Man Charged With Stealing Wi-Fi Signal

N

Nauseous

Gawd
Joined
Jun 5, 2004
Messages
890
http://news.yahoo.com/news?tmpl=story&u=/ap/20050707/ap_on_hi_te/techbits_wi_fi_theft_1

ST. PETERSBURG, Fla. - Police have arrested a man for using someone else's wireless Internet network in one of the first criminal cases involving this fairly common practice.

ADVERTISEMENT

Benjamin Smith III, 41, faces a pretrial hearing this month following his April arrest on charges of unauthorized access to a computer network, a third-degree felony.

Police say Smith admitted using the Wi-Fi signal from the home of Richard Dinon, who had noticed Smith sitting in an SUV outside Dinon's house using a laptop computer.

The practice is so new that the Florida Department of Law Enforcement doesn't even keep statistics, according to the St. Petersburg Times, which reported Smith's arrest this week.

Innocuous use of other people's unsecured Wi-Fi networks is common, though experts say that plenty of illegal use also goes undetected: such as people sneaking on others' networks to traffic in child pornography, steal credit card information and send death threats.

Security experts say people can prevent such access by turning on encryption or requiring passwords, but few bother or are unsure how to do so.

Wi-Fi, short for Wireless Fidelity, has enjoyed prolific growth since 2000. Millions of households have set up wireless home networks that give people like Dinon the ability to use the Web from their backyards but also reach the house next door or down the street.

It's not clear why Smith was using Dinon's network. Prosecutors declined to comment, and a working phone number could not be located for Smith.
 
i saw this over on slashdot a few mins ago, i connect to my neighbors wlan all the time because they have a residential t1 line for their graphic design company and i get some crazy speeds when downloading Linux iso's etc.

i figure if they are dumb enough to run an insecure network they are too dumb to catch you, or they just don't care
 
It's retarded how you can get charged with that. It's not hacking...you frekain left the door open...

If you leave your front door open you can't be mad that bugs get it....all you had to do is close it.

If you are too stupid to use computers than stop complaing....dumasses...pay somebody geez.
 
Heh I did'nt even know that was illegal. Me and my friend were in front of Best Buy and used theirs when he got his Dell Laptop. I was even in the middle of a busy intersection and picked up like 7 signals 5 of which were unsecured.
 
I'll bet there is more to this story than the news reported. I'll bet the guy was doing something not good if he got arrested, other than just using thier internet connection to check his email or something.



 
ray4389 said:
It's retarded how you can get charged with that. It's not hacking...you frekain left the door open...
If you leave your front door open you can't be mad that bugs get it....all you had to do is close it.
If you are too stupid to use computers than stop complaing....dumasses...pay somebody geez.
Click to expand...

If someone leaves the front door open are you allowed to go in to watch TV for a bit?

Typically this type of thing gets prosecuted under trespass laws, specifically something referred to as trespass to chattel. If you actually want to read up on it here is some info from the EFF.
http://www.eff.org/spam/20011218_eff_trespasstc_analysis.html
 
how is a user supposed to differentiate between a network that someone never bothered to secure vs an open access point that someone installed for the public to use? I think more responsibility needs to be put on the owners of the networks.
 
ray4389 said:
It's retarded how you can get charged with that. It's not hacking...you frekain left the door open...

If you leave your front door open you can't be mad that bugs get it....all you had to do is close it.

If you are too stupid to use computers than stop complaing....dumasses...pay somebody geez.
Click to expand...

I totally agree, I was about to say the same thing. It is no different than leaving your house unlocked, you invite someone to come in and steal your belongings. They should have secured their network.
 
skylab said:
how is a user supposed to differentiate between a network that someone never bothered to secure vs an open access point that someone installed for the public to use? I think more responsibility needs to be put on the owners of the networks.
Click to expand...

How do you differentiate between a house that is unlocked because they want anyone to come in and a house where the owner forgot to lock the door that morning?

You assume the later unless told otherwise, unless as suggested above - you are there to steal belongings.
 
People that don't secure their wireless networks should be cut off from their cable company for violating the ToS. The ToS for every ISP clearly states that the customer can not provide internet access for anyone else (unless you have a reseller account). I'd love to see cable co. trucks out wardriving to find all the open APs on their network, then disconnecting all those people until they lockdown their wireless.

