Slashdot Mirror
Marriott Fined $600,000 For Jamming Guest Hotspots
schwit1 writes: Marriott will cough up $600,000 in penalties after being caught blocking mobile hotspots so that guests would have to pay for its own Wi-Fi services, the FCC has confirmed today. The fine comes after staff at the Gaylord Opryland Hotel and Convention Center in Nashville, Tennessee were found to be jamming individual hotspots and then charging people up to $1,000 per device to get online. Marriott has been operating the center since 2012, and is believed to have been running its interruption scheme since then. The first complaint to the FCC, however, wasn't until March 2013, when one guest warned the Commission that they suspected their hardware had been jammed.
I just wonder if the fine that Marriott had to pay actually was large enough to take out the profit that they got from the jamming.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Why is it that the most awful dumpy motels always seem to have free, open and strong wi-fi? Many don't even bother with passwords.
Yet it's the expensive name-brand boutique hotels that always charge for wi-fi. And more often not, it's terrible quality, hard to connect and slow?
And, now we see this happening. This never happens at Motel 6.
Has anyone else noticed this- that overall the cheaper and sleazier the motel, the better the wi-fi?
To return the jamming favor.
Heh. Just commented on this on the Gizmodo post an hour ago. Please forgive the copypasta for my first post on Slashdot in probably 5 years.
My organization recently had a conference in a hotel owned by Marriott in a large Southern city. Not only did they want $500 per device per day for any Internet access — wired or wireless — the $12.95/day in-room wifi straight up did not work. They'd take your money before you could figure out it didn't work, of course. And if you ponied up the $16.95 for the "high speed" in-room wifi, it...barely worked. Barely.
We request one wired connection now. And once it's connected and the hotel staffers leave, I set up our own router with our own network. I'm pretty sure that if there was will or pressure on various and sundry consumer protection agencies, the prices charged by many hotel chains — with Marriott properties being the worst of them all — would not hold up in court.
I'll also add that our Director of Events is fairly convinced a new Marriott property in Washington, DC is doing this right now.
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
$600k seems too small for such a large company. This is very sinister behavior. It would be like Burger King parking unmarked trucks or actors playing drunk bums in front of McDondalds' drive-through lanes to block customers.
Table-ized A.I.
"The first complaint to the FCC, however, wasn't until March 2013, when one guest warned the Commission that they suspected their hardware had been jammed."
How many guests would have the technical knowledge to tell if a device is being "jammed" or simply "isn't working" or that "cell reception is bad"?
Only one man would dare... Lone Star!
They didn't jam the spectrum, they sent de-auth packets to the clients making it impossible for them to use the hotspots.
I am very sure it is not the top management of Marriot that dreamt up this scheme. The top honchos of most companies are so technologically inept they need tech support to turn on their iPads. It is most likely a local operation. The local manager lamenting not showing any revenue increase despite installing the WiFi access point server. And from the ranks someone down realizing jamming is possible. After that it is simple making bonus and making numbers for the local team that set up the scheme. The top guy has collected his bonus and will find another job. The mid level guys who knew it would be fired and have to look for a new job. The tab is paid by a big faceless corporation. This is likely to happen again.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
So they basically got away with it. $600k when they're charging $250-$1K per wireless account? Yeah...that's fair.
Personal experience: ... where are the refunds? Where are the damages being paid back? My conference was fairly small (this hotel is beyond enormous mind you) and there still had to be 100+ vendors. We were one of ... I don't know ... 5-10 conferences that weekend?
I was a vendor at a conference in this exact hotel in 2013. Internet access was ridiculously expensive...per account which they prohibited sharing between devices of course. Handy when you're trying to present and sell technical services...and your hotspot doesn't work. Many vendors complained about how their hotspots weren't working, quite a few sucked it up and paid the extortion fee. Now I guess we know why. What I want to know is
At a bare minimum the FCC should find them equal to all the WiFi access fees they collected while this system was in place. Would some have paid anyhow? Yes. This is meant to punitive after all.
