.

Anybody have experience in helping residential wireless customers get secured?

<<

carlos123

Newbie
Newbie

Posts: 15

Joined: Wed Feb 18, 2009 1:36 am

Post Wed Feb 18, 2009 1:48 am

Anybody have experience in helping residential wireless customers get secured?

Hi everyone,

I am thinking of handing out flyers to see if I can make some extra money helping residential customers secure their wireless internet connections and was wondering if anyone had experience doing such a thing. 

I have spent countless hours studying up on how to crack into WEP secured networks and all manner of other such things and have acquired a fairly good grasp of things.  I've also been practicing on the network where I live (with permission). 

The need seems to be there and I have acquired enough skills to start servicing that need. 

My intention is to hand out flyers and charge $25 (perhaps $50) to switch open and WEP secured networks to WPA or WPA2, change to strong passwords for the router browser accessed control panel, and otherwise teach residential customers about securing their network. 

I will offer to break into their network to show them why it's important. 

Anyway...I would appreciate hearing from anyone that has done something like this.  Problems they had.  Successes.  Whatever. 

Suggestions are also welcomed about what I intend to do.

My overall goal is not to become an ethical hacker by profession.  My interests lie elsewhere but I see this as a way to make some good part-time income while I pursue my other interests. 

Since I wish to move to South America in the next 5 years I also think any skills I develop in this will come in handy down there.  I imagine that ethical hackers are far less common down there than they are up here.

Thanks. 

Carlos
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Wed Feb 18, 2009 1:52 am

Re: Anybody have experience in helping residential wireless customers get secured?

Carlos,

only experience I have in this area is playing with friends and families kit as I've installed it for them so this may not be completely relevant. I think the premise isn't a bad one for a bit extra cash, however I'd imagine that those people that can't take the time to secure their wireless (fairly simple with modern kit) are the same users that wouldn't want to pay anything more than required for the net fix so I'd be sceptical as to how many people take up your offer. But I'd be interested to see how you get on, keep us updated :D

And welcome to the boards.
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Wed Feb 18, 2009 1:57 am

Re: Anybody have experience in helping residential wireless customers get secured?

Hey Carlos,

I haven't done it for money but I secured my own and a friends access point. What has me going is are the people your going to be going door-to-door be asking for some type of certification you have doing it? What's going to help them see you as someone who can actually handle this type of role, your not exactly with a company?; I think it'd be a positive to include in what can all go on, perhaps a demonstration video of what can go on if an attacker can get on to a wireless network - this could help suede your neighbors that by you doing work on  their access points that you can commonly prevent (to an extent) the common attacker from trying anything...I like the idea though, good to see someone stepping up to the plate and going for something like this, unsecured access points (even WEP Encrypted APs) are definitely something home users need to become more aware about.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

carlos123

Newbie
Newbie

Posts: 15

Joined: Wed Feb 18, 2009 1:36 am

Post Wed Feb 18, 2009 2:07 am

Re: Anybody have experience in helping residential wireless customers get secured?

Thanks for the input RoleReversal!  Much appreciated.  

That's why I have been focused on breaking into WEP secured networks by practicing on my own.  

I will offer a free penetration test to anyone that wants it.  No charge.  No obligation.

The test will involve my trying to break into their network.  If I am successful I will track where they surf and show them the actual pages they visited during the test and I will tell them what their username and password for their email account is by having them send an email while I look at their username and password in the clear through Wireshark or other program.  

All I have to do is get my foot in the door.  After that...if I can break in...and show them that I think it will open some eyes and motivate them to pay me $25 or $50 (haven't decided yet) to secure their network.  At least that is my hope.  

After describing the things I will be doing to the owner of the place I am renting from he is now leaning in the direction of not having wireless access at all and going back to straight ethernet :).  

I just need to get one person to respond to every 100 flyers I put out to make this worthwhile.  

Thanks again for your input.  

Carlos
<<

carlos123

Newbie
Newbie

Posts: 15

Joined: Wed Feb 18, 2009 1:36 am

Post Wed Feb 18, 2009 2:18 am

Re: Anybody have experience in helping residential wireless customers get secured?

Hey KrisTeasen...thanks for your input too. 

While it is true that I have no certification per se I think the proof is in the pudding so to speak.  My goal with the flyers will be to secure my foot in the door.  That's it.  If I can get in and show them...I think I will be able to make a sale.  Without pressure.  Without obligation.  They will see it before their own eyes. 

It's a matter of showing people who think their front door is locked when they go out that in fact it never is.  That it's open all the time.  Only with respect to their wireless network.

I would go door to door here (I live in San Diego) but the powers that be here have made it a criminal offense (a misdeamenor) to go door to door without a licence.  A licence which is so overbearing, demanding, and unreasonable as to make anyone going door to door shy away from getting one.  I can't wait to go to South America where there is a lot more freedom I think :)

But for now I am in the States and will stick to just putting flyers on doors.  To see how that goes. 

I am really good at copyrighting and I think my flyer is quite alarming.  Alarming enough I think to get them to call me for a free security test. 

