Security threats Toolkit

First 'warspamming' case reaches court

Graeme Wearden ZDNet.co.uk

Published: 07 Sep 2004 15:15 BST

A US citizen is thought to have become the first person to be accused of hacking a wireless network in order to send spam.

Nicholas Tombros, 37, is charged under the US CAN-SPAM act, which aims to clamp down on unsolicited junk mail. Prosecutors allege that Tombros used a laptop to sniff out insecure residential wireless access points in a Los Angeles suburb, before using them to send spam across the Internet. He faces a maximum sentence of three years' imprisonment.

According to reports this week, a plea bargain is being negotiated. If Tombros is convicted or pleads guilty then warspamming -- also known as drive-by spamming -- will move from being just a theoretical possibility to a genuine threat.

Back in 2002, ZDNet UK reported that security professionals were concerned that hackers could take advantage of insecure Wi-Fi networks to propagate their wares. This would help them to overcome the blacklisting carried out by anti-spam campaigners such as Spamhaus, as well as sparing them from paying for bandwidth.

The idea of warspamming being a real threat went down badly with some Wi-Fi pioneers, who perhaps feared it could endanger the growth of free wireless networks.

Security firm Sophos has cited the Tombros case as an example of the importance of wireless security.

"Anyone who has set up wireless Internet access should ensure it is properly secured with passwords and encryption to make sure that passing hackers and spammers are not stealing the bandwidth," said Sophos.