Slashdot Mirror
Australian Police Plan Wardriving Mission
bfire writes "Police officers in the Australian state of Queensland plan to conduct a 'wardriving' mission around select towns in an effort to educate citizens to secure their wireless networks. When unsecured networks are found, the Police will pay a friendly visit to the household or small business, informing them of the risks they are exposing themselves to. Officers also hope to return to surveyed areas within a month to see if users have fixed their security settings. The idea is modeled on another campaign where officers walk around railway stations checking cars have been locked, and leaving notes warning people of the dangers involved with leaving their vehicles unsecured."
"checking cars have been locked, and leaving notes warning people of the dangers involved with leaving their vehicles unsecured."
So, as a criminal, the police have saved me the trouble of having to work out which cars are unlocked by flagging them up for me?
Slightly more on topic, is there a law against leaving your network open in Australia? What if I'm just being helpful, will they continue to badger me until I lock down my access point?
It's all fun and games until a 200' robot dinosaur shows up and trashes Neo-Tokyo... Again
so what do you think they'll say when I say I do it deliberately ?
I don't mind sharing my wifi with complete strangers. I restrict it to make sure they can't cost me too much and everything I do on it is encrypted via VPN so - meh!
"Consider how lucky you are that life has been good to you so far. Alternatively, if life hasn't been good to you so far
I also like the idea of police officers visiting every home and place of business, more as a social visit and to establish better ties between the police and civilians. You know, get to know 'your' local police officer and, establish a more social contact with at least one officer whom you can contact in the event of need. Also it would help to remind officers of what their role really is in assisting the public to maintain a civil and orderly society.
Of course while it might work in Australia, in the US with pepper spray and taser abuse out of control and with 'public' discussions of the effectiveness, legality and use of torture it would likely have the opposite affect and drive an even greater wedge between 'law enforcement' and the public.
Chaos - everything, everywhere, everywhen
Seems like some kind of pseudo threat to me. What are they implying, that if some criminal uses their open access port to post goat porn to /b/ the home owner is going to be criminally liable? What if you _like_ having an open access port, and don't mind if your elderly neighbors use it occasionally to check their email? Quite frankly it doesn't seem to be the homeowner's job to lock the world down in order to prevent crime, especially crime that can be remedied by pulling a plug, if it ever actually causes the homeowner to lose bandwidth. Come to think about it, it's not the cops job to prevent crime either.
So, who exactly is this benefiting? My guess would be whoever provides ISP service has been hitting up their political puppets... after all, your 60 year old neighbor should get with the times and start paying $100 a month for internet access like all the other good citizens.
I like this: I don't think this is intruding at all, and is indeed something that most people don't realise the consequences of. Making people aware of something is never bad in my opinion.
I also hope there's room for people who, after being warned, are also free to note that they leave it open on purpose (and as such, won't get a second visit): I like my free hotspots!
When you shoot a mime, do you use a silencer?
One of my internships involved installing free and open wireless access points around my university's small town. I always wondered if another student would be taking them all down in the future. Some things are just too good to be true. Although, I hear some homeless are making use of free access points in their own cities. Why would anyone want to take that away? I'm all for free internet, and enjoyed the internship, but something tells it's just not going to last.
Health Freedom is almost as popular as Freedom itself.
thanks for information
kurtlar vadisi gladio
kurtlar vadisi
...and leaving notes warning people of the dangers involved with leaving their vehicles unsecured.
What? People don't know this in Australia? I mean if it came to become a campaign the problem must have been of significant magnitude. I'm not trying to flamebait here but back to my question: people don't know this in Australia?
I am the lawn!
The police maybe able to see my wireless network as unsecured, but unless their mac address is in my router they have no chance of connecting to it.
so.. they will start mad max like gangs?
Oh, there are a lot of strange ways this could play out:
[ knock, knock ]
-Do you have the WLAN with the SSID MonkeyTails?
-The what, Sir?
-Wireless Network?
-Oh, for the computer Internet? No, I think ours is called captaincrook.
-Okay, that one is safe.
-Safe?
-Yeah, we are driving around checking for insecure WLANs. Do you know who MonkeyTails are?
-I think it's my neighbour.
-Ok, thank you.
[ knock, knock ]
- Hello.
