Man Charged With Stealing Wi-Fi Signal

[ktwebb]

I totally agree, I was about to say the same thing. It is no different than leaving your house unlocked, you invite someone to come in and steal your belongings. They should have secured their network.

Fuckin idiot

 

[DragonNOA1]

^Lol

My friend does this all the time, illegal or not, it is a common thing for many.

 

[Trepidati0n]

What about webservers? They are indeed, just another device with which you communicate. If I have a webserver, does that mean you need some form of written permission to use it? If I had a web server on the web and attempted to sue somebody for accessing it then the case would very likely be thrown out quickly, and I would be the laughing stock of the Internet. Why? Because nearly all webservers are by default very open. Now if I started enforcing various rulesets, like the client must be connecting from a secure intranet and use SSL + a login scheme, if somebody bypasses that they are obviously violating the network. But I don't see how an open design when accessed in an open way, and adhering to the protocol standards can be construed as "without permission", and therefore a felony.

It is a called relative moralism. You find an example you can twist to meet your "goals" and call it okay. It is the same as people who OC their video cards because the option is there but they RMA it when it breaks. You come up with some lousy excuse to make yourself feel justified in doing it because you fuck'd up.

-tReP

 

[da sponge]

It is a called relative moralism. You find an example you can twist to meet your "goals" and call it okay. It is the same as people who OC their video cards because the option is there but they RMA it when it breaks. You come up with some lousy excuse to make yourself feel justified in doing it because you fuck'd up.

-tReP

I'm not sure the argument for connecting to an open AP is one that's based upon it being a moral thing to do. Remember, this thread was started because a man is being charged with a felony for doing it and those who are justifying using an open AP are arguing that it's legal (not neccessarily moral). I think it's poor netiquette most of the time to leech (unless it's explicitly for everyone's use). It's worse if you have to sit outside of someone's house in a van to do it.

The problem is that there's no way to differentiate between APs that have been left open for public use and a n00b's AP that is open because of defaults. Yeah, maybe a default ssid would be an indicator, but it's not gaurenteed. Is it bad form to leech someone's wireless? Yup, especially if the user doesn't know about it, but doing so shoud not be illegal for reasons BobSultan and I have highlighted.

 

[PopeKevinI]

It just occurred to me that this offers hackers a unique passive way to collect information as well. Simply set up a WAP, let others use it, and collect their data with it. It's a variation of the "evil twin" attacks at hotspots, only this time you're actually volunteering the information to their systems.

 

[valorfkee]

The problem is that there's no way to differentiate between APs that have been left open for public use and a n00b's AP that is open because of defaults.

Something to consider might be what I think is termed "implied no trespass".
If the door to a private residence is unlocked and a stranger walks in, that person
has committed an offense because unlocked or not, the "public" is not by default invited
to enter a private dwelling. (In my state residents are permitted the use of deadly
force against "uninvited guests" if they have "broken"* your homes' perimeter)
A commercial establishment is commonly understood to be inviting the public
inside if it's door is unlocked. One could argue that similar common law would
apply to unsecured "private" and "commercial" WAPs, and probably win.

Tom in Tulsa

* here, "breaking" is being closer than 3 inches to the outer surface of a dwelling

 

[ninethreeeleven]

A better analogy for this would be...

There is a Drive-In theater with a large hill just outside its grounds. Person A sits on the hill, on public property and is able to see the movie. The Drive-In has the sound broadcast over a local low level radio antenna (many do this) and Person A has a small radio.

Person A is on public grounds listening to a feed broadcast outside of its original destination without "hacking" into the radio transmission. Yes he is watching and listening to what many people are paying for, but the Drive-In did nothing to protect their screen/sound. They could have put up trees or walls to block said hill but as it stands this guy is just hanging out, doing nothing illegal.

 

[PopeKevinI]

A better analogy for this would be...

There is a Drive-In theater with a large hill just outside its grounds. Person A sits on the hill, on public property and is able to see the movie. The Drive-In has the sound broadcast over a local low level radio antenna (many do this) and Person A has a small radio.

