Slashdot Mirror
Wireless Hijacker Dealt First UK Punishment
paella_dodger writes "The BBC is reporting on a recent UK court case whereby a man was fined £500, sentenced to 12 months' conditional discharge and had his laptop confiscated for browsing the 'net on his neighbour's wireless Internet conenction. Perhaps I should secure my neighbour's wireless connection for him before Windows automagically connects to it and gets me arrested!"
As has been mentioned on /. on several times before when this particular case came up, this guy didn't accidentally or "automagically" attach to his neighbour's wifi network: he sat outside their house, in his car, and acted very suspiciously when they walked past (e.g. snapping his laptop shut). He'd been doing this over a three month period. To my mind his punishment was more a result of his behaviour than mere connection to some idiot's wide open wireless network.
so, i'm gonna have to stop doing my bittorrent across my neighbours wireless broadband and go back to criminalising myself...
fantastic...
we should all open up public aps, log the connections and send law enforcement large lists of mac addresses of 1337 h4x0rs...
that might cause them to reconsider how they enforce the law.
Get your torrents...
``before Windows automagically connects to it and gets me arrested''
Fortunately, most courts still discriminate between intentionally and accidentally doing something. If you're connecting to someone else's wireless network from your car (which, I assume, means that you don't have any wireless network facilities of your own around), it's pretty hard to maintain that you did it by accident.
On the other hand, if my mom is found to use the neighbor's network to access the Internet, it will be pretty hard to maintain that she was doing so on purpose. All she knows is that computers can be used as glorified typewriters. GUIs are not for her, much less wireless network configurations.
Please correct me if I got my facts wrong.
Sigh. You know you're on Slashdot when anything bad, no matter how remote, gets blamed on Windows and/or Microsoft.
Not really. Despite the BBC hedging it's bets, and putting the conspiracy angle on it a touch, The Register has a clearer account of what happened.
Basically the bloke was engaged in Wardriving, and deliberately hooked into the wireless network.
It'll certainly be murky waters when windows automatically selects the average joe's router instead of their own, but with many routers at least asking people to put better security on wireless points, this should start becoming less frequent.
From all accounts, he was caught tapping away on his laptop, moved away when police watched, then came right back to the same point again. At which point he was investigated as he looked a little 'suspicious'.
Wardrivers remember! Just because you're invisible in the network, it doesn't make you invisible to the local copper walking on the street, or the local neighbourhood watch!
Hey, you use your car for maybe an hour each way to work. It's being wasted the rest of the day. Fair that I grab it without you knowing in between then?
Of course not. Anything you decide to do becomes their problem. And, well, it's just rude! If it's one of the low cap broadband connections, perhaps you're going to push them over their limit? Or several people using it will do that?
Still alright to cost them money?
All it takes is a nip round to your neighbour's place and say "Look, you've got a wireless point there and broadband.. Mind if I chuck you a bit of cash each month and piggyback on top of the link, 'cos I can't really afford it?". Many would say to just hop on anyway if it's not used, without you paying anything. That's certainly the arrangement I have with my neighbours that can't afford the link (now have 3 people on mine).
Nothing wrong with sharing a link, it's just good manners to ASK before taking things.
Wrong. It's more like going up a private road which isn't marked as a private road, and which you have contacted Google to tell them to put it on their maps. Don't want people to go driving up your private road? Put some signs up or a gate.
It's very simple - put WEP or WPA on. To be honest, if someone goes through your WEP, then that counts as a deliberate break-in in my book. If you don't have it no, don't complain when people go using it.
If you have an agreement with your neighbour allowing you to use their network, then of course you can use it -- otherwise, it's theft, and you can get into trouble if you are caught. Whether or not they are using their network is irrelevant, it's theirs to use or not to use, not yours.
Theft these days is so easy that it takes real moral strength just to not do it. I understand perfectly why some would choose not to exercise their moral muscles; it's just too hard.
Who?
While I'm at home, I can see just one wireless network.. mine. But step outside and I can see eight other ones, only one of which is secured. About half are set to the default network name (so I guess default IP addresses and passwords), all of them except mine use the same channel. And some of them stupidly have the owner's names for the network (stupid.. because a burglar could use that to find out who had kit worth nicking).
