Protect your Wi-Fi network from hackers

Five ways to protect your Wi-Fi network from hackers

Posted April 26, 2011 9:22am by Phil Hornshaw Tags: Wi-FiSecurityWireless Networkssafety

Consider the story of one Buffalo, New York man a cautionary tale.

The man???s house was raided by agents from the U.S. Immigration and Customs Enforcement agency last week, which later turned out to be a mistake. The reason? Department of Homeland Security agents traced a distributor of child pornography back to the man???s home Wi-Fi router.

The trouble was, the man wasn???t the one distributing the illicit and illegal material — authorities say it was his neighbor, who was connecting to his Wi-Fi network. The agents didn???t have the wrong house, but it took them a week to determine that they had the wrong suspect.

For the less tech savvy among us, protecting an Internet router can be a daunting task, requiring technical know-how that gets confusing. But with just a few seconds, the router???s manual, and some understanding of what you???re looking for, setting up at least some router security can be pretty easy, and can save Internet users from issues like identity theft and an unfortunate visit from the U.S. government. Here are a few tips for keeping your network, and your data, away from those who would hijack it.

1. Set up a password – or even better – an encryption key

Adding some kind of password to your network is a way to immediately discourage probably 99 percent of the people who could jack into your Wi-Fi connection remotely, and it really is just about the easiest thing ever to do to protect yourself. All you need is the Ethernet cable that comes with a router when you pull it out of the box or installed by a cable company, and the manual that comes with the router. By using the cable to plug directly into the router, a computer can access the router???s internal settings using an Internet browser. The address (usually in the form of what???s called an IP address, generally or something similar) gets you into the router???s inner workings, but you need the cable to access it, so it can???t be altered remotely. The router???s manufacturer password is also included in the manual (usually it???s ???admin??? or ???password???), and you should change that too from the settings menu for added internal security to keep prying eyes out.

From there, it???s usually as simple as going to the security settings for your router and activating an encrypted password called a WEP or WPA key. This is presented in the form of a long chain of letters and numbers that the router can generate for you. You can specify a password of your own, but the router???s generated key is a much stronger encryption than using a password someone might be able to guess. Most modern computers will save passwords when you connect to your home Wi-Fi network, so you shouldn???t need to specify the network password again when signing onto the Internet, unless something gets reset.

2. Turn on MAC address filtering and router firewalls

While it is absolutely essential to use a password or encryption key to keep your Wi-Fi network secure, there are a number of other easy steps to make it even more protected.

Each computer that uses your network has a specific number attached to it called a ???MAC (Media Access Control) address.??? This is actually a physical number assigned to the actual Wi-Fi adapter hardware in your computer or mobile device. From the internal settings of your router, you can determine the MAC addresses of the computers that you want to be able to access your network and specify them to the router. Any device that doesn???t have the right MAC address will be denied access.

In order to set MAC addresses, you???ll need to have the devices you want to be able to use on your network connected so you can see their addresses in the router???s ???MAC Address??? section. There, you can usually just click a button that turns on the router???s MAC limiting setting, and then select which addresses are allowed access to the network.

Most routers also have an internal firewall program you can enable from the settings menu. This is anti-hacking software that makes a network more difficult to access from the outside, and turning it on is generally really easy. It???s also a good idea to protect your computers and devices with firewall software (Windows has one built in, but it???s not a bad idea to invest in better ones) that you can buy commercially to protect your data even further.

There is a slight inconvenience with MAC address filters, as they can complicate things whenever you want to add a new device to your network. So if your wife’s cousin wants to connect to the network, for instance, you’ll need to go back and add his MAC address to the router’s list. Of course, this is a small price to pay for added security.

3. Change your network???s SSID and make it invisible

From within the same settings menus that you adjusted the MAC settings and turned on your encryption key, you can also set whether your Wi-Fi network is ???discoverable.??? This means that the router won???t broadcast its ID information (called the SSID) over the air for other devices to lock onto. Only devices that know to look for the router, like the ones you???ve already authorized to connect to it, will be able to use your connection.

