UK Man Convicted For Wi-Fi Piggybacking

CatrionaMcM tips us to a BBC story reporting that Gregory Straszkiewicz, a UK resident, was fined £500 and sentenced to a conditional discharge for 12 months after being caught using a laptop from a car parked outside somebody else's house. '[H]e was prosecuted under the Communications Act and found guilty of dishonestly obtaining an electronic communications service.' A separate BBC story notes that two other people in England were arrested and cautioned for sharing Wi-Fi uninvited.

Open AP?

[jshriverWVU]

How does one figure out if the AP is for public use or just someone who forgot to set it up properly?

Re:Open AP?

[dotgain]

Uhh, the utter lack of advertisement that it's for public use?

Re:Open AP?

[LiquidCoooled]

It's no different than seeing an unlocked door. You wouldn't just walk in and look around would you? That depends, is it a shop?

Re:Open AP?

[drinkypoo]

Unless you are told/informed/read other wise, a network is NOT public. It's no different than seeing an unlocked door. You wouldn't just walk in and look around would you?

I love this example, because there is a legal difference in many jurisdictions between locked and unlocked doors.

If you defeat a lock and enter a building, that is breaking and entering. But if the door is unlocked the most you can be convicted of (providing you haven't damaged or stolen anything) is trespassing.

The law should really make the same distinction about networks.

Re:Open AP?

[JackHoffman]

It's no different than seeing an unlocked door.

Yes, it is very much different from seeing an unlocked door. That's why intelligent people don't resort to analogies to discuss simple concepts like communication over radiowaves. The established standard has means of negotiation that allow people to use a shared resource without prior agreements. Using the standard is vital to many interesting and legitimate uses of the shared resource. You're advocating a restriction on useful applications to give technological nitwits the illusion of safety, while in reality their baseless assumption of being protected only causes them to be more vulnerable because they see no need to secure their networks. There is not even one good reason for punishing the use of open access points by anyone.

Re:Open AP?

[Noah+Adler]

Such as an SSID advertisement?

Re:Open AP?

[drinkypoo]

Do you think he would have gotten a 500 pound fine and 12 months probation if he had hacked into a secure network?

What I think is that 500 pounds and 12 months' probation is fucking ridiculous when you're not even causing any harm.

If he WAS causing actual harm, then I would limit his financial obligation to paying the victim for actual damages.

The fact that he was fined 500 pounds proves that this is about grabbing money from people, not keeping people from using open APs (which is impossible anyway.)

Re:Open AP?

[hobbesmaster]

You can only charge someone for trespassing after you tell them to leave... Same should of course apply for wifi.

Re:Open AP?

[JackHoffman]

If you wear a sticker that says "Hi, my name is John", then you can't complain if I talk to you and ask you to give me a ride. If you then answer "yes, get in the car", you can't complain if I do get in the car and tell you that I would like to go to the next McDonald's. If you then drive me there, you can't complain that I hitched a ride from you and didn't pay you. An open router is a very friendly piece of hardware. It tells people that it's there, it hands out IP addresses and it routes strangers' packets and all you have to do is ask for the favor.

Re:Open AP?

[servognome]

Uhh, the utter lack of advertisement that it's for public use?

Linksys = Latin for "Welcome", right?

Re:Open AP?

[DerekLyons]

My WAP is open. It is intentionally so. My neighbours or anyone just generally passing by are free to share it. And people frequently do, according to my router's logs. It's not that I'm constantly needing those 6 MBit myself, so why would I mind anyone else using them. I see the fact that the network is unprotected as invitation enough for anyone to join in.

You may see it as so. But the law disagrees. In fact the law (in this instance) is consistent with locks on doors, etc... Absence of a lock is not indicative of permission to enter. This makes sense because, lacking signs, there is no way to tell the difference between a WAP you are encouraged to enter, and one where the owner forgot to lock his door.

Re:Open AP?

[jotok]

This whole line of reasoning has always struck me as a rather disingenuous argument, because proponents of the "Well, the SSID was broadcast and there was no key required, so obviously it's free for anyone to use" theory never offer any criteria for exactly how much the owner of a wireless access point needs to do before random clients can "assume" it's not intended for public use.

