VeeshanVault

Beware the wardriving menace >

Related entries: Wireless

Now that the mainstream media have apparently run out of bluesnarfing stories to stir up public concern, they’ve turned back to an earlier “threat” — fiendish wardrivers out to purloin bandwidth for unknown and nefarious purposes. As reported by the St. Petersburg Times, Benjamin Smith III was recently arrested in Florida for “hacking into” an open WiFi network. According to the newspaper report, Richard Dinon, a St. Petersburg resident, saw an SUV parked outside his home, with its driver “furtively hunched over his computer,” and called the cops. Smith was charged with unauthorized access to a computer network, a felony. While it’s possible that Smith was using Dinon’s WiFi connection for some ulterior motive (”I’m mainly worried about what the guy may have uploaded or downloaded, like kiddie porn,” Dinon said. “But I’ll probably never know.”), the fact that he was arrested solely for using the network should be enough to send a chill through anyone who has temporarily borrowed a neighbor’s bandwidth while their own router was being repaired. If stories like this one result in more users setting up WEP (and, yes, we know it’s not very secure, but it’ll block “casual” intruders) on their machines, fine. If, however, every time we open a laptop in a public place (some of which, like New York’s City Hall Park, have public WiFi access), we’re tagged as a potential criminal, something truly valuable will have been lost.

If your too stupid to enable at least WEP on your network... then it should be open game. I cant tell you how many times Ive been on the road, needed access to my company email. I open my laptop, find an open network, turn on my VPN, and get some information.

Why in the FUCK is this a class 3 felony?... I know I could pull one of those cool WEP cracker programs down, but thats not what Im doing. My computer autodetects any networks in range, and if they have no security, I use them. Shit, if a client is late to an appointment at thier home, I will sit outside on thier network and get work done...

If they want laws on Wi-Fi, it should be the courts requirement to prove that you have circumvented some security protocol to gain access... but if your doing nothing but turning your notebook/PDA on and logging in... then FUCK that... they are letting thier bandwidth onto public property!

Leaving a large pile of money unattended on your front porch is stupid. However the person that takes the money and gets caught is a felon nonetheless.

The legal doctrine of "attractive nuisance", usually heard of in terms of securing physical property so that children cannot wander into someone's property and injure themselves on that property, may eventually come into play with regard to wireless networks (e.g., you the wireless network owner failed to secure your network against outside access, therefore you have liability if unauthorised users access your network and perform malicious or harmful acts).

Wireless security is generally so easy to implement it's a joke. Yet thousands of people leave their networks totally open and ripe for the picking.

Here's the 5 step plan to secure your wireless access point against casual to moderate hax0rs:
1) implement WEP or (if available) WPA encryption.
2) change your SSID from the default.
3) do not broadcast your SSID.
4) restrict access to the wireless access point by MAC address.
5) use strong passwords changed regularly.

Yes I know all these things can be cracked, but in sum total they add up to a wireless network that takes effort to get into and may also leave evidence of cracking efforts behind. It's like the crappy bike lock principle; a crappy bike lock is easily defeated but on a crowded bike rack the thief will generally bypass that bike in favor of the unlocked one. Some security is preferable to none.

I don't know who is sorrier, the person who leaves their wireless access point unprotected, or the chimp like the guy in the quoted story dumb enough to get caught repeatedly and ultimately arrested.

Yea, but if you leave a bike in a park, and someone comes and rides it for 20 minutes and puts it back just where you left it.... were any laws broken?

Ransure wrote:Yea, but if you leave a bike in a park, and someone comes and rides it for 20 minutes and puts it back just where you left it.... were any laws broken?

I would think in the case you define here, yes the unauthorised rider committed theft when he took the bike. Putting it back doesn't change that. Similarly, if a burglar steals stuff from you, then puts it back at some later point, he still committed a burglary.

I have been called upon in the past as an expert witness in court cases where unauthorised access to networks has occurred. The fact that there was no security implemented doesn't change the fact that unauthorized access occurred, and hence a crime was committed. However, there are probably folks here more trained in the subtleties of law that can address this more accurately or thoroughly than I can.

Your analogies stink, try this one:

If you leave a tap running with the hose hanging over the front fence, I wander by on the footpath, pick up the hose and have a drink from it; felony?

I think not.

If you have an OPEN WiFi router, that advertises it's service, then it's reasonable to assume you're offering it to anyone that wants it.

If you have any security on the device at all, WEP for instance, and I circumvent that, ok fair cop.