With a wireless ethernet card, a laptop and some basic software savvy, you can get on the Internet for free from almost anywhere in downtown San Francisco. In fact, you can get a lot more than free Web surfing. You can waltz unhindered into dozens of corporate networks and access passwords, databases and private e-mail.
With a wireless ethernet card, a laptop and some basic software savvy, you can get on the Internet for free from almost anywhere in downtown San Francisco. In fact, you can get a lot more than free Web surfing. You can waltz unhindered into dozens of corporate networks and access passwords, databases and private e-mail.
“We walked around the Financial District with a laptop and an antenna, and we could pick up about six networks per block,” says Matt Peterson, a network engineer and founder of the Bay Area Wireless User Group (BAWUG).
He described a simple experiment he and a fellow BAWUG member performed to see just how easy it would be to find the locator beacons, or radio signals, for unprotected wireless networks downtown. “I was doing random things like aiming the antenna at the 18th floor of various buildings, and boom, I’d be sniffing somebody’s corporate network. “Peterson laughs incredulously, adding, “I thought it was just a rumor that you could do that, but it’s not.”
The price of creating an 802.11b network — a satisfyingly fast protocol for wireless ethernet — has come down so much over the past several months that over-eager consumers are setting them up at work and at home with very little regard for security. Partly because the technology is so immature, built-in security measures are fairly primitive. Also, as an anonymous San Francisco hacker told me sardonically, “Lots of people just don’t know how to set up a wireless network, so they make mistakes.”
For example, many tech workers who want mobility will plug a wireless access point into their company network, creating a bridge between the company’s wired network and wireless devices. Once the access point is in place, they can take their laptops to the park across the street and still have instant access. But, as network security expert Ian Goldberg commented, “What you have to remember with wireless is that anyone within radio range can read (data) packets from your network.”
Such mistakes are understandable when so much wireless technology is built to be as open and user-friendly as possible. Often, a wireless access point comes out of the box configured to allow anyone with a wireless card to interface with it. And Mac iBooks with built-in wireless cards automatically search for a network the instant a user boots up. As a result, a tech-saturated city such as San Francisco is riddled with hundreds of unintentionally open wireless networks.
What’s surprising is that very few people — aside from the usual black hat hackers — seem to be abusing these vulnerable networks. Rather than stealing bandwidth or private data from clueless 802.11b newbies, wireless mavens are taking advantage of the openness of this new technology to set up their own, deliberately public wireless networks.
BAWUG member Cliff Skolnick has even posted a list of wireless networks that are intended for the public’s free use on the BAWUG Web site. This list includes the 802.11b network he recently set up at his house, which has become a convenient resource for people who boot up their wireless-endowed laptops at the Martha’s Coffeeshop in his neighborhood.
“I set it up so I could drink coffee and have a connection,” says Skolnick, “and then several people found it by accident. I’ve gotten lots of e-mails from people thanking me for it.”
Clay Shirky, a well-known open source pundit and partner with New York investment firm Accelerator Group, is thrilled by all this network openness. “I’m not worried about security, because security and convenience are always a tradeoff,” he explains. A more interesting issue for Shirky is an economic one: “Wireless technology is easier to provide to a group than to individuals, so the question is whether businesses and municipalities should go into providing 802.11b networks.”
Shirky isn’t referring to services such as San Francisco’s Ricochet, a wireless Internet access network provider from San Jose’s Metricom. He wants to know whether citizens will be given free or subsidized wireless access, as if it were a municipal utility like water. He muses, “In New York, we have laws that give zoning variances for skyscrapers in return for creating public spaces. These public spaces could easily include 802.11b networks.”
Currently, San Francisco has no plans to make wireless a public utility. Indeed, Denise Brady, deputy director of San Francisco’s Telecommunications Commission, had never heard of public wireless networks. “I don’t see a need for it,” she said simply. “We’re at the top end of the scale in terms of market attractiveness here, so we have commercial services like AT&T’s new cable system to provide for us.” In other words, San Francisco’s official position is that for now wireless users will have to content themselves with services such as Ricochet.
There’s still hope, however. Grassroots groups in several other major cities have already started community-based public wireless networks: Seattle Wireless, Portland’s Pdx Wireless and London’s Consume are three of the best-known.
A more capitalistic venture is the Starbucks-Microsoft deal announced in January of this year, which may lead to wireless access for customers in Starbucks coffee shops. In a similar vein, San Francisco’s Surf and Sip helps businesses set up public wireless networks for their clientele.
But the fact remains that many San Francisco geeks with 802.11b cards are getting Internet access for free just by poking around and looking for an open network.
This begs the question of what companies and individuals can do if they don’t want their networks to be open. Security expert Goldberg explained that Wired Equivalent Privacy (WEP), the most common form of wireless security, hasn’t been tested nearly enough to be foolproof.
He suggests that if you want your 802.11b network to be secure, the best thing to do is configure your access point to be outside your firewall. That way, people with wireless ethernet cards might be able to find your access point, but they still have to pass through the firewall’s security gate to gain access to the private network.
For now, however, most of San Francisco’s wireless networks are open to the public. It reminds Skolnick of the early days of the Internet, when people would give each other connections for free. Among wireless users today, he says, “Most people generally just don’t mind sharing.”
Of course, he warns, you can’t expect things to stay this way forever. “It’s nice to think of wireless as being free anywhere, but soon you’re going to see it getting more and more commercialized.” And it will probably be more secure, too.
– A Brief Bio –
Annalee Newitz is a freelance writer in San Francisco. Find out all the gory details at http://www.techsploitation.com.
Author: Annalee Newitz
News Service: SF Gate
URL: http://www.sfgate.com/cgi-bin/article.cgi?file=/technology/archive/2001/03/22/freewireless.dtl
Leave a Reply