Slashdot Mirror
Nebraska Sheriff Wardriving, Sending Letters About Unsecured Wi-Fi
An anonymous reader sends this quote from JournalStar.com:
"The Lancaster County Sheriff’s Office has seen an increase in scammers using unsecured Wi-Fi connections to steal identities and mask their crimes during the past six months, Sheriff Terry Wagner said. ... So deputies spent the past few weeks finding unsecure connections and sending 40 to 50 letters to let people know about the potential dangers of strangers accessing their network connections. 'You're just opening yourself up for a series of potential pitfalls,' Chief Deputy Jeff Bliemeister said. ... Bliemeister said only businesses like coffee shops that offer Internet connections to customers need unsecured Internet connections.
Applause!
Much better than that goofball sheriff in Aridzona.
A feeling of having made the same mistake before: Deja Foobar
In a dense area you might pick up 15 different access points, 2-3 of them open. Unless they have sophisticated RF locating equipment the letters are just going to be out based on a best guess scenario.
The only place I can see this working is suburbs with wide spacing between homes, or rural areas.
However, the ISP's TOS forbids it. Nobody's going to break into the computer unless it has no password. But as I've gotten free wifi from unsecured hotspots, I see no reason not to repay by doing the same.
Free Martian Whores!
Are there many cities (I mean, real ones, not "A disparate group of buildings, divided by excessive zoning, spread over a wide area, connected legally purely for political organizational, and taxation purposes" Anytown USA type places) in Nebraska? I always thought it was mostly rural.
You are not alone. This is not normal. None of this is normal.
While I think this action is quite cool, I would argue that not even coffee shops and businesses like that need open wireless connections.
They could just as well make the WPA2 key easy to remember and put it in some obvious place, enabling their clients to use encrypted connections and avoid all that Firesheep stuff as well.
If it is legal and not unreasonably dangerous for a business to use an open wifi connection, then why can't I? If I get incorporated, does that make it safe? The only 'danger' you expose yourself to by keeping an open wifi is that a moronic lawyer claims it must have been you and decides to sue you for things you didn't do. The proper response to that is to counter sue the lawyer and to educate the public, judges and jury that an IP address does not prove identity. I have the right to keep an open WIFI connection and if someone else uses it for bad purposes that does NOT expose me to any reasonable danger or risk. People have the right to anonymity and that means government and lawyers do not have the right to intimidate people into making anonymity harder to obtain.
excitingthingstodo.blogspot.com
There is 1 city in that county, and it ain't exactly NYC.
2 deputies with directional antennas.
If you can find warships that way, you can find wifi hotspots.
You've never been to Nebraska, have you? Google says the population of Lincoln is about 260,000 total. There are apartment complexes in Los Angeles with nearly that many people. Houses have yards, there aren't many multi-story buildings (especially residential). The only "sophisticated RF locating equipment" is the number of bars on the signal idicator in the system tray in Windows, which will vary visible from one house to the next.
Other Law Enforcement please take note. Follow this model for other crime prevention and imporve your community.
Thank You
Taxpayers
For every benefit you receive a tax is levied. - Ralph Waldo Emerson
What's with slashdot today? An earlier story gave a bogus link and this gives none at all. I tried to find it by googling wifi sheriff site:JournalStar.com but the story didn't come up. Is this for real?
Free Martian Whores!
In a dense city...
That isn't applicable here. This is nebraska.
NOBODY needs unsecured Wi-Fi (unless it just gives you instructions on how to properly connect to the real network). Trivial passwords at least allow for encryption.
How about some id on each wireless access point, which can be tracked through the service providers in the region? Doesn't sound unreasonable, particularly if law enforcement is provided with the necessary tools and training.
A feeling of having made the same mistake before: Deja Foobar
I don't think even coffee shops should have open wifi. That is just asking for people to snoop on everything and passwords to fly in cleartext. However, most people don't know that if you get the right packets of the handshake (not even the whole thing), you can eavesdrop on any wifi security that relies on PSK. They really need to add some sort of DHE exchange at the beginning and encrypt that exchange with the PSK. That way, you can prevent random people from joining if you don't want them too, and keep people safe from each other. That seems to me something that you could add in software and not require a hardware upgrade (therefore perfect for already deployed hardware).
I don't see anything in the article that said it was illegal to have open wifi, or that you couldn't.