It's like the people leave all the doors open in their house, have an "Open House - Today" sign out front, but then call the cops and have you arrested for trespassing when you come inside.

It takes all of about 2 minutes to secure your network, and every AP sold comes with a nice little fold out and an easy to use wizard to walk you through each step.
 
Follow up on slashdot


ST. PETERSBURG - Richard Dinon saw the laptop's muted glow through the rear window of the SUV parked outside his home. He walked closer and noticed a man inside.

Then the man noticed Dinon and snapped his computer shut.

Maybe it's census work, the 28-year-old veterinarian told his girlfriend. An hour later, Dinon left to drive her home. The Chevy Blazer was still there, the man furtively hunched over his computer.

Dinon returned at 11 p.m. and the men repeated their strange dance.

Fifteen minutes later, Dinon called police.

Police say Benjamin Smith III, 41, used his Acer brand laptop to hack into Dinon's wireless Internet network. The April 20 arrest is considered the first of its kind in Tampa Bay and among only a few so far nationwide.

"It's so new statistics are not kept," said Special Agent Bob Breeden, head of the Florida Department of Law Enforcement's computer crime division.

But experts believe there are scores of incidents occurring undetected, sometimes to frightening effect. People have used the cloak of wireless to traffic in child pornography, steal credit card information and send death threats, according to authorities.

For as worrisome as it seems, wireless mooching is easily preventable by turning on encryption or requiring passwords. The problem, security experts say, is many people do not take the time or are unsure how to secure their wireless access from intruders. Dinon knew what to do. "But I never did it because my neighbors are older."

A drive through downtown St. Petersburg shows how porous networks can be. In less than five minutes, a Times reporter with a laptop found 14 wireless access points, six of which were wide open. "I'll guarantee there are tons of people out there who have their wireless network being exploited but have no idea," Breeden said. "And as we see more people utilizing wireless, we'll see more people being victimized."

Prolific Wi-Fi growth

Wireless fidelity, or "Wi-Fi," has enjoyed prolific growth since catching on in 2000. More than 10-million U.S. homes are equipped with routers that transmit high-speed Internet to computers using radio signals. The signals can extend 200 feet or more, giving people like Dinon the ability to use the Web in the back yard of his Crescent Heights home but also reaching the house next door, or the street.

Today someone with a laptop and inexpensive wireless card can surf the Web via Wi-Fi at Starbucks or eat a bagel and send instant messages at Panera Bread. Libraries, hotels, airports and colleges campuses are dotted with Wi-Fi "hotspots." Even entire cities are unplugging.

"The information age is over. The information is out there," said Jim Guerin, technology director for the city of Dunedin, which will soon be the first city in Florida to go completely Wi-Fi. "Now it's the connectivity age. It opens up a whole new area for ethics, legal boundaries and responsibilities. It's a whole new frontier."

There's a dark side to the convenience, though.

The technology has made life easier for high-tech criminals because it provides near anonymity. Each online connection generates an Internet Protocol Address, a unique set of numbers that can be traced back to a house or business.

That's still the case with Wi-Fi but if a criminal taps into a network, his actions would lead to the owner of that network. By the time authorities show up to investigate, the hacker would be gone.

"Anything they do traces back to your house and chances are we're going to knock on your door," Breeden said.

Breeden recalled a case a few years ago in which e-mail containing death threats was sent to a school principal in Tallahassee. The e-mail was traced back to a home, and when investigators arrived, they found a dumbfounded family. The culprit: a neighborhood boy who had set up the family's Wi-Fi network and then tapped into it.

In another Florida case, a man in an apartment complex used a neighbor's Wi-Fi to access bank information and pay for pornography sites.

But he slipped up. The man had sex products sent to his address. "The morning we did a search warrant, we found an antenna hanging out his window so he could get a better signal from his neighbor's network," Breeden said.

Last year, a Michigan man was convicted of using an unsecured Wi-Fi network at a Lowe's home improvement store to steal credit card numbers. The 20-year-old and a friend stumbled across the network while cruising around in a car in search of wireless Internet connections - a practice known as "Wardriving."

(The name has roots in the movie WarGames, in which Matthew Broderick's character uses a computer to call hundreds of phone numbers in search of computer dialups, hence "war dialing.")

A more recent threat to emerge is the "evil twin" attack. A person with a wireless-equipped laptop can show up at, say, a coffee shop or airport and overpower the local Wi-Fi hotspot. The person then eavesdrops on unsuspecting computer users who connect to the bogus network.

