Wireless Hackers
 

I have noticed my Internet connection has been rather slow of late and yesterday we had guests and all computers were off. I don't know what made me look but I noticed by wireless router was lit-up like a Christmas tree! It seemed apparent my Internet connection was being used by others but my area is populated with mainly family and retired types. I remembered that a group of 'lads' must be renting a house at the back and assumed those boys had hacked into my connection which was unsecured since getting the macbook (couldn't seem to get security working). Anyway I switched off the router and got on with our evening.

This morning I re-configured the router adding security shared key on all wireless computers, all was well. Until.....a few hours ago again I experienced a 56k like connection so switched off all computers but the router was flashing away indicating someone using the wireless service.

Sat in a darkened corner I thought I need to reduce the power of the wireless output but the router menu did not show anything of this sort. I googled WRT54G (my router type) and found lots of third party firmware. Reading and researching I found a popular free firmware supplier DD-WRT ( http://www.dd-wrt.com/dd-wrtv2/index.php ) I uploaded v23 on to my router and it all worked. 5 minutes was spent slowly reducing power output from 28mW (default) to 5mW. I have 3/4 signal strength at 54Mbit/s with no apparent difference in performance. Incidentally power can be increased to a colossal 251mW approx 10X the output power as standard from the Linksys firmware.

30 minutes into using 5mW I have no gatecrashers to my Internet connection but time will tell. I can drop it down output power further if need be.

What those lads were downloading I do not know but they were using all bandwidth I had! - Not any more.

Spoilsport!;)

It's no laughing matter. If the person/people who had been using your connection had been using it for dodgy stuff like credit card phishing, massive large scale spamming, or worse stuff such as kiddie prawn, it would have been you that was liable and would have to prove your innocence. If it's your connection that's being used it would have been taken as read that it was you engaging in these activities.

It's well known that the WEP security protocol can be hacked very (VERY) easily and is as good as useless. One of my work colleagues posted a link on our internal intranet showing to a, quite frankly, horrifying, page that was essentially "Noddy's Guide to Hacking into WEP". No technical knowledge is needed, all the tools to do it for you are readily available so if you're using WEP encryption thinking you're safe then think again. By using a dictionary attack, WEP can be broken without too much effort. By using a pre-shared key as long as your router will allow and using a random character string it will make hackers life very much more difficult.

If your router can use WPA, or better still WPA2 - the WRT54G can use WPA I see - then you are as good as safe. WPA has been cracked but if you use a long, ideally 63 characters, totally random character string for your pre-shared key then it's likely the hacker will have died of old age before he can break the code.

A useful tool for generating long random strings that can be used as keys, see:
https://www.grc.com/passwords.htm

If you can get WPA working then it's the best option.

Duncan

Since my laptop died I have disconnected the aerial and use the wireless router just as a router. Make sure you change the default admin password of the router itself (often ''password'') or they might be back in and alter your security settings to suit themselves.

It is possible to disable the wireless part of a wireless router.

We are now over 24 hours since I reduced the power of my router and still no use from others. I was amazed how quickly they hacked my security but if you cannot receive the signal, it cannot be hacked!

Thanks Foxy but as my daughter comes home now and then with her laptop I find it easier and quicker to just pull out or plug in the aerial.

Out of interest, had they hacked into it when you'd set encryption to WEP or WPA? How long/random was your Pre-Shared Key?

WEP Pre-shared with a 9 digit random code based on Hexidecimal. Hacked in a short period of time!

Have you now set it to WPA? I'd advise on using WPA encryption, even with your reduced power output. There was an episode of the BBC series "The Real Hustle" I saw showing how a couple of guys in the back of a van could drive down the road monitoring wireless network signals from the road outside houses and hack in. They hacked into a guys (WEP) network and monitored his internet activity. Unfortunately, he happened to be booking a fortnight's holiday using his credit card. So, they had all his credit card details, and a nice bonus of the dates the house would be unoccupied!

Your reduced power output will have stopped the guys in a house nearby, but on its own, it may not stop the guys in a van outside. This may not apply to your particular circumstances, I'm just pointing out some potential problems for the benefit of others who may be reading this.

Regards,

Duncan

Now set security to WPA2, new firmware from DD-WRT has lots of new features. Their slogan is 'turn your $60 router to a $600 router', I think it has. Running lower power must be better for your health even if there are 'inconclusive' studies for radio transmissions.