Generally, you???ll find the ability to alter discoverability in the security tab of your router???s settings browser window. It???s usually a button that discusses making your network discoverable or disabling SSID broadcast. This is also a good opportunity to change your router???s SSID to something other than the manufacturer preset. There???s a reason you see so many networks named “Linksys” or “D-Link” — those are routers that have their manufacturer defaults still activated, and they suggest to hackers that the passwords are still set to defaults as well. Either way, it???s easier for someone to get into your network when they have more information, and a manufacturer SSID doesn???t help. Change it, then make it invisible. Just remember: You don???t want your network discoverable, and you don???t want your router to broadcast its SSID. Turn those things off.

4. Assign IP addresses to your devices

This gets a bit technical, but like the MAC address filtering, it???s not nearly as complex as it at first seems. Each device that connects to the Internet does so using what???s called an IP address. Most networks use a system called ???dynamic IP addresses,??? which means that every time you connect to your network, the system assigns a temporary IP address to your system. That???s easy, but it also means anyone jacking into your network can get a temporary address just as easily as you can.

Instead, look for a tab in your router???s setup menu that lets you set ???static IP addresses.??? Like MAC filtering, you should be able to see the addresses of your devices at the moment; write them down, or specify a series of numbers to the router when you???re prompted to. These look complex (they???re usually long, like the address), but that doesn???t mean they have to be complicated. You can actually set addresses with the same sets of numbers up front, but alter the numbers at the end to keep them consistent and easy to remember for you, but more difficult for intruders to access.

Once you set static IP addresses, you???ll have to use the numbers you wrote down on your computers when they try to connect to the network. In your Network Settings, you can specify a device???s IP address so that it always uses the same number, then you can tell your router to only allow device???s using those specified addresses to connect. While the MAC filtering will keep out some less in-the-know network jumpers, more complex hackers can get around that technology; they???ll have more trouble with your static, filtered IP addresses.

5. Avoid open, unprotected Wi-Fi networks

This is more for when you???re out in the world than at home, using your computer or smartphone to try to access the Internet when you???re at the airport or in other places. Beware of open, access-free networks. If they???re open to you, that means they???re open to other people, too, and your sensitive information can be plucked out of the air by people who have a little bit of expertise in this area.

???Free Public Wi-Fi,??? for example, is a network that will often pop up in public places when you???re searching for a network. Don???t connect to it, though, as it isn???t really a free public network, and could very well be a quick and easy way for someone with ill intentions to get access to your computer.

For the most part, the best thing you can do is avoid open networks you don???t trust whenever possible. If you do decide to access an open network, limit what you do on it. Don???t access sensitive websites or use important data like your bank passwords while attached to the network. You should also take steps to keep your computer from saving sensitive Internet information that could be accessed later, like a history or cookies cache. These are bits of data your web browser saves from websites to make accessing them easier later. When you tell a website to save your password, for example, it leaves a ???cookie,??? or small program, on your browser for use later. You can easily clear these from your browser???s settings menu.

These are simple steps you can take to protect your network, your data and your privacy, but the technical aspect often frightens off people who aren???t familiar with their Internet hardware. Trust us when we say that it???s usually less complicated than it appears. Consult your router???s manual if you need to, and look for the keywords in your router???s settings menu: things like ???encryption key,??? ???firewall,??? ???disabling broadcasting and IP??? and ???MAC address filters??? are good. Once you set them up and write the numbers down, you should be able to breathe a little easier knowing your access to the Internet is protected.