At a technology conference in London this spring, hackers set up evil twins that infected other computers with viruses, some that gather information on the user, the Wall Street Journal reported.

Not all encryption is rock solid, either. One of the most common methods called WEP, or Wired Equivalent Privacy, is better than nothing but still can be cracked using a program available on the Web.

"Anybody with an Internet connection and an hour online can learn how to break that," said Guerin, the Dunedin network administrator. Two years ago when the city of Dunedin first considered Wi-Fi, Guerin squashed the idea because of WEP's inadequacy.

Dunedin's network, however, will be protected by the AES encryption standard, used by the Department of Defense. Passwords will be required, and each computer will have to be authenticated by the network. There also will be firewalls. "I'm confident to say our subscribers are at zero risk for that kind of fraud," Guerin said.

Leaving the door open

Not everyone has sinister intentions. Many Wardrivers do it for sport, simply mapping the connections out there. Others see it as part public service, part business opportunity. When they find an unsecured network, they approach a homeowner and for a fee, offer to close the virtual door.

Some Wi-Fi users intentionally leave their networks open or give neighbors passwords to share an Internet connection. There is a line of thought that tapping into the network of a unsuspecting host is harmless provided the use is brief and does not sap the connection, such as downloading large music files. "There is probably some minority of people who hop on and are up to no good. But I don't know there is any sign it's significant," said Mike Godwin of Public Knowledge, a public interest group in Washington, D.C., focused on technology.

"We have to be careful," Godwin said. "There's a lot of stuff that just because it's new triggers social panic. Normally the best thing to do is sit back and relax and let things take their course ... before acting on regulation."

Randy Cohen, who writes "The Ethicist" column in the New York Times Magazine , was swayed by Godwin's thinking. When asked by a Berkeley, Calif., reader if it was okay to hop on a neighbor's Wi-Fi connection, Cohen wrote:

"The person who opened up access to you is unlikely even to know, let alone mind, that you've used it. If he does object, there's easy recourse: nearly all wireless setups offer password protection."

But, Cohen went on to ask, "Do you cheat the service provider?" Internet companies say yes.

"It's no different if I went out and bought a Microsoft program and started sharing it with everyone in my apartment. It's theft," said Kena Lewis, spokeswoman for Bright House Networks in Orlando. "Just because a crime may be undetectable doesn't make it right."

"I'll probably never know'

In a way Dinon was fortunate the man outside his home stuck around since it remains a challenge to catch people in the act. Smith, who police said admitted to using Dinon's Wi-Fi, has been charged with unauthorized access to a computer network, a third-degree felony. A pretrial hearing is set for July 11.

It remains unclear what Smith was using the Wi-Fi for, to surf, play online video games, send e-mail to his grandmother, or something more nefarious. Prosecutors declined to comment, and Smith could not be reached.

"I'm mainly worried about what the guy may have uploaded or downloaded, like kiddie porn," Dinon said. "But I'll probably never know."

--Times staff writer Matthew Waite contributed to this report. Alex Leary can be reached at 727 893-8472 or [email protected]

MINIMIZING THE RISKS

Here are a few tips to minimize potential threats to a Wi-Fi network:

Enable WEP (Wired Equivalent Privacy). Even though WEP uses weak encryption and is breakable, it still provides an effective first measure of defense by encrypting the traffic between your wireless card and access point. Use 64-bit WEP to gain some security benefit without slowing down your network unnecessarily. You can also use WPA, a similar security protocol that's tougher to crack. Make sure both your access point and card support it.

Change your SSID (service set identifier) to something nondescriptive. You do not want to give out your name, address, or any other useful information to potential hackers. Also, don't use the default SSID.

Change the default password on your access points. The defaults of most network equipment are well known.

Enable MAC based filtering. Using this feature, only your unique wireless cards can communicate with your access point.

Turn off your access points when you are not using them. Why risk being scanned or being broken into if you are not using your wireless network?

Position your access points toward the center of your house or building. This will minimize the signal leak outside of its intended range. If you are using external antennas, selecting the right type of antenna can be helpful in minimizing signal leak.

Don't send sensitive files over Wi-Fi networks. Most Web sites that perform sensitive transactions like shopping with a credit card or checking bank account information use Secure Socket Layer (SSL) technology.