It said that open wifi was being used for identity theft, and that notices of potential dangers (I'd imagine such as possible repercussions for the wifi owner if fraud is traced back to their internet connection) were sent out.
For a couple of older folks or just generally non-technical people who potentially just plugged in an unsecured D-link, not a terrible thing to be given information about, and somewhat pro-active of the Sheriff. It seems little different from the notices given to people who leave their cars unlocked in neighbourhoods experiencing an increase of car thefts...
Google says the population of Lincoln is about 260,000 total. There are apartment complexes in Los Angeles with nearly that many people.
There are conversion vans in Los Angeles with that many Mexicans in them
In a dense area...
We're talking about Nebraska here.
Lancaster county does hold the second largest city in Nebraska, which happens to be the state capitol. Sure we aint NYC, but there are a couple hundred thousand people here at least. Ohh BTW there are more then one cities in the county.
There are some very dense areas in Nebraska. Some of them are even well populated.
Are there really this many people who don't care if crimes by others are committed using their equipment? C'mon, where's the America spirit at? Drinking beer, watching football, and forgetting about the security of our nation? Probably.
Lancaster County has Lincoln, NE - a city of about a quarter of a million people. The other dot on the map is Omaha, which if you count the whole metro area is close to a million.
Ohh BTW there are more then one cities in the county.
How about "There is more than one city in the county." You must be from Nebraska or something.
Learn to love Alaska
so how is this any different than when people went ballistic over google's streetview cars logging wifi?
Not that I'm saying there should be anything wrong with it in the first place, but why are the freaks that tried to go after google for doing this going to leave this guy alone? Looks like about the same thing to me.
I work for the Department of Redundancy Department.
Windstream here in Lincoln does have a universal naming scheme for their routers where the SSIDs are unique. You see these SSIDs everywhere you look in the city. IF Windstream keeps records, they may have found out that way as well.
...and he along w/ the state of Arizona deserve to be shamed for it. Not that it's going have any effect giving the history of that state.
The only place I can see this working is suburbs with wide spacing between homes, or rural areas.
Or Nebraska.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Honestly, "locking down" your wi-fi only keeps honest people off it. WEP is super easy to crack and WPA isn't far behind. If someone wants on a Wi-FI and they have the know how, then they're getting on the Wi-Fi. The real solution is to only allow authorized macs to get on the Internet.
There is 1 city in that county, and it ain't exactly NYC.
Well, there's only 1/5th of one city in New York County. :o)
Thank you, Edward Snowden.
"Arguments from authority are worthless." —Carl Sagan
The University of Nebraska-Lincoln's general student wireless network (UNL-AIR) is wide open and unencrypted. The only form of security in place is a MAC access list. I'm pretty sure somebody wardriving around the campus (or "warsitting" in the middle of the damn student union) could collect all sorts of yummy private data from that network each and every day.
So, will the University be getting a letter from the Lancaster sheriff? Probably not. Should they change it anyway? Hell yes.
As a Nebraskan... yes.
I'm regularly shocked by perceptions people from the larger cities, or from the coasts have. Yes, by land area, Nebraska is mostly rural, but it does have cities that typically have malls, movie theaters, and at least 10 square miles of urban/suburban space.
Lancaster County, in particular, averages 311 people/sq mi, and has Lincoln in the center, which even has some buildings with more than one story. Evidence: http://en.wikipedia.org/wiki/File:Lincoln_DT.jpg
Aparently the "police" is so noob that they have no freaking idea about how pathetic easily you can crack wpa/2.
Lol @ U$A-eagle-f**k-yeah-burger-cola...
We in NY feel your pain, but in reverse. A chunk of NY larger than several nearby states is designated "Forever Wild" and is the largest state park in the Lower 48. Several townships near where I grew up measure population density in fractions of a person per square mile.
Its a choice, not a law. The police needs to stick to enforcing the law, which is their job.
---- Booth was a patriot ----
I was living up in Ottawa, and it was quicker/easier to cross the border down into the Adirondacks than to drive up to Algonquin park. Fewer people, fewer fees, less traffic. I'm surprised more people don't do it.
If the SSID is broadcasting, "Smith" and the name on the mailbox is "Smith", you can probably take a guess about it.
Coder's Stone: The programming language quick ref for iPad
In my area DSL isn't available and FIOS or broadband is upward of $70. This affects me and many others who have difficulty with such prices. The act of intimidating people with open APs is ludicrous and shit-brained. A secured router with a unique user-ID, strong password, along with various options such as filters, availability-configurations, etc., is more secure than WEP with default settings. This sheriff should have a router fastened to his head until the microwaves loosen the rocks. I think the EFF elaborated on this topic quite well, also mentioning Schneier and his views on the subject.
