Slashdot Mirror
Mumbai Police To Enforce Wi-Fi Security
caffeinemessiah writes "In the wake of the recent terrorist attacks in Mumbai, India, the local police are going to be sniffing out unsecured wi-fi access points and ordering the owners to secure them. The article notes that 'terror mails were sent through unsecured Wi-Fi connections' before bomb blasts in other Indian cities. No word on if they'll be walking around using Kismet, or if people who use pathetically weak WEP encryption will be ordered to switch to more advanced protocols. Unfortunately, a gesture like this does not take into account the insidious scenario of walking into a cafe, buying a coffee and then (legally) using the cafe's wi-fi. Or the fact that terrorists might actually be able to pay to use a cybercafe, and know what VPNs are."
On the other hand, the Mumbai police may still be keeping track of the mandatory keyloggers that went into the area's cybercafes in 2007.
Unless this policy is applied throughout the country, the city of Mumbai getting rid of unsecured wifi access points will not solve much. A terrorist can take a 3 hour bus ride to Pune to get unsecured wifi access. Mumbai itself is too big, are they talking about only the city or the whole suburbia included? Thane? New Mumbai?
Sounds like a scare tactic to me. A publicity stunt to make people more aware of consequences of unsecured wifi.
Don't use keys. Copying and pasting messages, usernames, and passwords from a USB stick would work perfectly well for a terrorist at a cybercafe.
I honestly don't know. If this were in effect before the attack, what difference would it have made? I can't help but think "not a heck of a lot". Terror has a way of routing itself around obstacles. While it's good to have a secure network, should it be mandated?
Is a network "unsecure" if you intentionally keep it open? Does this outlaw sharing access then?
the insidious scenario of walking into a cafe, buying a coffee and then (legally) using the cafe's wi-fi
This is the first (and I hope the last) time I have heard such a scenario described as "insidious".
Unless i'm at university I always leave my network unsecured. My neighbors use it on occasion (i check logs). And I use theirs on occasion, with us being on separate ISPs we get at least 5 9s of uptime. It frustrates me that secured is become standard or in this case enforced. It was much better a few years ago when i could get wireless access in most places to check emails and such. Why do have to have such a community of locked doors? If someone has a laptop they likely have their own wireless internet which you could use, it is a perfectly fair deal. If my neighbours did a few gigs a day i'd stop it but it never went over a few megs.
Standard security should not allow access to lan. It should be allowed to set limits for outsiders and should have a message redirect when you first open FF/IE/Opera saying the rules and so forth. Thats it. Making sharing and redundancy illegal is ridiculous and as the summary suggests it doesn't help anything.
Wrong. You can't just walk into a cafe in Mumbai and use the wifi. You have to show a government ID (such as a passport), which is recorded, before you even get access credentials.
The point of this exercise is to shut down anonymous Internet access, which is illegal in India.
Similarly, you can't legally buy a SIM card for a mobile phone in India without providing identity credentials to the seller, who is responsible for recording the information for possible police followup.
It's obvious that police everywhere are technologically clueless, and are simply acting out of ignorance in an effort to appear to be doing something.
Forcing terrorists to use encryption along with the rest of the public would not appear to facilitate surveillance.
That being said, I'm in favor of anything which keeps the government's nose out of private communications, and this would be an inadvertent step inthat direction.
Anonymity will always be possible. Terrorists will take to writing on bathroom doors if they have to.
"No word on if they'll be walking around using Kismet"
Why would they use that tool over myriad of other tools?
Perhaps if they used Kismet while driving a Nano listening to Abhimanyu and eating McDonalds I'd be interested in the story.
Yes there are still going to be other ways for baddies to use the inter-tubes without being tracked, but limiting those access points can help. Instead of having a nearly limitless, and randomly distributed, source of connections they will now be funneled into a small set of access point which are also KNOWN access points.