There are lots of analogies being thrown around already, I'm sure, so let's just dispense with those for the time being and get down to brass tacks.

My neighbor's access point is a crappy linksys wrouter that he got several years ago. He uses WEP but I can crack that quicker than he can type in the key. Does the fact that he is using a known-to-be-weak encryption scheme mean that I have the right to be on? My other neighbor does not advertise his SSID, but I can get on his AP just the same simply by grabbing enough packets out of the air. Does that mean that I have the right to use the service he's paying for?

Simple deduction tells me that I should not assume that, simply because I can access a resource, the owner does not mind if I access the resource. You cannot validly assume that the average home user of 802.11 technology knows enough to secure it.

Frankly, at this point, I do not care whether or not people want to lay blame for this at the feet of the vendors or of the end users. The simple fact is that unless you have an explicit reason to believe that you are meant to access someone's wireless, you should not; and to access it anyway is unethical.

Re:Open AP?

[ehrichweiss]

My neighbor's access point is a crappy linksys wrouter that he got several years ago. He uses WEP but I can crack that quicker than he can type in the key. Does the fact that he is using a known-to-be-weak encryption scheme mean that I have the right to be on? My other neighbor does not advertise his SSID, but I can get on his AP just the same simply by grabbing enough packets out of the air. Does that mean that I have the right to use the service he's paying for?

No, as a matter of fact, encryption is THE way to tell if you're allowed to view satellite communications, at least here in the States. If a provider does not encrypt their signal, they have no(as in none, zero, zip, nada, nothing..) legal grounds to say that we can't watch their programming; however the moment they encrypt it, one can become liable for signal "theft" if they decrypt it without permission. The same needs to be applied to the Wifi arena. Laziness on the part of the "system administrator" should under no circumstances be grounds for the little twit to bring you up on criminal or civil charges.

Re:Open AP?

[jotok]

Oh, sure. I agree with you 100%. But this only means at most that you're free to observe someone's traffic. I do not see anywhere in your argument provisions for communicating back to the AP, negotiating a connection, leasing an IP, and coming to Slashdot.

As has been noted elsewhere, you are assuming "laziness" or incompetence on the part of the "sysadmin" where mere ignorance performs as well. Which explanation do you suppose Occam would select?

Re:Open AP?

[FrankieBaby1986]

As I have said on slashdot before: COMPUTERS ARE NOT APPLIANCES!

Just because I can get in a a car and drive it doesn't mean I should.
If you do not possess the knowledge to properly set up a wireless network, then by no means should you be doing it.
The law should be simple: if you set it up, w/ SSID broadcast turned off, encryption enabled, or both, then you should be allowed to sue for unauthorized access. If neither, then it should be assumed it is a public service

The lack of technical knowledge of the 'victim' DOES NOT MATTER. They failed to follow the directions that came with the router. They failed to learn about the tech they were about to use. They get burnt.

If I install a dishwasher myself, but fail to read the directions, and it floods my house, Is it the water's fault, or mine?

Good, I hope this continues and moves to the US

[stratjakt]

Just because you can do it, doesn't mean you have the right to.

Re:Good, I hope this continues and moves to the US

[jackharrer]

Say it to all kids in UK who vandalize everything around without even a slap in hand.
But for piggybacking wi-fi they charge you £500. Cool. They should also put him in jail, just to show how dangerous for society his actions were.

UK has a lousiest law system in the world, IMHO. I know it well - I live here.

autoconnect

[mastershake_phd]

What about when Windows auto-connects to an open AP? Sure you would probably never get arrested for it, but its still technically illegal isnt it?

He asked to use the network

[AciDLnx]

His computer sent out a DHCP *REQUEST*. His computer said: "Can I have an IP address on this network? Can I have the information I need to get online from this access point?"

To which the access point replied: "Yes, you can have X.X.X.X. You can route your traffic through X.X.X.X."

He *asked* to use the network, and the network said *yes*.

Re:He asked to use the network

[tinkerghost]

You really don't pay any attention to the details of the protocols do you?

He *tried* the door handle. The door opened. Does this mean he had an automatic right to go inside?

