Schneier on Security
A blog covering security and security technology.
« Why You Should Never Talk to the Police |
| Suspect in 2001 Anthrax Attacks Kills Self »
August 1, 2008
Terrorists Using Open Wireless Networks
Remember when I said that I keep my home wireless network open? Here's a reason not to listen to me:
When Indian police investigating bomb blasts which killed 42 people traced an email claiming responsibility to a Mumbai apartment, they ordered an immediate raid.
But at the address, rather than seizing militants from the Islamist group which said it carried out the attack, they found a group of puzzled American expats.
In a cautionary tale for those still lax with their wireless internet security, police believe the email about the explosions on Saturday in the west Indian city of Ahmedabad was sent after someone hijacked the network belonging to one of the Americans, 48-year-old Kenneth Haywood.
Of course, the terrorists could have sent the e-mail from anywhere. But life is easier if the police don't raid your apartment.
EDITED TO ADD (8/1): My wireless network is still open. But, honestly, the terrorists are more likely to use the open network at the coffee shop up the street and around the corner.
Posted on August 1, 2008 at 6:46 AM
• 43 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
This can be somewhat compared to what you wrote in Secrets and Lies (IIRC) about car-alarms. A visible car-alarm makes your car less appealing to a thief, who will spend a little extra time to find a car with with no alarm. This is only a shift, there will still be as many thefts but not so uniformly distributed. An invisible car-alarm (like lo-jack) on the other hand, increases the likeliness of getting busted for all car thefts and lowers overall car thefts.
You can decrease the likeliness of you getting in a jam by securing your wireless network but by the same time increasing the likeliness of your neighbours open network getting used.
So the overall gain for society is just about zero.
I have a dream that maybe some day, law enforcement will be aware of the facts of open wireless networks and networks like Tor. One way might be to increase deployment of open networks and Tor-nodes etc. Another way, which I'm trying to cooperate with EFF's Norwegian chapter on is to prepare learning materials, backed with relevant laws and regulations and technical information, for presentation to law enforcement and authorities when such situations arise...
As a road warrior, it seems silly not to offer some kind of free wireless access to the general public. With this sort of simple minded responses from the police, it makes sense to take some precaution to make such a free WiFi access point hard to trace back to your home.
I've always locked down my WiFi networks. WPA2/AES + Mac authentication. I've always suspected that people use it for illicit purposes. Seems obvious that someone looking to commit fraud would not want to do it from their own home. Always wondered what liability could be in such a case... knowing how our courts work... could be a messy debate.
For free public WiFi, I never understood why they couldn't just require VPN to do anything. Essentially they provide the pipe, but you have to bring your own ISP. You could run a VPN server in your home an do it that way, use your employer, or pay an ISP a few bucks for VPN access. This has several advantages:
1. Forces good encryption over obviously insecure networks.
2. Provides a level of anonymity so WiFi provider doesn't know too much about you.
3. Since your IP used for any meaningful traffic would be your ISP's IP address (accessed via VPN), there's a method of accountability.
It seems this fixes so many problems and provides a great public utility. Everyone wins.
ISP bandwidth caps and liability issues (read: someone downloading child porn on your wireless connection) are other good reasons to not leave your wireless open.
Then again, there's always the ever-popular upside-down-ternet.
miw, how do you suggest the "simple minded" police have dealt with this issue?
I was personally involved in the investigation and the Haywoods had no logs what so ever on their router. The router had the range to reach the street, three other buildings and most of their neighbors.
What if I enabled a open wireless connection in my house, then started carrying out attacks against banks. When arrested, I blame the wifi that conveniently had no logs. Whats the police supposed to do in this situation?
If the police starts holding people personally responsible at-least they will ensure that logging or at least some simple form of access-control mechanism is enabled.
I don't have an issue with people providing free wifi, as a matter of fact I much appreciate it. But if you are going to do this, ensure that you have the proper logs in place so that if something goes wrong you don't get in trouble.
Yikes! Yeah, securing wireless is good...
