EARLY ONE MORNING, John strolls along a road in Arlington, Virginia. He seems to be making notes on his pocket PC, but he is actually logging locations and network addresses of unprotected wireless Internet connections in homes and businesses. If John or one of his associates taps into these unprotected connections, it will not be directly traceable to the thieves; rather, the connection can only be traced back to the registered user at the home or business.
It is quite easy for John to find these unprotected connections by using off-the-shelf software (available for both pocket PCs and full-size computers) and the wireless receivers that enable computers to receive wireless signals. He locates an unprotected connection coming from a house located in the vicinity of a parking garage. After completing his search, he covertly passes this information along to Frank, his partner in crime.
Two days later, Frank sits with his laptop computer in the parking garage and hijacks the wireless Internet connection that John identified. He does this using the basic network information detected and noted during John's survey; this information includes the wireless network frequency and assigned network name (wireless routers are sold with preset network names that are usually left unchanged by users).
Frank simply sets his laptop wireless settings to mimic these wireless network access settings, and the wireless router's Dynamic Host Configuration Protocol (DHCP), the protocol that assigns IP, or Internet protocol, addresses to the devices in a network, configures the connection, and provides him with a private IP address.
Once connected to the Internet, Frank visits a Web site and downloads encrypted instructions placed there by another member of his organization. He then posts a photograph to that same Web site. Although the photograph looks innocent enough, Frank has actually hidden a document within its bits of data by using a steganography program. Once the messages are exchanged, Frank drives away to New York, ready for his next assignment.
WELCOME TO THE new world of industrial espionage. The author has been involved in many criminal investigations in which the techniques and technologies just described were used. And while Frank and John aren't real--they are a fictionalized composite from the author's experience--they paint an accurate picture of the newest twist in intellectual property theft. The following tale of how investigators caught this pair and their associates offers security managers a glimpse into the methods used by information thieves today--as well as how their high-tech tools can be turned against them by detectives who know how to track the digital footprints.
The investigation. The company targeted by John and Frank had been alerted to the …