Amazingly....I would say 80% or more of homeowners still have either no security or WEP.  100% of the networks I detect near my home are either open or only WEP secured.  Utterly ridiculous. 

Admittedly very, very few people are going to go through the hassle of learning how to run Linux and break into their neighbors network but still...the possibility is there and these networks should be secured. 

Do you know what your neighbor is doing tonight LOL? 

Carlos
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Wed Feb 18, 2009 2:45 am

Re: Anybody have experience in helping residential wireless customers get secured?

carlos123 wrote:I will offer a free penetration test to anyone that wants it.  No charge.  No obligation.


Carlos, sounds like a good way to prove the requirement. However, IANAL and don't know much about the laws in your area but generally speaking accessing another's network or computer equipment is considered illegal in most cases (and in some parts of the world (UK???) may be illegal even with consent). Bottom line is CYA, at a minimum get a signed agreement before you proceed to hit their network.

Good luck
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Feb 18, 2009 3:00 am

Re: Anybody have experience in helping residential wireless customers get secured?

Agreed. Be careful not to step over that line. If you ever think of swapping the time line just a little thinking well I'll prove it first then try to sell them... wrong answer. Lots of legal precedents against this.

As a time filler while you're doing your "home pen test" have them watch this:

http://www.cbsnews.com/stories/2007/11/ ... 0302.shtml

Lesley Stahl of 6o Minutes sounds like the average user not knowing what the heck WEP and WPA are, but by the end of this 14 minute segment, she clearly knows why they're bad. Plus, you should be able to crack WEP in the time it takes to watch this vid. That will scare the crap out of them, and they may start recommending you to their friends.

For that mater, believe it or not, there are still plenty of SMBs out there that fit your target market. That may be a better clientelle for you to market. And you may be able to charge a little more.

Hope thishelps and good luck,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

carlos123

Newbie
Newbie

Posts: 15

Joined: Wed Feb 18, 2009 1:36 am

Post Wed Feb 18, 2009 3:46 am

Re: Anybody have experience in helping residential wireless customers get secured?

That video by Leslie Stahl is excellent. I think I will include a link to it in my flyer. 

By the way I would never hack into someone's network without permission.  I just don't do business that way.  Hacking first and selling later is just not good business. 

At the same time I won't get a signed permission.  A verbal permission is all I will need I think.  Having customers, especially residential customers, sign something, will make it much tougher to make the sale in that they will get scared off. 

The risk of any of them turning around and calling the cops on me or something when I am at their house to help them secure their network is next to nill and really not worth considering in my opinion. 

Yes...I will charge more to secure small businesses.  $75 for them.  But I want to get more experience under my belt first.  Residential customers are a bit less inclined to expect a degree or certification and are more inclined to be friendly :)

I am still working through some glitches in my training.  My wireless card for example cannot apparently do deauthentication and injection very well if at all (useful in breaking WEP encryption) so I have to try other attacks to break it.  Attacks that are a bit more time consuming. 

I have to be able to break in and do my stuff in 15 minutes tops or it's going to be difficult to convince people that I have the skills to secure their network as demonstrated by my being able to break into it :)

Thanks again for the input ya all.  It's kinda surprising that this here little forum seems to be so active.  I'm used to forums that have tens of thousands of users but on the spur of the moment I decided to post here to see if anyone said anything. 

I'll keep you all updated on how I do. 

Oh...I almost forgot.  What's an SMB?  Small Business? 

Carlos
<<

carlos123

Newbie
Newbie

Posts: 15

Joined: Wed Feb 18, 2009 1:36 am

Post Wed Feb 18, 2009 4:21 am

Re: Anybody have experience in helping residential wireless customers get secured?

Incidentally...I was working on my flyer some and it dawned on me that I might be able to get some good input on it as well. 

But I don't know if this forum would allow me to post it for all the world to see it.  Except for the copyright notice which has my personal name on it, there is no other identifying info on it so it's not like I would be advertising a business.  I just want to get good advice from anyone caring to give it to me. 

It's risky to get such input.  I mean someone could just take my flyer, steal it, and use it themselves (even though it's copyrighted).  Maybe even compete with me.  But it's a risk I am willing to take to get good input on it. 

Is that allowed here (I won't post it unless I am told it is)?  If not would anyone be willing to give me input through private email? 

Carlos
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Wed Feb 18, 2009 9:11 am

Re: Anybody have experience in helping residential wireless customers get secured?

<devil's advocate>
Personally, I think this business model based solely on residential pen testing is a horrible idea.  It's not just you.  I used to frequent the Netstumbler forum where every week a different newbie discovered Netstumbler and came up with the same plan.  Think about it from the users perspective.  If they would have cared enough to setup encryption then they would have read the quick start guide that came with their hardware.  All routers I have setup come with it, you don't even need to read the bigger manual.  I don't know why someone would decide to pay $25 or $50 for it (Well, unless some helpless grandmother was cornered by the Nerd Herd).

Additionally, a business model based only upon securing wireless access points is not going to earn you much.  Maybe you should consider doing a basic computer service, which might include anti-virus update / installing patches / removing spyware / scandisk-defrag-del temp files.