- Hello, are you the owner of the WLAN MonkeyTails?
- Yes?
- It's insecure.
- I know.
- Well, you should secure it.
- No, I don't want to secure it.
- You should secure it or pedophiles could use it.
- It is an old router that doesn't support encryption.
- Well, let us know if you see any pedophiles.
- Bye.
So when a kid demonstrates he can access his school's network or a customer demonstrates that he can get free calls from a phone system, they will be thrown out of school for 'hacking' or arrested for 'theft of service'. But when the police do it, it's fine?
Whats happening here?
It seems that two of the largest organisations hating the sharing of WiFi access are the police, who don't like the fact that unofficial open access points don't log and the ISPs who hate to think that they are losing a potential customer.
Some years back in London, a chain of winebars (C&B) offered free access for their customers with no fancy tumbling time code or anything (you, know where they print a code that has a limited validity on the till receipt).. A story appeared in one of the papers about how people were able to 'steal WiFi access' showing the 'security consultant' with a laptop in the city of London demonstrating that there was open WiFi. Yep, because they are standing directly outside that Winebar (out of shot). I have stood there myself, as the bar was too noisy, so I could use Skype over WiFi to contact my SO. This is fairly common practice now, but it disrupts the business models of people like Vodafone or commercial WiFi providers.
See my journal, I write things there
You could come home to find your unsecured router placed in the back seat of your locked car, which you lost the keys to :(
Seems like some kind of pseudo threat to me. What are they implying, that if some criminal uses their open access port to post goat porn to /b/ the home owner is going to be criminally liable?
It is not a threat. It is a fact. If your WLAN is left open and someone commits crimes through it, you could be really screwed. In most cases it would probably not be enough to prove that you did the crime and get you a sentence in court but it could still land you a lot of trouble. And it could be used maliciously: Let's say that a co-worker that likes neither you or your boss comes to use your WLAN to harass your boss?
There are risks in having an open WLAN. Some of them have something to do with you becoming suspected of crime, some are about how other people can commit crimes against you. It can be argued if the police is the best organization to educate about this or not but police certainly can do it and it is important thing to do.
What if you _like_ having an open access port, and don't mind if your elderly neighbors use it occasionally to check their email?
Then they say "Okay." and go to the next apartment. This isn't about them coming to force you protect your WLAN, it is about educating that "Hey, your WLAN is open. Are you aware of the risks?" Because honestly, there are a lot of WLANs that are open because their owner has forgotten to protect them, doesn't know how to do it or doesn't even know that it should be done. I would guess that these even outnumber those who leave it open intentionally.
Quite frankly it doesn't seem to be the homeowner's job to lock the world down in order to prevent crime,
Same can be said about locking your apartment's door. It isn't a homeowners job, right?
especially crime that can be remedied by pulling a plug, if it ever actually causes the homeowner to lose bandwidth.
In some cases the crime can cause a lot more. Perhaps the cops should visit you?
Come to think about it, it's not the cops job to prevent crime either.
Wait, what? Police is supposed to execute the laws which tell what people shouldn't do. It certainly isn't limited to investigating the wrongs that people have already done.
What risks are they exposing themselves to? Does Australia hold carriers responsible for content? How would a residential open WiFi differ from the free WiFi at a coffee house?
I think I would warn the cops about the "risks" of coming to my home and harassing me...
I understand why the Police are doing this, and I think it is a good move. Yes, I am an Australian, and a QLD'er.
This will let people know who truly do not, and can prevent crimes such as identity theft, downloading illegal stuff etc.
For the record, operating an insecure wifi AP is not illegal, this is just a helpful initiative.
The thing is, it is 2009. For the last 5 years at least, most AP's have security enabled by default, or at least as a mandatory step of the setup.
At the very least, there will be a warning that will be hard to miss.
For the last 5 years or so, information on this has been forthcoming to people who are not overly technical via:
* TV shows, non technical like 60 minutes or a talk show
* Magazines, including many of which are non tech magazines
* Various websites, including many non tech websites, such as MSN
* Your operating system, such as Windows, OS X or Ubuntu giving you warnings
* User guides or manuals in very, very, simple to understand language
* Warning stickers on the box or device
* Probably quite a few other avenues as well
There is very little reason to not be aware of the risks of running an insecure network. All too often it is a case of stupidity, as people do this for the sake of convenience. Nothing is going to change these peoples minds.
