Slashdot Mirror
Wardriver Charged with Theft of Communications
BiggsTheCat writes "A number of news sources are reporting that a Toronto man is the first to be charged with "theft of communications" (Canadian Criminal Code S. 342.1) for downloading child pornography using someone else's residential wireless network. The "War Driver" was caught naked from the waist down driving the wrong way down a one-way street, with a laptop in hand. The Edmonton Sun warns that 'War Driving ... is becoming more and more common among perverts trying to avoid online detection'. Yeah."
At the moment the wireless security that ships with routers is inherently insecure, but some places seem to thin it's necessary.
I have already been castigated by the university for running a WiFi node that doesn't conform to their requirements (WEP is disabled) - even though it's ad hoc, there is no DHCP, each host on the wireless net only accepts ssh connections from hosts with known IPs and mac addresses and oubound routing (from connections terminated with ssh against into an authed socks proxy) is stictly controlled. Turning on WEP too would drop speeds to a useless level for little extra benefit.
Maybe new standards will change this, but for now the media should really stop focusing on WEP as the be all and end all of security to the detriment of people competent enough to handle it themselves in a better fashion.
Beep beep.
The Edmonton Sun warns that 'War Driving ... is becoming more and more common among perverts trying to avoid online detection'.
Well, this guy did avoid online detection : he was caught with road detection, driving the wrong way half-naked. It's not like the owner of the unprotected wifi AP called the cops, he was just acting odd on the road.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
I'm surprised how many people have unsecured wireless access points. I'm not talking about WEP, just basic access restricton based on MAC address. I have a Linksys wireless router, and I have it set to only allow certain wireless MAC addresses to connect. If a friend with a wireless laptop is visiting or for some reason I get a new wireless adapter, all I have to do is log into the router from a wired computer or one that already has access , find the denied MAC address in the access logs, and allow it access. Nothing has to be done on the client machines, and I don't have to worry about wardrivers.
He's getting numerous counts of kiddie porn charges. They seized 10 computers of his, and they say there are thousands of images and movies of kids, down to babies, so you bet they're going to throw the book at him as soon as they have analyzed the stuff. They already have one posession of kiddie porn charge, and with the theft of communications I assume they are using it to hold him without bail until they can add more on.
This would suggest that all "Wardrivers" are at risk of being prosecuted for "Theft of Communications" regardless of what data they recieve over someone elses network.
And that's a bad thing? Sorry, but if you break into my wireless network (even if you are just "mapping" how many open networks there are), you've just committed a crime. This is hardly new legislation. For reference I've included the Canadian code that the story linked to.
I would say all the more so since even a "secure" 802.11b network (with the cheap grade APs that most home users have access to) can be broken into. People who do this and get caught (and I'm sure that's the minority. This idiot was only caught because he was driving down the street the way wrong with no pants on) should be prosecuted. It's that simple.
Interestingly enough, if you read the law below, it seems they can lock this guy away for up to 10 years. With Canadian law (of which I'm hardly an expert) does that mean they can add ten years to the sentence he'll get for the child porn, or does he have to serve the sentence at the same time? Be nice if they could add ten years to his prison term...
FYI:
S.342.1 Unauthorized Use of Computer
342.1 (1) Every one who, fraudulently and without colour of right,
(a) obtains, directly or indirectly, any computer service,
(b) by means of an electro-magnetic, acoustic, mechanical or other device, intercepts or causes to be intercepted, directly or indirectly, any function of a computer system,
(c) uses or causes to be used, directly or indirectly, a computer system with intent to commit an offence under paragraph (a) or (b) or an offence under section 430 in relation to data or a computer system, or
(d) uses, possesses, traffics in or permits another person to have access to a computer password that would enable a person to commit an offence under paragraph (a), (b) or (c)
is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years, or is guilty of an offence punishable on summary conviction.
Definitions
(2) In this section,
"computer password"
"computer password" means any data by which a computer service or computer system is capable of being obtained or used;
"computer program"
"computer program" means data representing instructions or statements that, when executed in a computer system, causes the computer system to perform a function;
"computer service"
"computer service" includes data processing and the storage or retrieval of data;
"computer system"
"computer system" means a device that, or a group of interconnected or related devices one or more of which,
(a) contains computer programs or other data, and
(b) pursuant to computer programs,
(i) performs logic and control, and
(ii) may perform any other function;
"data"
"data" means representations of information or of concepts that are being prepared or have been prepared in a form suitable for use in a computer system;
"electro-magnetic, acoustic, mechanical or other device"
"electro-magnetic, acoustic, mechanical or other device" means any device or apparatus that is used or is capable of being used to intercept any function of a computer system, but does not include a hearing aid used to correct subnormal hearing of the user to not better than normal hearing;
"function"
"function" includes logic, control, arithmetic, deletion, storage and retrieval and communication or telecommunication to, from or within a computer system;
"intercept"
"intercept" includes listen to or record a function of a computer system, or acquire the substance, meaning or purport thereof.
