Slashdot Mirror
Queensland Police to Look For Unsecured WiFi Spots
OzPeter writes "As a part of National Consumer Fraud week, the Queensland Police are going war driving in order to identify insecure WiFi setups. From the press release: 'The War Driving Project involves police conducting proactive patrols of residential and commercial areas to identify unprotected connections. Police will follow this up with a letterbox drop in the targeted area with information on how to effectively secure your connection.' While some people may like having an open WiFi AP its interesting to see that the Police also feel that 'Having WEP encryption is like using a closed screen door as your sole means of security at home. The WPA or WPA2 security encryption is certainly what we would recommend as it offers a high degree of protection.'"
http://www.wardriving.com/code.php
Merely 15 years ago I was doing the exact same thing and have been, on umpteen occasions, questioned, detained, given a 'move on' notice or just generally harassed.
[Rent This Space]
I have an open Wifi setup. My attitude is that connectivity has become basic infrastructure, and all "lock it down" freaks have just bought into the agenda of ISPs who don't want us to share bandwidth to boost their own profits.
If you're a guest in my home, you're welcome to use the bandwidth, along with the lights and water. Can you imagine visitig a friend only to be told, "Look, here's the PIN code to unlock the lights, and here's the key in case you want to wash your hands." Ridiculous. I accept that there's a risk of someone lurking in their car outside the property boundary to leech off my internet connection, but there's a risk of someone stealing water from my outside, unprotected taps, too. OTOH, if bandwidth were shared freely everywhere there'd be no need to sneak around "stealing" it, would there?
It's the 21st Century, man. Get over it!
New mod option wanted: -1 DrunkenRambling
Plus, it's easier for them to book you for thought crimes they catch you committing via their IP taps. They'll have none of that "but my wifi is open -- it could have been anyone" defense. That won't work for you, sir, you'll be held accountable for whatever flows through your pipes!
This looks like a money grab from this years' budget
The QPS is always complaining that they do not have enough funding to pay their staff. Now they are wasting precious manhours to mine data that they could easily purchase (or even receive for free) from Google.
[Rent This Space]
Finaly an actual initiative to protect and serve the people! A little faith in government restored.
Here be signatures
It's too easy finding a strong (as in signal), open, public WIFI signal these days for there really be any incentive to run around "hacking" WEP or even dealing with weak and unreliable signal issues that one faces using an open connection inside a building.
Shit, if you want to commit fraud, take a clean machine to any McDonalds in the country and you can fraud away to your heart's content.
NSW police may be interested in my wifi ssid "Police_Surveillance_Van_71A"
Insecure WiFi != Insecure network.
At home I have two WiFi network over the same AP, one is open an the other use WPA2, they are in independent networks and with a firewall between both, plus the open is capped to use at max 2mbps.
Wifi security, including WPA and WPA2, is already broken. It's the equivalent of locking your house up with a six pin tumbler lock. It keeps the honest and the curious out, but it's nothing to someone who really wants in.
Admit it. You post strawman arguments as AC so you get modded Insightful for refuting them, rather than Troll
I find it odd that QPS Media has failed to supply the public with any technical information on what tools they are using and the scope of the exercise
Are they simply searching for wireless networks? Or going as far as trying default passwords?
Are they geocaching MAC Addresses and SSIDs that will be used in other investigations?
Are they sniffing traffic? Are they collecting any personally identifiable information?
While this is a nice service, I do think this does not fall under the purview of the state police
If this is simply a SIGINT operation in disguise, it is better left to the DSD or ASIO
If this is simply a community service, the state governement should use grants to coerce the industry to extend their voluntary code of practice so that ISP's are responsible for making their customers aware of the risks as part of the signup process.
[Rent This Space]
thats exactly it !
realistically hacking a wpa setup by a person with no experience is pretty unsecured
(do you really want to know how many people have password1 or changeme...)
have a look at this:
http://open.youyuxi.com/
australia is censored beyond what I certainly expected...
regards
John Jones
If anyone has a secure wi-fi spot, will the "I did not download that file, someone did by accessing my wi-fi" excuse remain valid?
Slashdot, fix the reply notifications... You won't get away with it...
yes thats a very decent way to do things however in australia we have cap's so I would not want to give away my allowance...
living in other places I was unlimited and had no problem doing exactly what you do and giving away a portion of my bandwidth to those in need
maybe someone would help me out one day...
regards
John Jones
police going around to everyone's door trying to open it?
Some police beats in shopping centres check parked cars and leave a nice little letter with a nice big fine if they find one unlocked.
[Rent This Space]
Then you're littering.
hahaha They NEVER leave a Fine on a car for being unlocked. Stop stirring shit dude. They just leave a notice saying its unsecure etc etc.
and why is it illegal to leave your car unlocked ?
It is illegal as it encourages opportunistic crime resulting in more paperwork for the old bill.
It is quite difficult to type up reports when your fingers are all sticky from doughnut icing.
[Rent This Space]
to pay for this crap
>80 column hard wrapped e-mail is not a sign of intelligent
>life
They NEVER leave a Fine on a car for being unlocked.
Never Say Never
[Rent This Space]
I mean, it's a fine and commendable effort & all, but it's just bound to go WOOOOSH!!! to most citizens anyway. In fact, that goes for many of the cops too, I'd bet. Just leaving a letter talking about a screen door isn't really going to cut it for people who just expect to plug in a device and have it work perfectly automagically.
The eternal struggle of good vs. evil begins within one's self.
I had a WEP SSID for my daughters Nintendo DS, but had it locked down to the point that a hacker without a DS wouldn't be able to do much with it.
