First, I second what Heretic said... Any encryption is good (wep), and good encryption is better (wpa + tkip or aes). If the ISP doesn't have/allow encryption then you need to pound the idea into their head. What they should also do is use mac address authentication. But if someone was determined to get online they could probably use some method to find the mac address and then change the address of their card.

You could download some wifi sniffing tools from the web, get a schematic for a Pringles can antenna, and a brute force program. Then forward that data to the isp (better have a friend do it for you) and hope they wake up to the truth.

Second, this is just a "maybe" guess and might be (probably is) completely wrong. If your computer is on 24/7 and the antenna (to your computer, not the isp) is powered and connected, then the problem might be hardware. It "could" be that the ISP is sending out pings or something to see if you are still there, then your computer responds "yes I'm still here". Over a 24 hour period of time this might rack up some extra bandwidth, though I highly doubt the traffic would be in the area of 60+ mb/day.

Also, there is an alternative to this system out in the "sticks". You could get high speed internet through a satellite provider (like satellite TV). I doubt you would want to spend the money if you are fine with 1gb/month. I tend to use 3 gb+ per day on my cable modem. in fact, over the past 21 hours, I've sent 1.5gb and received 1.2 gb, and that is only on this machine, not counting the laptops.

Oh and tracking down the culprit for "mountain justice"... I highly doubt you could do it. Unless it's one of your friends who saw the login name and password written on a sticky note stuck on your computer monitor. But since you are here on AO, I highly doubt you would be that physically insecure.