Wi-Fi privacy danger, Password-protect your wireless router

BUFFALO, N.Y. ??? Lying on his family room floor with assault weapons trained on him, shouts of “pedophile!” and “pornographer!” stinging like his fresh cuts and bruises, the Buffalo homeowner didn’t need long to figure out the reason for the early morning wake-up call from a swarm of federal agents.
That new wireless router. He’d gotten fed up trying to set a password. Someone must have used his Internet connection, he thought.
“We know who you are! You downloaded thousands of images at 11:30 last night,” the man’s lawyer, Barry Covert, recounted the agents saying. They referred to a screen name, “Doldrum.”
“No, I didn’t,” he insisted. “Somebody else could have but I didn’t do anything like that.”
“You’re a creep … just admit it,” they said.
Law enforcement officials say the case is a cautionary tale. Their advice: Password-protect your wireless router.
Plenty of others would agree. The Sarasota, Fla. man, for example, who got a similar visit from the FBI last year after someone on a boat docked in a marina outside his building used a potato chip can as an antenna to boost his wireless signal and download an astounding 10 million images of child porn, or the North Syracuse, N.Y., man who in December 2009 opened his door to police who’d been following an electronic trail of illegal videos and images. The man’s neighbor pleaded guilty April 12.
For two hours that March morning in Buffalo, agents tapped away at the homeowner’s desktop computer, eventually taking it with them, along with his and his wife’s iPads and iPhones.
Within three days, investigators determined the homeowner had been telling the truth: If someone was downloading child pornography through his wireless signal, it wasn’t him. About a week later, agents arrested a 25-year-old neighbor and charged him with distribution of child pornography. The case is pending in federal court.
It’s unknown how often unsecured routers have brought legal trouble for subscribers. Besides the criminal investigations, the Internet is full of anecdotal accounts of people who’ve had to fight accusations of illegally downloading music or movies.
Whether you’re guilty or not, “you look like the suspect,” said Orin Kerr, a professor at George Washington University Law School, who said that’s just one of many reasons to secure home routers.
Experts say the more savvy hackers can go beyond just connecting to the Internet on the host’s dime and monitor Internet activity and steal passwords or other sensitive information.
A study released in February provides a sense of how often computer users rely on the generosity ??? or technological shortcomings ??? of their neighbors to gain Internet access.
The poll conducted for the Wi-Fi Alliance, the industry group that promotes wireless technology standards, found that among 1,054 Americans age 18 and older, 32 percent acknowledged trying to access a Wi-Fi network that wasn’t theirs. An estimated 201 million households worldwide use Wi-Fi networks, according to the alliance.

Criminals are stealing credit card data by tapping into wireless networks

Seattle police are investigating a group of criminals who they say have been cruising around town in a black Mercedes stealing credit card data by tapping into wireless networks belonging to area businesses.
The group has been at it for about five years, according to an affidavit signed by Detective Chris Hansen, a fraud investigator with the Seattle Police Department.
“A number of area small and medium-sized businesses have been targeted in these network intrusions, which have also involved a pattern of financial and personal identifying information (such as credit card information),” Hansen wrote in his affidavit, dated April 13. He declined to comment for this story.
Hansen believes the group has been “wardriving” the Seattle area in a customized 1988 Mercedes Benz, looking for companies using an unsecure Wi-Fi standard called Wired Equivalent Privacy (WEP). WEP has well-documented security flaws and has been considered for years to be unsecure, but was widely used in routers built between about 2000 and 2005. Many consumers and small businesses still use it.
Because WEP’s encryption can be cracked using easy-to-find tools, even unsophisticated hackers can break into WEP networks and mine them for data.
Wardrivers typically use long-range antennas connected to laptops to compile lists and locations of wireless networks, driving from street to street and logging the Wi-Fi activity that they find.
WEP flaws have cost retailers money before. Last year, Albert Gonzalez was convicted of stealing more than 130 million credit card numbers. He used various methods, but got many of the card numbers by wardriving retailers including TJX Companies, OfficeMax and Barnes & Noble. Once he found a vulnerable network, he would hack in and install credit card-stealing programs.
Many big retailers have beefed up security since 2008, when Gonzalez was hacking, but small companies are often at risk. In its annual Data Breach Investigations Report earlier this week, Verizon said criminals are<a href="*…” style=”color: rgb(0, 88, 166); text-decoration: none;”>increasingly hitting smaller businesses as it becomes harder to steal financial data from big companies.
Police impounded the Mercedes last October after arresting its owner for allegedly using stolen gift cards at a local wine bar. In the car they found a range-boosting antenna and a Wi-Fi-enabled laptop with a passenger-seat mount, so that it could be used while driving. Except for the front, all windows in the car were heavily tinted, making it difficult to see what was going on inside.
Investigators had been tracking the black Mercedes since at least February 2010, Hansen said in a court filing requesting permission to seize the car. A spokeswoman with the U.S. Department of Justice would not say whether charges had been brought against any of the suspects.
The gang is thought to have stolen more than US$750,000 worth of items, according to the Seattle Post Intelligencer, which <a href="*…” style=”color: rgb(0, 88, 166); text-decoration: none;”>first reported the story.
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at <a href="*” style=”color: rgb(0, 88, 166); text-decoration: none;”>@bobmcmillan. Robert’s e-mail address is

