For those of you that live and/or work in Oakland County this is a warning. It is long but you really do need to read it and understand it’s implications
Wireless Oakland – that brilliant idea by a computer illiterate politician and his less than security minded IT advisors to make him look good and “trendy” – is piloting in areas of Oakland County. This has serious security implications
for both home users and businesses. I have argued at length with one of it’s proponents, a local councilman, and it is clear that, no matter what security minded IT professionals say to him he doesn’t care about the havoc his “baby” will potentially wreak on the taxpayers of Oakland County. But enough of my vehement opposition to this entire project, you all need to be aware of the threat to your privacy and personal security.
What Wireless Oakland will do is to cover all of Oakland County with a wireless internet access “cloud” for public use. This means that anyone living in or just driving through Oakland County can connect to the internet while they are within the “cloud”. The big issue is that because the “cloud” is public they cannot place any kind of security such as encrypted connections because it would be pointless – everyone would have to know the key so there is no point issuing one. This means that unless individuals protect themselves appropriately online while connected through the “cloud” they will be vulnerable to numerous forms of attack on their privacy. Without proper care this lack of privacy could escalate into more serious issues such as stalking and the resulting potential for physical harm. I’m not simply being a scare-monger here, believe me, I can see a huge potential for “cyber stalking” with very little skill required on the part of a perpetrator which would be very difficult for the police to determine the occurrence of and even more difficult for them to prevent. There is also a colossal potential for identity theft – again with very little skill required by the perpetrator.
Why is this all so easy? Because things in the computer world are simply not set up to be secure when everyone can see the transmission which is what a wireless cloud will do. Many of you use email services such as AOL, Hotmail, Yahoo to send and receive your email. Many of the common web based email services give you that nice “warm, fuzzy” feeling by making you log in via an encrypted login. This is all well and good, (and remember many don’t encrypt the login so anyone could see your login and password and hijack your account at will – the evil minded amongst you can work out where things can go from there), but once you have authenticated to the system they revert to sending your mail backwards and forwards in “clear”. Anyone close by in the wireless “cloud” can see everything you send and receive. Yes, your neighbors, the kid across the street or the guy driving by with malicious intent. The same thing applies to your kids using their favorite Instant Messenger program such as Yahoo, MSN etc. Everything going backwards and forwards can be read by anyone.
If you chose to use the Wireless Oakland system you need to be aware that you have no privacy or security unless you provide it for yourself. Needless to say, properly securing your transmissions is much more complicated than it sounds and the potential for a mistake is high. Additionally you will need to learn to properly secure your computer itself. If you don’t, or make a mistake, you computer could be accessible to anyone who is close by in the wireless cloud. That means that everything you have on your computer, (personal banking, taxes, letters etc.), could be viewed by anyone who chooses to. I don’t think I need to say more about what can happen with that – but remember that a malicious person may have no interest in your stuff, they may just use your computer to commit crimes elsewhere on the internet. No big deal you think? Visits from the FBI aren’t fun and your kids will complain insistently that you need to go and buy a new computer to replace the one the FBI just impounded.
The clever ones amongst you might think that they don’t need to worry because you already have your own wireless network so you won’t be using Wireless Oakland. Wrong! Fifty percent of you are already vulnerable to a small scale version of the other threats because you haven’t secured your wireless network. But it gets worse… Many computer systems that are “wireless aware” will connect to any network available. Whether you secured your wireless network or not if the Wireless Oakland antennas, (pots), are close enough to your house they will become the primary signal and the risk is high that your computer will automatically connect to the insecure Wireless Oakland network exposing you to all the threats. Even if it doesn’t automatically connect to Wireless Oakland there will come a day when your personal network fails and one of your kids will be presented with the choice of connecting to “an available network”…. They will and from then on everything the family does will become public again until you notice, (if you ever do).
The cleverer still will think that you are using wired connections only. Congratulations, that’s the safest way. But when you buy your college kid that spiffy new laptop that is “wireless aware” and tell them they must only connect by using the wired connection just be aware that you should probably make sure they disable the built in wireless device or you could be providing a conduit for anyone to enter your “secure” network.
Businesses and home users could also fall victim to malicious persons hijacking an initial wireless connection and providing fake login screens for things in order to harvest login credentials of users. Especially for businesses with mobile users with newer laptops this is of great concern because these laptops are usually “wireless aware”.
Then, even if you have everything right what happens when Wireless Oakland’s wireless cloud interferes with your private “cloud” to the point where it makes your network unusable? Do you know how to change channels on your network so you can use it again? I didn’t think so. So all that money and time you spent purchasing and setting up your private network will now involve more cost or be worthless because I can assure you Wireless Oakland isn’t going to change channels for you.
If Wireless Oakland puts one of it’s pots on your neighbors roof changing channels may not be possible because their pots will have to be quite a bit more powerful than yours and this will make your network unusable and un-fixable. Lot’s of people will be affected by this because wireless Oakland will need a lot of pots because the signals generated by the wireless cards in your computers have a limited range so they need to have every square inch of Oakland County covered by their pots.
This is a serious situation. The tools required to carry out the malicious acts are publicly available on the internet, free and very easy to use. Anyone can use them. There are a myriad of ways this system can be exploited. You can rest assured that there are many who will be out to exploit them.
Lastly, the company that won the contract is called Michtel. Michtel is a previously bankrupt company, (Michtel Inc.), owned by Netcom LLC. Interestingly enough Michtel has had an operating annual budget that is a mere fraction of what will be required to run Wireless Oakland. They admit to having a larger backer but, for some reason, they will not reveal the identity of that backer. Think about the possibilities of someone who is less than ethical watching everything you do.
The seven pilot projects are located in the communities of Royal Oak, Pontiac, Troy, Birmingham, Madison Heights, Oak Park, and Wixom.