Oh...and don't let me get started on how they *required* you to "rent" carpet for your booth 10'x10' booth (starting at several hundred dollars) and pay for power connections - another several hundred dollars for the lowest ~300w 110v connection. Then there were fees to receive fedex boxes, fees to store them until you got them, fees to deliver them to you, etc. Want to rent a TV for your display? They quoted something like 6 grand for two 42" TVs with speakers. Yah huh. The vendor that got that quote laughed at them, went to costco and bought two TVs for ~$1500, then raffled them off.
You can get rich if you own a politician, but you have to be rich to buy one in the first place.
To play devil's advocate - That's pretty much what the people here were trying to do - prevent a disaster like what happened at the 2012 Big Android BBQ, where exhibitors/speakers couldn't use the network because it was completely jammed, or 2013 BABBQ where they at least kept most people off of the convention center network but all of the hotspots around caused everyone's wifi to be flaky.
Keep in mind this happened at a single Marriott location which was a convention center - it's not standard corporate policy. I've been staying at various Marriott hotels for years and the wifi has always been free.
retrorocket.o not found, launch anyway?
As much as I dislike Mariott's practice here, this is clearly outside the scope of the FCC's regulatory powers and as far as I know isn't even in violation of their own regulations. First of all, WiFi operates on UNREGULATED spectrum, which means anyone can use, and anyone must accept interference from other users. Apparently, the FCC wasn't even concerned with the frequencies that Mariott was using, it was the fact that they were sending de-auth packets that bothered them. This is not the sort of thing FCC should be regulating. In fact, the technique used by Mariott is commonly used in many locations (hotels, universities, hospitals) that provide their own WiFi in order to prevent rogue setups from intercepting people's data, and possibly even redirecting traffic to their own phishing sites. (Not everyone checks that the SSL certificate fingerprints haven't changed when they log in to their bank account!) I used to work in the IT department at a university and we did EXACTLY the same thing that Mariott was doing, for just that reason. (Unlike Mariott, we didn't charge people to use our WiFi, but that should make no difference as far as the FCC is concerned.) When we set up that system, we also investigated the legality of it, and the conclusion we came to was that it was perfectly legal since it was on unregulated spectrum. In fact, many, if not most, commercial WiFi systems have this function built in. Ours certainly did, we only had to turn it on.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
The ISM bands are not unregulated. Operations in the ISM bands are not protected from unintentional interference, but the FCC most certainly has the authority to, but chooses to abide by agreements with the ITU deferring to ETSI.
This is exactly what the FCC should be regulating, and not the content of TV or Radio broadcasts. This type of intentional disruption of service should be policed by the FCC.
by Mike Buddha -- Someday the mountain might get him, but the law never will.
You're confusing unlicensed with unregulated. The FCC regulates ALL the RF spectrum in the US.
With that said...The rules include:
"...no person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government"
This was definitely willful and arguably malicious as well.
You can get rich if you own a politician, but you have to be rich to buy one in the first place.
...WiFi operates on UNREGULATED spectrum, which means anyone can use, and anyone must accept interference from other users... and we did EXACTLY the same thing that Mariott was doing, for just that reason. ... we also investigated the legality of it, and the conclusion we came to was that it was perfectly legal since it was on unregulated spectrum.
According to that logic, I can come with a router backpack and prevent all users from connecting to YOUR university network. Well, it's unregulated, right? You should accept the interference and you cannot ask me to leave (in fact, I can be on a public place to cause you enough of a headache, so all is a fair game).
How did Google get charged exorbitant fees for briefly recording unencrypted wi-fi traffic from their street view cars while everything they did was on an unregulated spectrum?
There's no such thing as "illegal download"
As much as I dislike Mariott's practice here, this is clearly outside the scope of the FCC's regulatory powers and as far as I know isn't even in violation of their own regulations. First of all, WiFi operates on UNREGULATED spectrum, which means anyone can use, and anyone must accept interference from other users.
Not quite true, the ISM bands are Unlicensed bands, not unregulated. In order to sell equipment used to transmit on these bands, the systems must be type approved. Part of this type approval process includes ensuring that the equipment in question will not cause undue interference to other users on the band. To me, sending rogue de-auth packets constitutes interference.
In Meraki's Air Marshal Whitepaper, they explicitly state on page 8 that Unauthorized containment is prosecutable by law (subject to the FCC’s Communications Act of 1934, Section 333, ‘Willful or Malicious Interference’)..