Person A is on public grounds listening to a feed broadcast outside of its original destination without "hacking" into the radio transmission. Yes he is watching and listening to what many people are paying for, but the Drive-In did nothing to protect their screen/sound. They could have put up trees or walls to block said hill but as it stands this guy is just hanging out, doing nothing illegal.

Okay, here's a better analogy:

You're sitting in your living room watching TV. A guy parks outside and watches TV through your open window.

Has he done anything wrong?

Now, he decides he wants to watch something different, whips out his trusty universal remote, and changes the channel.

Now has he done anything wrong?

 

[hokatichenci]

It just occurred to me that this offers hackers a unique passive way to collect information as well. Simply set up a WAP, let others use it, and collect their data with it. It's a variation of the "evil twin" attacks at hotspots, only this time you're actually volunteering the information to their systems.

Great for them. It would also be trivial to bust these hackers. Go to whatismyip.com, login publically to some service that really isn't public, just a honeypot. Check back and see if somebody has logged in with the username and password used for that AP. If it was, then voila, you have the IP of said AP, as well as the IP of the attacking machine. And its also trivial to start encrypting your traffic, as there are plenty of open https web proxies or you could encrypt it yourself (if you have a box to tunnel to). If people want to be idiots, let them.

Creating legislative protection for idiots is only going to hurt the rest of us who are not, as well as overburden our justice and prison systems (which nobody has addressed yet). It took the DA three weeks to decide to take action on a guy who had assaulted my friend, and then threatened publically in front of many different people who were willing to talk about it. Thats what I would consider a serious crime, since there is real inflincted harm on a person and the threat of further harm which the police couldn't do anything about until the DA took action. I can't imagine how much longer delays would be when the courts would be dealing with all sorts of "he looked like he was using our wireless Internet" cases.

 

[BobSutan]

It just occurred to me that this offers hackers a unique passive way to collect information as well. Simply set up a WAP, let others use it, and collect their data with it. It's a variation of the "evil twin" attacks at hotspots, only this time you're actually volunteering the information to their systems.

This brings up a great point as to why one may not want to use an unknown AP. The "evil twin" is a relatively new concept and will certainly get more popular in the future. Just food for thought..

 

[Ludic]

Okay, here's a better analogy:

You're sitting in your living room watching TV. A guy parks outside and watches TV through your open window.

Has he done anything wrong?

Now, he decides he wants to watch something different, whips out his trusty universal remote, and changes the channel.

Now has he done anything wrong?

No.

Yes.

Isn't it the FCC rule that if you have a device that receives a transmission, that you must allow that device to receive it? Or what is that warning printed on most electronic devices about receiving electronic signals... (goes to look up)

 

[PopeKevinI]

No.

Yes.

Isn't it the FCC rule that if you have a device that receives a transmission, that you must allow that device to receive it? Or what is that warning printed on most electronic devices about receiving electronic signals... (goes to look up)

So the wrongdoing starts when he begins controlling your equipment?

Simply connecting to a WAP changes its behavior.

I adopt a "should have known better" attitude toward this. If you're sitting in Starbucks and pick up a signal from an apartment complex next door and use it, you can't be sure whether it's there for you to use or not. But if you park your vehicle outside a house in a residential area, it's hard to justify saying "but I thought it was a public WAP!" If you have to go to extraordinary means to gain access to a WAP then odds are you aren't supposed to be using it. And by "extraordinary" I mean anything above and beyond sitting down on a park bench, at a restaurant table, or anywhere else one might ordinarily use a laptop.

 

[PopeKevinI]

Great for them. It would also be trivial to bust these hackers. Go to whatismyip.com, login publically to some service that really isn't public, just a honeypot. Check back and see if somebody has logged in with the username and password used for that AP. If it was, then voila, you have the IP of said AP, as well as the IP of the attacking machine. And its also trivial to start encrypting your traffic, as there are plenty of open https web proxies or you could encrypt it yourself (if you have a box to tunnel to). If people want to be idiots, let them.

If it were so "trivial" to evade hackers, why do major corporations struggle with it?