So are these people being stupid or what? Errr well.. no, they're just being normal people who expect the kit to work out of the box. But really, who many non-geeks understand WEP, SSIDs, MAC addresses and all the other jargon?
The probably is made worse by "leakage". If you are inside then you'll rarely pick up someone else's wireless connection.. but these things leak out all over the place when you go outside. The perception of the typical user then is that if they can't see someone else's network from inside, then nobody else can see theirs. Alas, this isn't the case.
I think the bottom line is that WiFi is incredibly dangerous if you don't know what you are doing. Most products do work straight out of the box, but crucially they are not secure out of the box. Even Microsoft eventually learned that lesson with its operating systems - early versions of XP didn't even have the firewall enabled and were wide open to attack.
In this particular case the issue of intent is important. Given the proliferation of insecure networks, it must be trivially easy to accidentally connect to some else's wireless point. How you can prove intent is more difficult though.
Never email donotemail@WeAreSpammers.com
>>So if you have your door open in summer, I'm welcome to walk into your house and help myself to some of the cookies that are on the kitchen table?
Bad analogy - that would involve tresspass; there is a physical boundary of someone else's property that implies private access.
A better analogy would be if those cookies were floating through the air, coming in MY window and out my door, and I happened to eat a few as they went by.
Although it may not reflect the law, I personally believe that unsecured wifi should be public domain. WEP (even 1-bit for god's sake, to show that the intention for it to be private) should be enabled by default on routers, and it should be blatantly clear that you're providing public access (with consent) if you turn it off.
MadCow.
I used to have a sig, but I set it free and it never came back.
"Fortunately, most courts still discriminate between intentionally and accidentally doing something. "
Except for one thing, you can't know if he neighbours INTENT was to share his open wireless connection for sharing. Thats the whole point of Open WiFi afterall, sharing. By doing this they're making Open WiFi illegal, because not only does your computer have to get permission to connect to the network (via the login) but now extra permission is needed too.
Let me put it another way. Suppose you have free open municiple wifi and Fred Bloggs open wifi, you computer has no way of telling which is the free Municiple open wifi and which is not so it connects to Fred Blogs's net, attempts to login and is given permission -> crime comitted. You had the intent to connect to an open network, but not the method to determine which network is permitted.
Or rather you did have the way, the login, but the court ignored that.
Note the inflation of rhetoric...now it's "hijacking" if some bozo's AP *gives* you an IP address over DHCP...!!
Sending spam is a crime. Using an open relay is not. Spammers using this are committing a crime, but not the one you point out.
Open networks require a handshake between the router and PC. This is analogous to authorising use.
One says 'Hi, can I use your network'
The other says 'Yes'
The owner of the network authorised this by turning the thing on.
I don't agree with the top post though - I leave my network open, I don't mind people using it. If they abuse it, they get kicked. I use other people's networks to send and receive email and to do the odd bit of surfing.
If I commit a crime on their network, then I am a criminal. But using a network which I have been authorised to use to do legal things is very different.
This idea was invented by Shampoo.
Er, yes. Under UK law at least. It's not trespass unless they refuse to leave once you've told them to or they've ignored the sign that says "keep out".
-- Sorry, I can't think of anything funny to say here.
Say you're using their connection to do some illegal stuff like black hat hacking or spam fraud and the IP gets traced back to your neighbors, then what?
Or simpler; a forum which you both happen to visit decides to ban the IP for your bad behaviour or a poll-system allows only one vote per IP.
The real problem is not using the bandwidth, it's the online identity theft through use of their IP.
And how about a VPN? Is it okay to access that too through the WiFi connection?
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Well, if you come from NZ like I do, then you pay per megabyte.
Unsecure WLANs can be *real* expensive.
...the door is unlocked = no encryption, no security.
...turning the handle gives access to anyone that tries - the router hands out IPs to anyone that asks.
...the door can be locked very easily - the WiFi network can be configured to deny access easily.
