Likewise, it wouldn't be hard for someone to monitor data being sent from that unprotected LAN out to the Internet, said Kevin Bankston, an attorney at the Electronic Frontier Foundation. That could include e-mail messages and passwords. Even a low-priority password such as one for a free news site could pose a hazard for a user who sets up the same password on high-priority sites, Bankston pointed out. For users of unprotected Wi-Fi networks, he recommends encrypting e-mail and passwords with a tool such as Pretty Good Privacy (PGP), also available as freeware.
Having an open wireless LAN also could make you more vulnerable to viruses and other malicious code, according to security experts. The biggest danger in that respect comes from users who just want to share an Internet connection, said Gartner security analyst John Girard. Many home Wi-Fi routers are equipped with firewalls, which can provide protections such as deflecting attempts to scan your PC for vulnerabilities. Anyone who gets on your wireless LAN is behind the firewall, so if their systems are laden with viruses or other malicious code it can spread over the LAN. This includes tools that search for systems to turn into "bots" controlled by hackers.
One area where wireless LAN users have less to worry about is interception of online passwords, said Martin Herfurt, founder of Trifinite Group, a group of European wireless security experts. Internet commerce sites that secure customer transactions will encrypt passwords and other information all the way from the user's browser to the store's server, so the same protections are there on the LAN as on the Internet, he said. However, if you instruct your browser to save your passwords, an intruder might be able to steal them from your PC, he added. In addition, some kinds of Internet-borne attacks let hackers record your keystrokes, according to Gartner's Girard. For the best protection, he recommends having firewalls in both the router and PC.
Though it's less likely, an intruder could cause serious problems even without getting into your computer. Whatever that person did over your Internet connection--which could include downloading child porn, sharing copyrighted content, or executing a denial-of-service attack--could be linked to you, observers said.
When crimes are suspected on the Internet, usually the first piece of evidence investigators look for is the IP address from which the activity was carried out, the EFF's Bankston said. Organizations such as the FBI or the Recording Industry Association of America can subpoena your ISP to find out who you are.
Though there aren't many precedents from which to judge, lacking any other evidence, it's unlikely someone with an unprotected Wi-Fi network would be convicted just because a crime was committed from that network, both Hunter and Bankston said. But along the way, investigators could seize your computer to look for evidence and discover something else that could get you in trouble, such as your own illegally downloaded music, he said.