Does this mean I agree ... I don't know yet ... but as with all security measures (both cyber and safety related) there is no such thing as a 100% solution. But we all know defense should be in depth, and each layer should be effective in accomplishing what it is meant to do. In many cases we all read about here, the proposed solution is nothing more than security theater, but shutting down the plethora of open wifi access points IS an effective way to limit the ability of bad actors (terrorists, kid-touchers, black-hats, etc) to access the internet at will; not a solution, but a factor.
As for law abiding citizens, since most of us use our own account anyway or walk into a cyber-cafe, and I assume few bother trying to use an insecure wifi, it really doesn't impact that much (well except when I'm at my sister's place and she has inexplicably jacked her wifi router forcing me to use someone else's wifi :O ).
I'm still not thrilled with the idea of the gov riding around with netstumbler looking for open wifi and then knocking on my door, but the idea of wanting to limit open-wifi is, imo, a good one. The execution is another issue entirely.
Now if you REALLY want to have fun thinking about it ... consider an area with known terrorists / suspects, you make sure all open wifi points are closed ... then you open your own as a honeypot ... BAM you get to see all their traffic ... well anything that isn't encrypted beyond the wifi encryption. It is a very effective technique to shut down all method of comms except one in an effort to intercept all comms.
If you can't be good, be good at it!
No, but it would help to narrow down the places from where potential terrorists could anonymously communicate to a number of places that might be manageable -- which is closer to what they want. If most access points were secured, it'd be that much harder to find an unsecured access point in a place unlikely to be covered by police or cameras... especially terrorists who aren't that net-savvy, because most people aren't regular slashdot-reading geeks.
Even with the negative effects on public freedom which should be controversial (but keep in mind that India is a very different country from somewhere like the USA), the police are trying to make things harder for terrorists so they can't just do whatever they want to do with total simplicity. If it's necessary to go to greater lengths to do stuff, it becomes more and more likely that someone will make a mistake that'll be detected, and they'll get caught.
Not that this would stop terrorist attacks or stop terrorists communicating or (most importantly) stop people from wanting to blow stuff up in India in the first place. It's just another step in a game of whack-a-mole until people sort out their disagreements.
Well, there's always AirSnort and WepCrack
I'm surprised that this sort of idiocy is coming from the same place that our tech support calls get routed to.
...but it works.
I have seen routers that support wpa but some devices (e.g. my macbook) will not stay connected with that encryption.
I've seen this with other devices too, and other brand routers. Different implementations of a "standard" is a failure.
Look, India isn't like America. For the most part it's a third world slum lacking basics like clean water, sewage treatment, or safe food.
Any kind of computer equipment isn't within the reach of the 'normal' population. Only the rich have such things. It doesn't matter about wifi over there, they have FAR bigger problems.
And the Son of Sam killer was an American, just like Andy Dick.
Wait, what's the point we're making here?
Surely the fact terrorists have anonymous access to physical roads and footpaths is a bigger issue? If that was restricted it would make their intentions measurably harder to pursue.
I think this is a big waste of time for the Mumbai police. If the terrorists can't send an e-mail with their threats, they will just send it by postal mail (just as they were doing before e-mail). Stopping them from sending anonymous e-mail won't stop the acts of terror. The Mumbai police should focus on investigating the actual attacks and preventing further attacks, rather than shooting the messenger.
Some people think that this can prevent them from coordinating their attacks, but I don't think so. Their attacks can be coordinated using various other techniques that may even be illegal - won't mention them, use your imagination.
Fundamentally, creating new rules will not stop terrorists - remember that there are already laws that prevent people from acquiring AK-47s & explosives. New rules will only inconvenience law abiding citizens - not terrorists.
Also, on another note - I don't like Times of India because they selectively prevent some comments from being displayed. I specifically mentioned this point in their comments and they have not published it, even after 2 days.
What a non-sense again; now we limit wireless access, what about the 2G variant? Mobile telephones. Sorry this is a pathetic attempt that should be spoken out loud.
Support Eachother, Copy Dutch Property!
And it becomes impossible to send a bomb warning in India without being identified? The purpose of those warnings after all is to give people a chance of getting out of the building before the bomb goes off. Do the Mumbai police prefer that the bombings happen with no warning?