If you ignore ACs because they are anonymous - you're an idiot.
...but I agree with you.
Who the hell are "unnamed corporate partners"? And why are the police doing anything at their behest?
I'm not usually paranoid, but something is rotten in the state of Queensland.
Genesis 1:32 And God typed
I guess not very much is going on in the state of Queensland.....
Does the police specified that people should use WAP and Strong passwords, if they really wanted to protect their networks.
I've moved to a new apartment 3 months ago. My building is in a very dense populated area. Due to bureaucrat issues, I was over one month without an internet connection. Since I had over 25 available wireless networks on my house I gave the http://www.aircrack-ng.org/doku.php?id=tutorial aircrack online tutorials a shot. It was amazing how easy it is to crack a WEP connection. On average I took less than 10 minutes to crack a WEP wireless. Over 40% of people(at least around here), still use this totally insecure encryption method.
I've started to get curious about who is Using Wep. So I've made a survey with my laptop, and my phone(it has wireless), to see who is using Wep. I have a HP shop on the other side of the street, that has a big splash symbol on the window "Microsoft Certified". They have IT consultants and they are using WEP. What a joke.
My local Social Security Center is using WEP possibily exposing the entire contry database(it's just a guess. I didn't really crack it). Also WAP is not difficult to crack with weak passwords, and most of the people don't have a clue about strong passwords.
I currently have my network open, only closing when I need full bandwidth, and my SSID is something like WEP_IS_LIKE_OPEN, but in my language.
I guess worst than having an open network is to wrongly think you are secure.
My AP is open on purpose as I was sick of the compatibility issues and the data protection is negligible. You still need to convince the OpenBSD router that you should be using this network, and good luck sniffing the VPN traffic.
It sounds like their police departments are over funded. Maybe they can come and unlock cars for people who lock their keys in. Or help configure my neighbor's wireless router so we can all share and save money.
People who donate money to charity will lose that money.
People who donate some of their bandwidth to passing surfers probably lose nothing.
Surely the police should be concentrating on the cases where there is a more significant danger of loss.
VLC Remote for iPhone and Android
I think it's a good campaign. After all, how much money and time do you think it takes to cover a neighborhood? A couple of officers could probably do this in a few days.
Nobody said it's illegal and they are not constraining anyone to "secure" their AP. It's just like a patrol passes by and they see you are in some kind of trouble. It's their job to stop and ask if you need any assistance. If somebody wants to keep their wireless open, it will probably cost them a couple of minutes to talk to the police and explain their point of view. On the other hand, if someone is unaware that their internet connection could be used by anyone, I think it's pretty much worth it.
And, if anything, it's just a visit from your friendly police officer. They should do it more often.
the sprayed on 'atmosphere' dissolves into destructive 'weather'. no question the recipe for doom has been followed to the letter.
as the illusions of security promoted by the greed/fear/ego based minions of man'kind' continue to fail miserably, there'll never be a better (or any) time to consult with your creators, whosoever you perceive them to be.
I'm in southern suburbs of brisbane and there are no less than 6 open wifis in my area. All of them have completely default settings, default SSID's and everything. On some of them people have their whole c: driver shared... Usually i print to their printers letting them know, but there are so many I just stopped doing it.
What risks are they exposing themselves to? Does Australia hold carriers responsible for content? How would a residential open WiFi differ from the free WiFi at a coffee house?
They run the risk of a huge bill from some of the crap ISPs in Australia.
My parents' had a subscription that gave them a "whopping" 200MB (yes, that's all) per month and after that, they got charged 15c per MB! Suffice to say, anyone with an open wireless router and a crap plan like that could be facing a huge bill.
just another step towards your 'reward' robbIE. so long, & gooed luck to you, even though that won't help a bit in how you're remembered/disposed.
Australian Police Plan Warp drive Mission
woohoo! finally! ...oh. argh fuckit, dumb ozzies. Oh well, at least they know how to play rugby (even though they suck kangaroo bum at cricket).
They exist to apprehend criminals... which is not at all the same thing.
Do what thou wilt shall be the whole of the Law
My friend is using WEP knowing the danger fully.