According to the RFC's governing DHCP, yes he does have an automatic right to use the service. Per the standards, it is the responsibility of the server owner to restrict access. The failure of the server owner to lock down the DHCP server no more changes the proper useage of the protocol than a store owner forgetting to lock the door & flip the sign at closing time. The DHCP client asks for & receives permission/configuration details. A customer walks into a business with an open door. Both are default allow scenarios, you don't knock on the door of a business, you try the door & walk in if it's open.

Re:He asked to use the network

[leighklotz]

> I tried to stand by your window to read my book using your light. The window let me. Does this mean I automatically get the right to use your light?
Is this a trick question? If you're standing in the street, yes.

Open Networks Are Open

[shawn443]

First of all, punish people who break into closed networks not open ones. I have accidentally connected to an open network a time or two. Sorry, I meant to connect to the Linksys network, not the Linksys network. Secondly, if DLink and the like would default to a more secure configuration out of the box instead of pandering to the wanabe power users, this problem would be largely eliminated. The computer industry seems to want to make computers so easy anyone can do it. They can't. Take your car to a mechanic, take your clothes to a tailor, take your securely configured router that you can't figure out to me.

Backwards....

[tinkerghost]

Unless you are told/informed/read other wise, a network is NOT public.

Technically, the structure of the internet is built on a 'Default allow' schema. Essentially, if you don't say 'no' then I can. I don't have to get permission to use your web server, your anonymous FTP server, or route over your backbone. If you choose to, you can of course block all of those, but you have to choose to disallow me access.

Add to that the facts that public 'hot spots' are more & more common & XP will sometimes jump from one network to another without asking and you have a recipee for legal chaos when incompetents leave their AP's open.

It's no different than seeing an unlocked door. You wouldn't just walk in and look around would you?

Do it all the time - I don't actually remember the last time a business had someone out front asking me to come in.

2005 story

[iangoldby]

Did anyone notice the date on that first story?

Last Updated: Thursday, 28 July 2005, 08:51 GMT 09:51 UK

That first story (with the £500 fine) was two years ago and concerned someone who hijacked a wireless connection.

The second story (the new one) concerned two people who were cautioned for using people's wi-fi broadband internet connections without permission.

Why does everyone assume the AP was open?

[SmallFurryCreature]

The article doesn't say it was, in fact it notes the details are extremely sketchy.

Furthermore, if I drop my wallet, does everyone here just assume that I don't want it anymore and you are therefore free to take it?

I had at one time a public access point, it was identified as "Free basic web access, be nice" or something and was run through a linux box wich filtered and limited access quite a bit AND logged everything. I did it mostly out of curiousity. Just what would people access through a connection provided by someone they didn't know?

The answer was suprisingly mundane. Mostly email and light browsing. The location was in Amsterdam in an apartment near the "kalvertoren" a few years ago. For the non-dutch this is in the heart of amsterdam, yes within walking distance of the red-light district. This is holland, everything is in walking distance.

HOWEVER I have also found in more recent years that if you leave an AP open for general use, some people WILL not automatically limit themselves to minimum use. Cue the by now old trick of simply filtering a specific users access to replace all their image requests with tubgirl (if you think goatse is bad, google for it).

Still simply securing your network ain't always enough. At least some wifi security can be easily bypassed. At what point do we say "this is secured enough, you are now commiting a crime".

Personally I think it is bad sign if a bike stolen from an open garden gets a response from the police that you should have a 1 meter high fence, that is locked and the bike should have secured to something. Perhaps some people like to live in a world were everything has to be secured, I prefer to just lock up those that cannot understand the difference between something you own and something someone else owns. Either way, it seems we need an awfull lot of locks in this world.

This guy was behaving rather strangely..

[vorlich]

The BBC page: http://news.bbc.co.uk/2/hi/uk_news/england/herefor d/worcs/6565079.stm is quite clear that residents called the police because this man had screened off the windows of his car with cardboard but the light from his laptop was still visible in the early hours of the morning.

Goodness only knows what he could possibly have being doing in there but I guess the local constabulary decided to charge him with a crime that they had evidence of.

So less a story about those brave wardrivers liberating the net from the bourgeoisie and more a story about someone wierdo having a wank.

If that's a slashdot word.