Creating legislative protection for idiots is only going to hurt the rest of us who are not, as well as overburden our justice and prison systems (which nobody has addressed yet). It took the DA three weeks to decide to take action on a guy who had assaulted my friend, and then threatened publically in front of many different people who were willing to talk about it. Thats what I would consider a serious crime, since there is real inflincted harm on a person and the threat of further harm which the police couldn't do anything about until the DA took action. I can't imagine how much longer delays would be when the courts would be dealing with all sorts of "he looked like he was using our wireless Internet" cases.

Laws against computer viruses are "protection for idiots", you know. It's stupid to not patch your system and use a firewall and antivirus, given the state of things. I suppose you think that should be okay, too?

 

[BollWeevil]

from 18 USC 2510

18 U.S.C. 2510
TITLE 18. CRIMES AND CRIMINAL PROCEDURE
PART I--CRIMES
CHAPTER 119--WIRE AND ELECTRONIC COMMUNICATIONS INTERCEPTION AND
INTERCEPTION OF ORAL COMMUNICATIONS

§2511.2 (g) It shall not be unlawful under this chapter or chapter 121 of this title for any person--

(i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;


§2510. Definitions

(16) "readily accessible to the general public" means, with respect to a radio communication, that such communication is not--

(A) scrambled or encrypted;

(B) transmitted using modulation techniques whose essential parameters have been withheld from the public with the intention of preserving the privacy of such communication;

(C) carried on a subcarrier or other signal subsidiary to a radio transmission;

(D) transmitted over a communication system provided by a common carrier, unless the communication is a tone only paging system communication; or

(E) transmitted on frequencies allocated under part 25, subpart D, E, or F of part 74, or part 94 of the Rules of the Federal Communications Commission, unless, in the case of a communication transmitted on a frequency allocated under part 74 that is not exclusively allocated to broadcast auxiliary services, the communication is a two-way voice communication by radio;

I'm not saying it's ethically right to do use another's wireless connection, but there is a legal precedent that can be argued by the defense in this man's case.

 

[SJConsultant]

There are too many damn variables involved that places the whole debate into a grey area where you cannot possibly draw a black and white line based on laws written years ago that were designed for the technologies of *then* and not now. None of the lawmakers back then could have expected or predicted what technology was being brought forth and the impact it would have.

Lawmakers will need to reevaluate and rewrite laws to address this specific problem and at some point in time maybe a court case will be the catalyst for such a change.

Until then, checkout these articles.

Cnet Wifi Mooching and the law

Interpreting Access and Authorization in Computer Misuse Statutes

 

[valorfkee]

§2511.2 (g) It shall not be unlawful under this chapter or chapter 121 of this title for any person--

(i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;

Read this again. (i) refers to intercepting or accessing (reading, listening to, etc)
"a communication". "A communication" would be a message, for example.

(i) is *not* referring to the access of the communications "system" itself in order that
you may use it for your own purposes.

This section would not seem to permit the theft of service via a private wap.

Tom in Tulsa

 

[hokatichenci]

If it were so "trivial" to evade hackers, why do major corporations struggle with it?

You are trying to generalize the one attack I was talking about with all attacks in general as I was talking about the evil AP attacks for information harvesting. Protection against that attack is as simple as having known public encryption keys for some given proxy cached, whether its SSH or SSL. If the evil AP is attempting to rewrite any of the public key exchange information then it will be caught immediately.

Laws against computer viruses are "protection for idiots", you know. It's stupid to not patch your system and use a firewall and antivirus, given the state of things. I suppose you think that should be okay, too?

I fail to see how laws against computer viruses are "protection for idiots", as viruses are malicious attacks against computer systems. Bugs are inherent to computer systems as it is impossible to write bug-free software. Some of the best software development teams in the world (the group that does the critical software modules for NASA comes to mind) still has bugs. Not many, but some. Writing complex operating systems, especially when they are based on hacked-up legacy code, makes for very buggy and insecure code. All things considered, running a brand new Windows XP box (nonSP2) open on the net is a pretty stupid thing to do given that machines can be compromised in as low as 12 minutes.

 

[Empyrean]

ts like me saying its legal for me to download music...i know its wrong and so do you, but people do it everyday.

Well, using logic put forward in this thread by some, if the record companies didn't want people to pirate their music, they shouldn't sell it publicly in a format that is easy to copy digitally.

Sometimes it almost sounds like.... "if they didn't want me to steal it, they shouldn't have bought it in the first place."

