Didn't quite think the scam through all the way
Nice try, but the hard part is collecting the $$
An Australian man arrested in an undercover sting has been charged for allegedly tapping into home wireless networks so he could anonymously send threatening emails. Police say the 22 year-old from Rockhampton, Queensland had sent threatening emails to various individuals since August. To avoid detection, he connected to …
On top of the dangers of visiting the wrong sites without firewall & antivirus etc. protection, people should also be educated about the wireless router they're given when signing up to an ISP. As in setting the wireless so it only uses WPA encryption because you can crack WEP very easily, or turning it off altogether if the computer is connected to it through ethernet.
Recently out of curiosity I set my laptop to scan for wireless networks, ie wardriving, and went about a mile along residential roads, around 15% of the 200+ networks that the laptop logged were unencrypted.
But something tells me I'm preaching to the converted here...
Probably some youngster set it up from them - their ISP rep or a teenage grandson showing off his l33t h4xx0ring skillz - and said "I'll turn wireless on, granny, cuz it's so cool". As for security, see the above. As for collecting the cash - I don't know what this plonker was thinking. Dumb and dumber indeed.
@ Is it legal?
If I understood your post (and it was quite hard to understand), then it seems at the moment that if you use another wireless network without permission, there's a small chance you could be arrested and prosecuted, but more likely it's the owner of the network who's going to be having to defend themself: http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article2872726.ece
"Recently out of curiosity I set my laptop to scan for wireless networks, ie wardriving, and went about a mile along residential roads, around 15% of the 200+ networks that the laptop logged were unencrypted."
A few years ago myself and a chum went out for a spin in one of the more affluent areas of the town we were working in, with a similar setup.
Out of over 50 networks we found [it *was* three years ago...] maybe ten of them were encrypted - certainly, no more than that.
So things do seem to be improving in that respect!
Having read as much as I can cope with regarding wireless security, I have simply not bother with encryption. I make do with not broadcasting the SSID and then using MAC filtering. I know it isn't secure that way either but I figure most piggybackers are creatures of habit and are setup to crack networks in a pattern so mine will probably fall near the bottom of their list to try. Especially as I have 4 BT Homehubs and 3 Sky boxes in range of me which must make much more tempting targets.
I also use some firewalling between the boxes on wireless and the rest of the network. Wireless=Open Access or near as dammit and unless you accept that and plan around that then the only person you are fooling is yourself.
Probably depends on where you live.
I suspect most jurisdictions would look at a combination of intent and damages caused.
if I'm not competent and didn't mean to and only sent a couple of personal emails and did a little Amazon.com shopping, who cares?
If I'm not competent and burst the subscriber's download cap on day 1 of the month, I should be shouted at a bit and be fined maybe a month's ISP fees. The guy running the AP will be punished enough with all the hassle surrounding court cases.
If I knowingly did anything naughty, I should have the book thrown at me.
I should add here that bt are extending/messing with this further by telling people to share their broadband as most people will never fully utilize the line on their own:
paris because....it's the opposite of what everyone seem to be doing these days. A Britney icon would better suit...
I am a security consultant and I leave my wifi connection open, partly as I don't really care whether people use it but also as I am not really into technology at home and so can't be arsed to lock it down. That said, I don't want a knock on the door from the feds - I may have trouble defending myself, not being a little granny with an innocent face and all.
Can't we have a new setting for Wifi routers that is "Free for all" - so if we want to create a little free hotspot we can? Then would-be users will know whether they are taking advantage of an inadvertantly unsecured hotspot, or an intentional bandwidth giveaway party! (PH also likes to party, hence the icon)
As you say anyone who knows will, on receipt of a router from some random ISP, first change both the SSID and WPA passkey to both disguise and better secure their router. Out of preference I also disable SSID broadcast to help make it a bit more difficult for people to try to connect, granted that also makes it diffucult to choose a noise-free channel, but I have a Wifi scanner that can tell me what channels hidden networks are on (though not their SSID) so I can change mine accordingly.
Dale: in most countries piggybacking is considered stealing someone elses service and so is illegal. The fact that you are ignorant of connecting to someone elses network or that they do not know you are doing so makes no difference. At the very least you're just generally ignorant and so is the person with the unsecured network IMHO.
