Why I Would Never Hijack Someone's InternetWritten by Mark Sanborn: Nov 16, 2008
Well for the short answer all you have to do is ask your self this simple question. Would you give your mail, credit cards and other personal information to a complete stranger? Probably not. By connecting to someone else’s internet connection you are giving them complete control over the data that you send from your computer. This may include mail, credit card information, and personal information.
Although crucial information like bank passwords are transmitted through SSL (encrypted) almost all traffic is sent in plain text. For example this blog and all blogs running Wordpress don’t use SSL to encrypt the credential exchange. Thus if you were connected to a untrusted internet service like your neighbor’s wireless they could easily see your blog’s password. This is just one out of thousands of examples where personal information could be hijacked on the account of YOU hijacking their service.
The term for this is called “sniffing”. The third party would “sniff” the traffic and watch what you are doing. They can do this because by connecting to a someone’s internet you are transmitting your data through their devices. All traffic that is not encrypted could easily be logged and stored for later analysis. To further clarify the only traffic that is hidden from prying eyes is SSL or some other industry standard encryption. If you hijacked a WEP or WPA access point you are still vulnerable to sniffing attacks. Technically the third-party could still sniff your SSL data they just wouldn’t be able to tell what it was.
It gets worse
You may say, “Well when I hijack someone’s internet I just surf around and check my email and my bank uses SSL so I’m not really at risk.” The problem with this statement is that it assumes that you are actually going to your bank’s server when you try to login. When someone has the control over the internet connection they can alter the data that you receive as well as the data you send out thus your bank’s website maybe just a copy that submits your actual username and password to a third-party database. Not a difficult thing to setup with tools like curl, bind, and mysql.
What to do
Stop using someone else’s internet connection!
Other than moral reasons these reasons are enough for me to never use an untrusted wireless network. Especially since we know the dangers that are involved.
The first thing you should do as a wireless owner is secure it. Read my article on Wireless Network Security.
For those of you with wireless internet that you want to hide from prying eyes I recommend checking out fakeAP. It is capable of making 53,000 fake wireless access points.
If you are interested in how sniffing works see, Wireshark.
If you just want to have fun with the freeloaders you can flip their world upside down with this.
Need to print shipping labels on your site?
Checkout my product RocketShipIt for simple easy-to-use developer tools for UPS™ FedEx™ USPS™ and more.