Newbies urged to protect themselves in Wi-Fi world

SAN JOSE, Calif. — Gordon Hamachi, a software developer who lives in Mountain View, Calif., just started using the new free wireless computer network that Google has launched to cover the entire city where it has its headquarters.

Hamachi, 51, said he is concerned about security when he uses the free network because he knows there is a chance intruders could access unprotected data on a public network. But he is more worried about people like his neighbors, who are not computer savvy.

"There are wireless risks and there are Internet risks," Hamachi said. "I'll have to train them about being safe on the Internet. It's the equivalent of don't talk to strangers if you are a kid."

Free wireless computer networks are becoming widely available in Silicon Valley, as they are in other pockets across the country. That means a host of newbies are joining the wild world of wireless computing. But it is a world fraught with more risk than wired computing, and many new users may not be aware of the potential for others to steal sensitive data. Nor are they taking precautions to secure their computers.

"A healthy dose of paranoia is helpful," said Sherman Hall, a task-force agent with the Atherton Police Department, and a former information-technology manager. "Assume others are monitoring your traffic."

There are dangers. In an extreme example, two of three cybercriminals were sentenced to prison in 2004 for stealing customer credit-card data, which they accessed from an unsecured wireless network belonging to the Lowe's hardware-store chain in the Detroit area.

While the Lowe's case is a rare one, it shows the vulnerability of wireless networks. Industry executives and security experts said the growing number of new users of Wi-Fi networks need to be aware of the potential for problems and protect themselves online — even more so on free networks provided by a city or another entity.

Data via airwaves

When consumers use a wireless connection, they are literally sending and receiving data via the airwaves, just like cellphones, TVs and radios. The data goes from a wireless access card in your computer, which translates the data into radio signals, and is then received by an access point.

A wireless router in the access point then translates the data back into its original digital form and sends it to the Internet. Unless your data is scrambled or encrypted, it can be preyed upon by intruders as it is sent from your computer to the access point, and then over the Internet.

Typically, employees access their company's wireless network through a virtual private network, which scrambles the data and acts as a tunnel to secure the communication. Home networks, too, offer encryption options, but many home users don't bother to turn them on.

"Piggybacking"

Break-ins can occur in a variety of ways. Intruders can sniff out unprotected data as it crosses the airwaves, or they can access files on a computer connected to an unsecure network. This is typically done by piggybacking onto someone's network.

Piggybacking happens when a neighbor uses the wireless network of another neighbor, often done because it's free and easy rather than because anyone's trying to pry or steal data.

Earlier this year, however, a man in Illinois was charged and fined $250 for remotely accessing another computer network without the owner's approval.

According to a study last year by the National Cyber Security Alliance, a group of security software and networking companies, nearly half of home wireless users failed to encrypt their connections.

But consumers can take a few steps to protect computer when roving into free Wi-Fi networks.

Google, for example, offers customers its own virtual private network, or VPN, software for free download. Chris Sacca, head of special initiatives at Google, said VPNs are the most secure option. The most common wireless encryption standard, Wired Equivalent Privacy, has been broken into.

Google also recommends other VPN options such as JiWire, which charges $24.95 a year for its HotSpot Helper. JiWire and others includes tech support, not available from Google, an option nontechie users may want to consider if they plan to go the VPN route.

Other measures include installing personal firewall software on a PC or laptop, available from virus-software companies like McAfee and Symantec, and anti-virus software, to detect intruders.