This weekend I noticed something odd with my Windows network. A new machine had appeared on my Network Neighbourhood/Workgroup, called “FREYA-PC”. A lot of computers go through my network, largely due to my occupation and therefore the inevitable queries for help and advice on people’s computers. I have never dealt with any computer known as “FREYA-PC”, however. So, I had to put my detective hat on.
I have a fairly complex network (for a home user), due to the large number of networkable devices I use (currently counting 13) and I am unable to install structured cabling so I have to rely on 3 switches, plug-tops (to link upstairs with downstairs) and WiFi to connect it all together. This computer was getting on the network at one of these points. I am a big fan of physical cables, they are inherently as secure as you’re likely to get. You can vouch for the cable termination and more or less the route of the cable, so you know there won’t be any “wire listeners” attached to the cable. So unless someone sneaked into my house, the physical network was not a weak point.
My Plug-Tops allow my network connection to pass over the mains wiring inside the house. This is ideal to avoid running cables between floors and doors. Bandwidth is suggested to be about 54Mbps, but I tend to average 10Mbps, which is okay for me as it will carry video more or less okay. Obviously, all cables are connected and it would be easy to follow the mains cable outside the house and see it connect to next door’s feed, so these Plug-Tops also have encryption, which is applied. So a close neighbour could have gained access to my network by guessing or cracking my encryption keys. They would need to know that I had the plug-tops and what model they were before even starting attempting to crack my keys. It could be fairly easily ruled out, more easily rules out by turning them off. “FREYA-PC” continued to appear.
This would lead me to the assumption that my leaking WiFi signal was being used to get onto my network for the purpose of stealing my broadband. I have 3 switches, all of which have wireless capabilities. My primary router/switch is a DrayTek 2800VG, which has been fantastic. It offers excellent Wireless Security and configuration support, along with VoIP, VLANs, Firewall, NAT configuration and more. This is my primary connection to the Internet and Wireless access point. The other two are Netgear switches, which are okay for home use, but are of varying years in the development of WiFi and WiFi security. This means one of these only supports 128-bit WEP encryption, for example. Maybe they were getting on here? I had isolated the WiFi from the LAN, and applied a key, so even if they had got on the WiFi, they wouldn’t be routed anywhere (assuming the Netgear router worked as it should). Turning the switch off didn’t get rid of FREYA-PC. The next Netgear router provided WPA-PSK encryption, which is of more acceptable quality. This wireless was turned on, only because I forgot to turn it off after having done some testing months earlier. Turning this router off, DID get rid of FREYA-PC.
I have my suspicions on who it was that was stealing my bandwidth. Looking up the meaning of “Freya” identifies it as a Norse God. Therefore, it is not improbable that the culprit was foreign. On turning off the switch, there was distinct movement from a house in the local vicinity. What the culprits didn’t count on were the excellent monitoring tools available on the DrayTek 2800VG which allowed me to see who was on my network and what they were looking at (FaceParty, MSN Hotmail). Add to that basic WireShark competence and basic networking knowledge. What I didn’t count on was that using tools which I won’t link to here, it is indeed possible to not only crack WEP encryption, but also WPA-PSK. The tool listens to a heavily used WiFi connection for repeated patterns to determine the encryption keys. So no matter how secure my keys, I was a sitting target. Luckily, everything on my network is secured, so no data loss would have occurred. They were only on my network for a few days, anyway, as I use my network regularly and would have spotted it.
I have reset the switch, turned off the Wireless and reset all my WPA-PSK keys and confirmed with my wife that she was never to use any of the laptops to purchase anything. This is a rule I follow myself. I would prefer to turn off WiFi completely, or upgrade to WPA-PSK2, I have an inherent distrust of Wireless. However, I have devices that only work on WiFi and don’t support the higher level of encryption such as my mobile phone and my Sony Walkman.
If I can confirm who “Freya” is, I will push for prosecution and that goes for anyone else I find on my network. It is extremely dangerous for owners of Wireless networks to have their connection stolen by other users. If your external-facing IP Address implicates you in downloading illegal content or conducting illegal activity, you are liable unless you can prove otherwise, and it is very difficult to do so. Therefore, always encrypt your network and prevent users from gaining access to it and if possible, use wired networking. I am going to create a bit.ly URL and use this as my SSID so future thieves may view my policy on this.