>ensure that you have the proper logs in place
In some countries this may be illegal. And so what if you do... logs are easy to fake and don't tell you a dam thing. The MAC address on my laptop is programmable....
My network is open. The cafe downstairs has a open network. The bier garden down the road has a open network. Just about every cafe in Bruno, just 2 hours from here, all have free *open* wireless.
When i say open i mean no passwords at all.
A smart crim would use the most public wifis, since the signal to noise ratio from "logs" will make life more difficult for the police.
Oh and what about prepay phones with internet access? ....
I'm sick of the hole child porn crap. The interpol group estimated the number of new child porn photos going into circulation in a year is about 10. Thats a really small number.
Add the fact that What is child porn depends on the country.
Child porn for all intents does not exist. Its far far more rare than even terrorists. Its a stupid motivation for almost anything...
Child abuse *without* the freeking internet is a Real problem... If you really want to think of the children.
@Yash - the "logs" on my home router are only a few KB in length, and when it's full, or when the router first wakes up after a longer period of inactivity, it clears its log. When the connection is in use, between myself, my wife, and my son, we can hit enough URLs to fill it up and clear it in a few minutes. And, even though the router can send the logs to an email address, my email is not provided by the ISP, and I haven't been able to configure it to route the messages to my mail host. Bottom line, I can't rely on the router to keep good logs -- the ones it keeps aren't long enough, and they're too volatile to be of any use.
I wonder what they would have done if the email had been sent using a public library system.
I suppose that depends on where you are. What're the chances of a random terrorist picking my open wireless in Cambridge, MA? Too low a risk to worry about, IMO. I suppose if I were in Pakistan or Lebanon I'd consider it.
Another unfortunate case along this line was my daughter's co-worker in South Carolina, who was brought in on child-porn charges based on his IP address, but was later released when it turned up his neighbor was piggy-backing on his open wifi connection.
After hearing this I finally took the time to enable WPA2 on my router and disable SSID broadcast.
Stian, you are totally wrong. You are making the grand assumption that all casual or criminal user of open wifi are compelled to put effort into finding open wifi or breaking into closed wifi.
Bruce, why don't you change your positions when your commenters point out holes in your logic, rather than wait for articles such as this? Your commenters have always been smarter than you with respect to the risks open wifi exposes one to in modern society (with police/lawsuits/etc.)
@Yash: I think you're setting up a bit of a strawman there, but regardless, the idea of forcing private citizens to keep a log is ridiculous. Sure, it may make things harder for law enforcement if we don't structure our lives around leaving trails of data for cops, but that's part of the societal cost that we pay for our freedom. Besides, if mandatory logging was enforced, couldn't the same banker modify the logs?
law enforcement / government agencies know plenty about open access points, TOR, proxies, etc. -- they own many of the nodes!
The the words **"immediate raid"** conjures up images of black clad, machine-gun wielding SWAT guys who slam you on the ground and tell you you were lucky not to be shot. The rest of the article does not really support that image.
Note, however, that the consequences are fairly small and reasonable:
"He has never been detained, but we have called on him and questioned him as part of the investigation," said Parambir Singh, a senior officer in the anti-terrorism squad.
"He has said his email ID was hacked and evidence we have gathered shows that his network was used to forward the mail."
If someone were standing on my property and shot someone else with a gun, I expect the police would interview me. They're trying to find out what happened. In this case the article does not give me any reason to belief the Police are being unreasonable.
The problem with "logging" is you're effectively using liability (civil or criminal) to cause people to keep an audit trail of access on behalf of a government. The *is* "Big Brother".
Of course, some people think "Big Brother" is a *good* thing. Really, we first decide whether people should or should not contribute to "Big Brother". The consequences of an open wireless network in one case is negligence, in the other is mistakes. As Stian points, out, incremental security for society is probably zero.