Sharing, especially of educational/informational resources is a good thing. Intimidating people into doing otherwise against their will is encouraging greed, inefficiency and paranoia.
Forward! -- Emperor Norton, 2012
A federal grand jury wouldn't return an indictment.
http://wifinetnews.com/archives/2006/11/fcc_smacks_down_boston-logans_dubious_wi-fi_claims.html
For someone up to no good, I'm not sure that securing WiFi is smart move.
If someone has an open wifi, and something illegal (copyrighted content, kiddie porn, etc.) is downloaded via his IP, the person has plausible deniability that he himself did the downloading.
If that persons has secured his WiFi with a password, then I would think he's more likely to get convicted.
The vast majority of people with open APs at home don't know what the fuck they are doing.
A coffee shop has some business interest in maintaining open access to wifi. Perhaps the assumption is that there is some chance of them hiring someone who can configure a basic firewall+AP properly. I'm not particularly optimistic about that, but let the Sheriff solve one problem at a time.
“Common sense is not so common.” — Voltaire
If the SSID is broadcasting, "Smith" and the name on the mailbox is "Smith", you can probably take a guess about it.
I think if you're a residential broadband customer, and your access point is wide open, the SSID is gonna be "Linksys" or other default name.
I am not a crackpot.
I just left AZ a bit over a year ago and lived in Maricopa County. Joe Arpaio started his b.s. first, but even before that he and his office were a menace to the Latino populace of the county. Don't get me wrong, there ARE illegals there, no one will ever dispute that claim, however he's been less than truthful when he repeatedly states that they're responsible for all the crime there. Take a look at the mugshots his office posts daily, plenty of black and white faces to go along with the brown ones he singles out.
Fifty watts per channel, baby cakes.
Wow this is what we've been asking for all along - someone to educate everyone on securing their wifi. I think this is a good thing for police to spend their time doing. Serve and protect.
or else!
A directional antenna doesn't need to be expensive to be effective.
I made one for a friend of mine for about 20$ in parts, out of a clamp-on style work lamp, a usb extension cable, and some epoxy putty. Works great. 20dbi increase in gain over a fixed FoV direction.
Couple with netstumbler, kismet, or some other profiling software and a cheap wifi dongle, and you have yourself an aimable wifi probe.
Course, it looks ghetto as fuck, be he doesn't care. It works, and can go through several walls.
I am contemplating the purchase of a makerbot or thing-o-matic, and making parabolic enclosures for wifi dongles as a for fun activity. I designed one that has a "same direction" dual dish design. Wide dish reception, narrow dish broadcast. Would love to make it and try it out.
Maybe sometime next year I will get one (3d printer).
The point being anyway, is that this doesn't need to be extraordinarily expensive. 2 deputies, some ghettodish equipment, and some compases with cheap netbooks, and you can easily calculate intersecting vectors for unsecured wifi.
Grammar Nazi
I wrote the post at work, and did not have time to throughly review for correct syntax. Forgive me for making a mistake, please oh please wont you good sir?
All mistakes in syntax and punctuation were left in soley to anoney yu. Eye HOPE U lIker it!
Actually they could probably triangulate the source of the signal fairly easily.
And I believe Lincoln is actually the largest city in Nebraska on Cornhuskers game days.
I kid, but it's close. You do NOT want to drive on Interstate 80 when most of Omaha is driving to Lincoln for the game.
Lancaster county slashdot gathering anyone?
Unless they're working with the ISPs to recover the address associated with the IPs. If this is simply advice being given out (in line with ISP advice anyway), and information isn't being stored or intercepted then fair enough in my book. Too many people end up in court giving it the "but I was hacked!" excuse when they had no password, or an astoundingly weak one, ignorance may be no ecuse but it's nice to see some proactive action in educating people.
Please consider this account deleted, I just can't be bothered with the spam anymore.
Whenever I look up my maps location on a non-GPS device using Google maps ... Google is VERY good about pinpointing the location in my home. This is due to my other devices, with GPS, reporting the information back to Google. Google knows "oh, that SSID is at these coordinates".
Not rocket science. Not foolproof either, but good enough for a project like this.