...accidentally opening the neighbour's unlocked door = Windows automatically connecting to a WiFI network
You know that most people do not intend to let everyone use their WiFi, any more than they want everyone to use their house when the door is unlocked. Most of them are poorly configured (typically, default SSID/password), and you know that 99%+ of all residential ISPs don't allow them to run a public hotspot.
Consider it something like garden furniture, even though it's not under lock and key it is still mine to use. If I don't sit in it, you still don't have any right to the unused "bandwidth". And don't give me the "reading in your light" argument, because using my network consumes my bandwidth. If I have a download running, you are slowing me down.
If you really are a free hotspot it is trivial to indicate that you are in your SSID. Otherwise the only thing you have is a very thin argument that since you can use it, it must be free. It certainly has no truth in the physical world, and hardly in the electronic world either. Just because I misconfigure a server to make an open relay/proxy/service, doesn't imply permission. Not if you have good reason to understand that this isn't intentional. You can play really stupid, but no court will let you get away with it.
Kjella
Live today, because you never know what tomorrow brings
Personally, I leave my wireless network deliberately open, and the login message (when seen) says "welcome to...". I do this in a public minded spirit, in the hope that if I need a public network in some other place, some other kind soul will leave one open as well.
Fixed computers actually on my network are individually firewalled off.
If I ever find evidence of massive bandwidth leeching, I may change my policy, but even then I would prefer to simply cap non-me connections.
Morally, I don't feel it is wrong to borrow enough bandwidth off an open wifi node to read a few web pages or collect email.
Massive bandwith leeching, copyright theft or invading someone else's samba shared files via an open network (that they probably intended to be network private) are off limits, of course.
These days, I would hope that people are aware that these things are open by default - there have been enough articles in the major newspapers about it, and certainly I would prefer that hardware manufacturers shipped them in a default secure configuration, but I don't think this should prevent people leaving them open if they want to.
If i leave a plate of biscuits (cookies) just inside the open gate to my garden with a sign saying "take one please", is it a crime for someone to take one?
no, more like "The neigbour can accidently walk across the property line because i have no fence?"
No. The fact that your door is unlocked doesn't mean that I can walk into your house. When on earth did "This object let me do it" become a standard of legality?!
Since the cash register gave me money when I hit the button, that 7-11 burglarly couldn't possibly be illegal. Since the car left running at the curb allowed me to drive it, my car theft cannot be illegal.
That standard of permission doesn't even apply to people! ("I wasn't violating the restraining order, her brother let me in!") Since when does it apply to inantimate objects?
xkcd.com - a webcomic of mathematics, love, and language.
Has anyone had any criminal charges brought against them for watching cable without subscribing to it (over here (at the very least) all of Sydney is flooded with Foxtel so any satellite can pick it up. However only those who have a subscription are allowed to)?
No. The fact that your door is unlocked doesn't mean that I can walk into your house. When on earth did "This object let me do it" become a standard of legality?!
This is a bit different. For your analogy to be apt this exchange would have to happen with the door:
you (or your wifi card): hi, can I connect to this network?
door: yes.
you: can I have an ip address?
door: yes, 192.168.0.102, dns 192.168.0.1, gateway 192.168.0.1, you can have this for 30 days.
THAT is what is happening technically. If the "wifi" were secured you would see:
you: can I come in?
door: no.
Or no response at all, which would of course still indicate no. The problem of course becomes - which open wifi is "free" and which is not? My local airport has free wifi advertised and the SSID is the default cisco one so the default SSID argument is dead in the water.
Indeed, I hope someone picks this one up and goes to a higher court, even after reading various accounts it's not obvious he had to break anything to gain access.
This realy is like the guy took an apple from a bowl with fruit in the street carrying a sign om it that vitamines are healthy.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
In the words of Kosh truth is a thre edged sword;
Your side
there side
and the truth
Theft of bandwidth on a home internet conenction beacuse of an un-securt WLAN would be viewed thus.
Every secong xMbit of unused bandwisth is wasted, I was simply using something that the owner was throwing away. Besides it should of been secured, its' like leaving your shopping on the front garden wall.
It was my property and as it is part of my network you invaded my privacy, it is like walking into my house and decanting the hot water out of my kettle after I'd just made a cup of tea.