There are an increasing number of computer-savvy OAPs - my father is one of them. Apart from having been shown by their kids, increasing numbers of people are going to have been using computers and the Internet regularly during their last few years at work.
You may as well ask what all these OAPs are doing with colour televisions. All technology filters down (up?) to the older generations eventually.
We may have a different view when we're 70 and sitting in front of our 2D monitors stubbornly bashing our antique keyboards while our grandchildren try to convince us to install a 4D nanomechanical interface in our brains.
Such a thing already exists, Fon make a router that has an unencrypted "free for all" SSID that shares bandwidth (for Fon members at least) and a private, WPA encrypted SSID for your own personal use. The public SSID is always of the form "FON_foo" so people connecting know what they're going to get.
Temporary and non-destructive usage of someone else's property, as long as it is minor and not otherwise illegal, is relatively common and
If I am driving and need to turn into someone's driveway to turn around, I just do it without thinking. Am I trespassing? If they really want to keep others from 'borrowing' their driveway, they could put a gate on it, or tire spikes.... I do not damage it by using it, I don't see a problem.
I put garbage in someone else's bin when on a walk, they pay for garbage service but the incremental cost is nil - they will not fill the bin anyway and this one piece doesn't change that. If they really want to protect it - they could put a lock on the bin :-)
It is a different story if I have a loaded semi-trailer or heavy goods vehicle - I am probably doing damage, the driveway is not built for this, and I am inconsiderate to use it.. Also, if I put a sofa in someone's bin they would be right to be upset - I am using their entire capacity...
Sending a small text email over someone's unsecured wifi is fine by me - but of course sending a threatening or blackmailing email is different...
I agree to this. A specific flag saying "Yes you can use my net" would be great. However it is not that simple...
Firstly, the number of times I have used someone's open wifi and found that they have no internal security is alarming. People need to remember that if they leave their Wifi open, they are letting people onto their network, not just allowing use of their internet. This gets worse with Vista (not checked but a mate told me about it) as it makes it easy to just say "Yeah share everything". Do you want someone reading your personal files, messages, emails etc?
Another thing to consider is that you are probably violating the terms of your internet service by sharing it. This could land you in a pickle, especialy as most terms that I have seen name you as responsible for anything that happens on your connection.
For myself, my router allows multiple SSIDs, so I have my own private one, encrypted, hidden and MAC restricted, my own visible, unencrypted MAC restricted but separated with no access to the internal network except for SMB shares on the server (for Nintendo DS and friends laptops mainly) and then a public SSID, specificaly labled, run through QOS to limit bandwidth and lower the priority, and through a web authorisation screen requiring registration, so I can keep track of who is using it. Alot of work just to be nice, but its the only safe way I could think of.
I think that Internet access should be free for all. It is unfortunate that crime happens on the Internet but hey, it also happens on the road and we do not make roads secure! I run FON (www.fon.com) at home. I hope the day comes soon when Internet access is free country-wide, heck World-wide would be good! Communication and information are too important to leave to commercial companies.
As far as i know, although there may be some leniency in a court, the basis is the same as receiving stolen goods, its still illegal even if you don't know they are stolen.
Unfortunately in these more technologically complex times, its getting more common for people to be unaware of the implications of what they are doing.
Some consistent and non-marketing led info on this might be good, but its still an individuals responsibility to look out for themselves.
A 65-year-old would have been exposed to IT for a large proportion of his/her 45 year working life. I have worked in IT for 35 years - though not yet an OAP - and have retired friends who probably know more about IT than the average Reg reader, having been in IT since the early days.
The fact that the folk in the story were OAPs is pretty irrelevant to them having on open WiFi connection - they were just not IT savvy. The Feds seeing they were old "knew" they had the wrong people - as all criminals retire at 65 - (right?) luckily for the old couple.
As for being "concerned" about OAPs having WiFi at all - I am concerned that people with that attitude are allowed out without their mothers.
You're certainly right there. Unfortunately this isn't due to better informed users, just that BT and SKY (2 of the big UK providers) now send out pre-configured boxes. However you could still get onto them with a little bit of social engineering, the key is on a sticker on the bottom of the box.
Now if only SKY would get a router/firmware that actually worked, I wouldn't have to spend half my life fixing "friends" home networks.
