So I’m sitting here at my excellent local Memphis honda repair shop getting Little Tokyo’s oil changed. In addition to being locally run, honest, and professional, the shop has wifi, so I can sit and work (or blog!) while getting my car fixed. The wifi wasn’t working today, so I asked the owner if he still offered it. The owner said that he does, but he only turns it on when asked now because someone has been “stealing” from him. Further questioning revealed that on three separate occasions, someone was working late at the shop and noticed a car idling outside the shop with a bright screen inside. Every time, when he turned off the wifi router, the car left.
Piggybacking someone else’s wifi is obviously nothing new. I’ve gone wardriving in a neighborhood in a pinch a few times (and even been accosted for sitting on a sidewalk in front of someone’s house once!). But in at least one case the car was idling in front of the shop from 12 midnight until 5 in the morning. I’m struggling to think of a reason for sitting on the router for so long so late at night other than the need for anonymity for some illicit activity. I suppose it might be a group of teenagers just looking for some private place to access facebook away from prying (and possibly surveiling) parents, but that seems a stretch. Individual anecdotes are obviously dangerous to draw conclusions from, but the fact that this is happening in Memphis at my local car shop makes me wonder how common it is. Memphis is far from the cutting edge of Internet activity.
I keep my wirless network at home open on the principle that I don’t trust the network to be secure with or without transport layer security and that I’m happy to share access with anyone who wants to use it. I’ve always judged the risk of someone using the access to do something I could be liable for to be small enough not to worry about it. This encounter makes me wonder whether I, like Bruce Schneier, should think harder about securing my home wireless network.
I also find it interesting that he was able to defend himself pretty effectively from what he viewed as an attack on his computers and network. As sophisticated as the wardriving attackers may have been, his simple defense of turning off the router until access is requested is pretty effective (though I strongly advised him to encrypt the network as well as turn it on on demand). Even more effectively, the owner noted the license plate of the car on at least one occasion. So now if the police show up at his door and try to arrest him for child pornography, he’ll have a license plate number to identify the users of his network. So midnight piggybacking as an anonymity technique could in many cases be less effective than just showing up at a local coffee shop in the middle of the day. the worst scenario in that case would be a physical identification which would in most cases be much more difficult to track back to a person than a license plate number.