Your Phone is tracking your private data for others to use

The debate over digital privacy flamed higher this week with news that Apple Inc.’s popular iPhones and iPads store users’ GPS coordinates for a year or more. Phones that run Google Inc.’s Android software also store users’ location data. And not only is the data stored ??? allowing anyone who can get their hands on the device to piece together a chillingly accurate profile of where you’ve been ??? but it’s also transmitted back to the companies to use for their own research.
Now, cellphone service providers have had customers’ location data for almost as long as there have been cellphones. That’s how they make sure to route calls and Internet traffic to the right place. Law enforcement analyzes location data on iPhones for criminal evidence ??? a practice that Alex Levinson, technical lead for firm Katana Forensics, said has helped lead to convictions. And both Apple and Google have said that the location data that they collect from the phones is anonymous and not able to be tied back to specific users.
But lawmakers and many users say storing the data creates an opportunity for one’s private information to be misused. Levinson, who raised the iPhone tracking issue last year, agrees that people should start thinking about location data as just as valuable and worth protecting as a wallet or bank account number.
Privacy watchdogs note that location data opens a big window into very private details of a person’s life, including the doctors they see, the friends they have and the places where they like to spend their time. Besides hackers, databases filled with such information could become inviting targets for stalkers, even divorce lawyers.
Do you sync your iPhone to your computer? Well, all it would take to find out where you’ve been is simple, free software that pulls information from the computer. Voila! Your comings and goings, clandestine or otherwise, helpfully pinpointed on a map.
One could make the case that privacy isn’t all that prized these days. People knowingly trade it away each day, checking in to restaurants and stores via social media sites like Foursquare, uploading party photos to Facebook to be seen by friends of friends of friends, and freely tweeting the minutiae of their lives on Twitter.
More than 500 million people have shared their personal information with Facebook to connect with friends on the social networking service. Billions of people search Google and Yahoo each month, accepting their tracking “cookies” in exchange for access to the world’s digital information. And with about 5 billion people now using cellphones, a person’s location has become just another data point to be used for marketing, the same way that advertisers now use records of Web searches to show you online ads tailored to your interest in the Red Sox, or dancing, or certain stores.
The very fact that your location is a moving target makes it that much more alluring for advertisers. Every new place you go represents a new selling opportunity. In that sense, smartphone technology is the ultimate matchmaker for marketers looking to assemble profiles on prospective customers.
That profiling is what makes some users uneasy.
At a technology conference in San Francisco this past week, security researchers disclosed that iPhones and iPads keep a small file of location data on their users. That file ??? which is not encrypted and thus vulnerable to hacking ??? is transferred when you sync your phone to your computer to back up information. Security firm F-Secure Corp. said the iPhone sends users’ location data to Apple twice a day to improve its database of known Wi-Fi networks.
The data that is available goes back to last year’s launch of Apple’s new iOS 4 operating software. Researchers say the tracking was going on before that, though the file was in a different format and wasn’t easy to find until the new system came out. In June, Apple added a section to its privacy policy to note that it would collect some real-time location data from iPhone users in order to improve its features.
While Apple has been silent about the latest findings, it has noted that its practice is clearly spelled out in user agreements. Other phone makers say the same. Google acknowledged this past week that it does store some location data directly on phones for a short time from users who have chosen to use GPS services, “in order to provide a better mobile experience on Android devices.” It too stressed that any location sharing on Android is done with the user’s permission.
But consumer advocates warn that too many people click right through privacy notifications and breeze over or ignore such legalese. Case in point _some iPhone users who found about this past week about the data storage say they didn’t know anything about Apple’s tracking.
“It’s like being stalked by a secret organization. Outrageous!” said Jill Kuraitis, 54, a freelance journalist in Boise, Idaho. “To be actively tracking millions of people without notification? It’s beyond unacceptable.”
It’s easy to tell smartphone users that turning off tracking is as easy as finding their way to the settings menu. But to opt out of GPS service means preventing the software on your phone from using any information about where you are. That means cutting yourself off from the vast array of mobile apps that offer discounts and ads, allow you to connect more easily with friends who use social media, and simplify your life with map directions. Not a great trade-off.
And if you thought there were laws that curbed tracking, think again.
The government prohibits telephone companies from sharing customer data, including location information, with outside parties without first getting the customer’s consent. But those rules don’t apply to Apple and other phone makers. Nor do they apply to the new ecosystem of mobile services offered through those apps made by third-party developers.
What’s more, because those rules were written for old-fashioned telephone service, it’s unclear whether they apply to mobile broadband service at all ??? even for wireless carriers that are also traditional phone companies, like AT&T Inc. and Verizon.
Both the Federal Communications Commission and the Federal Trade Commission have said they are looking into the issue. But for now, it’s up to smartphone users to decide: Is it privacy they are most concerned about, or convenience?