Sources: Force Field Wireless, www.forcefieldwireless.com TampaBay.com columnist Jeremy Bowers.
Click to expand...
 
Really, the issue at hand here is that many people who purchase wireless AP's are grossly uninformed of the possibility of someone else using their wireless connection. Sure, people are dumb, but dumb isn't really the right word to describe these people -- they're just not aware/savvy, that's all. If everyone was made aware of this issue (and how to combat it), rest assured there'd be more effort to remedy it.

But again, that doesn't give anyone the right to connect to these unsecure networks, except if there's a blatent invitation (Like the Wi-fi at Panera, for example). Computer Ethics is a wonderful thing, isn't it. :p

For those who use the "People who leave their front door open are allowing others to come in and there's nothing wrong with that" argument, I don't think you'd agree if you were the one who left the door open by accident. You get home from work to discover everything's gone or your house is trashed cause you left the door open by mistake, you're just going to say "Well, that's all good. I accidentally left the door open, so everyone's more than welcome to my stuff!" In general,. people has a sense of privacy and these kinds of indicents violate their privacy, and is an act of trespassing no matter how you look at it (except of course, there's an open house sign on the front lawn. But refer to my Panera example up above).
 
leaving your door unlocked is a completly different situation that using my internet....i tell everyone that asks or buys a wireless router to read up on security....
that is the first thing to do once they get home....nothing else. Because once that router is on, your network is open to anyone driving around.

It should be illegal in some way to use someone elses wireles...you dont own it or pay for it, therefor you have no right to it. I dont see going to jail or anything like that.
Maybe pay for a few months of internet for that person or community service.

Its like me saying its legal for me to download music...i know its wrong and so do you, but people do it everyday. Anyways...if i said my full opinion on this matter it would take 30 mins to type up.
 
I'd think it's more like someone who put a sprinkler in their front lawn. And the water reaches into the street. If they didn't want people to use their water they should aim the sprinkler water inside their fence!

So hot today..
 
Talking about a physical entity like a house and trying to compare it to radio waves doesn't work, because a house (with doors) has a clearly defined space, whereas wireless (radio) doesn't. A closer match might be to arrest somebody for copyright infringement if they turned on the radio and listened to somebody's RF CD Player/Ipod/etc one car over, or arresting the owner of the RF for not having a license to broadcast, and distributing copyrighted content without permission. Making a felony out of this is totally outrageous, and would never fly out here in California (where we have three strikes). Can you imagine spending life in prison because you borrowed somebodys Internet 3 times? People need to learn how to secure their own networks at least minimally, because otherwise there is no way to differentiate between an open network that is actually open (ie: you don't mind people using it), and a network that is closed and should not be used. It's really quite simple, and every AP I've recently setup has forced users to consider security.

Seriously, sometimes you need to look back on what we have done and go, "Is this really right?"
 
hokatichenci said:
Talking about a physical entity like a house and trying to compare it to radio waves doesn't work, because a house (with doors) has a clearly defined space, whereas wireless (radio) doesn't. A closer match might be to arrest somebody for copyright infringement if they turned on the radio and listened to somebody's RF CD Player/Ipod/etc one car over, or arresting the owner of the RF for not having a license to broadcast, and distributing copyrighted content without permission. Making a felony out of this is totally outrageous, and would never fly out here in California (where we have three strikes). Can you imagine spending life in prison because you borrowed somebodys Internet 3 times? People need to learn how to secure their own networks at least minimally, because otherwise there is no way to differentiate between an open network that is actually open (ie: you don't mind people using it), and a network that is closed and should not be used. It's really quite simple, and every AP I've recently setup has forced users to consider security.

Seriously, sometimes you need to look back on what we have done and go, "Is this really right?"
Click to expand...

You are accessing their network without authorization and using their resources without their permission. I think that qualifies as theft, or at least trespassing.

You say "they should secure their network."

The next person says "they should have picked a password I couldn't guess on the third try."

Then someone says "They shouldn't have used something as easy to break as WEP."

"They shouldn't have..." doesn't excuse your actions.
 
PopeKevinI said:
You are accessing their network without authorization and using their resources without their permission. I think that qualifies as theft, or at least trespassing.

You say "they should secure their network."

The next person says "they should have picked a password I couldn't guess on the third try."

Then someone says "They shouldn't have used something as easy to break as WEP."

