Free wireless: A Geek-free guide to thieving wifi:
July 5, 2008
“They have monopolised everything that it is possible to monopolise; they have got the whole earth, the minerals in the earth and the streams that water the earth. The only reason they have not monopolised the daylight and the air is that it is not possible to do it. If it were possible to construct huge gasometers and to draw together and compress within them the whole of the atmosphere, it would have been done long ago, and we should have been compelled to work for them in order to get money to buy air to breathe.”
Robert Tressell ‘The Ragged-Trousered Philanthropists’
A Geek-free guide to thieving wireless:
Everyone knows that ‘the best things in life are free’ so; here’s how to reclaim what was once designated as a junk frequency of the radio spectrum i.e. wifi/wireless 802.11#, and has now been commoditised by the likes of the monopolistic British Telecom. NB: This is intended as a laypersons’s practical guide to the art of wifi liberation and not an in-depth technical thesis on the subject. It’s also intended to stimulate debate and counter to the increased criminalisation of the practice. In the UK “Dishonestly obtaining free internet access is an offence under the Communications Act 2003 and a potential breach of the Computer Misuse Act” so here’s how it can be done:
Step 1 finding an open network
Equipment: computer, wifi card (or inbuilt wifi)
Theory: Simply connect to an open/free wireless network/hotspot. This is the easiest way of helping yourself to someone elses connection but be aware that the owner could in theory trace your usage (though not who you are) through their router logs.
Method: Turn on the computer and scan available wireless networks. The number of networks you see depends on the location of your computer. Moving the computer to different parts of the building will pick up different networks within range. Physical object block the wifi signal so standing next to windows or outside will improve the reception of your wifi reciever – though perhaps a bit blatant.
Your wifi software will display a list of available networks – keep hitting the refresh button – and (usually) indicate which ones are open/free i.e. not WEP or WPA encoded. (You can also replace your system’s default software with applications designed to detect open networks such as WiFi Radar ). If there are no open networks available, procede to step 2…
Step 2. Boosting reception
A WIFI card’s range can be boosted by making or buying a parabolic reflector. This allows you to increase the number of viable WIFI hotspots available to the computer and therefore raise the chance of finding an unsecured/free network. Old school free networkers swear by ‘ Cantennas’ home made antennae built from recycled tin cans though this may be going beyond the remit of this article and doesn’t work with all modern WIfI cards. Wifi router’s antennae can also be simply modified to boost range:
An irritatingly Amercian video explainging how to create a WIFI parabolic reflector from metallic cardboard.
Instead of fooling with metallic cardboard and Pringles cans i found it easier to purchase a USB WiFi booster such as Hawking Technologies Hi Gain USB Parabolic wifi booster; a durable, portable, cheap (£40) and retro-cool looking device that simply plugs in to your usb port. The Hi Gain claims a 600% increase over standard card range and automatically connects to the strongest open network.
Step 3: Accessing ‘Secured’ networks
If there are no obviously open networks available there may still be a way of deviously accessing the connection. The names or ‘SSIDs’ tell you a great deal about the network status. If the network is named an obviously generic name such as “default,” “Wireless,” “NETGEAR,” “belkin54g,” or “Apple Network 0273df” the chances are that the owner has not changed the default router password, just plugged the box in with the shop settings (though this is becoming rarer as new routers now prompt users to automatically generate a password before installation…). Here is a table of default hardware passwords and more here. If you’re stuck without a connection try guessing; most common defaults are: admin, password, administrator,manager, mgr, cisco (or name of product), operator,root,customer, system, USERID, superuser etc…
Step 4: Hacking WEP/WPA
If these steps fail to deliver the desired results then the only other option is to try and hack the WEP or WPA security encoding. WEP hacking is a favorite pastime for junior hackers, the only complexity involved is setting up the correct combination of hardware, drivers and software. WEP cracking software is available for Linux and Windows ( and probably MacOSX…) platforms. Most commonly used are ‘Airsnort’ and ‘Kimset’ on Linux, the current favourite being ‘Backtrack‘ a Slackware based distro aimed at network security testing (apparently…) distributed on live cd (i.e. a bootable system cd which leaves your system untouched). A clear and not TOO technical walkthrough is here
Hardware default passwords: