They're in your neighborhood, just waiting to break into your home network, according to WXYZ-TV in Detroit

The biggest security threat most broadband users will encounter doesn’t come from identity thieves or kiddie porn rings roving neighborhoods looking for unsecured computers to exploit — it’s from your neighbors looking for free access to your broadband service.

Local newscasts have recently been running sensationalist stories of mysterious cars parked on neighborhood streets driven by ne’er-do-wells barging onto unsecured home wireless networks.

In fact, the most common threat isn’t from drive-by crime rings, but right next door.  With most broadband accounts providing flat rate service, the occasional uninvited guest ‘borrowing access’ probably goes unnoticed.  But should Internet Overchargers have their way, the consequences of account sharing in a world with paltry usage limits and usage-based-billing could show up on your monthly bill.

In countries where these overcharging schemes already have taken firm root, reports of customers receiving enormous broadband service bills are common.  In Australia, rarely a week goes by without someone reporting a hacked wireless network incident.  Consumers have been forced to become watchdogs, constantly checking usage statistics to ensure someone in the neighborhood hasn’t been “borrowing” their Internet account and blowing through their monthly usage allowance.

One customer, who lives in an apartment complex, shares a too-common story:

Over the past 24 hours someone (or something?) has been sucking the life out of my internet connection and chewed up 10Gb of my quota. How do I troubleshoot the cause of this? I have a Buffalo WHR-G54S Wireless Router and my network is secured.  I live by myself in a small block of apartments; I have had no visitors either.

Another customer discovered when it’s your word against your provider’s, the provider wins:

Yesterday, I was checking my broadband bill and was surprised to find out that they had charged me for downloading an extra 4 GB of data. I checked my usage online for the current month and it was already 8GB! This is despite the fact that I have been on holiday for ten days, and my normal usage involves casual browsing and downloading e-mails.

Furthermore, I never exceeded my download limit since I started with my ISP. My ISP also confirms that this is quite unusual and against my normal usage pattern. I have asked them to provide me some usage statistics but they can only give me the data that I already see on my account online.

The cost of exceeding the limit can be enormous.  BigPond in Australia, for example, has a few Internet plans that charge a $0.15 per megabyte overlimit penalty.  That’s $150AUD per gigabyte.

[flv]http://www.phillipdampier.com/video/WXYZ Detroit Open Wi-Fi Risks 1-26-10.flv[/flv]

WXYZ-TV in Detroit ran this sensationalist report on drive-by hackers breaking into wireless networks. (3 minutes)

The solution suggested by most Internet Service Providers is to enable built-in wireless security.  How much protection that provides and whether customers will be able to understand how to configure security remain open questions.

Some phone companies providing DSL service have plenty of older equipment still in customer homes that only supports the older WEP security standard.  That’s insufficient to protect consumers from intrusion because WEP security has been seriously compromised.

“WEP as a security measure is so broken that your (and everyone else’s) kid sister can easily circumvent it,” computer security researcher Ralf-Philipp Weinmann told the BBC.  Weinmann is co-author of the aircrack-ptw tool that can crack WEP in minutes.

Anyone caring about their privacy, said Weinmann, should not use WEP to stop others using their wi-fi hotspot.

Current generation wireless routers typically provide both WEP and the more secure WPA standard. But now there is evidence WPA can also be compromised, with a little help from “cloud computing,” which puts several high powered computers together to quickly work on cracking your password. A service has even been launched to let would-be crackers rent time on the “cloud” to “test” network security passwords, starting at just $17. In as little as 20 minutes, those with relatively simple passwords will find their network security compromised.

You can protect yourself by at least making sure your router is “secured” with a password.  Most every router comes with instructions or software that make this process as simple as possible.  When you have a choice of security standards, aim for WPA2, if available.

Thus far, most reported WPA network break-ins occur because the user is relying on a simple password — often a common word, name, series of numbers, or something similar that is much easier to break. Try to use a password that is not a word in a dictionary, doesn’t correspond to information anyone could mine off your Facebook page (city/town, school, birthday, parents or siblings names, etc.), and would be impossible to guess off-hand.

<

p style=”text-align: center;”>

How to secure your wireless network (6 minutes)

The Electronic Frontier Foundation is not happy with the Federal Communications Commission’s proposed Net Neutrality rules because they come with built-in loopholes, the most egregious being a clause which allows providers to throttle, block or otherwise interfere with traffic that could consist of “the unlawful distribution of copyrighted works.”

The movie and recording industries have been attacking Net Neutrality for months, accusing it of providing a copyright-violating-free-for-all.  The FCC seems all-too-willing to adopt that meme, and write a convenient lobbyist-friendly loophole into Net Neutrality policies that would suggest provider interference with broadband networks is bad… except when this or that special interest redefines it as “good and lawful network management.”

For years, the entertainment industry has used that innocent-sounding phrase — “unlawful distribution of copyrighted works” — to pressure Internet service providers around the world to act as copyright cops — to surveil the Internet for supposed copyright violations, and then censor or punish the accused users.

From the beginning, a central goal of the Net Neutrality movement has been to prevent corporations from interfering with the Internet in this way — so why does the FCC’s version of Net Neutrality specifically allow them to do so?

The EFF is asking consumers to sign an online petition asking the FCC to yank that exception out of their proposed Net Neutrality rules, and let the industry use existing law enforcement methods to protect copyrighted works.  Of all the industries that seem to do just fine zealously efforting to protect its copyright interests, Hollywood and the music industry don’t need additional special protection clauses inserted into broadband policy law.

Law enforcement can use existing laws to chase crime, and most honest Internet Service Providers would tell you they don’t want to police their users.  Allowing this exception is a convenient backdoor to do what some have wanted all along — to throttle or block high volume network traffic like torrents and newsgroups, this time under the guise of taking a bite out of crime.

While directly appealing to the FCC might be more effective, signing the petition at least gives the EFF the ability to draw media and political attention to a worthy endeavor.

Let’s not repeat the same mistakes certain other major policy initiatives have endured this past year, where good intentions were steamrolled by lobbyists into a loophole-ridden, industry-protectionist horror show.

The best way to ensure an open and free Internet is to literally demand exactly that — no exceptions.

New Zealand Telecom

Telecom New Zealand is under fire as consumer groups, business leaders, and customers condemn the company for a second major outage wiping out wireless mobile broadband and cell phone service for tens of thousands of customers on the South Island.  Dunedin, Invercargill, Timaru and Queenstown were among the areas worst affected for the service problems impacting the company’s much-touted “XT” WCDMA network.  Affected customers could not access mobile broadband, send or receive text messages or phone calls for several days.

Company officials believe a piece of hardware installed at multiple cell tower sites is responsible for the network outages.  It’s just the latest of a never-ending series of problems for New Zealand’s largest telecommunications provider.

In December, a botched software upgrade brought another major outage for the provider, which now risks being defined by customers as unreliable.

Telecommunications Users Association chief executive Ernie Newman said, “From here, it looks bizarre. Even third world countries don’t experience outages of that magnitude and length.  The first time before Christmas people were forgiving. This week has made people think. But they cannot afford a third time.”

The expensive promotional campaign launching the “XT” 3G UMTS network was itself highly controversial when the company decided to use British actors in its advertising campaign, annoying New Zealanders.  Although a company official touted the “world class advanced XT network” as capable of speeds better than 20Mbps, the company’s website notes average customers are more likely to find speeds somewhere in the 3Mbps/750kbps range.

“After marketing XT as a Rolls-Royce brand, Telecom will be looking at ways to rehabilitate it in consumers eyes,” telecommunications analyst Rosalie Nelson told the New Zealand Herald.

The damage control teams have moved into place, and Telecom today announced a $5 million (NZ Dollars) compensation package for customers south of Taupo who were impacted:

Customers whose service was degraded on Wednesday 27 January:

• Prepaid consumer customers – $10 credit
• Postpaid consumer customers – One week’s worth of plan charges, including Telecom Extras, such as texting or data packages
• Telecom Retail SME customers and Gen-i corporate customers – Two weeks’ worth of plan charges, including Telecom Extras, such as texting or data packages

Customers whose service was severely impacted for up to three days between Wednesday 27 January and 10pm Friday 29 January:

• Prepaid consumer customers – $20 credit
• Postpaid consumer customers – Two weeks’ worth of plan charges, including Telecom Extras, such as texting or data packages
• Telecom Retail SME customers and Gen-i corporate customers – Four weeks’ worth of plan charges, including Telecom Extras, such as texting or data packages

Telecom is also donating more than $250,000 to community projects across the lower South Island.

The company’s problems got extensive media coverage, including daily reports on New Zealand’s national news.  Customers were outraged, many spending hours trying to reach Telecom by phone.  Many others argued their way out of service contracts, penalty-free, and switched to Vodafone, the country’s other major wireless provider.

