"Couple cautioned for hijacking wireless networks" Topic

Reported on the news today, a couple have been cautioned by police for sitting in their cars with laptop computers logging onto nearby wireless networks without permission.

Apparently this is a (generally unenforced) crime (in the UK, under the Communications Act 2003) and can carry a prison sentence.

So, if you were ever in doubt as to whether it was right or wrong, now you know. :-)

Geoff

Not that I'm trying to rationalize anything, but were these people using the wireless network of a cyber-cafe that would encourage people to use their net connection, or was it the network of kind of a business that WOULDN'T encourage folks to use their connection? ( yes, I am splitting hairs )

However, an unsecured wireless network that alerts people to its presence by broadcasting an SSID could be argued as having put out the "Welcome" mat.

Its called "Wardriving" and its very illegal. Of course I know a dozen or so people that doit…..

That is the epitome of cheap. You can purchase net time cheaply. You can also buy a cup of coffee in a cafe.

The responsibility should be in the hands of the owner to secure the system. In fact the crime should be not securing your own network if you are not specifically allowing people on to it.

But that would only happen in a rational world.

Last year I had to setup wireless access points in a school. The Head Teacher took me to one side and wanted to know how he could get wireless internet access from his neighbour's wireless connection.

The thing was, he wasn't asking this question off the cuff. He was already piggying off his neighbour's connection, but the neighbour was away on holiday, had turned off his PC and router leaving the Head Teacher indignant and without the internet.

Cheers
Mark

That should put a stop to it, e.g. a strong, cautionary warning……

Reminds me of some of the Monty Python skits.

The responsibility should be in the hands of the owner to secure the system. In fact the crime should be not securing your own network if you are not specifically allowing people on to it.

And if I don't lock my front door, Im the criminal if you come in and take my TV?

It's amazing how many un-secure wireless networks there are out there. Every time my wife turns her laptop on the damn thing brings up a list of available connections. Out of eight, five of them are un-secure.

If you're caught here you can be charged with "theft of services".

They were operating in my home town. I'm pretty sure I'm okay (I seem to have a 'securty enabled network) but I had to check – and work out how to check!

The problem with the "come and steal my TV" argument, is that it's a physical crime vs. an intangible one.

This is arguably more akin to me reading over your shoulder on the train, or enjoying a cd which is blaring out of someone's nearby car.

In both of these cases, I've benefited from something I have not purchased, both of which are protected material. You are most likely not aware of the theft, and certainly the "provider" would be woeful to know that I didn't buy that book or CD.

I'm not passing judgement, but the case is a little different.

This is arguably more akin to me reading over your shoulder on the train

Except that the book doesn't cost me more if you read it over my shoulder. If I don't have unlimited data transfer on my internet connection then someone else using it will cost me more.

"The problem with the "come and steal my TV" argument, is that it's a physical crime vs. an intangible one."

There's nothing intangible about stealing a service. That's why bars can't show pay-per-view boxing matches without paying a per-head count.

The relevant phrase from the Communications Act 2003 is "dishonestly obtaining electronic communications services (s.125)."

While there have been prosecutions brought under the Act for "wardriving" (see out-law.com/page-5938 ) there is still an argument that says if the wireless network is on a flat rate service then the only thing a wardriver could be accused of stealing is "bandwidth". Since bandwidth is a bit like the voltage on a mains circuit, technically this is questionable. To use an analogy, if I paid a flat rate each month for my electricity supply (regardless of how much I actually use) and you come along and tap my supply for your own use, all you are doing is using my voltage. It doesn't cost me anything if you do, so why worry?

Of course, it would probably be another matter to argue the above in court, but lawyers are notoriously non-IT literate.

"but lawyers are notoriously non-IT literate."

Not IP lawyers. If someone stole my voltage or my internet, whether I was on a flat rate or not, either the loss is with me or the company supplying the service in the form of a loss of subscription or actual physical loss. There might be a standing issue, but even then one can argue that as a consumer the theft increases costs.

Let me put it another way – is it "dishonestly obtaining" something if it is left lying around, free for the taking?

"Let me put it another way – is it "dishonestly obtaining" something if it is left lying around, free for the taking?"