How closed is closed enough? My TiVo v2 won't support anything stronger than WEP. I'm sure the cable company would *love* to have me criminally liable for using TiVo :)
"Child porn [is] more rare than even terrorists. Its a stupid motivation for almost anything... "
I think a clear and open discussion on any topic is a good thing. I have no problem with your statement.
"the interpol group estimated the number of new child porn photos going into circulation in a year is about 10."
I am very interested in any supporting evidence you have for this. A URL would be appreciated as I couldn't find it anywhere.
Again, I agree with you that child porn like any other issue should be discussed without everyone jumping on a side. So I am not disagreeing but I would just like more info on the stat.
I can't help be reiterate the fact that (as pointed out before) falsifying logs, and spoofing MAC addresses is child's play. A few clicks and a text editor.
Seriously. This wouldn't have helped one bit, and could have actually wasted your precious investigation time by having you chasing phantoms, thinking "if we could only find 00:12:15:52:71:d2, we've got him", when it actuality it belongs to some ATM in Akron, OH or something.
As for log data, the best it could have given you in terms of concrete data, provided you had any way at all to verify that it wasn't tampered with (quite unlikely), is a timeline, which you must have already had thanks to the expats' ISP logs.
"it makes sense to take some precaution to make such a free WiFi access point hard to trace back to your home."
Well, unless you're piggy-backing off of another WiFi network, your ISP will have no trouble 'tracing it back to your home' at will, and nowadays, without even a warrant or notice. Good luck with that.
So do you - mr Schneier - intend to change your wlan policies?
Am I the only one completely underwhelmed by all this?
Shock! Horror! Terrorists use open wifi to send e-mail! Terrorists also use benches in public parks to sit on and eat sandwiches, buses to get around town, water fountains to drink from, public libraries to read books, and lamp posts to lock their bikes.
Notice how you could substitute just about any group of humans in there? And how nobody of any seriousness is proposing to abolish lamp posts, libraries, water fountains, water fountains, or public parks?
When you contribute to the public good, you contribute to the good of the entire public, including every kind of ne'erdowell there is - winos, drug dealers, terrorists, suffragettes, and people who install ground effect lights under Japanese sports cars. It can't be helped, but it's still worth it.
You could also get arrested if your laptop is searched and found to contain child pornography, unbeknownst to you. That scenario can happen if your machine is compromised (used as storage for a botnet), for eg.
The security of your property, including your computer, rests with you. Not securing your equipment and your network could have very "inconvenient" consequences, at best.
Open wireless networks to me are no different philosophically from other open spaces that you want to share with others such as natural parks. Great idea, but if you do not setup an accompanying social structure to control use, then someone (like big industry/corporations, terrorists, or others) will step in and do as they please.
You might think it's ok to leave them unregulated or unguarded, but eventually some agent may come along and do things you disagree with and your "open" space/identity will be transformed to something you might have never wanted.
Leaving your wireless open is really only an option in countries where you can get Internet flat-rate. For the very practical purpose of me not having a flat-rate, I could never leave my wireless network open, lest I have to pay for someone else's music download habit.
Never mind the fact that ISPs may just kick you off their network if some "copyright holder" is claiming you downloaded some of their "property". I need my network for work, so I can't risk that being taken away from me.
To clarify, when I said ensure logs are present, it was primarily to prove your self innocent and not to catch the guilty. I don't think it is remotely possible to catch a criminal that is using your wireless internet, but my point of implementing logs was primarily from the home-user safety perspective.
Also: If anyone has any idea on how to prove the family's innocence or retrieve logs on a Linksys WRT54G that had logging disabled, please drop me a mail or leave a comment on my blog.
The criminals used the open Linksys WRT54G router to create a @yahoo.com e-mail and send out some mass mails. If anyone has any ideas let me know ;).
@Dewey: Yes, I got the same image concerning SWAT slams etc.
Yes, I also agree that as described the behavior of the police was very reasonable and exactly what I would expect of public servants, hired to protect the public.
Notice however, this event did NOT take place in the US...
Actually, that's a good reason *to* leave your wifi open. You'll get 15 minutes of fame! Your name in a newspaper!