[flv width=”640″ height=”380″]http://www.phillipdampier.com/video/TV New Zealand Telecom Outage 1-27 1-29-10.flv[/flv]

TV New Zealand’s One News ran several days of reports on the service outage, all presented here in this compilation. (17 minutes)

[flv]http://www.phillipdampier.com/video/Telecom Parody 1.mp4[/flv]

Telecom New Zealand has been on the receiving end of parodies assaulting the company’s quality of service.  This one calls on residents to switch providers. (Strong Language Warning – 2 minutes)

[flv width=”640″ height=”500″]http://www.phillipdampier.com/video/Telecom XT Parody.flv[/flv]

Another parody reworks one of the promotional advertisements Telecom ran to introduce its XT service to New Zealand. (2 minutes)

Rogers Wireless has withdrawn a proposal placed before Canadian regulators to force its competitors to pay up ex-customers’ unpaid cell phone bills.

In mid-January, Rogers filed a request with the Canadian Radio-television and Telecommunications Commission (CRTC) requesting the agency force other cell phone companies to make good on any past due balances left when customers switched providers.

When other providers didn’t get on board, the company withdrew the proposal.

Rogers’ proposal would have left a customer’s new cell phone provider on the hook for any past due charges left on that customer’s final bill.  With early termination fees running well over $100, that’s a big tab to drop on Canadian cell phone companies, particularly for new entrants in the marketplace.

Providers would have had to require verification of a “clean break” from a previous provider before taking on new customers, creating bureaucratic red tape, and a built-in incentive to hold customers in place.  But the company first advocated the proposal as a solution to the problem of past due balances.

“Customers porting out mid-contract with unpaid balances are costing Rogers, and most probably other wireless carriers as well, millions of dollars each year,” the company said. “The task of collecting these unpaid balances is made much more difficult once a customer ports their number to a new carrier as the relationship has been terminated.”

Rogers claims the problem of unpaid balances on canceled service became a problem after the advent of number portability in 2007.  Customers switching providers can keep their existing cell phone number.  With even greater competition in the Canadian wireless marketplace, customers are more willing than ever to take their business elsewhere, occasionally not paying their last bill.

Critics accused Rogers of trying to throw roadblocks up to make switching a hassle.

Michael Janigan, executive director at the Public Interest Advocacy Centre, a consumer watchdog, told CBC News Rogers’ move is an attempt to slow down the loss of Rogers’ market share.  Rogers’ new competitors, including Wind Mobile, and better prices from Telus and Bell are prompting customers to switch.

“This is the clear downside of long-term contracts for a supplier and now they want regulation to solve a problem brought about by market forces,” he said.

The provision would have benefited Rogers in at least two ways:

1. It would give Rogers advance warning a customer was prepared to switch, as soon as a new provider inquired as to that customer’s final balance.  That would allow Rogers to reach out to the customer with special incentives like retention deals, which could persuade a customer to stay;
2. Competitors would have had to build in a delay before they agreed to finalize a provider change, so they didn’t expose themselves to past due penalties from the former provider.  That inconveniences customers who would have to wait for their old provider to send a balance verification.

When asked why Rogers simply didn’t turn over past due balances to collection agencies, the company claims that method is not particularly effective.

“Collections and risk management systems are in place to mitigate the impact, but … the effectiveness of these measures is limited, especially in cases where the unpaid balance is significant,” the company said.

Some other Canadian providers weren’t impressed with Rogers’ proposal.

“Telus couldn’t disagree more with Rogers on their proposal,” said spokesman Jim Johannsson. “It’s not consumer focused, it’s not transparent, doesn’t promote consumer choice and runs counter to everything we are striving for as an industry.”

The blowback from customers was far worse.  A sampling:

“Canada has diversified its wireless market from Robbers and Bhell to allow for companies like Wind to offer much better prices/services & “CUSTOMER SERVICE”. What exactly is Robbers going to do? Send Jack Bauer? Their sub-par overpriced service deserves this. As Canadians we need to start a revolution against these monopoly giants who just leech off vulnerable middle-class Canadians. Even after we wash our hands of them, they still reach for our wallets.”

“Burn your bridges Rogers, keep tickin’ off your customers, and have the gall to expect their competitors to help them. It’s a tough world when you are not a monopoly, eh?”

“Rogers, they’re leaving you high and dry after you sucked the life out of your customers.  You expect respect when none is given. How the tides have turned.”

A few days after comments like that, Rogers flip-flopped and caved:

“We decided to withdraw it as it just didn’t seem appropriate,” said Jan Innes, a Rogers spokesperson.