... this wouldn't be a problem. When the police come knocking you just show them your card and all's well coz it proves who you are and it's obviously not the name of the person spoofing your emails
p.s. Different Chris Bradshaw to the one above who's obviously just cloned my details
Is it not true that some wireless equipment will connect automatically to the strongest/first wireless signal available? I found my own PC doing this when my router was accidentally powered off - I was automatically connecting to my neighbour's unsecured signal. I think the onus should be on the provider of the signal to secure it to the best of their ability. It's not hard.
In the UK the computer misuse act criminalises gaining unauthorised access to a computer system. Using a Wi-Fi network without authorisation would therefore be illegal. I doubt the argument of “I didn’t know I was unauthorised to access it... I thought they left it open for everyone to use” would stand up in court.
Anyone thinking of piggybacking should consider the ramifications of connecting their machine to an unsecured network to pinch some bandwidth. Yes the owner may be some numpty who doesn’t know how to secure their network or it may be a honeypot ready to checkout you network traffic and do what they want with what they find!
"I think that Internet access should be free for all. It is unfortunate that crime happens on the Internet but hey, it also happens on the road and we do not make roads secure!"
The roads can be considered secure for motoring. You can't legally use the road as a motorist unless you and your vehicle are appropriately licensed, taxed, insured, registered, roadworthy, healthy, sober, etc. For all road users, there is also the Highway Code to pay attention to.
With regard to everyone in the land having free net access, well, nothing comes free. What you are talking about would presumably be funded by the tax payer, and there will always be people wanting to customise their service (i.e. have a faster connection, or a slower, cheaper connection, etc.). Leaving all of that to the private sector makes the most sense.
As for sharing your wireless Internet access with the general public, well, on your head be it. The people most keen to take advantage of anonymous net access are probably going to be just like the guy in this article, or worse. As the owner of the net connection, you'd be the first person the police are going to come looking for! Being elderly is not necessarily going to be indicative of innocence in every case.
My wife uses an old laptop of mine with an even older Compaq wireless card (WL110 if you care) the drivers for which didn't support WPA.
There are, I'm sure, thousands of others who hit a similar problem and end up just saying 'I'll risk it' or 'I'm sure the wireless doesn't reach far enough for someone to piggyback it'. That's if they think about it at all.
I wne to the bother of finding an alternative driver (and the dire warnings on its installation) so that I could use WPA, with hidden SSID, and MAC filtering. But the challenges involved aren't easily resolved unless you have at least a vaguely technical background.
Sky boxes and the like are still pretty easy to 'crack' if you ask a non-techy homeowner for the 'serial number' on the bottom...
We could simply define an open (unencrypted) access point as being open for all to use. In other words, no encryption would mean that everyone may assume that it is intentionally open for all to use.
Given that radio frequencies (especially 2.4GHz) are public property, this is a perfectly reasonable assumption.
Given that every router has the option to switch on the encryption, this is a perfectly reasonable assumption.
Given that every router comes with instructions (hard copy or not), this is a perfectly reasonable assumption.
Any other position on this matter ends in lunacy.
The bottom line is that anything that doesn't use at least WPA encryption is pretty much open anyway.
There's a few tools that enable WEP codes to be provided within seconds, and using simple and easily available Wifi sniffer tools I can not only get a hidden SSID, but also the MAC address of the card connecting to it and also the network setup of that card (so gateway/subnet/ip etc..).
So I can then spoof your MAC address to bypass MAC authentication, set up on a static IP address or just use the DHCP inside the network, use the cracked WEP code or if like one user, no encryption shown.
Even better, I can sit outside your house and sniff any plain text passwords you pass around to the internet which travels over your wifi, but being behind your firewall I can also roam around inside any machines behind your firewall or plant some trojans.
There has been a recent case in Uxbridge, Middlesex area I believe ,where someone was convicted for using someone else's unsecured wireless internet comnnection, so in short the answer to the posters question is NO it is not legal and if caught you would likely be charged. I think something needs to be done about this as I think lots of people piggyback and lots of people leave there connections unsecured.
In many suburbs, unsecured wireless access overlaps in a continuous sheet for miles, like some kind of nightmarish Venn diagram. Or at least it can seem that way.
If one forgets this fact, it can make troubleshooting calls by friends/family tough. "I can log on to the network, and get onto the internet, but I can't see my other computer!"
Biting the hand that feeds IT © 1998–2022