Recently I read a report suggesting that free wi-fi in coffee shops, supermarkets, etc, was a danger. The story stated that a free and unencrypted internet connection could be used for illegal purposes. The report suggested that not only were people downloading pretty much anything they wanted, it’s also possible for someone else to snoop on their internet activity in order to intercept and steal information such as website access, bank details and passwords.
So a few days ago I ran an experiment. That experiment was simply to leave my wireless connection open and unencrypted, and see what happens. Would the neighbours stumble onto it and use it? Would anyone else use it? And in doing so, would they realise the inherent dangers in doing so?
Before I go any further I want to state that this exercise wasn’t done to snoop on other people’s internet habits or steal passwords (as easy as that would be). It was done simply as a proof-of-concept to see what would happen in a real life situation.
The first step was to rename my wi-fi hotspot from something identifiable (such as a personal VirginMedia hotspot) to something else. I also logged in to the router’s log page so that I could see certain details of any connecting devices. I also monitored the incoming and outgoing data amounts over the period of a few days.
To put it mildly, the results were remarkable…
It’s important for me to state that my internet connection probably reached half a dozen other households in my area. With an average of 2.4 people in each household and with at least one wi-fi accessing device each, it meant that over a period of a week I was expecting to see around fourteen connections logged on the router.
However, by the end of the third day the router had logged 39 separate connecting devices, and almost 16GB of data downloaded!
One thing I didn’t consider was the alleyway that runs near my home. It appears a lot of mobile phones were connecting to my router during the few seconds it took someone to walk along the street. The majority of logs on the router suggested “Steve’s iPhone”, for example, and only stayed connected for a minute or so. Other items that connected were Nexus tablets, Samsung phones, several laptops and a bunch of ‘null’ (unknown) connections.
I must note three occasions that came to my attention;
Firstly was a guy who decided to stop in the alleyway and smoke a cannabis cigarette. It was the smell seeping through the window and into my home that initially brought him to my attention. He stood in the alleyway for almost 15 minutes watching YouTube clips on his phone, using my internet. He also stopped off on his way back again, deliberately stopping in the same place he had stood before.
Secondly was a laptop that connected and disconnected on and off constantly for two days. I have a feeling it belongs to one of the neighbours kids who perhaps discovered “free wi-fi” in different areas of their house. They seemed to visit a lot of different websites (http traffic) and download a lot of media (prolonged download connections), according to the router logs. It wasn’t obvious what they were doing without using further analysis software, but I wasn’t interested in breaking the law just to see!
Thirdly there was a van parked on our street which looked like it belonged to an installation or engineering company (ladders on the roof with a hi-vis yellow jacket tied to it). I noticed the guy was sat in the van with an open laptop in front of him and appeared to be browsing the internet. When I came back from the shops, about two hours later, he was still parked in the same place and still using the laptop. Upon checking the logs there had only been three laptops connected during that time and one of them had downloaded GIGABYTES of data. Maybe he was downloading TV episodes from BBC iPlayer to watch offline, maybe he was downloading pirate movies. Without using more sophisticated techniques and analysing the data I don’t actually know what he was doing. And to be fair, it might not even have been him.
It was at this point I decided to stop the experiment. Interestingly, once I had renamed, re-encrypted and rebooted the router the guy disappeared.
My understanding of the law is that theft is defined as taking something that belongs to someone else with the intention of permanently depriving that person of it. The Law sees ‘items’ as being tangible, as in they must be physical objects that could be taken. The only exception to this is electricity, which the Law says can also be seen as theft. People have been convicted for rewiring street lamps and powering their homes free of charge, for example!
But could using someone else’s internet connection without their permission be classed as theft? Who would be responsible for what they do with that connection?
In todays society it’s far too easy for people to snoop on your internet habits. I’ve seen software in action that literally steals your unencrypted website cookies. Nobody needs to know your passwords or log-in details if the website thinks you’re already logged in. It’s a dangerous cheat, and it is real. I’ve also seen wi-fi cards with incredible power that can connect to a wireless router several MILES away.
The bottom line is that the news report is true; in my opinion using free wi-fi spots is a danger if you’re blasé about identity theft and your own privacy. And it’s also true that without proper monitoring, those connected users could literally be doing anything online.
Piracy is a crime. Stupidity should be too. Be careful with free wi-fi hotspots.