He switched from WPA. Left WEP to signify "this is not an open network. You are not free to use it".
He has a phone with Windows Mobile and Skype. He uses VOIP when at home. Except the CPU of the mobile can handle realtime VOIP or WPA encryption, but not both. Simply not enough power for WPA. It works just fine with WEP though.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
1952 Called. They want their innocence back.
"I also like the idea of police officers visiting every home and place of business, more as a social visit and to establish better ties between the police and civilians."
I couldn't find your ~ tag. I hope you're kidding.
I should offer free Go-Fish training to all IT people.
Lemme see if I have this straight.
A. Australian Officers visit home *without cause or reason* to "test Wifi".
B. http://yro.slashdot.org/article.pl?sid=09/07/15/1251201
Australian Officers begin implementation 3-strikes policy upon discovery of a bad copy of a Ramones mp3.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Doh, guess I should RTFA first....
So, they leave notes on the unlocked cars? Are they like bright red, placed on the windshield and say "This car is unlocked! Please don't steal it!"?
Where I'm from, any action that appears to be preparation for breaking into a car is illegal. It's illegal to try the doors. In fact, a while back the police in Galveston made the news because they were arresting people for *looking into* parked cars. Not even touching, just looking.
I understand the intent but I still think that goes too far.
I hope their laptop is secured tightly. My router is open but if your MAC isn't in an approved list, automated scripts try to install as many exploits as possible.
One problem with sharing WiFi is there doesn't seem to be an _easy_ way to do it so that your guest's traffic is secure from another guest.
I believe that if you use a passphrase that's shared, you need to figure out a way to get the passphrase to the users. But IIRC all the users sharing that passphrase can in theory decrypt each other's stuff.
For protection against that, you need to do something like create a dummy WPA account. But you'd still have the problem of getting the credentials to the users. Perhaps Windows+OSX+Desktop Linux could get together and standardize on something by default.
Un-secured wireless networks are a problem but so are WEP encrypted networks, they can easily be cracked using the likes of BackTrack 3. WPA and WPA2 encryption is a "bit" better but can also be cracked using either brute-force of dictionary based attacked after a target client has been "force" to re-authenticate via packet de-auth. WEP is a no no and with WPA, you need to use a strong password, nothing obvious ;)
Wardriving in Australia, did anyone else read this and think of the supercharged pursuit cars and high speed chases in Mad Max ?
If you can get DSL of any kind, you CAN get a plan from an ISP like Internode that doesn't rip you off. Doesn't matter what kind of kit you are connected to, if you can get DSL from BigPond, you can get it from Internode (and if Telstra tries to say otherwise, thats what the TIO is for)
Unless Telstra NextG Wireless is your only option (which may be the case out in the bush), there is no reason you need to put up with crappy plans anymore.
Maybe geeks in Oz need to start their own campaign. Knock on doors and educate people why everyone should open their router? I recently visited Australia and was amazed at how hard a time I had finding open access points with my ipod. I didn't have a notebook or 3G phone on me, I was backpacking and trying to keep the weight down. The problem is not much better here at home, in Canada. I live in a neighbourhood of dense housing and can see about 20 wifi networks broadcasting, but mine is the only open one. (I call it KarmaNet.) Most connections to it are iphones, and the occasional neighbour that uses it regularly. In the two years I've had it open and uncapped, I've noticed no change in my overall bandwidth consumption.
Yes, there is a miniscule chance that someone will use it to do something truly nefarious, like posting kiddie porn. This common argument is very lopsided relative to the amount of good it could do to society as a whole if everyone had an open network, even if most had capped public bandwidth to something relatively small.
Yes, I know it's against most ISP rules. We should be pushing to have laws that force ISPs to remove this clause from TOS agreements. This should be on the agenda of the growing Pirate Parties of the world. It's something the average person can relate to, even if they have no interest in the copyright issues on the current Pirate Party agendas.
I know I'm preaching to the choir, and I know slashdotters and generally too complacent to actually go door to door and educate people about this (I know I am). Seriously, though, why not bring the subject up with our non-techy friends (many who now own smartphones or other portable wifi devices and can easily relate to how wonderful it would be to not rely on 3G networks). Get people thinking about this "what if" scenario.