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
Yes, by land area, Nebraska is mostly rural, but it does have cities that typically have malls, movie theaters, and at least 10 square miles of urban/suburban space.
I think most states in this country qualify as being mostly rural by land area. What's in California outside of what's along the coast? In New York outside of NYC?
Personally, I like it here in Lincoln. Good cost of living, 3.7% unemployment, and I can get across town in 15 minutes.
That's all that there is to be said about it - letting others know about it, no fines too? Come on, to any "naysayers" on that note.
* Good job - a good way to start a Friday night here too, on a good "lighter" note...
(Also nice to see a fairly technically saavy enough cop putting his BRAIN to use too for doing the right thing (@ the surface of things so far @ least on this afaik, as in they might be out to track "ghetto-isp's" as we call them around here, & no: I didn't "RTFA" yet either (& if the 'spin' title put on it here or the summary is misleading? Not my fault either - that'd be the editors))!
APK
P.S.=> Whoever the cop was who did it actually did something pretty cool, imo @ least so far....
... apk
SSID Flood of "Fuck the Police" in 3.. 2...
"Cleetus, we got ourselves another member of that there 'Linksys' family, they sure are a big clan!"
Burma?
Actually, you're right. I lived in Lincoln for a while earlier this year, and yes, it IS the largest city in the state when there's a Husker gamer. By contrast, I now live in rural Texas. In a county where the largest "city" is about 3300 people...
You can close your eyes to reality but not to memories.
I live across the street from them and it's never "Smith". It's either "Smith_coastisclear" or "Smith_hubbyishome".
Save your money. What good are plastic parabolic antennas reflectors?
Pretty good when you gently touch them with a hot air gun to level the plastic, then gently spray with conductive paint.
(Or give the full montey with silver nitrate solution.)
Time to set the SSID to "FuckYouSherrifWagner"
Now, ever sorority girl that calls in because she is missing the "lock thingy" on her ipad gets here WPA passphrase set to 12345678.
And for the super duper routers that force you to change the login password. I show them how easy that is too!
See! you can make all of the people happy all of the time.
I visited Omaha(?) a few years back and it definitely had the feel of Sacramento (CA) say 20-30 years ago. Big, few malls, didn't feel overly stuffy but obviously in the 'suburban with a commercial core' type setup. Hadn't gone through the huge 'tipup facade' building phase we have here (One of the big local grocery stores we went to still had the old 'big glass' fronts that took up most of the front entrance wall. (Basically nowhere in Sac still has those except for maybe a half dozen buildings across the county, and most of them are either no longer Grocery/Dept stores, or are 'independents' who're too poor to do 'big time remodeling'.
Overall seemed like a nice place to live if I was more religious. (Mind you my view may've been colored by the company I kept when I visited.)
In this instance I think the sheriff is right in doing what he has done. But here is the thing, when my ISP or their agent came to install my Internet connection, he did a fine job or so he thought, after he made sure my system was hooked up to the net, he was about to leave when I asked him if it was secure, He returned to the computer picked up the modem and pulled on the cable then he picked up the router and pulled on the cable, he then turned to me and said. "yes it secure the cables won't come out they are locked in", need I say any more
A long-standing police activity is to walk down the street and try the doors of closed businesses to be sure they're locked.
Don't have to visit Nebraska, the summary says only about 50 unsecure WiFi connections were found. We don't need any "I've seen Los Angeles on TV" analogies. Sending letters to lock it down is step one. After they get locked down, the number of open connections drops below 50, probably to about a dozen or so. Step two, watch activity on those handful of connections until you see the scammers. Step three, prevent profit. Even if you had a ton of multi-story buildings, the fact that the population is so low is why there are only about 50 open connections. Your entire county could live in one giant apartment complex, and 50 connections (minus the honest ones scared straight) would still be easier to catch a scammer with than what you'd get with LA's population -- even if LA were entirely single story buildings spread out with large gaps over a thousand miles.
use a curved photo frame myself wrapped in tinfoil and taped, just enough to make my 3g usable. would be interesting to see your trailing lamp design. Sounds like it could be very useful.
Blarney Quality Restaurant, Plants
Or...
You can leave it open so your neighbors with kids who are broke
and living month to month can have internet so the kids can do
their homework and everyone else in the family can enjoy something
that should be free anyway.
-AI
For me, it is far better to grasp the Universe as it really is than to persist in delusion
There was a Reddit meetup just tonight in Lincoln...