That law is ridiculous, i've had several locked cars broken into and the damage due to breaking in has always cost more than anything stolen. Generally the only thing of value is a couple of euro and the radio which although it has bluetooth, mp3 cd cost 56 euro a new door or window costs a lot more to fix than replacing the radio.
The engine immobiliser still works you need a proper coded key for the ignition to work, you might still steal the car but the door locks are not going to be much of a barrier honestly.
Sure sometimes i might be carrying something of value when it makes the cost of repairing the car less than the cost of the stolen goods but then i would lock it.
however in practical terms the cost of a break in is my insurance excess (500 euro) + the loss of noclaims discount which is around 75% a loss of (750 euro).
A friend of mine had his lorry fuel tank syphoned in a locked patrolled yard no less, the police said he should have a locking cap on the tank. well that is all well and good until you realise the tank would still have been broke into and the tank damaged in the process and his lorry would have been off the road making him unable to meet his contracts. While annoying and expensive to lose fuel that way the alternative could cost him a lot more maybe even his business.
Security is a trade off and it makes no sense to ensure the cost of flimsy security measures costs more than the things stolen in the first place.
Blarney Quality Restaurant, Plants
I once purchased a new Jeep Wrangler softtop.
Being a new car, I was being very careful ensuring that the car was always locked and parked under a streetlight at night.
Didn't help. Had the window panels slashed on 2 occasions in the first month of ownership. Once for some pocket change, and another for a work uniform.
Replacement panels are $1,200 a pop. I resorted to ALWAYS leaving the car unlocked to prevent this kind of vandalism. Never had a problem again.
Over the next 2 years, I only received a single $40 fine for leaving the vehicle unlocked. Argued the ticket and it was retracted.
[Rent This Space]
All of them named Linksys, Dlink, Wireless, etc... and all to a single router that is connected to nothing at all.
It significantly reduces the volume of idiot neighbors that do not configure their new wireless as many times they will connect to me instead.
Works great, when I shut it off, I see no more default router names.
It also screws with the wardrivers, I look at some of the maps every few months and see my location with a giant pile of AP names around my building.
Do not look at laser with remaining good eye.
WPA hasn't been broken (except for trivial password-guessing attacks that apply to every encryption scheme which uses pre-shared keys). WPA2 requires AES support, so a lot of older devices which have been upgraded from WEP can't use WPA2 because they lack AES support. If you expect to have devices like that on your network, WPA+TKIP is fine.
So in conclusion: attacker gets all your outbound traffic in 20 minutes (and gets all your inbound traffic too if you use QoS). But somehow that's not "broken?"
Either you've just got your head in the sand, or you're a black hat trying to convince potential marks to keep using WPA-TPIK.
I did say use WPA2 if you have it available, but the threat isn't as significant as you make out. Anything serious (eg passwords) would be secured by SSL or TLS, so what are you going to sniff? You certainly can't get hold of anything that you couldn't just as easily get hold of via intercepting the cable/dsl/fibre. A guy with a high visibility vest and a clipboard fiddling around in your comms pit is much less noticeable than someone parked in your street with a laptop for 20 minutes.
And the threat TFA is talking about closing requires that your wireless security would be broken enough to allow an outsider to use it. No currently known WPA exploits allow this.
So it's broken, but not completely broken, and certainly not broken in the context of TFA.
I think you shouldn't spread that information while logged in. I was able to acquire your home address with relative ease.
Change is certain; progress is not obligatory.
and buy a router with the a guest network capability. One device that offers dual AP - protected full speed for the home - un/protected guest ap that's restricted to 1/10 network bandwidth and isolated from the lan. Cost was $45 at Walmart
Mod me up/Mod me down: I wont frown as I've no crown
You Slashdotters just don't get it. If these wifi connections are left unprotected it will be the end of the world as we know it. Communists will start abusing these connections to access the internet WITHOUT PAYING FOR IT! Consider the long term ramifications! The dismantling of the international banking system! Dogs and cats, living together! Mass hysteria!
Merely 15 years ago I was doing the exact same thing and have been, on umpteen occasions, questioned, detained, given a 'move on' notice or just generally harassed.
Wi-Fi did not exist in 1997. It existed about ten years ago. Wardriving didn't become particularly popular until around 2002-2003. I went out all the time and was never questioned.
Maybe that guilty look on your face got you second looks? Cops WILL hassle you if you appear to be doing something wrong and are looking around all the time.
--Martin Espinoza
The *proper* solution is to *accept* that some folks have open wifi, are ok with sharing their bandwidth, and therefore a consumer IP address is *not* to be admitted as evidence of a "crime" that has been committed using the public Internet.
Tired of FB/Google censorship? Visit UNCENSORED!
Clearly that is not how it works. If it was, every McDonald's, Starbucks, and half the other retail stores out there would not be offering free unencrypted WiFi. Fear that some criminal is going to drive around town looking for your open WiFi so that they can commit a crime is complete paranoia. There are open WiFi hotspots everywhere that wouldn't draw attention if a stranger was sitting in their car using it. They are even put on maps, and advertised by the businesses offering the open WiFi.
Yep. I'm upset with Nintendo about this. Even though the 3DS can do WPA, some of the games still only do WEP so we have an old access point that only gets plugged in when required. Really need to lock it all down sometime.
More police driving around looking for naughty free Wi-Fi means less police driving around looking for drunk drivers. Tip buy shares in auto repairers and funeral homes.
I got to the chocolate box before you, that's why the hard ones have teeth marks.
Protection from whom? What is the risk to my personal data or my personal laptop if my WiFi _connection_ is open (assuming I've changed the default admin pwd on the router itself). Seems to me the cops have identified a solution before they actually defined a problem. same old same old