What is free for the taking? It is dishonest taking something that is not yours to take. It is dishonest whether that item is laying on someone's front porch or locked in a safe in the basement.

Nycjadie, dishonesty is an unfamiliar concept among a large proportion of the figure collecting and gaming community. For them, the principle is: if it ain't nailed down, it's mine.

I noticed on eBay the other day there's a "hobgoblins-goodies" operating out of Texas. One wonders.

Allen

if it ain't nailed down, it's mine.

Darn. Allen beat me to it.

The idea is really that if something is easy to steal, then there is no moral stigma.
The next step is that if it is easy to bypss last year's security measures, then it is easy to steal again.

A thief is a thief, no matter how he tries to justify it.

And, if you get indignant enough to ask me "Are you calling me a THIEF???"…
Why are you indignant? What are you doing that forces you to justify yourself?

I'm sorry, but Idon't see this as being a little different. You have to actively make an effort to take something that isn't yours and that you weren't invited to have. It is stealing.

What are you stealing if it has no value to the person you are taking it from?

Perhaps a better analogy is going into someone's front yard and taking a drink from their tap. Maybe harmless, maybe doesn't cost them anything, but maybe it does if they are already over their water allocation and paying excess. how do you know? In any event, the water utility still has to provide the service, so they suffer a "loss".

If it is okay, why doesn't the wardriver simply go up to the door and ask? I think we all know the answer.

What if the wardriver is looking up child porn or making death threats?

I don't know enough about the technology to say whether or not the offending messages or material would be traced to the computer of the IP address but if it is the later wouldn't the person with the unsecure network get done for it?

It could certainly cost them a lot even if it was eventually proven to be false, all their neighbors would suspect them and so on.

There was a case in Canada where a "wardriver" (never heard that term before now – neat) was caught and convicted of child porn obtained using someone else's wireless network. He'd sit in his car and drive around the neighborhoods looking for available connections. I doubt that he as charged with anything for the use of the wireless though. In any case, cost to me or no, I would not want anyone carrying on illegal or illicit activities using my ISP connection.

….and if that doesn't work, you'll be in for a sharp, stern warning the next time…..

About a year ago, my neighbor drove around our entire neighborhood with a wireless sniffer. He reported 425 residential wireless networks in the neighborhood and 270 were completely unsecured with another 105 having just the bare minimum.

Since then he has been giving free courses in wireless security at the civic center.

I hard-wired my house.

Regards, the Gorb

OK, this makes me nervous.

I ran wire from my wireless router to all the computers and the 360. (Wireless routers have wire connections too.) But, since it is a wireless router am I still open to theft?

Please excuse my paranoia!

It is dishonest taking something that is not yours to take

Phew! Thank you gentlemen, for a moment there I was getting quite concerned.

Arguments like, "it was just there so I took it", "it's not doing anyone any harm to take it", "it doesn't cost them anything", "it's their fault for not securing it, meaning I can just help myself" really just don't hold water – or at least they shouldn't with any honest, self-respecting person… it's not yours, you don't have permission to take/use it. As Waco Joe says, if you think it's right, go ask their permission.

The implication from the news story is that they were accessing private unsecured networks, not valid 'hot spots' which generally have a subscription service or permission granted for use.

The potential criminal element is another interesting argument. If your IP address was traced as doing something illegal, I'm sure it would be difficult to prove if it was/wasn't from your own computer or from a third party accessing your network.

Skipper, if your network is wireless you should secure it (even if all the comouters you are using are wired). It's quite easy to do and in the manual. Otherwise someone from outside can access your network, even if it is only to make use of your bandwidth.

Geoff

comouters

…computers… commuters using your wireless is, of course, the problem. Commuters on computers, to be precise!

"The potential criminal element is another interesting argument. If your IP address was traced as doing something illegal, I'm sure it would be difficult to prove if it was/wasn't from your own computer or from a third party accessing your network."

Actually, it wouldn't be all that hard. All TCP/IP packets contain the MAC address of the originating machine – the MAC is specific to your network adapter. Any good security suite will record both the MAC and the IP addresses of contacts, not just the IPs (contrary to what TV Crime dramas would have you believe).