iPhones and iPads are secretly collecting location data on users

Apple slammed over iPhone, iPad location tracking

By JORDAN ROBERTSON, AP Technology Writer ??? Thu Apr 21, 6:16 pm ET

SAN FRANCISCO ??? Privacy watchdogs are demanding answers from Apple Inc. about why iPhones and iPads are secretly collecting location data on users ??? records that cellular service providers routinely keep but require a court order to disgorge.
It’s not clear if other smartphones and tablet computers are logging such information on their users. 
Much of the concern about the iPhone and iPad tracking stems from the fact the computers are logging users’ physical coordinates without users knowing it ??? and that that information is then stored in an unencrypted form that would be easy for a hacker or a suspicious spouse or a law enforcement officer to find without a warrant.
Allan and Warden said the location coordinates and time stamps in the Apple devices aren’t always exact, but appear in a file that typically contains about a year’s worth of data that when taken together provide a detailed view of users’ travels.
“We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations,” they wrote in a blog posting announcing the research.
Allan said in an email to the AP that he and Warden haven’t looked at how other smartphones behave in this regard, but added there’s suspicion that phones that run Google Inc.’s Android software might behave in a similar way and is being investigated.
Google did not immediately respond to a request for comment.
The existence of the location-data file on the phone is alarming because it’s unencrypted, the researchers said, which means that anyone with access to the device can see it.


Opt out of marketing data bases! Do it now! And don’t give out any personal information in response to an email, even if it appears to come from your bank or favorite store.


So much of your personal data is swirling around the world that you cannot fully protect yourself. But here are some steps you can take to lower your risk:

1. Get out of marketing data bases. They all allow you to opt out, if you can find them. For example, you can block your name from being used by any of Epsilon’s clients, including catalog marketers and retailers. One big problem: The database company might retain your name and just block it from being used. If a thief hacks in, he gets the blocked names, too.