On the other hand, it is legal to intercept waves passing through your home, so I guess snooping would be okay on any packets drifting through. It was legal to just listen to people's cell phone conversations that could be picked up on a radio. Transmitting back is probably where the line could be drawn, which utilizing a network does do.

 

[ashmedai]

Unauthorized access of an unsecure network that doesn't request authorization in the first place...does this mean if I open http://www.google.com/ without going through redundant proxies in a few less than friendly contries, they're going to bust down my door the next day?

 

[deadm3at]

It just occurred to me that this offers hackers a unique passive way to collect information as well. Simply set up a WAP, let others use it, and collect their data with it. It's a variation of the "evil twin" attacks at hotspots, only this time you're actually volunteering the information to their systems.

do you realize how easy that is to set up? 1 extra machine and 1 program. even if its not your AP, you can do it on any AP you have access to, wireless or not. grabs everything that goes over the line out the gateway. passwords, ssl traffic, ...everything.

 

[ashmedai]

do you realize how easy that is to set up? 1 extra machine and 1 program. even if its not your AP, you can do it on any AP you have access to, wireless or not. grabs everything that goes over the line out the gateway. passwords, ssl traffic, ...everything.

Well yeah, it's Somebody Else's Network. When it's not your network you should have no expectation of privacy or security.

 

[deadm3at]

well it just goes to show you cant really trust anyone. i ran my wireless open in 2003, learned a lot in 2004 and wish i'd never left my stuff open. if im on someone elses network i dont connect to any sites that require passwords. to me it seems like common sence. but to an uneducated user it could be disaterous. that sort of attack loosley parralells email phishing.

 

[PopeKevinI]

On the other hand, it is legal to intercept waves passing through your home, so I guess snooping would be okay on any packets drifting through. It was legal to just listen to people's cell phone conversations that could be picked up on a radio. Transmitting back is probably where the line could be drawn, which utilizing a network does do.

As for listening to cell phones...aren't they encrypted these days? I believe it's currently illegal to break encryption.

 

[PopeKevinI]

do you realize how easy that is to set up? 1 extra machine and 1 program. even if its not your AP, you can do it on any AP you have access to, wireless or not. grabs everything that goes over the line out the gateway. passwords, ssl traffic, ...everything.

And the really amusing thing about it is that simply collecting the information in this manner (on your own system) may be perfectly legal.

"He logged on to my network without my permission, and my system logged his activities for review."

A new WAP just popped up in my neighborhood. That makes two, including mine.

 

[hokatichenci]

As for listening to cell phones...aren't they encrypted these days? I believe it's currently illegal to break encryption.

Breaking encryption schemes is known as cryptanalysis, and is something not only taught in schools but is a rather important job for the development of new and improved ciphers. If somebody creates a new private cipher and somebody cracks it, they may be breaking the DMCA (given of course that both persons are in countries that respect the DMCA, it is after all a big world). Although there have been quite a few protection schemes that have been broken where nobody was charged due to the absurdity of the matter. I'm not sure about the cell phone conversation itself, but when I connect to the Internet from my cell phone it uses a cipher developed by RSA Security, which means mostly nothing but could be a very hard to crack cipher.

 

[ashmedai]

And the really amusing thing about it is that simply collecting the information in this manner (on your own system) may be perfectly legal.

May? Is. I have every right to log whatever traffic occurs on my network. On the other hand I don't have the right to use that information in an illegal way, such as collecting credit card information and using it to commit fraud. Illegal things are still illegal.

 

[PopeKevinI]

May? Is. I have every right to log whatever traffic occurs on my network. On the other hand I don't have the right to use that information in an illegal way, such as collecting credit card information and using it to commit fraud. Illegal things are still illegal.

I said "may" because I'm not 100% certain that there's not an obscure law on the books that forbids collection of certain "private" data, even on a private network.

 

[deadm3at]

I said "may" because I'm not 100% certain that there's not an obscure law on the books that forbids collection of certain "private" data, even on a private network.

which brings us full circle, its not private if its not secured....or is it?

 

[Majin]

If your not going to protect your computer you are going to be burned.
Hell, I used 128bit incription, also a hard and soft firewall.