"They shouldn't have..." doesn't excuse your actions.
Click to expand...
Yes. The only way someone's network can be breached is if someone else tries to to breach it in the first place. It's irrelevant which security measures are implemented, no matter how good or bad they are.
 
Here's my take on this topic:

If my body is getting radiation from a signal, I have every right to use the signal however I like.

If someone's radio signals are in my house, they are mine and I have every right to use them as I like.
 
PopeKevinI said:
You are accessing their network without authorization and using their resources without their permission. I think that qualifies as theft, or at least trespassing.

You say "they should secure their network."

The next person says "they should have picked a password I couldn't guess on the third try."

Then someone says "They shouldn't have used something as easy to break as WEP."

"They shouldn't have..." doesn't excuse your actions.
Click to expand...

If somebody actively tries to "break in" to an AP by using common passwords, or doing a WEP analysis, then they are obviously trying to circumvent security measures and imo should be breaking "some" law. However, there is nothing to distinguish an open AP that somebody is handing out free Internet on with one that doesn't. How do you know if you are driving through some town on vacation that the town doesn't have some free wireless Internet, or the coffee shop you just grabbed a coffee at isn't just trying to be nice. The way of enforcing those measures is by implementing either a MAC ACL, a WEP key, maybe even disabling DHCP. If you broadcast an open AP that responds to DHCP and hands everything out for free, don't be surprised if people catch on along the way. Furthermore, making a felony out of it is insane, although I don't know how Florida law works regarding mandatory/truth in sentencing, but I'm betting this guy goes to jail/prison for a few months if not years. My opinion is that if you leave no security whatsoever on your wireless network, than you are therefore granting permission. Because the person can't exactly go up to you and ask, can s/he? So the only way to tell if you have permission or not is by the most basic security features (even though we all know they can be easily cracked) of a system.

I personally pretty firmly draw the line. I recently had to setup two wireless access points for a business and a personal home. The person I was doing it for was non-technical and even he knew that security was a concern because its been publicized pretty well. Even going through the manuals it asks you and suggests that you use WEP. It isn't exactly rocket science anymore, and criminalizing day-to-day use will just cause extra burden on America's already taxed prison system.
 
skylab said:
how is a user supposed to differentiate between a network that someone never bothered to secure vs an open access point that someone installed for the public to use? I think more responsibility needs to be put on the owners of the networks.
Click to expand...

Some states have considered this very point and passed laws either permitting or denying use of unsecured APs. From a purly signals point of view, the frequency is in an unlicensed spectrum, free for all to use. If it is not securied that it is by default a public network, free for anyone to tap into, much the same of public TV. If its secured, than it's not intended for public use and is similar to encrypted satallite television.

The analogy stands and is in fact being used in defense at this very moment and was clarified internally at teh FCC. Their take on it is if its open then its public since its the public's spectrum to use as they wish.

The sticky point is when someone wishes it to be private, thinks it is because of his ignorance, and then catches someone using it (which could be the case in Florida). The very fact that they are prosecuting him for this boggles teh mind since to my knowledge Fl. doesn't have laws permitting or forbidding access to unsecured APs. The only way I see the charge sticking is if he actually did hack his way into the network. Otherwise I see this one as defaulting to the FCC's declaration.
 
korpse said:
Here's my take on this topic:

If my body is getting radiation from a signal, I have every right to use the signal however I like.

If someone's radio signals are in my house, they are mine and I have every right to use them as I like.
Click to expand...

Fair enough.
Now explain how you plan to use a signal in your "area" (house, apartment, whatever) without now transferring your signal back onto someone else's "area"?
 
ray4389 said:
It's retarded how you can get charged with that. It's not hacking...you frekain left the door open...

If you leave your front door open you can't be mad that bugs get it....all you had to do is close it.

If you are too stupid to use computers than stop complaing....dumasses...pay somebody geez.
Click to expand...

i herd a good example once

if a jewelry store leaves its door open, and the display case is open, is it ok to take something?

someones stupdity dosent make anything legal.........hes paying for wifi through his cable company, someone got on his line with out permission, thats called breaking and entering cyber style ;) which is illeagal, and thats kinda lame to bust in best buys wifi access, dam shame you didnt get caught for useing their signal, but then again they arent the most tech savy people =/

and flame me all you want, whatever, i dont use wifi, i dont caer to use it, its lame and weak connections, but getting online on account of a neighbor is lame and you should go to jail for a few months......and it should stay on your perm record, speicaly if you go for a tech job~


soulsaver_8229
 
Malk-a-mite said:
Fair enough.
Now explain how you plan to use a signal in your "area" (house, apartment, whatever) without now transferring your signal back onto someone else's "area"?
Click to expand...
Your point is completely valid, and the rule applies both ways. If I am broadcasting a signal in someone else's "area", then I can't expect it to be private. It becomes public and therefore I need to personally ensure that my signal is safe, and if it isn't safe then its my own fault if it gets compromised.
 
