in rising online crime: last year the same number of people suffered fraud while shopping online as had their bag or mobile phone stolen in the high street.
But while the government is slowly waking up to the problem, the level of crime and ease with which it is perpetrated have spurred some public-spirited technology professionals to take matters into their own hands and warn people they are vulnerable.
These virtual vigilantes are appalled at the lax security of the “civilian users” and although some charge a fee to secure technophobes’ computers others do it for free. They call themselves ethical hackers and they cruise the streets using technology usually employed for more nefarious means to detect unprotected computer systems and warn the owners of the risks they are taking.
Back in the upstairs bedroom, Booth and Mason are in discussion about his network. Booth bought BT’s Home Hub system three months ago, primarily so his daughter could use her laptop to e-mail friends and download music. He is surprised at the ease with which a hacker could break into the system.
The Home Hub box is hidden from view beneath the table and Mason retrieves it.
“See this light?“ he says, pointing at the top of the box. “This means that your Wi-Fi is enabled and is broadcasting to anyone in the area that knows how to access it.
Although Mason is an IT professional hiring out his services to corporate clients for up to £2,500 a day, he says his interest in securing the public’s computers from attack is more than a job.
The technology behind Wi-Fi is relatively simple and hardly new. It has been around since the mid1990s and in America the problem of people piggybacking on other people’s networks has been around for years. Driving round in a car searching for unsecured Wi-Fi connections that could be used free (though not necessarily hacked into) became known as wardriving and practitioners took to painting graffiti — warchalking — on the walls of buildings describing the services available around it.
In Britain it is an offence to piggyback on someone else’s connection under the Communications Act since it dishonestly obtains “electronic communications services with intent to avoid payment”. And although it has become something of grey area — not least because it is possible to pick up a neighbour’s Wi-Fi unintentionally — in 2005 a London man was fined £500 for repeatedly accessing a nearby resident’s network.
The penalties for actively hacking into someone’s computer are stiffer, but that doesn’t deter committed hackers. Sophos, a software security firm, has found that a computer without up-to-date protection would be attacked by viruses or hacked into within nine minutes of being connected to the web.
Partly this is because the tools needed to hack are easily available. In a small office lined with books with titles like Google Hacks, and Cisco Secure Virtual Private Networks, Mason opens a briefcase to reveal the tools of the ethical hacker’s trade.
The centrepiece of his toolkit is the antenna that he can use to detect signals. It is known as a yagi aerial and is able to detect Wi-Fi from a distance of up to a mile. It is directional so has to be pointed like a radar gun at the house you want to check. The aerial is connected to a laptop with sniffer software that deciphers the signal and decides whether it is secured on not. All the equipment is freely available on the internet. On a brief drive through Kippax it picked up 80 Wi-Fi networks, 17% of which were unsecured.
That level is not unusual. According to moneysupermarket.com , the online price comparison site, a study last week in which one of its team went wardriving through Liverpool, Chester and Manchester found that 25% of Wi-Fi routers were unsecured.
Mason, who began programming computers when he was a child, agrees. “The internet brings massive advantages but also massive threats,” he says. “People are only just realising what they are.”
Top tips for security
1 The easiest way of protecting yourself from Wi-Fi hackers is to turn the off the router altogether when you are not using it. Alternatively, most computers have a switch so you can disable the Wi-Fi function
2 Secure your system with firewall and passwords. The firewall on your router should automatically activate when you plug it in. Setting the passwords up is your responsibility. Many routers come with the username and password set to “admin” and “password” — hackers know this. Change these to something less obvious. To do this you must enter a series of numbers to your internet browser that brings up the router settings. The numbers will be in the router instructions or on the maker’s website
3 The same screen will give you the option of renaming your Wi-Fi network and enabling its encryption. There are two types of encryption settings: WEP and WPA, and there will be a box asking which type you want to use. In general go for WPA, which is more secure
4 You’ve now “bolted the door” and secured your Wi-Fi router against snoopers using receiving equipment. But you’re not safe yet. Your PC remains vulnerable so ensure it asks for a password at start-up and don’t set the administrator account under your name
5 Use software that helps block hackers. Windows (XP or Vista) has a firewall that will help keep out intruders; ensure it’s switched on by ticking a box in the control panel. Consider adding a separate firewall, such as the free ZoneAlarm (tinyurl.com/2z5rvh ), or a full internet security suite including antivirus and antispam
6 Close any other loopholes. Windows has a default setting called “remote desktop” that allows people to connect and provide remote assistance. Switch this off unless needed
7 With all of these measures choose your passwords carefully — never use a football team, for example, and use a combination of numerals and letters or a phrase
8 Update security software regularly. New security holes are regularly uncovered by hackers but patches to fix them are usually free online