You ARE stealing and you ARE gaining unlawful access to a private network. If you want to share bandwidth (I do so with my neighbours as they are very light users and I have a loverly fat pipe) then it should be done openly. Although you could argue it is the owners responcibility to secure there own network it is no different to seeing a house with an open window and going in to nick the biscutes.
So Say'th lord Timebrwolf.
In the not too distant future, next Sunday A.D.
WTF? If someone sneaks into my garden and starts dealing crack does that meen I'm responsible for that crime too? I meen, it was on my property after all.
While IANAL, I do remember reading somwhere that yes, under English law you would at least be partly responsible. From what I can remember about the article where I read that (yes, it's a bit sketchy, this was several years ago), it was to do with somebody (I believe a political activist and the police were out to get them) was charged with with allowing drug offences to take place on their property (ie, they caught somebody else smoking hash in the guy's flat). I think a lot of it depends on if you know about it or not (ie, if you saw somebody dealing crack in your back garden and you didn't phone the police then you'd be liable, but if you owned a flat and rented it out to drug dealers and didn't know that they were selling crack, then you wouldn't be).
At some point, somewhere, the entire internet will be found to be illegal.
" ...the door is unlocked = no encryption, no security."
Man 1: "Knock knock",
Man 2: "Come in",
Man 1: Goes in.
Man 2: Police arrest that man.
Man 1: But I knocked and you said I could come in
Man 2: But that was a misconfiguration, if I wanted you to come in I would have put a "FreeToComeIn" sign on my door.
You might be thinking about the Cambridge Two.
"As has been mentioned elsewhere in this discussion, the guy was aware that he did not have the owner's consent to use the connection."
Yet his computer asked for concent and was told it was OK.
Your cell phone for example is a very similar device. You drive around, it gets a good connection to a nearby tower, and you make your call.
You don't get extra permission to use that tower, you assume because your phone says its ok that its ok.
You visit a website, its password protected so you don't use it. You visit a website and its not password protected so you do use it.
Did you get extra permission? Internets also a shared public network, just like WiFi.
Wow...cool. I had no idea I was a hacker...will have to add that to the resume. Now to go get a lifetime supply of black t-shirts with obscure *nix jokes on them, throw away my shaver, and stock up on Mt. Dew.
I am, by your definition, a bozo.
When I had the only WAP in my building, no problem. When my neighbours above, below, and on either side all decided to use the same channel for their wireless they were making things worse for everybody.
Mostly, I was only worried about me, of course. I logged on to their unsecured routers and put them on channels likely to cause less interference.
Finally Americans can make sarcastic comments about the police state across the pond. Sure, we're in the same situation but at least someone else is now too.
IN YOUR FACE, UK!!
not only is it pretty clear that no one would want strangers in their house - It is clear to me that some people might not want strangers using their modem/router and possibly volume-capped broadband service.
but that you are also trespassing on someone else's property - Trespass is a good example of a crime that is technically victimless but which most people agree should be in place. It is a precident for a "cyber-tresspass" law that would address this issue and others, like zombie networks.
The police also consider open doors fair game for entry - I'd be surprised if this is true. I certainly don't want the police entering my house without a warrant!
Rather like if a webserver is publicly accessible, then anyone can connect to it is a bogus analogy. A website is like a shop or a library. That is what the web was set up for. But that wouldn't ligitamise knowingly accessing a private corporate intranet just because the IT guy accidentally left it open one day any more than it is legitimate to enter a shop that is closed just because the owner forgot to lock up.
how can you differentiate what access points you are allowed to access? - Questions like this arise with almost every property-related law. You must find out from the owner first either by direct communication or via a notice. If you cannot/will not do that then you will have many problems fitting into society quite apart from internet access.
businesses especially pollsters and advertisers are allowed to assume that any phone number is fair game to be called unless it is on the federal do not call list - The problem is that many people would like to receive certain unsolicited calls eg from someone who found your lost cat, and you can't announce the fact that you will allow such calls in the case of telephones. But you can indicate that your WiFi is available by various means.
Another analogy is potentially FM radio - That's not remotely close. FM broadcasting is purely opt-in by both parties. No-one is taking control of anyone else's communication equipment or consuming other people's pay-for services.
I and most other people don't care if they use some of my lawn as long as it isn't too close to the house - And what if they do get too close to the house? You will ask them to stay clear of the house, then you will ask them to keep off your garden altogether, and finally you will call the police and get them arrested. All the while they may have done no damage at all. My point? No-one should assume they have a monopoly on what is reasonable in the context of sharing.
I have an [blah blah] for those that do want to use it - I'm glad you're rich enough to be generous to people who own WIFI laptops but won't shell out for a broadband connection of their own.
If there's one kind of champaigne socialist that really gets my goat, it's people in the top 0.1% of global earnings who can afford to make expensive but insincere and ineffectual gestures of generosity, and then snobbishly expect everyone else to do the same. I hope the neighbours' kids tread the f**k out of your garden, especially in the forbidden part right next to the house.
Remember, it's easier for a camel to pass through the eye of a needle than for a rich hippie to get over his guilt complex.
"Any Windows machine with a wireless card will automatically connect to any unsecured wireless access point. Period. Allow me to repeat this. Any Windows machine with a wireless card will automatically connect to any unsecured wireless access point." I'm so sick to death of hearing this. Windows will NOT connect to an unsecured wireless network automatically with the SP2 wireless tools. The connection will show up in your list, but you have to click the connect button before it will actually connect you. Once you've connected, the network shows up in your profile, and the OS will continue to use the network until you delete it. The fact is you must actively select the unsecured wireless network in order to use it.
OK so given the outcome of this case does this mean that if that if a connection was War Chalked it is then OK to use it or does that require the provider of the connection to have chalked it and if so how do you know the provider made the chalk.
maybe we need another kind of mark to denote that the chalk was made by the provider... but then we would need a further mark to denote that that, previous, mark was made by the provider...
Or we could make the AP advertise that the advertisement of an open network is advertising an open network...
Or we could assume that people are capable of logical thought and therefore if they are advertising an open network, then you can use the open network.
Given the assumption that is it OK to use a AP if there is a notice advertising its presence. However, it is illegal to use it if there is only the SSID. To see a notice outside someone's house, informing you that there is a network you can use, requires nothing more than perceiving the light emitted (reflected) from the sign and this means it is OK to use the network. Yet receiving a notice outside someones house, a bit further down the electromagnetic spectrum, informing you of the open network doesn't make it legal.
Does anyone know exactly what parts of the electromagnetic spectrum are legally binding?
On an entirely different point If it is legal to use a network if there is a Visible notice denoting its presence. If i write on the Side of my car my intention to use available networks does that make it legal?
ZapTheDingbat http://www.zapthedingbat.com
Repeat after me:
An IP Address is not an identity
An IP Address is not an identity
An IP Address is not an identity!
If a crime is committed and it is traced back to an IP, that is A START of an investigation and should NEVER be the end of it! Far too often do we instantly assume that just because the crime came from a certain IP address, the person who owns the machine is the person who committed the crime.
All an IP gives you is the "place" part of the puzzle. Worse than this is the fact that it is virtual and multi-dimensional. The "place" where the crime occurred actually exists in many physical locations at once and can be nearly limitless in scope.
More important in these types of investigations is the "means" and the "motive". If neither exist for the person behind the IP, it is likely that his machine (or connection) merely acted as a proxy.
It just seems *WAY* too easy to frame someone for an Internet-related crime. Just find some motive and place "the means" on their machine.
If I were on a jury for any sort of Internet crime, the amount of evidence against the accused would have to be ENORMOUS for me to even consider a "conclusion beyond a reasonable doubt".
-Riskable
"Those who choose proprietary software will pay for their decision!"
My computer is setup to connect to the nearest WiFi connection at the library down the street.
My next door neighbour:
Step 1: Goes to Best Buy and asks a sales rep what he needs to buy.
Step 2: Goes home and connects the right wires to the right places (pretty simple).
Step 3: It works, but his network is insecure.
Now my WiFi connects to his WiFi instead because its nearer. Am I now a hacker?