Jason Elk

Information superhighway robbery

Few things infuriate me. In fact, very few things make me use the word infuriate. But today, as a survivor of rampant, blatant bandwidth theft, I have no alternative but to put this polite description to work. The others that rush to mind are reserved for the invisible culprit who should only hope that we don’t bump into each other in a dimly lit supermarket aisle one day.

The whole sad saga started last Thursday but was only discovered two days ago.

My Monday morning email routine came to an abrupt halt when I discovered an unavailable internet connection. It couldn’t be a cap issue. We use Web Africa and have full control over bandwidth usage. Monitoring is easy and we’re able to add prepaid bandwidth at any time via an online console. I had just added 10GB a few days before. So it obviously had to be Telkom again. Mumbling to myself about counting down the days to Neotel, and just for the fun of it, I tried accessing webafrica.co.za. This is the surefire way to test if we’ve run out of bandwidth or not; if Web Africa’s site loads and nothing else does, our treasure chest is empty.

Shock. Horror. Valoid moment. I blinked a few times. I was staring at a perfectly rendered Web Africa page on my screen. But I had loads of bandwidth, remember? Just to prove myself right, I logged into the console to check out our usage graphs. This is when things went particularly sour. Our available bandwidth had dropped from 14GB to 0MB in a matter of one weekend.

As I sat speed-dialing Web Africa’s support line, my mind was racing. Who could’ve accessed this account without our permission? Was this some twisted admin error, sent to make Monday morning just a little more challenging?

Two questions later, the realty hit home. The first: “What type of modem/router are you using?” (My answer: “the super snazzy Telkom ZyXEL wireless one, of course”). The second: “Do you have wireless activated on the modem?” (My answer: “Yes we connect via ethernet for some of our computers and wireless for others … (pause for reflection) (longer pause) (sigh) … “.

After putting the phone down with Web Africa, the answer was unfortunately crystal clear. Someone had been helping themselves to 14 gigs worth of free wireless lunch for four days and there was nothing we could do about what we had already lost. What we could do to prevent future theft, suggested Web Africa, was the following:

  • Activate DSL Secure in the Web Africa console. This locks your account to your line and stops anyone using your username and login on their line; but this doesn’t stop wifi theft
  • Change wireless security settings to WPA instead of WEP in your router’s console. We had found WPA to be considerably slower than WEP so opted for the quicker one because nothing like this had ever happened before; and WEP does still secure things anyway, right?
  • Hide the SSID in your router’s console. This stops your connection from being displayed to all and sundry
  • I flew through the list and ten minutes later, I was the only key holder to a Fort Knox of note.

    This morning, I waltzed into the office laughing to myself as I pictured the ratty 16 year old who had to cry himself to sleep because he couldn’t download the latest American Pie DVD off my account last night.

    I fired up my browser. No connection. Excuse me?

    Squinting with only one eye open, I typed in www.webafrica.co.za. Up popped Web Africa. I logged into the console and sat staring at a big fat 0MB available bandwidth indicator. It had happened again.

    One of the judges on those make-believe TV court shows once said to a spouse in an abusive relationship: the first time it happens you’re a victim, the second time you’re a volunteer. Oprah’s version is a little more poetic: the first time it happens shame on you, the second time it happens, shame on me. I had to get to the bottom of this once and for all.

    So, after another call to Web Africa, the picture becomes even clearer. And far, far scarier. It turns out that with a few free downloads of page-one-on-Google applications (which I found in ten seconds) you’re able to detect any wifi connection (even if they hide their SSID) and crack any encryption key they’ve set. Which is exactly what happened to us. It doesn’t matter how many times we change our password, it’s like printing it in huge red letters on an outdoor billboard over a national highway.

    Which brings us to the only guaranteed solution to wireless bandwidth theft: removing the wireless component entirely. We’ve re-ethernetted all our computers and deactivated our wireless LAN completely. For good measure, I’ve even unscrewed the aerial on our modem.

    Now let’s see what happens to our bandwidth. Short of Mr American Pie storming into our offices and plugging his cable into our router, his free ride on the information superhighway has now finally hit a dead end.

    Update

    Believe it or not, we still encountered bandwidth theft after doing everything above. After speaking with senior people at Web Africa and Telkom Ops, we were informed that even with wireless deactivated, your router can still be accessed via your telephone number and siphoned from quite effectively. So we reactivated wireless and ran the following tests overnight:

    • We changed our router’s admin password to a long alpha-numeric mixed case string (again)
    • We changed our ADSL account password with Web Africa (again)
    • We activated MAC address filtering on our Wireless LAN via the router, for a single computer on the network only
    • We left the router and PC connected overnight

    So far, so good. Our bandwidth made it through the night – but we’re not out of the woods just yet, for two reasons:

    1. The bandwidth thieves might’ve just taken the night off last night
    2. To accompany the Wireless Hacking tool set mentioned above (on the first page of Google results) there are a number of ways to spoof MAC addresses (a couple of thousand times per second) until one of them matches. A brute force hack but using alpha-numeric combinations in the MAC address format instead of a dictionary.

    If this still doesn’t work, and as a last resort suggested by Web Africa, we will need to buy a cheaper wireless-less router (i.e. no wireless component included in the manufacturing at all) and go back to ethernet cables, accepting that business parks are a breeding ground for wireless bandwidth theft. As for prosecuting these guys, forget it. We tried reporting the theft at a local police station and no one even knew what bandwidth was, or how it could be stolen.

    Whatever happens, the lesson learnt here is that we need to be more responsible in checking our bandwidth usage on a regular basis. We’d always assumed that whenever we were about to hit our cap, we were the ones who had used the bandwidth. Like credit card statements, bandwidth usage reports are painful to check but fatal when left unchecked.

    7 Responses to “Information superhighway robbery”

    1. Shame dude, that’s not cool.

      Problem is that Wifi is very convenient and there must be a sure fire way of restricting access?

      How do internet cafe’s and the likes handle it?

      May 21, 2008 at 1:22 pm
    2. Jason, you could also enable your MAC Access List, thus only allowing specific wireless clients.

      Would you mind elaborating on how the heck you’re supposed to crack WPA? Are you referring to Google or Google Applications? You’ve confused me a bit.

      Henk

      May 21, 2008 at 11:54 pm
    3. Also, in case you haven’t done so already: Change your WebAfrica account password (both for the management console and the actual ADSL account.)

      And make sure there’s a password on the Telkom router!

      May 21, 2008 at 11:56 pm
    4. Just one more thing: You can install a Skyrove router and set up your staff with privileged (free) accounts! If anyone else nearby wants to use it, you’ll get some money back to make up for the GB lost!

      May 21, 2008 at 11:58 pm
    5. @JBagley We’re giving it our best shot man :) See the update above.

      @Henk Thanks for the suggestions. We included some of these in our overnight test and so far we’re safe. But the applications we found on Google’s first page of results are shockingly easy to run – that break through WEP and WPA. And there are loads of MAC address spoofing methods out there too. I don’t want to publish the hacking tools here but mail me if you’d like me to send you the links.

      May 22, 2008 at 10:11 am
    6. Jason any luck on figuring out what was chewing the bandwidth? Running spyware/adware removal tools on windows machines usual pick up interesting programmes running.

      May 23, 2008 at 10:10 am
    7. Dino D'Ambrosio #

      The safest computer is one that is powered off, unplugged and no network cable connected. That is the only way to keep it safe :D

      November 16, 2010 at 3:07 pm

    Leave a Reply

     characters available