I actually had this particular issue affect me. As a volunteer, I operate a community-wide network, including a widespread wifi network, at a retreat centre high in the mountains of WA. At this time, there is a significant mine remediation project going on in our valley, so we have leased out several buildings to the construction companies, who setup their own Meraki system. Unfortunately, they enabled Air Marshal, which then went on to attack our wireless network. Despite running WPA-Enterprise on our network, it was still successful in attacking our networks, and rendering them nearly useless. In the end, we had to flex our muscles as the landlord to get the feature disabled.
In my mind, the ability to attack adjacent networks should be illegal, and Cisco and the others should not be permitted to sell this technology to the general public. Rather the systems should simply alert on the presence of other wifi networks, and assist in locating them. Also, the wifi standards should really be updated to fix this type of vulnerability... in a WPA-Enterprise environment, clients should only respond to a de-auth packet encrypted/signed with the session key between the client and the AP its connected to.
...si hoc legere nimium eruditionis habes...
Is the $600,000 going to the government or the people that were affected? Could Marriott be in the crosshairs for a class action also?
Passionately Indifferent
Yeah that's one way.
Another way is to have laws and fines that are sufficient to actually stop abuses, instead of burdening courts with remunerating for abuses after the fact. I prefer this way.
For instance, yeah my family could sue the maker of the tainted drug that kills me, or we could just have the nanny state certify drug manufacturers and then people don't have to die nearly so much in the first place. I think that is a better world so that's the one I support.
The Marriott was hacking the competing networks, not jamming them.
Hacking is a federal offense in the United States.
However, since there probably wasn't any money to be made by prosecuting some Marriott employees with a felony, they somehow roped the FCC into this so they could collect some sizable fines instead.
ISM is very much regulated. Get a new legal team.
ISM is unLICENSED. That means that you don't need a license to operate in that band as long as you obey the regulations in place. Those regulations cover radiated power and intentionbbal interferance (which is MUCH different than unintentional interference.
If your baby monitor causes trouble for my WiFi (or vice versa), that is unintentional. OTOH, if you get a baby monitor and a parabolic antenna with the intention of interfering with my WiFi you are violating regulations (but it may be hard to prove). If you get a WiFi and send deauth packets to my hardware it becomes easier to prove willful interference. If you change channels when I change channels it is very easy to prove.
OK, Econ 102. They get repeat customers using their hotel instead of a competitor's hotel. If the Rewards incentive wasn't there, many of these customers would not use the Marriott properties as much as they do, maybe even rarely or not at all, and so Marriott's gross income would be lower, and therefore presumably net income. This means these customers, by using the Marriott chain hotels as much as they do, are providing a higher revenue stream for Marriott, and it is in Marriott's financial interest to provide benefits, like WiFi at no additional charge. The "charge" for the WiFi is built into this increased revenue stream, since the traveler could at times have chosen a cheaper non-Marriott hotel, and also since the WiFi (or wired) expense is a sunk expense, namely it is already paid for and whether the room is empty or the room has a guest in it using the wire the cost to Marriott is essentially the same, give or take potential future expansion needs.
That explanation wasn't very clean but I have a project due and didn't have time to edit it much, but hope you get the idea.
Am I wrong? That's how I read the whitepaper.
You are wrong. At least one model of Meraki access point has a dedicated radio for this purpose. It attacks other wifi networks through a number of mechanisms, including pretending to be the AP under attack, to attract clients to it, sending spoofed de-auth packets to the clients of other APs, and other techniques to effectively conduct a denial of service attack on whatever other wireless network that may exist within its range. This is precisely what I was encountering on my network.
The main issue I have with this technology is that it can be set to attack all other wifi networks. If it was limited to protecting the SSIDs under its control, I would have less of an issue with it. IE if the wireless system is advertising the SSID "Marriott Convention Center" and someone else sets up a rogue AP using the same SSID, then that's fair game, as the person running the rogue AP is either clueless, or has nefarious intent. If it's attacking "Bob's iPhone Network" then that's another matter.
...si hoc legere nimium eruditionis habes...