Why would two Sheriff deputies in Nebraska look for warships? :P
Last I checked it seemed that half of San Francisco was sharing open wifi connections. Yes, that might expose you to nasty hackers. I haven't heard of any problems though. I'd guess that on average, SF surfers are more sophisticated than Nevada surfers, yet they exposed themselves for the public good.
Would it be such a terrible thing if 75% of all wifi connections were shared openly? Not good for the ISPs who charge $100/mo, but good for the poor, good for the soul of the generous.
Is paranoia a tool for monopolist ISPs, security software providers, homeland security and the Republican conspiracy to spread FUD to get what they want? Can we shake off that dark cloud and show some public spirit?
What protections would be appropriate for an ordinary person who is willing to share their internet connection with their neighbors?
...omphaloskepsis often...
I think GN just imploded.
Bliemeister said only businesses like coffee shops that offer Internet connections to customers need unsecured Internet connections.
Hey, how about you don't tell people what the fuck they "need," because you have no idea.
It is not the responsibility of owner's of WI-FI to secure their networks. We all know that it is legal and acceptable to allow friends and neighbors to share their private networks as they see fit. Private in this case means private as in private property, which the sheriff has no authority to infringe upon. The sheriff by acting as THE police force of the world cannot be judge nor jury, and cannot make any threats of legal action based on actions of others known or unknown to the owner of the network. Such actions will constitute a threat and actions can AND SHOULD be taken against vigilante law officers.
Why does the link in the summary point to an article about the FIFA football game? Has there been 211 comments and nobody has RTFA?
My WiFI access point looks unsecured to the casual wardriver. However, the firewall to which it's connected only accepts OpenVPN traffic. So yeah, you can pick up an address with DHCP, but you can't do anything until you establish an OpenVPN session.
I did it this way because I trust SSL/TLS a bit more than WPA and certainly a lot more than WEP.
This is in Nebraska. So yeah, wide spacing. We don't all live on top of each other.
Hi, Lancaster county resident here. There's about 50 square blocks of urban area, the rest of almost all suburban or exurban.
How about some id on each wireless access point, which can be tracked through the service providers in the region?
How about "fuck no?"
Doesn't sound unreasonable, particularly if law enforcement is provided with the necessary tools and training.
Authoritarian policies always sound reasonable to authoritarians.
Thank you, Edward Snowden.
"Arguments from authority are worthless." —Carl Sagan
On the key is proverbial, then anyone can use it and it strength as well be arise. Modify the individualist key is not exploit to kibosh snooping.
You manifestly don't read anything roughly wireless certificate. If a shape is coarse (no encryption), anyone (symmetric those not related to the router) can stniff EVERYTHING sent over the connexion (riddance https and the similar). With a password, justified if every individual in the group knows the watchword, nobody can smelling anyone else's packets. The passwords intiates a dealings where the router and your machine set up their own sessions keys which are victimized to encrypt everything added. so justified tho' everyone victimized the said secret, everyone is using disparate encryption keys, so everyone is bastioned (at the wireless train at minimal).
http://byefun.blogspot.com/
Uh, yeah... Because every WiFi device ever created doesn't have any way for you to measure the signal strength, as you walk around a building. Hell, I can pinpoint an AP without taking my phone out of my pocket. It might be a bitch in an ultra-dense, high-rise complex, but most places it just takes a little leg-work.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
I've always wanted to do this for people, just cruise around, find open access points, knock on their doors and offer to secure their network for $20. Only problem is that it's illegal, and technically extortion if you ask for money. But the illegal part is simply that you're connecting to their network unauthorized. The federal laws still on the books actually mandate that one must obtain express WRITTEN permission from someone BEFORE you connect to their network. I know, I know, this means anyone using free wifi at the coffee shop is breaking the law, so the practicalities of this do become quite grey. But this is THE LAW, and if a government official is technically breaking the law, even if it's for good intentions, there is still quite a problem here, they could easily get sued. It would be nice if this would prompt them to rewrite the law... but would make far too much sense, and as such, will never happen.
In the mean time I'll just check to see if their router's admin web interface is unsecure, and in the likely event that it is NOT, rename their SSID to "YOU SHOULD SECURE YOUR NETWORK," or if I'm feeling mean, something particularly racist or disgusting.
In Soviet Russia, dot slashes YOU!
Save your money. What good are plastic parabolic antennas reflectors?
Let me know when you find a work lamp with a plastic reflector and ask again.