The analogy stands and is in fact being used in defense at this very moment and was clarified internally at teh FCC. Their take on it is if its open then its public since its the public's spectrum to use as they wish.

The sticky point is when someone wishes it to be private, thinks it is because of his ignorance, and then catches someone using it (which could be the case in Florida). The very fact that they are prosecuting him for this boggles teh mind since to my knowledge Fl. doesn't have laws permitting or forbidding access to unsecured APs.
Click to expand...

It is true that the wi-fi rf spectrum space is for free public use. I would
think that the major legal problem is not the unauthorized use of the
rf pathway itself so much as the unauthorized use of the network at the
end of that pathway. Seems that would be (or should be) a Federal rap
for tampering with a common carrier. I would also think that willful
intrusion into someones Part 15 apparatus would qualify as "willful
interference" and give one grounds for a complaint to the Fcc.

Tom in Tulsa
 
korpse said:
Here's my take on this topic:

If my body is getting radiation from a signal, I have every right to use the signal however I like.

If someone's radio signals are in my house, they are mine and I have every right to use them as I like.
Click to expand...

Fine. But then you beam radio signals back into their house, at their WAP, and request that it send you more radio waves.

It's not like they're beaming the entire internet into your house 24/7.
 
Let's not always place the blame on users or businesses. There are plenty of "techs" out there who blindly setup open APs with myriad of excuses of why they didn't secure it.

Hell, I just recently completed an initial consultation for a potential client and showed them their so called "secure" wireless network was not in fact secured at all and with their permission I demonstrated I could access their files from a parking lot about a half mile down the road.

The current "tech" is being replaced very soon (hopefully by my company's services :p ), but the fact that he or she outright lied about the security of the wireless system is disturbing.

We can go round and roung with putting the blame here and there, but in the end what does that solve? Absolutely nothing. I would rather see more constructive information come out of this thread that deals with solutions to the current wifi problem.

I for one would like to see better documentation be included in wireless products that deal specificially with security.
 
valorfkeeI would also think that willful intrusion into someones Part 15 apparatus would qualify as "willful interference" and give one grounds for a complaint to the Fcc. [/QUOTE said:
"Interference" is a pretty stretchy word, because...
1) The person did not cause any harm to the AP or any other networking equipment.
2) The person was likely (or in theory could be using) legally licensed equipment without any modifications.
3) Any interference was not done at the RF level, but might be arguable at the network level, which the FCC likely doesn't give a crap about.

"Willful" is a pretty stretchy word, because...
1) The person was accessing the network, but the owner did nothing to show to the person that it was not wanted.
2) Some network cards have an "ANY" mode (Orinoco's for example can set the ssid to ANY) which will hook into the first network it finds, or allow for monitoring any network. This is a manufacturer option straight from the factory from a major corporation, which may shift liability to the wireless manuf.

Its arguable either way and until the case is settled we're all really just speculating. I do enjoy a good argument or two though :)

I'd also like to propose a new slogan, "Ignorance of the technology is not an exscuse."

-hokadehoka
Click to expand...
 
My personal view of the whole matter is that using an open AP is like tapping into public TV. Its broadcasted over the air in a form all can recieve and use. The opposite of this is satallite TV which is locked down, similar to an AP with encryption (or other restrictions) enabled.

When then is using someone's open AP any different? After all, whether they intended to or not, they offered you free access to their network connection.

But like I said earlier, it all depends on the State you life in. And I'll have to echo SJ's comment on techs that are careless and don't do their job properly. They're out there and sometimes people pay the price. I can only hope that if someone were impacted by such a tech that they have a means of recourse.
 
Obviously if someone circumvents security measures to access a wireless network they are unauthorized, I don't think there's any argument about that.