Also, if whatever they are using to trace you doesn't store MACs, having an unsecured network would in fact work in your favor in creating reasonable doubt (unless, of course, they found evidence on your machine after they seized it).

That being said, you really should secure your network to reduce the opportunities for malicious individuals to do nasty things to your machines.

Skipper John, you should be able to go into the setup of the router and turn off the wireless. If you haven't done this then you are still open to theft.

MAC addresses are not that difficult to spoof. Several NIC cards that I've owned in the last five years came with software to let you modify it and at least one router that I've owned let you change it also.

I've never quite understood wardriving. At current fuel prices it seems that it would be cheaper to pay for broadband, then to pay to drive around constantly. Even moreso outside the USA where broadband tends to be cheaper and fuel more expensive.

The bug, DARN it; message above about military uniforms deleted.

> Paul Hoerner 18 Apr 2007 10:36 a.m. PST
>
> I've never quite understood wardriving.
> At current fuel prices …

I think the point is not to drive to where the network is but to look for one where you happen to have driven to.

Ironically, I have a confession that illustrates this point and the larger issue.

On Monday we had an appointment to sign my kid up at a new school for Kindergarten in the fall. My wife and I arrived in separate cars. I got there a half hour early and switched on my laptop to see if I could get any work done.

Had I seen T-Mobile or another pay service I would have signed up and connected; those are more stable and should be more secure anyway. What I saw was a screen full of publicly advertised wireless networks. The top one used a name from a router company, so I knew it was most likely using the default configuration; that is, unsecured. For all I know it belonged to the school we were there to transact business with, since I was parked on the curb outside their office. It more likely was some other business of course.

Anyway, I connected, verified I could get to the Internet, VPNed into work, and checked my email etc.

I'm not saying I was justified; I actually think the opposite. The "if no one's watching I can take it" arguments are specious IMHO.

I'm just reporting that I think so and I did it anyway. ;)

For the record, my own home network doesn't broadcast its SSID, uses WEP keys, and also MAC filtering … as secure as I can set it up. I don't have the tools in place to watch and log its connections, but if I caught someone connecting, I would drop them unless I knew who they were and approved. Had that happpened to me, I would have been chagrinned at getting caught and taken it as a warning to cease and desist.

I am intriqued by FON though … their wireless routers offer two parallel networks, one secured for personal use, one meant for public use by other FON subscribers, and they have a revenue sharing scheme. In other words they empower any owner of a wireless site to act as an ISP, and even (theoretically) make money at it.

FON: fon.com

I'm not saying I was justified; I actually think the opposite

A bit like speeding – the vast majority of us do it, we all know it's wrong… but we do it anyway, as it's 'only a little bit over'… if I do 70 on the motorway, everything piles into the back of me ;-)

Geoff
(who just got 'caught' doing 37 in a 30… easy to do, but still wrong!)

(Man, every post I've made today has been swallowed by the bug!)

Speeding doesn't fit very well as an analogy if you ask me. Those speed limits are set by the legislature, which is to say our elected representatives, which is to say us, and we have deemed it unsafe to exceed them. So when we choose to speed there is a real endangerment of ourselves and the motorists and bystanders around ourselves. Like say, target shooting or racing cars in a pedestrian area. The potential for damage is high and even if unrealized, laws and enforcement are well-worked out and not really open to question.

Using up bandwidth doesn't really constitute direct endangerment. There is the potential for harm in the legal sense, but it's more denial of service (if the owner's access was impaired) or temporary squatting, that is, short-term use of property without paying rent.

It might be a little more like parking in a metered space and not putting money in the meter. If you get caught you get a ticket but often you don't get caught and then debate happens of what the cost to society was.

Hmmm … but that analogy doesn't tie any cost to the pocket of a private party.

Perhaps it's more like parking your car in someone's driveway for a while. You impose some difficult to account for cost in wear and tear on their driveway, and possibly you block them from entering their home until you leave, but if you do so when they aren't there to notice and drive away before they're home … it's clear you are in the wrong but hard to quantify what the actual damage is.

Trespass to land?

I hope my wifi network is fairly secure, but how would one go about checking to see if there was any unauthorised access?