@Bruce: it will be sweet irony if they made a point of using your connection to do something that sends cops knocking on your door :-)
But then may be they will leave you alone; you have been trying hard that only want smart ones are caught.
BTW I too keep my wifi open; but i also keeps a shot gun handy.
Puzzled American expats my ass....
Follow the money trails...not the wi-fi links.
I have a situation where my wifi is both open and closed. I've bought a FON wifi router via http://www.fon.com
This router has two channels; one is encrypted for private use and one is open for other people who have bought a FON router. The access to the open channel is monitored and logged by FON and they know who you are since you have to do a login before you can connect on an open channel. Your login is connected to you via your credit card and the delivery address of your FON router.
This set-up gives me the best of both worlds: I have a closed, private wifi and I can use 964420 (at this moment) other wifi routers in the world to connect to the net when I'm on vacation or away fro business.
I got a DMCA take-down notice because I was running a Tor anonymizer (well, mostly just screwing around with it) and someone was using Bittorrent through it. Ding! My IP is now at fault for stealing a Japanese Wii game!
Hell is other people.
A reason to leave it open: plausible deniability. If your secure network is hacked, which frankly isn't that hard for any determined attacker in many cases, you look completely guilty. At least with an open network your defense attourney has something to work with.
Many countries are implementing laws to prevent exactly that. They are trying to make the owner of the wireless device responsible no-matter-what, unless of-course they have maintained adequate evidence against the real culprit.
@Yash: Which countries? I've heard people propose it, but didn't know that liability was being implemented.
I'm also curious, would you propose banning post office boxes? They let you deposit mail and packages without any sort of ID.
In Europe, I've bought pre-paid GSM SIM cards with zero ID. What sort of logging are they required to have?
For that matter, is any ISP actually *required* in any legal sense to keep dynamic IP address logs in advance of a law enforcement request?
I'm concerned that it seems like there is this focus on open WiFi AP, yet there are (a) many other ways to send anonymous messages, and (b) not really any clear requirement for real ISPs to track people the way that people suggest WiFi owners must track.
I understand that, from a practical sense, I don't want to have the police knocking on my door if somebody else did something bad. However, I *really* don't like the idea of adding extra liability to behaviour that most people don't even realize they are doing...
What do you suggest? Just because the law isn't perfect we abandon any liability laws that may or will exist?
As a matter of fact, I would love to see some ID mechanism being implemented. However you must consider the fact that someone cannot do as much damage by sending a letter as can be done via the internet (data theft, fraud, defacement etc). Risk to usability ratio.
GSM providers are liable to log IMEI numbers of anyone who connects to their network. In turn this can be tracked to their physical location or area. As a matter of fact, every single SMS you send from your phone is logged for 48 hours.
Yes, I believe there is a requirement to keep logs of dynamic IP address. Try using your dynamic IP to use an exploit against yashkadakia.com. I will launch a complaint back and we will see whether your ISP can track you down or not?
However I am speaking about laws in India and have absolutely no clue about the laws in US or Europe.
Furthermore I think Wifi users should maintain logs less from a legal perspective and more from trying to keep your self and your family safe.
Websites are not required to store logs, yet most do. Why? In-case they are hacked or compromise, they can catch the criminal.
On a personal note, I completely support any government implementing laws to make wifi providers liable for damage. Governments should not have to abandon catching criminals and terrorists because you want to warmly greet the guests in your house with free internet.
But if i think you did it, I'm not going to believe your logs. I will assume you faked them.
Well at-least then the police have something to investigate forensically to verify you are innocent.
If you have no logs, they have no way to verify that you are innocent.
Also, what kind of idiot uses their own Wifi to do a crime, then cleans the logs and tries to act innocent. The police is going to be at your house questioning you, I don't see much hope of you escaping.
If a criminal was going to be that smart, they would've just used a random wifi + tor and avoided all problems, but obviously they are not YET.