I don't think starting your own business is a bad idea, just look at it differently.
</devil's advocate>
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Wed Feb 18, 2009 11:28 am

Re: Anybody have experience in helping residential wireless customers get secured?

Not to rain on your idea, but if someone unknown came to my door and asked to come in and hop on my network and/or machines in order to "secure" my AP, I'd laugh in their face and tell them to read up on their social engineering techniques a bit more.
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Wed Feb 18, 2009 11:39 am

Re: Anybody have experience in helping residential wireless customers get secured?

Sounds like something I'd do along with slamming the door once I'm done. Reason I pointed out you should at least show your certification or something is because people may not take you too seriously. If you have such a large grip of how to secure access points and break into them why not at least go for the OSWP cert and / or the CWNP? Surely you could show them that video but if your standing at there door and they can't tell your experience and the video clearly says, "it can be done as easily as a click of a button", the customers going to think anyone can do it, this could or could not play a role in them actually wanting to pay you considering that the idea of how you could access their access point just about anyone can do. Following up on what unsupported said, sounds like a bitchen idea; especially if your including those services as well you may be able to make a little bit more cash. I'd even go to as far as getting a buddy together who's experiences in wireless attacks or even yourself and try to run some tools against the access point you secured to just see if you set up the WPA/WPA2 key to be just as strong. Regardless, just walking up to a neighbors house by yourself without some type of representation of a company you work for or no certifications stating that your clearly the man for the job may be a bad idea.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

carlos123

Newbie
Newbie

Posts: 15

Joined: Wed Feb 18, 2009 1:36 am

Post Wed Feb 18, 2009 2:24 pm

Re: Anybody have experience in helping residential wireless customers get secured?

Boy..is this forum ever a hassle to use! 

I just penned a reply and it got trashed and lost when I tried to post it as a result of being logged out faster than I indicated I wanted to stay logged in.  Not to mention that the forum is super, super slow in coming up. 

Oh well...I will try and post later.

Carlos
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Wed Feb 18, 2009 3:00 pm

Re: Anybody have experience in helping residential wireless customers get secured?

Screw the ney-sayers. Take a whack at it. Worst case, no one buys and you are out a few bucks for copies. I wouldn't do it, but I don't think it isn't a bad thing to take a whack at. You may be able to upsell to fix a computer or two.

As far as the flyer goes, just post it. I find it rather disingenuous that you want us to give you insight, but you don't want to share the the flyer. Even if someone did (which I doubt) it would be a different market.
twitter.com/timmedin | http://blog.securitywhole.com
<<

carlos123

Newbie
Newbie

Posts: 15

Joined: Wed Feb 18, 2009 1:36 am

Post Wed Feb 18, 2009 3:20 pm

My flyer...

Here's the flyer.  Boy is this forum ever slow....

The flyer looks much, much better in Microsoft .doc format if anyone wants me to send them a copy.  But the wording is as it is below.  I'm not entirely happy with it yet but it's getting there. 

As usual...any input is appreciated. 

Incidentally I don't think it's incongrous for me to hesitate to give out the flyer.  It's one thing to just banter back and forth with an idea but quite another to give out a flyer that someone down the street from me can just go copy and start using in direct competition against me :)

-------------------------------------------------------------------------------
Do you leave your front door unlocked at night while sleeping?
Do you let nosy neighbors browse through your important papers?

If you wouldn't dream of doing that then...why would you allow others to steal your internet service, invade your privacy, and potentially do illegal things in your name by leaving your Internet connection improperly secured? 

If your wireless internet connection is not secured properly...people using readily available hardware and software who are as close as your neighbors, can steal your internet access for themselves, uncover your usernames and passwords, read your email, track what you do and where you go online, and more without your knowledge or permission! 

Don't let others spy on you or use your internet to do things they would never do in front of you!

Let me do a free penetration test and security analysis of your wireless internet connection.

If I can break into your network, before your very eyes...your network is not secure. 

If I can't break in...it's secure enough to keep even the U.S. government out!

There is absolutely no charge or obligation to have me come out and do a free penetration test and security analysis.  If your network is not secure and you want me to implement changes to make it secure...the charge is only $50.  Otherwise, I will walk away content in the knowledge that I helped you become aware of how insecure your wireless internet connection really is. 

Call me at 1-877-xxx-xxxx and leave me your name and number.  I will call you back to set up a time to come out and do a free penetration test and security analysis. 

Don't access another online banking site, send out an email you wish to keep private, or surf anywhere you don't want your neighbors to know about before you call me!  Don't put this off another minute!  Call me today! 

Carlos Gonzalez
Wireless Network Consultant
1-877-xxx-xxxx

PS.  I also offer a free penetration test and security analysis for businesses as well but the charge to make such networks secure is $75 (as opposed to $50 for residential homes). 

PSS.  If you don't beleive what I am saying about the general insecurity of wireless internet connections...go to the following web sites: www.tinyurl.com/dfhtoa shows someone cracking WEP encryption in one minute and www.tinyurl.com/5hr5ol is a shocking and eye opening report by 60 minutes! 

----------------------------------------------------------------------------------------------------------------------------
Copyright © 2009 by Carlos Gonzalez.  All rights reserved.
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software