Newsflash: Mumbai has 17 MILLION people. Granted at most 500,000 have computers.
But still the level of computer literacy in Mumbai in police force is complete joke. Hey, their government offices don't even have computers.
I think the most ridiculous thing is that there's countless MILLIONS starving on the streets and now they are going to equip police with laptops to chase after unprotected WiFi signals?
Didn't they get the memo a few months ago that even WPA2 was cracked with Nvidia CPU/GPUs?
What are they going to do, enforce people to implement breakable security? Where's the sense in that.
Indian stock market is down over 60%, I think the police should be focusing their efforts on preventing civil unrest. And government spending their money far more wisely. People are starving everywhere you look in Mumbai, not to say the same thing in just about every other Indian city.
But that's just my 2 cents.
No trees were killed in the making of this post; however, many trillions of electrons were horribly inconvenienced.
"it's another way of removing anonymity"
Please explain, in a way that those of us who aren't completely wrapped in tin-foil from head to toe, can understand.
As I see it, a secured access point is no lees anonymous than an unsecured access point.
"The government grants you rights, not the other way around."-- beav007. Yes, these people really exist...
"It helps the government keep an eye on everyone."
HOW? This is the second time you've made that bullshit claim, and the second time I've called you on it.
Take your meds guy.
"The government grants you rights, not the other way around."-- beav007. Yes, these people really exist...
Good luck. hahaha. I wouldnt use wifi if you had a gun to my head. They cant hardly secure wired connections yet. Good luck with that.
I suppose that's easier and cheaper than replacing the Mumbai police's ancient Enfield rifles and providing adequate weapons training to the police force.
[Insert pithy quote here]
The messages can just come and go... and even if they are saved and stored... they will mean nothing... ..unless you are on the knowing of how the message is.
Seams to me that people just don't know anything about cryptography...
Alas...
You have a man with a rifle in his hands, two pistols in his pockets, and a backpack full of ammunition & explosives - and you want to cut off his internet access?
Let me get back to you on this one...
They want ppl to feel like they are doing something to help the nation. It is no different than when W has been saying that American airports, ports and harbors are secure. They are not. It is more work, but it is still possible to smuggle weapons on-board aircraft (in fact, far too easy). The same is true of Mumbai. Assume that these guys want to attack again. So what? They simply rig an encrypted wifi close by and then use it for themselves. VERY easy to do. In fact, they can even set up some systems where they are 5KM away and use an antenna to beam to the top of the hotel. From there, plug in various antenna's just prior to the attack. It is that simple.
I prefer the "u" in honour as it seems to be missing these days.
All internet hotspots with the ever popular web authentication are insecure..anyone can easily hijack the session of a paid/authenticatied user at any time.
Are the Mumbai police going to shut these down as well? Where does this nonsense end? Accept the fact that people can communicate instantaneiously with anyone they damn well please and deal with it!
Then only terrorists will use open WiFi.
Nice try, Bombay police, but FAIL.
I want to delete my account but Slashdot doesn't allow it.
It frustrates me that secured is become standard or in this case enforced.
I would leave my WiFi unsecured, but the truth of the matter is that I don't want to implement the same kind of border security on my LAN interfaces as I do on my WAN interface.
I suppose I could VLAN off a virtual AP, but I'm waaaay too lazy for that (not to mention slightly lacking in the skill dept.).
The terrorists used a Ford in their attack, so it we ban all Fords we should be safe?
How do the keyloggers work via wifi when the terrorist brings along his own EEE or AAO, buys a cup of joe, pays for some wifi access, enters his passphrase to access his data partition, and proceeds to send out all the terror messages?
now we need to go OSS in diesel cars
This is security theater - the Indian version. Bigger BS than the American version.
The reason for securing the wireless access is to deny terrorists ways / means to send an email. The only time terrorists send email (which authorities trace) is after an attack / atrocity and some group claims responsibility. They claim responsibility by sending an email to media.
I have no idea how blocking access to internet will secure the nation or Bombay.