The Privacy Rights Clearing House lists 135 data brokers who are selling your name to all comers, and tells you whether or not they have opt-out policies. If they do, you have to go to the brokers’ websites and suppress your name yourself. I checked some of the sites and the opt-out screens are hard to find. One likely place is the broker’s Privacy Policy, usually shown in small print at the bottom of the page.

2. Opt out, or unsubscribe, from every commercial email list you’re on. “They’re required to give you that option,” says Greg Aaron, director of domain security for Afilias, an Internet infrastructure company. If you opt out at the source, your name should be removed from the large, pooled data bases.

3. Stop most direct mail. The Direct Mail Association provides a website, letting you opt out of various types of promotional mail from its members: credit offers, catalogs, magazine offers, requests for donations, and others. That should stop mail from national companies you haven’t done business with before. Your opt-out lasts for five years. After than you have to sign up again.

The DMA opt-out won’t stop mail from non-members, such as local businesses, charities, or mail from a company where you’ve shopped. You will have to contact those mailers directly and in writing (phone calls don’t work). Be sure to tell them you don’t want your name shared with other companies, such as Epsilon, for marketing purposes.

4. Stop your bank from sharing your name. Under the Fair Credit Reporting Act (FCRA), you can tell your bank not to give your name to any of its affiliates for marketing purposes, as well as to outside marketing firms. You have to give notice in writing, citing your rights under FCRA. Ask for a written acknowledgment that you’ve been taken off the list. These opt-outs, too, might last for just five years.

5. Stop sharing personal information on your Facebook, LinkedIn, or MySpace pages with the general public. Or, share only what you wouldn’t mind seeing in a database, and leave off banking identifiers such as your mother’s name. Social networks can be mined, using your email address.

6. Stop phone calls from telemarketers, by signing up with the National Do Not Call registry. When the registry began, you could stop these calls for only a limited number of years. Since 2008, however, you’ve been able to block them permanently.

7. Opt out of credit card offers. You can stop receiving them by signing up with the OptOutPreScreen, run by the consumer credit reporting industry.

8. Don’t be fooled. Never open an email telling you that you’ve won something, or that you have an unclaimed package, or that there’s a problem with your tax return or bank account. Just by opening it, you might introduce malware into your machine, which searches for passwords to financial accounts. If your bank or credit card company apparently sends you an email, asking you to make corrections in your account, delete. It’s a cheat. Or call the institution to see if it’s legit, before entering any information. With the Epsilon break-in, you might get phony phishing messages from familiar retailers, too. For more tips, check the Privacy Rights Clearinghouse and APWG, an industry organization that fights online fraud.

After taking all these actions, are you safe from international financial thieves? Unfortunately, no. Anyone with banking, retail, email, college, or credit relationships will have their data stored somewhere, and the institution might not have spent enough money to keep it safe. Someday the database industry will be slapped with a massive lawsuit, and then maybe they’ll start taking encryption and other advanced security measures more seriously.

Dangerous Antibiotic Resistant Superbugs CRKP & MRSA Spreading Globally

Misuse of antibiotics has led to a global health threat: the rise of dangerous???or even fatal???superbugs. Methicillin-resistant Staphylococcus aureus (MRSA) is now attacking both patients in hospitals and also in the community and a deadly new multi-drug resistant bacteria called carbapenem-resistant Klebsiella pneumoniae, orCRKP is now in the headlines. Last year, antibiotic resistant infections killed 25,000 people in Europe, the Guardian reports.

Unless steps are taken to address this crisis, the cures doctors have counted on to battle bacteria will soon be useless. CRKP has now been reported in 36 US states???and health officials suspect that it may also be triggering infections in the other 14 states where reporting isn???t required. High rates have been found in long-term care facilities in Los Angeles County, where the superbug was previously believed to be rare, according to a study presented earlier this month. CRKP is even scarier than MRSA because the new superbug is resistant to almost all antibiotics, while a few types of antibiotics still work on MRSA.