I remember when living in Australia in 2005 they introduced a new law in New South Wales that meant you could be fined for leaving your car unlocked! Australia is very guilty of being a 'Nanny State'
Every night at about 2AM, an officer would walk down main street, not sure how far as it was about 2 miles through town, but I'd see him out there checking the doors of each business as he walked. I don't see how this is so different. It's actually nice, for me, to see police proactively trying to help people rather than abusing minorities and poor people.
Do you have ESP?
I've been doing this for years... except replace knock on door with polite text document on desktop and you'll see what I'm saying.
Seriously though, if a house or BUSINESS has unsecured wireless, that's the least of their worries.
I couldn't find your ~ tag. I hope you're kidding.
Don't advocate that fucking stupid idea!
Car analogies break down.
the first thing I thought when reading this article was this was a great opportunity for the cops to plant drugs. (Car part not Wi-Fi).
The second thing I thought about was not how to secure my wi-fi but how I could pester the cops with it.
Next they'll send plainclothes policemen to people's doors to ask for a glass of water, or to see if there's an unsecured spigot on the outside of the house. And if they find this sort of freely available water, they'll give them a stern talking-to. Because it(*) all starts with kindness to strangers!
(*) "It" being civilization: the biblical command to be kind to strangers, and the custom in the middle east to give water to travelers, date to prehistory are are literally the basis of our civilization.
From a business standpoint, this actually makes sense as I'm not a network Guru or even an expert and if I were to get a courtesy visit from the local police informing me that there was an unsecured wireless AP on my network, I'd be thankful because the potential cost damage to me is so high. By Law I'm required to comply with the HIPPA (Health Insurance Privacy Portability Act) as I sometimes deal with health records. Fines for violating this act can range from 1k to 100k per violation and the courts decide what constitutes a violation (usually per day). That can get damn expensive very quickly and wipe you out financially, which is not a risk I'm willing to take. On a related note, as an SMB (small/medium business) I would like to be informed about something like this as it means someone could be accessing my computers (company systems) for what ever purpose they want. How do I ensure that I don't have someone violating the credit card companies new security standards? as they're not yet auditing at this level and such an audit is damn expensive? What about my web host for my online shop. Who's responsible for that Audit? The software vendor, the host or my web master? Who foots the bill for any break in and resulting investigation?
From a private citizens standpoint, as a common Joe Sixpack user, I'd also appreciate the police telling me that my router is insecure and if they provide me with a leaflet showing how to secure it (most common models in use) it would actually improve things. Hell they could even include information about how to set channels so that wireless routers don't all try to share the same channel in close proximity. This means better actual performance instead of why can't I connect to my router from the living room when it's in the back bedroom type questions. Of course as Joe Sixpack, I'd also be upset that the police are using this to cite me for any obvious violations that may occur at my home if they were to do so and as an American, it would definitely get them shot at and reviled for invasion of our privacy because they're now fishing for evidence to investigate us for crimes, such as those Marijuana plants growing in my living room.
Mod me up/Mod me down: I wont frown as I've no crown
In college a friend had her car stolen...when it was recovered, it also had illegal cargo...a dead body in the trunk.... [waaa-waa-waaaaaaaaa] true story, though. you just never know what a car might get heisted for.
Theres a lot of uninformed posts here, dare i say the majority of posts so far. Obviously most of them are not from people who live in australia and most are not familiar with the dominant ISPs data charges.
Exibit A: http://www.bigpond.com/internet/plans/cable/plans-and-offers/
Read the fine print and you will notice the data charges for exceeding your quota. Work it out per GB and its $150 per GB. Sadly the most common users on such internet plans are mum and dads who don't know better.
Now imagine someone "wardriving" finding your AP and casually downloading a 8GB bluray rip of some sort from usenet or torrent. thats quite a hefty internet bill. Don't doubt that someone could downlaod sometihng so large in such little time - the cable connections from this ISP is 30mbit/sec and not overloaded in the slightest. With 400MB of quota on a 30mbit connection, surely you can see the dangers here. The big ISPs are getting away with it.