XP automatically connects me to open wireless networks, sometimes it'll do it over connecting to my secured wireless. Am I 'hacking' or unauthorized when the other person's open wireless is broadcasting it's existence into public spaces (the street) or my personal property (my house) and responds to my computer's request to access the network by saying "yes, here's your DHCP IP address, come on in and use me"? In my opinion, no. If there's a knock on your door with someone asking to come in and your housekeeper lets them in and tells them where to sit, it's not all that different than your router answering and telling your laptop which ip to use.
 
da spong hit the nail on the head. Common sense says that an open AP is implied acceptance of their request for access (for the reasons already stated), whether the owner likes it or not. If they don't want someone to use their network it is their responsibility to ensure their shit is locked down.
 
I believe that it is unethical to use an AP without permission from it's owner..

Personally I have never ever connected to an AP without permission. I did go for a car ride with my laptop once though and I saw the same thing as everyone else. A ton of APs with no encryption... Heck most were left with default SSIDs so that is a good indication that the owner probably plugged it in and left it. That means that a malicious hacker could drive by, set a password on the unit (they would know the default password of course) and then proceed to change all kinds of settings, possibly rendering the unit inoperable to the user or opening a backdoor... (forward a port, put a trojan on a computer on the network).

I think the main solution to this issue is to ship the networking equipment with some form of encryption enabled by default (randomly generated WEP keys etc. for each AP as a start).

I know all these wireless counter measures such as WEP can be cracked easily but at that point then the person trying to access the AP is intentionally trying to circumvent the security on your network which is considered illegal.

Connecting to an open AP should not be illegal... it is not ethical though. Users are going to have to stop turning a blind eye to this sort of thing because it is starting to cause some serious problems with identity theft etc. It doesn't take a tech savy person to configure modern routers. You just need to know how to read, follow instructions and turn your computer on and point and click your mouse...
 
BobSutan said:
My personal view of the whole matter is that using an open AP is like tapping into public TV. Its broadcasted over the air in a form all can recieve and use. The opposite of this is satallite TV which is locked down, similar to an AP with encryption (or other restrictions) enabled.

When then is using someone's open AP any different? After all, whether they intended to or not, they offered you free access to their network connection.

But like I said earlier, it all depends on the State you life in. And I'll have to echo SJ's comment on techs that are careless and don't do their job properly. They're out there and sometimes people pay the price. I can only hope that if someone were impacted by such a tech that they have a means of recourse.
Click to expand...

your example makes no sence, by having a tv broadcast, you cant tap into someones computer and gain their personal infomation, bank statments, family pics, videos, you cant gain any persoanl information on someONE by getting a signal in a tv............the internet is so very diffrent from any sort of example about any signal that has to do with tv......


soulsaver_8229
 
I'm sorry, but you missed the point of the analogy completely. What it comes right down to is that it is a public frequency intended for public use. To make a such a signal private the onus is on the AP's owner to remove it from its de facto status of being public, just as satellite operators are required to do. If they broadcast their signals unencrypted and people watch their product, then they're offering a free public service. If they lock it down and people hack the signal then that's another story. From a purely technical standpoint the same applies to 802.11.
 
Blitzrommel said:
Really, the issue at hand here is that many people who purchase wireless AP's are grossly uninformed of the possibility of someone else using their wireless connection. Sure, people are dumb, but dumb isn't really the right word to describe these people -- they're just not aware/savvy, that's all. If everyone was made aware of this issue (and how to combat it), rest assured there'd be more effort to remedy it.
Click to expand...

So, there are laws to protect not-savvy people from savvy people. Where is the law that protects my computer from a non-savvy person's zombie PC? I don't understand, if I am not-aware of spyware and my PC uses my internet connection to spam/ spread worms and viruses, I am not guilty of anything, since "I did not know any better". On the same token, if I leave my WLAN unprotected, I can still prosecute people for using my network BW, because "they should have known better"?

It is quite sad to see that laws/ law enforcement/ the judiciary in the USA are rapidly moving towards the "lowest common demonimator", i.e. the more stupid I am the more protection I get.
 
BobSutan said:
I'm sorry, but you missed the point of the analogy completely. What it comes right down to is that it is a public frequency intended for public use. To make a such a signal private the onus is on the AP's owner to remove it from its de facto status of being public, just as satellite operators are required to do. If they broadcast their signals unencrypted and people watch their product, then they're offering a free public service. If they lock it down and people hack the signal then that's another story. From a purely technical standpoint the same applies to 802.11.
Click to expand...

heh - while a interesting idea I don't think the person who is the reason for this thread (the man in the news link) will get away with that defense.
 
