Lights, camera, theft!


Last night I had the opportunity to be on prime time television in the UK. The BBC has a regular program, Watchdog, that investigates scams and frauds perpetrated against the general public.

The section I was involved with concerned the recent sending out of letters by lawyers on behalf of audio and games companies who are losing money through theft of copyrighted material.

The BBC have been investigating how innocent people are receiving these letters based on little more than than the companies having got access to the IP addresses of the people supposedly downloading audio and music illegally. My role in the program was to show how easy it was to find a wireless network and jump onto the network with the owner being none the wiser. This involved 2 hours of filming on a windswept day last week on a typical housing estate where one householder had received one of these letters.

I discovered several things:

  • Filming is a very slow process. I was lucky that there were few retakes but we took around 2 hours to film what might have been 30 seconds of material that finally got used.
  • These guys are thinking very laterally, filming lots of different clips that then get put together at a later date to make a coherent message.
  • There are a lot of wireless networks out there. I literally walked down 4 small streets and discovered around 40 wireless networks. The most significant fact was that the majority of them were secured.
  • Only a handful were unsecured and most of them proved quite weak and unreliable to connect to.

Nowadays practically every box that is shipped from an ISP now has wireless enabled by default and it is secured. The truth is that there are different levels of wireless security and any of them will be good enough to keep out the casual passerby. Keeping out the hardened criminals is always much harder but enabling any wireless security is much like locking your doors when you go out. It’s simple common sense. There are some unsecured networks out there and just a little reading of the manual would help make them secure.

It is questionable whether every network needs wireless enabled by default but with the majority of users opting for laptops it probably is the right choice.

The question remains as to whether someone really did piggyback onto an innocent users network. It is a reasonable supposition that this happened, especially considering that the BBC took the user’s laptops and had them checked by other experts who found no trace of anything untoward on the machines.

The latest Sophos Threat Report shows that the normal method of abusing someone else’s computer is through installing malware and turning it into an anonymising proxy so that internet traffic can be routed through that computer. That is the most likely scenario, but in the meantime it is now the lawyers who will make the money rather than the fraudsters.