The police are doing people a favor. There is no sinister conspiracy behind it all. They just don't care about busting you for what you are doing on your internet connection. If they wanted to bust you they would sit there and sniff your traffic and move on if they found nothing. They don't need to knock on your door and warn you of anything if they intended on busting you. They would simply knock and tell you to go with them to the station.
The police in Queensland must be different from the ones in the rest of the world or... This is just an update of the 'shake the tree and see what falls out' approach the police have used for years. A pinch of misdirection and a few claims of "proactive public service' gives them the legal means to knock on any door and do a quick eval of the home or business and occupants. Hmmm, husband seemed a bit dodgy... you see what the neighbors have to say about him, I'll check myfacetube using his network, har har. Remember, after lunch we need to make a couple actual 'security' calls to keep the quota numbers on track. ..."I can assure you the Queensland Police is going to do this. I'll make sure it gets off the ground." - Detective Superintendent Brian Hay of the Queensland Police.
"You are young, life has been good to you. You will learn" - Sweeny Todd.
I've browsed this whole thread and not once did I see any discussion of what the police might tell this random Australian citizen who has an open wifi router. "Gee, we think it would be a good idea if you protected that?" Well, okay, but how? Will they be carrying instructions for securing all major brands of routers? What about the wifi hardware on the client computers? Will they bring along a friendly geek to help the person fix their wifi? Most people with open wifi didn't choose to make it work that way, they just never bothered to secure it and probably didn't know how. Will a kindly visit by the Queensland police suddenly improve their network administrative skills?
Oh, and will they suggest using WPA over WEP? How about long, mixed alphameric pass phrases? How will they answer the citizen who says, "Thank you, officer, I never knew my wifi was vulnerable. What should I do to fix it? Can you help?"
Turn off that SSID beacon you retard! Create a public dark-net.
WEP is soo hard to break into.
This is totally to remove the defence of an open wireless network for filesharers. The Australians were already considering legislation to "protect copyright holders" more stringently and this is simply playing into their hands.
I can't believe that any police force has enough time on their hands to focus on this instead of real crime issues. How many people die from open wireless networks?
This is so stupid - clearly their force needs to be downsized.
This sig contains a manual self-destruct. Kindly please put your foot through your monitor in 8 seconds.
Whenever you find an unlocked wireless signal it's best practice to lock it down for the owner.
Sure, this limits their ability to access it, but you can assume they have access to the reset switch.
Whenever possible you can access a network print resource and print the password for them.
"The Borba"
If I lived there I'd be changing my SSID to "Fuck off pigs"
"It's because they're stupid, that's why. That's why everybody does everything." -Homer Simpson
Uhm, I don't know where you live but I've been an expert witness in a trial for exactly what you're talking about. It did NOT work like you've imagined. Instead, it went like this:
Prosecutor: You own this hardware and are responsible for it. Someone was pumping kiddie porn through it. It doesn't matter if you knew that, or if you were involved, or what - you are responsible. If you can find the kiddie porn criminal you can try to sue them, but right now you are now going to have your life permanently ruined.
Jury: Sounds reasonable to us. The law is quite clear, you are responsible regardless of what you knew. A person who accidentally commits a crime is still guilty.
Judge: The penalty is that for the rest of your life, everywhere you go, everyone who lives within a certain radius of you will be informed that you are a sexual predator convicted in a child abuse case. Have fun dodging the lynch mobs, and don't bother calling the cops if you have a problem.
Me: I can prove that the cops mishandled the evidence and that it is no longer possible to tell what really happened. Maybe the cops are the pornographers - I can cast reasonable doubt.
Lawyer for the defense: neener neener neener!
Judge: OK, throw out the bad evidence.
Jury: Insufficient evidence to convict.
Lawyer for the defense: NEENER NEENER NEENER!
Prosecutor: Dammit, when I get you cops alone you'll pay for this bungling!
Me: Thanks for the $15,000 up front, have a nice day.
Defendant: It was worth it. Thank god I'm richer than Croesus, a poor person would have been totally fucked.
Sounds like a good move to make liable for downloads from their IP....
police....
Meanwhile, in another part of town, someone with a mean streak will have so much fun with this.
How is this much different from the fire department going around and asking if you have fresh batteries in your smoke detectors?
-- I have a private email server in my basement.
Leaving your internet connection open should be a crime because you're making it availasble for child pornographers and terrorists!