BobSutan said:
I'm sorry, but you missed the point of the analogy completely. What it comes right down to is that it is a public frequency intended for public use. To make a such a signal private the onus is on the AP's owner to remove it from its de facto status of being public, just as satellite operators are required to do. If they broadcast their signals unencrypted and people watch their product, then they're offering a free public service. If they lock it down and people hack the signal then that's another story. From a purely technical standpoint the same applies to 802.11.
Click to expand...

I think I already made this point: a satellite broadcast is one-way. Taking what they beam into your house and viewing it (assuming it's unencrypted) I have no problem with. However, once you begin bidirectional communication, you are using their equipment without their permission.
 
PopeKevinI said:
I think I already made this point: a satellite broadcast is one-way. Taking what they beam into your house and viewing it (assuming it's unencrypted) I have no problem with. However, once you begin bidirectional communication, you are using their equipment without their permission.
Click to expand...

What about webservers? They are indeed, just another device with which you communicate. If I have a webserver, does that mean you need some form of written permission to use it? If I had a web server on the web and attempted to sue somebody for accessing it then the case would very likely be thrown out quickly, and I would be the laughing stock of the Internet. Why? Because nearly all webservers are by default very open. Now if I started enforcing various rulesets, like the client must be connecting from a secure intranet and use SSL + a login scheme, if somebody bypasses that they are obviously violating the network. But I don't see how an open design when accessed in an open way, and adhering to the protocol standards can be construed as "without permission", and therefore a felony.
 
PopeKevinI said:
I think I already made this point: a satellite broadcast is one-way. Taking what they beam into your house and viewing it (assuming it's unencrypted) I have no problem with. However, once you begin bidirectional communication, you are using their equipment without their permission.
Click to expand...

In regards to unidirectional vs bidirectional communication the analogy fails because they're different technologies and its apples to oranges. However, the issue of public vs non-public spectrum that I was referring to earlier still holds true.


hokatichenci said:
What about webservers? They are indeed, just another device with which you communicate. If I have a webserver, does that mean you need some form of written permission to use it? If I had a web server on the web and attempted to sue somebody for accessing it then the case would very likely be thrown out quickly, and I would be the laughing stock of the Internet. Why? Because nearly all webservers are by default very open. Now if I started enforcing various rulesets, like the client must be connecting from a secure intranet and use SSL + a login scheme, if somebody bypasses that they are obviously violating the network. But I don't see how an open design when accessed in an open way, and adhering to the protocol standards can be construed as "without permission", and therefore a felony.
Click to expand...

This is exactly the crux of this whole damn mess. How can you hold someone responsible for doing what was intended? Auto-connecting clients, ubiqutous service, etc all fall under the pervue of "Wi-Fi". With 802.11 an open AP allows access, often times providing clients with an IP when asked for one. This is similar to the idea of connecting to a webserver and requesting a webpage be sent to the client, but instead of a simple webpage the client is requesting service from a public AP. The FCC, common sense, and 25 years of precedent says this is fine and dandy. However, now that computers are involved the world suddenly goes pear-shaped. Why is that? I would have thought that in an arena such as the old OCP that tech-savvy people would be more understanding and accepting of this concept.
 
I have a couple of friends that have 2Wire "all-in-one" DSL modem/router units, which happen to have a Wi-Fi access point built in. They have a great idea that I think all router makers should adopt. A unique WEP key is on the bottom of the unit which must be used to use the AP. This will make sure everyone knows that they need to secure their network.
 
hokatichenci said:
What about webservers? They are indeed, just another device with which you communicate. If I have a webserver, does that mean you need some form of written permission to use it? If I had a web server on the web and attempted to sue somebody for accessing it then the case would very likely be thrown out quickly, and I would be the laughing stock of the Internet. Why? Because nearly all webservers are by default very open. Now if I started enforcing various rulesets, like the client must be connecting from a secure intranet and use SSL + a login scheme, if somebody bypasses that they are obviously violating the network. But I don't see how an open design when accessed in an open way, and adhering to the protocol standards can be construed as "without permission", and therefore a felony.
Click to expand...
That is a fantastic analogy. I couldn't agree more.
 
You must log in or register to reply here.
Back
Top