Blocking wireless, more stringent PATRIOT style rules (POTA in India) and other nonsense is window dressing...or putting band-aid on a wound without asking how the wound happened.
There are lots of legitimate and socially useful uses of unsecured WiFi purposely configured as such by the network's owner, and not all WiFi networks provide a connection to the Internet. It would be incorrect to force WiFi owners to use security if they don't want it.
They could say that whoever leaves their WiFi open would be liable in case someone uses it to do something bad, but this makes me wonder why should some networks be considered common carriers while others are not. Either all networks should be treated as common carriers or not, no matter whether they are run by an individual or an organisation.
What do they mean by "terror mails?" Are these messages coordinating the attack? Or are they messages that provide warning of the attack? The police could by shooting themselves in the foot, nevermind that WEP is easy to hack.
It's a simple theory. He who can be traced to who can't pass the investigation onto the next person in the chain must be the culprit. At McDonald's, you have to buy something to get access, and that means walking in front of the security camera at a minimum, and possibly even leaving a traceable credit card number.
All forms of untraceable internet usage have lead to trouble. Come on people, secure your networks.
Its getting really shameful how stupid our Police & Politicians can be. Instead of working to avoid terror attacks they are spending time on this? WIFI was only used to CLAIM RESPONSIBILITY FOR THE ATTACKS. That could be done by post/note/phone or just telling the local news channel. This doesn't affect the bombs/guns at ALL. Main problem seems to be the dumb & out of work IT security advisors hired by the Police/Govt.
The blatant power grab / security theatre is so funny it's untrue!
The transcripts of the sodding terrorist cellphone calls are available online and on the news and *what* different did that make?
So, how often is this supposed sweep going to take place? If you'd been to Mumbai you'd be laughing till your sides ache. Any sort of WiFi is very low on the list of things most of the people about, this is a place where people live next to open sewers and shit into newspaper and leave it on the pavement - and not just in some ghettoised area. You have to watch where you tread for most of your day.
Where I'm living atm. (Goa) we're supposed to be on high terror alert. So it now costs Rs. 100 ($1) to cross the checkpoints unsearched instead of the normal Rs. 10. They claim pride in no terror attacks yet there are rapes every few days and unnaturally caused dead bodies found regularly. The driving test is driving 20 yards, going round a traffic island and coming back. Btw. if you do get raped here you will be told it is your own fault and the best thing you can do is to go back to where you came from (if you can find a police station that will listen to your story).
The biggest threat to your safety here as a local are the govt. officials. They are likely to be known murderers or their children can rape and murder with almost impunity a couple of times.
India likes to project an image of a wonderful progressive country but it will remain mostly a third world corruption riddled shit hole for my lifetime. Esp. as the GDP growth is about to end and they already spend minimal amounts on the welfare of the people (less than 2% of GDP on healthcare) 25% of whom are illiterate.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
I love the sweet, sweet irony on threads such as these.
Logged in posters:
"Anonymous access good, goverment bad, posting without logging in Flying Spaghetti Monster-given right."
+++mod up insightful
Anonymous posters:
"Anonymous access not all it is cracked up to be, government doing its job, and by the way, you're logged in you know."
---mod down troll
IIRC the main problem they had with the terrorists was actually their hand grenades, demolition explosives and AK-47s not so much their web browsing. If they can't keep heavy weapons controlled in their country I don't think they have much hope of locking down their entire communications infrastructure.
"terror mails" Geez... i'm so tired of this "TERROR" thing being attached to everything some extremist group does... NOT EVERY BOMBING HAS A TERRORIST OBJECTIVE! (IE: If I blow GWB into pieces, it's not because i want to generate terror or destroy someone's "Way of life" (which btw it's a FAT LAME excuse), just quite the oposite, see?...)
-- Counting backwards since 1984!
Here in Britain, all the open WiFi access points seem to have disappeared over the past year or so (other than the odd residential "NETGEAR"). Even the cafes and bars that had it are putting passwords on it. It wouldn't surprise me if the surveillance-happy New Labour government had passed a law banning open WiFi, or making the owners liable for any paedoterrorist activity on it.