"traffic"
"traffic" means, in respect of a computer password, to sell, export from or import into Canada, distribute or deal with in any other way.
R.S., 1985, c. 27 (1st Supp.), s. 45; 1997, c. 18, s. 18.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
I guess that open WiFi router didn't have the Belken auto-anti-pr0n nagger eh?
One line blog. I hear that they're called Twitters now.
Just like the "Crackers vs. Hackers" nomenclature argument, this one has gotten into the media and has been ruined.
Wardriving doesn't have a history that is decades long, so it'll be pretty easy for people to go back and see what the scene started out as. Wardrivers didn't steal bandwidth, they mapped AP locations. If you start using other people's bandwidth, that's no longer wardriving.
Next (and be sure you understand this), if I put my wireless card in monitor mode, then it is impossible for me to associate with your AP.
I can appreciate that Canadian law has something on the books about interception of telecommunications and passwords and all that. I'm not speaking in favor of this child-porn idiot. One action is simply listening to your AP broadcast packets, taking note of SSIDs and things. The other is honestly scarfing bandwidth.
>I doubt any of them are truly smart enough to get rid of all the evidence on the PCs after they were done
I think I would use one of many Linux boot cds wth a browser.
Use that and a computer with no hd and lots of RAM for a RAM drive. No record anywhere.
I was actually thinking of doing that when I do banking/credit card stuff online to avoid keyloggers/viruses/trojens.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
The breakdown by common file type is roughly:
The basis for this is about one petabyte's worth of indexed files, so it's not some out-of-thin-air numbers.
Just from this, saying that 42% is porn, much less CHILD porn, is way out. We already knew this, but I thought it interesting to back up the statement with some numbers.
To give more real numbers on child porn, when I did check for it at one time, I found 12 suspicious-looking file names from a database of several million files. That's a LITTLE bit lower than 42%.
Ok, one question. Do you have permission to access the ISP's network? No? You broke the law. Sorry that you don't like it, but againg the fact that you can get in easily does not entitle you to use.
DISCLAIMER: Not knowing Canadian regulations, my post treats this event from a U.S. perspective only, as it relates to wireless networks here. I'm addressing the network access issue only, not defending kiddie porn, driving naked, or driving in the wrong direction.
As I see it, there was no theft of "communications". He didn't break into any computers, nor block/alter/view data coming in and out of them. There is no indication that he did anything to bypass security measures of either the network or the machines on it. There is no indication that he did nor intended any harm to the network or its users.
He used net connectivity, apparently with all hardware functioning as designed and configured. It is the operator of the network that is responsible for configuration including access permissions. Many run hot spots intentionally, some through ignorance. In either case, the host is functioning as an ISP. What's relevant here is regulation of the wireless access to the ISP.
In the U.S., 802.11b hardware is allowed unlicensed use of spectrum, as regulated by part 15 of the F.C.C. rules. Part 15 products are required to include a notice: "Operation is subject to the following two conditions: (1) this device may not cause harmful interferrence, and (2) this device must accept any interference received, including interference that may cause undersired operation." Harmful interference refers to that affecting licensed communications only. Are there licensed users of this spectrum? Yes.
All ham radio licensees (except Novices) are authorized by the FCC Rules, Part 97.301(a) to use all operating modes in the 2390-2450 MHz band. 802.11b equipment is not allowed to interferre. A ham could reasonably ask anyone using 802.11b gear to stop operating if they cannot otherwise correct an interferrence problem (typically by changing channels, lowering power, reducing antenna height, changing location, using a directional antenna etc). The 802.11b gear operator has no regulatory protection against interference from the ham operator, other 802.11b users, or even microwave ovens which operate in-band at 2450 MHz.
In summary, 802.11b gear is unprotected from interference, and the operator of such gear is on their own to try to make it work as desired, with no guarantee of success.
802.11b hardware is being used as designed when people, known to the host or not, access open networks. It isn't communications theft nor is it tresspassing.
Here's the true lesson: if you wardrive, drive on the correct side of the street.
On another note: Do not look at child pornography. Do not drive with your pants down. If you wardrive, warchalk. If you are a FREAKIN IDIOT DO NOT WARDRIVE!!!!
-illumina+us "I put on my robe and wizard hat..."