It is all very well telling people they should keep logs on their WiFi but how many of you have actually tried to do it with SoHo/consumer grade WiFi to ADSL routers?
Most that I have looked at in the past either do not have the ability or in newer equipment make a half harted attempt at best.
Which is a bit of a problem because,
If you live in the U.K. or if your equipment is connected to a network that is connected to the U.K. (Read any place in the world) then you have obligations under various U.K. Acts (RIPA being the most talked about).
In theory if you have an open WiFi node then you can be viewed legaly as a "common service carrier" (like an ISP or Telco) which unfortunatly now obliges you to keep secure logs of all traffic carried over your equipment for upto seven years and to make it available upon lawful request by just about anybody...
Further you also apeare to be required to install "approved" remote access equipment for monitoring phone calls (the joys of VoIP) etc at your own expense.
To say that potentialy the legal position for "Anonymous Open Access" is "at best an untested mess and at worst an endless nightmare of pain and persecution" is being a little conservative in outlook.
And guess what in this current climate I expect it to get worse as just about all Government Officers (elected or otherwise) hate the Internet and the freedoms it gives the general public to question what they say...
@gopi, regarding "Which countries?":
In Germany. It is a lot more complicated as it sounds due to the different kinds of law (civil, etc.) involved and the calculation of damages, but the owners of open wireless networks have been held responsible by some courts. Currently there are lots of different rulings on such cases, so there is no established jurisdiction yet.
The current state of consumer grade wireless routers/access points will worsen things when all wireless networks are "secured". It is still fairly simple to hack WPA2 with a preshared key, it not any harder then WEP in fact.
What is someone hacked your secured network to do some illegal stuff, how are you going to prove it wasn't you?
And, can you expect every single user to be a security expert? (if so, Bruce will be out of work real soon ;-) It will always be easier for the devoted to abuse the assumptions of the average.
If bruce's wi fi is used by terroristbabyperves, would it be useful for the police to kick in his door or would it be smarter for them to park the white van with the 5 antennas down the street and watch it for a while, are police interested in propaganda action or effective action, an open wi fi with some illegal activity happening is either an opportunity to act intelligently and find the do'er or to act brutally and miss the target. in the case of minneapolis police, the hooded thugs with the mp5's would break the door. as they did at the sisters camelot house during the isag protests in 2000. they get a kick out of putting everyone on the floor and throwing a blanket on their heads before starting to kick them and abuse them.
And how can you prove to the police that you did not change your MAC address, commit whatever crime was committed on your wifi, then change it back to the previous value (to match your old MAC entries in your log)? There is no way to forensically determine this, ergo keeping logs cannot be used to show your own innocence. And liability for your network being used maliciously would make no sense, as previously mentioned even WPA2 is crackable. Even if everyone "protects" their wifi, more crackers will fire up the next version of Aircrack and now you have innocent people legally liable at no fault of their own.
@glenner03: "It is still fairly simple to hack WPA2 with a preshared key, it not any harder then WEP in fact."
AFAIK, the best-known attack on WPA(2) is brute-forcing the passphrase.
Is your point that typical passphrases are easily brute-forceable or did I miss recent cryptanalytic results?
Logging, monitoring, etc. is only a small part of the story that comes later. The crux of the matter is there is simply no excuse for leaving your wireless Internet access open. Most hotspots (e.g., in coffee shops) that have open Wi-Fi access have other means of authentication that home users don't.
It is high time home users realized the ramifications of simply plug-and-playing a Wi-Fi access point right "out-of-the-box."
It would help if vendors provide better guidance (best practices) "out-of-the-box" for untrained users on how they can secure their devices (e.g., configure WPA2) and the risks if they don't! No security is foolproof but that does not mean you leave your door open.
Unfortunately, there are enough myths floating on the Web about Wi-Fi security by the so-called wireless security pundits. For those interested, a paper that debunks common myths: http://www.airtightnetworks.com/home/resources/...
The existence of an open wireless access point does not mean the connected network, computers, etc. are insecure.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.